diff --git a/CMakeLists.txt b/CMakeLists.txt
index c03c2d361..dc0a2e827 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -58,10 +58,12 @@ if(PRODUCTION)
 endif()
 configure_file(enclave/coordinator.conf coordinator.conf)
 
-# Sign enclave
 add_custom_command(
   OUTPUT coordinator-enclave.signed
   DEPENDS coordinator-enclave ${CMAKE_BINARY_DIR}/coordinator.conf signing-key
+  # Add fips140 verification checksum, which is usually added by the Go linker, which is not used with -buildmode=c-archive
+  COMMAND go run github.com/edgelesssys/goelffips@latest $<TARGET_FILE:coordinator-enclave>
+  # Sign enclave
   COMMAND openenclave::oesign sign -e $<TARGET_FILE:coordinator-enclave> -c
           ${CMAKE_BINARY_DIR}/coordinator.conf -k private.pem)
 
diff --git a/build_with_version.cmake b/build_with_version.cmake
index 25f15a771..ad17f0a08 100644
--- a/build_with_version.cmake
+++ b/build_with_version.cmake
@@ -7,7 +7,7 @@ set(PROJECT_VERSION ${CMAKE_ARGV4})
 set(OUTPUT_NAME ${CMAKE_ARGV5})
 set(INJECT_PATH ${CMAKE_ARGV6})
 set(TRIMPATH ${CMAKE_ARGV7})
-
+set(ENV{GOFIPS140} latest)
 
 if("${COMPILER}" STREQUAL "go")
     execute_process(
diff --git a/cmd/coordinator/run.go b/cmd/coordinator/run.go
index d1cfc6a77..3fc2d9314 100644
--- a/cmd/coordinator/run.go
+++ b/cmd/coordinator/run.go
@@ -9,6 +9,7 @@ package main
 import (
 	"bytes"
 	"context"
+	"crypto/fips140"
 	"encoding/binary"
 	"encoding/hex"
 	"errors"
@@ -52,6 +53,10 @@ func run(log *zap.Logger, validator quote.Validator, issuer quote.Issuer, sealDi
 
 	log.Info("Starting coordinator", zap.String("version", Version), zap.String("commit", GitCommit), zap.Bool("distributed", distributedDeployment))
 
+	if !fips140.Enabled() {
+		log.Fatal("FIPS 140 not enabled")
+	}
+
 	// fetching env vars
 	dnsNamesString := util.Getenv(constants.DNSNames, constants.DNSNamesDefault)
 	dnsNames := strings.Split(dnsNamesString, ",")