14.8.3 X.509 Public Key Certificates for Verified Boot
14.8.3 X.509 Public Key Certificates for Verified Boot
Table 14-17 shows the two types of X.509 public key certificates used for verified boot.
Certificate Type | Description |
---|---|
System default certificate (System default) |
System default certificate that the XSCF has The XSCF has the same certificate as the public key certificate (/etc/certs/* or /etc/certs/elfsign/*) contained in Oracle Solaris. The XSCF has 1 or 2 system default certificates. Users cannot manipulate the certificates. |
User's certificate | Certificate registered by a user A certificate issued by a third party is registered as a user's certificate with XSCF. Up to 5 user's certificates can be registered with the XSCF for each physical partition. When enabled, a registered certificate can be used for boot verification. User's certificates are subject to save/restore on the system. However, saved certificates cannot be restored in other SPARC M12/M10. |
Boot verification is performed by using the system default certificate(s) and enabled user's certificates.
< Previous Page | Next Page >