14.8.2 Mechanism of Boot Verification by Verified Boot
14.8.2 Mechanism of Boot Verification by Verified Boot
Boot verification by verified boot requires X.509 public key certificates registered with the XSCF. The system boot process performs boot verification by using public keys contained in the X.509 public key certificates.
The mechanism to perform boot verification is as follows:
- A user configures verified boot with the XSCF that supports the verified boot function. In this configuration work, the user registers or selects an X.509 public key certificate and sets policies that control the behavior of boot verification. Configuration information is saved in the master XSCF.
- Suppose that the verified boot configuration information in the XSCF is changed. The changed configuration information becomes valid for the boot verification of all modules the next time that OpenBoot PROM is started.
- When a physical partition is started, the configuration information is reported to the OpenBoot PROM firmware and Oracle Solaris via the XSCF, and they perform boot verification. Boot verification is also performed when a physical partition, the OpenBoot PROM firmware, or Oracle Solaris is restarted.
Boot verification by the OpenBoot PROM firmware and Oracle Solaris is performed in the order shown in Figure 14-11.
|
< Previous Page | Next Page >