Policy for Verified Boot
In this release, verified boot has only one policy property: boot_policy
. The boot_policy
property manages verified boot behavior when loading kernel modules during the boot process.
On legacy SPARC systems and x86 systems, the boot_policy
property is defined in the /etc/system
file. On SPARC systems with Oracle ILOM verified boot support, boot_policy
is a property of ILOM in /HOST
n/verified_boot
, where n is the physical domain (PDomain) number.
The boot_policy
property can be configured with one of the following values:
-
none
– No boot verification is performed. This is the default. -
warning
– Theelfsign
signature of each kernel module is verified before the module is loaded. If verification fails on a module, the module is still loaded. The discrepancies are recorded on the system console or, if available, in the system log. By default, the log is/var/adm/messages
. -
enforce
– Theelfsign
signature of each kernel module is verified before the module is loaded. If verification fails on a module, the module is not loaded. The discrepancies are recorded on the system console or, if available, in the system log. By default, the log is/var/adm/messages
.
Note:
By default, any logical domain that was created on an Oracle VM Server for SPARC version earlier than 3.4 sets boot-policy=warning
. If the kernel module is unsigned or corrupted, this setting results in warning messages being issued while the domain boots after an update to the server.