Remove LIVEBOOK_FIPS in favour of erl flag

README.md

@@ -225,9 +225,6 @@ The following environment variables can be used to configure Livebook on boot:
     "standalone" (Standalone), "attached:NODE:COOKIE" (Attached node)
     or "embedded" (Embedded). Defaults to "standalone".
 
-  * `LIVEBOOK_FIPS` - if set to "true", it enables the FIPS mode on startup.
-    See more details in [the documentation](https://hexdocs.pm/livebook/fips.html).
-
   * `LIVEBOOK_FORCE_SSL_HOST` - sets a host to redirect to if the request is not over HTTPS.
     Note it does not apply when accessing Livebook via localhost. Defaults to nil.
 

docs/deployment/fips.md

@@ -37,3 +37,7 @@ RUN git clone https://github.com/elixir-lang/elixir.git && \
     make compile && \
     make install
 ```
+
+## Configuration
+
+To enable FIPS in Livebook, you must run it with `ERL_AFLAGS="-crypto fips_mode true"` environment variable set.

lib/livebook.ex

@@ -270,14 +270,12 @@ defmodule Livebook do
       config :livebook, :image_registry_url, image_registry_url
     end
 
+    # TODO: remove in v1.0
     if Livebook.Config.boolean!("LIVEBOOK_FIPS", false) do
-      if :crypto.enable_fips_mode(true) do
-        IO.puts("[Livebook] FIPS mode enabled")
-      else
-        Livebook.Config.abort!(
-          "Requested FIPS mode via LIVEBOOK_FIPS, but this Erlang installation was compiled without FIPS support"
-        )
-      end
+      IO.warn(
+        ~s/Ignoring LIVEBOOK_FIPS=true, because it is no longer supported. Set ERL_AFLAGS="-crypto fips_mode true" instead./,
+        []
+      )
     end
   end
 

versions

@@ -2,4 +2,4 @@ elixir="1.19.3"
 otp="28.1.1"
 openssl="1.1.1s"
 rebar3="3.22.0"
-ubuntu="noble-20250404"
+ubuntu="noble-20251013"