SPARC: How to Enable Verified Boot on SPARC Systems With Oracle ILOM Verified-Boot Support

For SPARC systems with Oracle ILOM verified-boot support, the verified boot properties are in /HOSTx/verified_boot, where x is the PDomain number, such as HOST0, HOST1, and so on.

1. (Optional) Determine whether your system supports verified boot.

   # show /HOSTx/verified_boot
   show: Invalid target /HOST/verified_boot

   You can use the fwupdate to update the system's Oracle ILOM firmware.

2. As an administrator, log in to the Oracle ILOM user interface.

   % ssh root@ilom

   where ilom can be either the Oracle ILOM service processor IP address or the chassis-monitoring module IP address.

3. Configure the verified boot properties.

   --> set /HOSTx/verified_boot/boot_policy=warning
   --> set /HOSTx/verified_boot/module_policy=warning

   ---

   Note -  Specify either warning or enforce for each property. The properties can have differing configurations. For an explanation of these policy configurations, see Policies for Verified Boot.

   If the boot policy is configured with enforce and discrepancies in the UNIX or genunix modules are detected, the system does not boot. Instead, the system reverts to OpenBoot PROM (OBP).

   ---

4. Specify the certificate that you want to use in place of the certificate that is provided with the system.

   --> load /HOSTx/verified_boot/cert -source ftp-location

   where ftp-location refers to the FTP server and file name that stores the certificate. ftp-location must be in the URL format ftp://server/filename.

5. (Optional) Display the verified boot configuration.

   --> show /HOSTx/verified_boot
   /HOST0
   Properties:
   boot_policy = warning
   module_policy = warning
   cert = ftp://server/filename