1. Securing Systems and Attached Devices in Oracle Solaris 11.4
  2. Managing Computer System Security
  3. Controlling Access to a Computer System
  4. Controlling Access to Boot Processes

Controlling Access to Boot Processes

Oracle Solaris provides two technologies to control access to boot processes.

  • Verified Boot – Allows only signed boot and kernel software to run on the system.

    The value of the boot_policy property controls verified boot. The policy includes checking the bootblk and the loading of all kernel modules, including unix and genunix.

    The policy settings are stored in a Service Processor (SP), such as Oracle ILOM, Fujitsu SPARC M12, or Fujitsu M10 XSCF. The SP manages the hardware platform. For security reasons, the policy settings are purposely stored outside of the booted Oracle Solaris environment.

    For further information, see Policy for Verified Boot.

  • Trusted Platform Module (TPM) – Dedicated microcontroller that provides cryptographic functions to secure a system. TPM provides a cryptographic keystore and records hashes of firmware and software that are used to boot the system.