Controlling Access to Boot Processes
Oracle Solaris provides two technologies to control access to boot processes.
-
Verified Boot – Allows only signed boot and kernel software to run on the system.
The value of the
boot_policy
property controls verified boot. The policy includes checking thebootblk
and the loading of all kernel modules, includingunix
andgenunix
.The policy settings are stored in a Service Processor (SP), such as Oracle ILOM, Fujitsu SPARC M12, or Fujitsu M10 XSCF. The SP manages the hardware platform. For security reasons, the policy settings are purposely stored outside of the booted Oracle Solaris environment.
For further information, see Policy for Verified Boot.
-
Trusted Platform Module (TPM) – Dedicated microcontroller that provides cryptographic functions to secure a system. TPM provides a cryptographic keystore and records hashes of firmware and software that are used to boot the system.