Skip to main content

14.8.14 Setting Verified Boot Policies


14.8.14 Setting Verified Boot Policies
Use the setvbootconfig command in the XSCF shell to set verified boot policies. Execute the command with a user account that has the platadm or pparadm privilege.
XSCF> setvbootconfig -p ppar_id -s policy=value
For ppar_id, specify the target physical partition. For policy, specify the boot policy "boot_policy" or module policy "module_policy". For value, specify "none", "warning", or "enforce". For details, see "14.8.4 Verified Boot Policies."
Operation Procedure
  1. Log in to the XSCF.
    For details, see "2.2 Logging In to the XSCF Shell."
  1. Execute the showvbootconfig command to check the setting values for verified boot policies.
    If the policy setting is set to a desired value, setting a policy is not required.
XSCF> showvbootconfig -p ppar_id
  1. Execute the showvbootconfig command to set verified boot policies. Enter "y" for the confirmation message.
    In the following example, the boot policy (boot_policy) is set to "warning" and the module policy (module_policy) is set to "enforce" in PPAR-ID 2.
XSCF> setvbootconfig -p 2 -s boot_policy=warning
XSCF> setvbootconfig -p 2 -s module_policy=enforce
  1. Execute the showvbootcerts command to confirm that the setting values for verified boot policies were changed.
XSCF> showvbootconfig -p ppar_id
  1. Execute the exit command to log out from the XSCF shell.
    If you do not have any further work with the XSCF shell, log out from the XSCF. To proceed to configuring another setting, go to the relevant step.