Go to main content

Oracle® OpenBoot 4.x Administration Guide

Exit Print View

Updated: June 2020

Configure OpenBoot Keys on an Installation Client

To enable security for SPARC clients, you must generate an OpenBoot HMAC key and encryption key for each client . These keys also secure the download of the initial network boot files.

Note -  Check the product documentation for availability of HMAC keys for a secured installation.

This procedure is based on an installation server that is running the Oracle Solaris 11 OS, and a SPARC-based installation client. For details on how to prepare the installation server, refer to the section called Installing Using an Install Server in the Installing Oracle Solaris 11.3 Systems document at: https://docs.oracle.com/cd/E53394_01/html/E54756.

For Oracle Solaris 10 OS instructions, refer to the Solaris 10 1/13 Installation Guide: Network-Based Installations guide at: http://docs.oracle.com/cd/E26505_01/html/E28037/index.html The instructions are in Installing Over a Wide Area Network chapter, and in the Installing Keys on the Client section.

  1. Access the OpenBoot CLI.

    See Accessing the OpenBoot CLI and Getting Help.

  2. On the installation client, set the OpenBoot keys.

    This example sets the OpenBoot AES encryption key on a SPARC installation client.

    {0} ok set-security-key wanboot-aes 030fd11c98afb3e434576e886a094c1c

    This example sets the OpenBoot hashing (HMAC) key on a SPARC installation client.

    {0} ok set-security-key wanboot-hmac-sha1 e729a742ae4ba977254a2cf89c2060491e7d86eb

    Note -  To unset a key on the client, use the same command that you used to set the key, but do not provide any key value. For example: set-security-key wanboot-hmac-sha1.

    Once the installation server and client are set up, boot the client from the network. See Boot Over the Network.

Related Information