8.2.4 Secure Boot

Secure Boot is a method used to restrict which binaries can boot the system. With Secure Boot, the system UEFI firmware will only allow boot loaders that carry the cryptographic signature of trusted entities. In other words, anything run in the UEFI firmware must be signed with a key that the system recognizes as trustworthy. With each reboot of the server, every component in the boot sequence is verified. This prevents malware from hiding embedded code in the boot sequence.

• Intended to prevent boot-sector malware or kernel code injection

• Hardware-based code signing

• Extension of the UEFI firmware architecture

• Can be enabled or disabled through the UEFI firmware

See Restricting the Binaries Used to Boot the System in Oracle Exadata Database Machine Security Guide for details.

Minimum software required:

• Oracle Exadata System Software release 18c (18.1.0)

• Oracle Exadata Database Machine X7-2 or X7-8

• Bare metal installation