Verification Sequence During System Boot

Verified boot automates the verification of the elfsign signatures of Oracle Solaris kernel modules. With verified boot, the administrator can create a verifiable chain of trust in the boot process beginning from system reset through the completion of the boot process.

During a system boot, each block of code that is started in the boot process verifies the next block that needs to be loaded. The sequence of verification and loading continues until the last kernel module is loaded.

When a power cycle is subsequently performed on the system, a new sequence of verification begins. The administrator can also configure verified boot to take the appropriate action in the event of verification failure.

The following illustrates the boot flow of Oracle Solaris on a SPARC system:

Firmware -> Bootblock -> /platform/.../unix -> genunix -> other kernel modules

The firmware verifies and then loads the Oracle Solaris /platform/.../unix module, the initial Oracle Solaris module. In turn, the Oracle Solaris kernel runtime loader krtld, which is part of the unix module, verifies and loads the generic UNIX (genunix) module and subsequent modules.