SPARC: Upgrading Security Credentials

Upgrading SPARC clients using SHA1 protocols to use the preferred SHA256 protocol can be completed in phases. When you set the policy on the AI server to use SHA256, keys that would be generated for future clients would be based on that protocol. Likewise, when you set the HMAC type of an install service to SHA256, this type determines the keys that you subsequently generate for future clients to use. You would then set these keys on those SPARC clients from the OBP command prompt.

However, existing SPARC clients that use SHA1 keys continue to use these keys until you reset them to use the new protocol.

When you a generate a new SHA256 hash key, the installadm functionality stores and maintains the SHA1 and SHA256 keys internally. Depending on the hmac-type, one key is rendered active while the other is deactivated. You can display the information about both active and inactive keys with the installadm list command.