Bug: [Trixie] FIPS support for Trixie

[tirupatihemanth]

Is it platform specific

generic

Importance or Severity

Critical

Description of the bug

FIPS is not supported on Debian 13. Requesting to add the support

Currently we see that FIPS is enabled but the package is not installed

root@sonic:/home/admin# sudo apt list --installed | grep fips
root@sonic:/home/admin# sudo sonic-installer get-fips
FIPS is enabled

FIPS support is explicitly disabled for Debian 13 (Trixie) during the build process. Even if you set ENABLE_FIPS=y or boot with sonic_fips=1 kernel parameter, the FIPS packages were never installed in the image during build time.

ifeq ($(BLDENV),trixie)
$(warning FIPS is not yet supported on Trixie)
override INCLUDE_FIPS = n
endif

When you run sudo sonic-installer get-fips, it checks the kernel command line parameter (sonic_fips=1), which shows "FIPS is enabled". However, this is just a boot flag - the actual FIPS packages are missing because they weren't included during image build.

Actual Behavior and Expected Behavior

Actual Behavior: FIPS package is not installed when FIPS is enabled
Expected Behavior: FIPS package must be installed when FIPS is enabled

[saiarcot895]

This is done with the changes in sonic-net/sonic-fips#77 (the PR is still open, but the binaries have been uploaded and the Trixie build now has FIPS enabled).