1. Securing Systems and Attached Devices in Oracle Solaris 11.4
  2. Protecting Oracle Solaris System Integrity
  3. Using Verified Boot
  4. Policy for Verified Boot

Policy for Verified Boot

In this release, verified boot has only one policy property: boot_policy. The boot_policy property manages verified boot behavior when loading kernel modules during the boot process.

On legacy SPARC systems and x86 systems, the boot_policy property is defined in the /etc/system file. On SPARC systems with Oracle ILOM verified boot support, boot_policy is a property of ILOM in /HOSTn/verified_boot, where n is the physical domain (PDomain) number.

The boot_policy property can be configured with one of the following values:

  • none – No boot verification is performed. This is the default.

  • warning – The elfsign signature of each kernel module is verified before the module is loaded. If verification fails on a module, the module is still loaded. The discrepancies are recorded on the system console or, if available, in the system log. By default, the log is /var/adm/messages.

  • enforce – The elfsign signature of each kernel module is verified before the module is loaded. If verification fails on a module, the module is not loaded. The discrepancies are recorded on the system console or, if available, in the system log. By default, the log is /var/adm/messages.

Note:

By default, any logical domain that was created on an Oracle VM Server for SPARC version earlier than 3.4 sets boot-policy=warning. If the kernel module is unsigned or corrupted, this setting results in warning messages being issued while the domain boots after an update to the server.