My Oracle Support Banner

How to enforce verified boot policy on SuperCluster M7 and M8 (Doc ID 2827594.1)

Last updated on JANUARY 10, 2022

Applies to:

Oracle SuperCluster M7 Hardware
Oracle SuperCluster M8 Hardware
Oracle SuperCluster Specific Software
Oracle Solaris on SPARC (64-bit)

Purpose

This document describes how to enforce verified boot policy on SuperCluster M7 and M8 so that the boot process is aborted when the Solaris boot block or kernel modules fail signature verification. This is a useful security feature that prevents boot in the case of accidental or malicious modification of a kernel module.

Scope

This document applies only to the use of enforced verified boot on SuperCluster M7 and M8 (boot_policy=enforce). It does not apply to situations where verified boot is not enforced (boot_policy=warning or none). It also does not apply to generic SPARC systems or other SuperCluster platforms (T4, T5 & M6). Use the standard product documentation to enforce verified boot policy for generic SPARC systems or other SuperCluster platforms (T4, T5 & M6).

Details

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Purpose
Scope
Details
 1. Background
 2. Solution
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.