diff --git a/lib/crypto_backend/cipher_generic.c b/lib/crypto_backend/cipher_generic.c
index be7e4a08..ab1fac06 100644
--- a/lib/crypto_backend/cipher_generic.c
+++ b/lib/crypto_backend/cipher_generic.c
@@ -8,6 +8,8 @@
 
 #include <errno.h>
 #include <strings.h>
+#include <unistd.h>
+#include <fcntl.h>
 #include "crypto_backend.h"
 
 struct cipher_alg {
@@ -77,3 +79,21 @@ int crypt_cipher_wrapped_key(const char *name, const char *mode)
 
 	return ca ? (int)ca->wrapped_key : 0;
 }
+
+bool crypt_fips_mode_kernel(void)
+{
+	int fd;
+	char buf = 0;
+
+	fd = open("/proc/sys/crypto/fips_enabled", O_RDONLY);
+
+	if (fd < 0)
+		return false;
+
+	if (read(fd, &buf, 1) != 1)
+		buf = '0';
+
+	close(fd);
+
+	return (buf == '1');
+}
diff --git a/lib/crypto_backend/crypto_backend.h b/lib/crypto_backend/crypto_backend.h
index 9c37cf12..ef373a7f 100644
--- a/lib/crypto_backend/crypto_backend.h
+++ b/lib/crypto_backend/crypto_backend.h
@@ -148,6 +148,9 @@ int crypt_backend_memeq(const void *m1, const void *m2, size_t n);
 /* crypto backend running in FIPS mode */
 bool crypt_fips_mode(void);
 
+/* kernel running in FIPS mode */
+bool crypt_fips_mode_kernel(void);
+
 # ifdef __cplusplus
 }
 # endif
diff --git a/lib/crypto_backend/crypto_kernel.c b/lib/crypto_backend/crypto_kernel.c
index 8b96e9ed..9f76c582 100644
--- a/lib/crypto_backend/crypto_kernel.c
+++ b/lib/crypto_backend/crypto_kernel.c
@@ -408,5 +408,5 @@ int crypt_backend_memeq(const void *m1, const void *m2, size_t n)
 
 bool crypt_fips_mode(void)
 {
-	return false;
+	return crypt_fips_mode_kernel();
 }