1. Oracle VM Server for SPARC 3.6 Administration Guide
  2. Oracle VM Server for SPARC Security
  3. Using Verified Boot

Using Verified Boot

The Logical Domains Manager uses the Oracle Solaris OS verified boot technology to verify the digital signature of kernel modules at boot time. Signature verification occurs silently unless the verified boot policies are enabled. Depending on the boot-policy value, a guest domain might not boot if the kernel module is not signed with Oracle Solaris release certificate files or is corrupted.

Use the ldm add-domain or ldm set-domain command to specify the values for the boot-policy property. See the ldm(8) man page.

To use this feature, your system must run at least the following versions of the system firmware and operating system:

  • System firmware – Version 9.5.0 for Oracle SPARC servers except as follows:

    • Any released version for SPARC S7, SPARC T8, and SPARC M8 series servers

    • Any released version for Fujitsu SPARC M12 servers

    • XCP 2280 for Fujitsu M10 servers

  • Operating system – Oracle Solaris 11.2 OS

Note:

By default, any domain created by using a version of Oracle VM Server for SPARC earlier than 3.4 sets boot-policy=warning. This setting results in warning messages being issued while the domain boots after an Oracle VM Server for SPARC update if the kernel module is unsigned or corrupted.

Note:

The boot-policy property of a guest domain is not preserved when when the guest is migrated to a system running an older version of Logical Domains Manager and migrated back to a system running Logical Domains Manager 3.4. Logical Domains Manager 3.4 introduced a new property named boot-policy for Verified Boot. Older versions of Logical Domains Manager do not know this property so the boot-policy property is dropped when a guest is migrated from a system running Logical Domains Manager 3.4 to a system running Logical Domains Manager older than 3.4. When the guest is migrated back to a system running Logical Domains Manager 3.4 the default boot-policy of warning will be applied to the incoming guest. You must manually set boot-policy to the desired value after migrating the guest back to a system running Logical Domains Manager 3.4 if the default value of warning is not appropriate. 
# ldm set-domain boot-policy=none ldg1
Then reboot the guest to make the new boot policy take effect.