1. Securing Systems and Attached Devices in Oracle Solaris 11.4
  2. Protecting Oracle Solaris System Integrity
  3. Using Verified Boot
  4. Verified Boot and ELF Signatures

Verified Boot and ELF Signatures

In Oracle Solaris, boot verification is performed by means of elfsign signatures or keys. At the factory, Oracle Solaris kernel modules are signed with these keys. Because of their file format, these modules are also called ELF objects. The signature is created by using the SHA-256 checksums of selected ELF records in an object file. The SHA-256 checksums are signed with a RSA-2048 private and public key pair. The public key is distributed from the /etc/certs/elfsign directory while the private key is not distributed.

All keys are stored in the system's pre-boot environment, which is the software or firmware that runs prior to the booting of Oracle Solaris. The firmware loads and boots platform/.../unix.

The pre-boot environment differs for each category of SPARC systems, as follows:

  • SPARC systems with verified boot support in their Oracle Integrated Lights Out Manager (ILOM) – Keys and configuration settings are stored in ILOM.

    Because Oracle ILOM is outside the operating system's file system, verified boot configuration is protected from tampering by users of the operating system, including those with administrator (root) privileges. Thus, verified boot in this category of systems is more secure.

    You must ensure that access to ILOM is secure to prevent unauthorized changes to the verified boot configuration. For more information about securing ILOM, refer to the documentation at System Management and Diagnostics Documentation (http://www.oracle.com/goto/ilom/docs).

  • SPARC M5-Series, SPARC M6-Series, and SPARC T5-Series – Configuration settings are stored in the system's ILOM. The SPARC firmware sends the configuration information to Oracle Solaris.

  • Fujitsu SPARC M12 and Fujitsu M10 systems – Configuration settings are stored in the system's XSCF. The Fujitsu SPARC M12 and Fujitsu M10 XSCF firmware send the configuration information, such as policies for verified boot and enabling certificates, to Oracle Solaris. OpenBoot (OBP) reads this configuration information before booting the Oracle Solaris system.

    All XCP firmware on Fujitsu SPARC M12 systems supports verified boot. For more information about configuring verified boot, refer to the following guides:

    • Fujitsu SPARC M12 and M10/SPARC M10 System Operation and Administration Guide

    • Fujitsu M10/SPARC M10 Systems Product Notes – For the XCP firmware version that supports verified boot on Fujitsu M10 systems