Policy for Verified Boot

In this release, verified boot has only one policy property: boot_policy. The boot_policy property manages verified boot behavior when loading kernel modules during the boot process.

On legacy SPARC systems and x86 systems, the boot_policy property is defined in the /etc/system file. On SPARC systems with Oracle ILOM verified boot support, boot_policy is a property of ILOM in /HOSTn/verified_boot, where n is the physical domain (PDomain) number.

The boot_policy property can be configured with one of the following values:

• none – No boot verification is performed. This is the default.

• warning – The elfsign signature of each kernel module is verified before the module is loaded. If verification fails on a module, the module is still loaded. The discrepancies are recorded on the system console or, if available, in the system log. By default, the log is /var/adm/messages.

• enforce – The elfsign signature of each kernel module is verified before the module is loaded. If verification fails on a module, the module is not loaded. The discrepancies are recorded on the system console or, if available, in the system log. By default, the log is /var/adm/messages.

Note:

By default, any logical domain that was created on an Oracle VM Server for SPARC version earlier than 3.4 sets boot-policy=warning. If the kernel module is unsigned or corrupted, this setting results in warning messages being issued while the domain boots after an update to the server.