Go to main content

Automatically Installing Oracle® Solaris 11.4 Systems

Exit Print View

Updated: August 2021

How to Secure WAN Boot on SPARC Clients

Before You Begin

Ensure that your role has the appropriate rights profiles to perform this procedure. See Using Rights Profiles to Install Oracle Solaris.

  1. List the security information for clients.
    $ installadm list -v

    If you created separate credentials for a specific SPARC client, include the client's MAC address in the command to obtain its client's security information. For example:

    $ installadm list -ve aabbccddeeff
  2. Note down the AES key and active hash key for the client.

    In the following example, the active hash key is based on the HMAC-SHA256 algorithm.

    $ installadm list -vs
    Def Client FW Encr Key ........
    Def Client FW HMAC-SHA1 Key ... (inactive)
    Def Client FW HMAC-SHA256 Key . (active)
    HMAC Policy ................... HMAC-SHA256
  3. On the client system, access the OpenBoot prompt.

    Several options exist to access the OpenBoot prompt, such as typing the command init 0.

    If the auto-boot? OpenBoot variable is set to false, rebooting the system also displays the ok prompt at the end of the boot process.

  4. At the OBP prompt, set the AES key and the active hash key.
    ok set-security-key wanboot-aes 31c88df08c958972a4b0996910539a39
    ok set-security-key wanboot-hmac-sha256 \

    If the active security key is HMAC-SHA1, then you would use the appropriate command argument:

    ok set-security-key wanboot-hmac-sha1 key