Oracle Solaris Verified Boot is an anti-malware and integrity feature that reduces the risk of introducing malicious or accidentally modified critical boot and kernel components. This feature checks the factory-signed cryptographic signatures of the firmware, boot system, and kernel.
By default, MiniCluster global zones are configured with Oracle Solaris Verified Boot. If you want to verify that the system is configured with verified boot, perform these steps.
For Oracle ILOM login instructions, refer to Accessing Oracle ILOM in Oracle MiniCluster S7-2 Administration Guide.
Ensure that the boot_policy is set to warning.
-> show /HOST/verified_boot /HOST/verified_boot Targets: system_certs user_certs Properties: boot_policy = warning Commands: cd show
Ensure that the module_policy is set to enforce.
-> show /HOST/verified_boot module_policy /HOST/verified_boot Properties: module_policy = enforce
Log in as mcinstall.
-> start /HOST/console Are you sure you want to start /HOST/console (y/n)? y Serial console started. To stop, type #. Minicluster Setup successfully configured mc4-n1 console login: mcinstall Password: ************** Last login: Tue Jun 28 10:17:38 2016 on rad/47 Oracle Corporation SunOS 5.11 11.3 June 2016 Minicluster Setup successfully configured Unauthorized modification of this system configuration strictly prohibited mcinstall@mc4-n1:/var/home/mcinstall %
Check the messages file for the string NOTICE: Verified boot enabled; policy=warning.
mcinstall % cat /var/adm/messages | grep Verified Jun 29 11:39:15 mc4-n1 unix: [ID 402689 kern.info] NOTICE: Verified boot enabled; policy=warning