Go to main content

Managing Auditing in Oracle® Solaris 11.4

Exit Print View

Updated: February 2019
 
 

New Feature – Auditing Verified Boot

    The audit service tracks whether verified boot is enabled and working on your system.

  • Auditing for the boot event indicates whether verified boot is enabled by checking whether boot_policy has one of the following verified boot-specific values specified:

    • none (1) – No elfsign signature verification is performed when a module is loaded.

    • warning (2) – If an elfsign signature is invalid or missing, prints warning but permits the module to load.

    • enforce (3) – If an elfsign signature is invalid or missing, prints error and prevents the module from loading.

  • Auditing for the module load event, AUE_MODLOAD, indicates whether verified boot verified the module, and if that verification passed or failed. If the output of the auditreduce | praudit command includes notifications about AUE_MODLOAD audit events, verified boot is working.

For information about verified boot, see Using Verified Boot in Securing Systems and Attached Devices in Oracle Solaris 11.4.