The T4894 introduced functions gcry_pk_hash_sign() and gcry_pk_hash_verify() functions that are implemented according to the FIPS specification. But they are now hardly usable in the gnupg because the digest for signatures is calculated in tools, while the signature itself in the gpg-agent process.
We already discussed some ideas how this could be done from passing fd (limited to having gpg running on the same machine as gpg-agent), passing the all bytes to agent (slow), passing the whole md structure somehow (this would require some new APIs in libgcrypt and some assurance it was made by FIPS module) or ensuring in some other way that the digest accepted by the API was created by the FIPS module. It does not have to be bulletproof and it can be enabled only in FIPS mode.
I do not think we will figure out what to do right now and what assurance will be enough for the lab and nist, but I would like to have this tracked somewhere, collecting ideas, suggestions and comments in the meantime.