Skip to main content

14.8.4 Verified Boot Policies


14.8.4 Verified Boot Policies
Table 14-17 lists the two policies that control verified boot.
Table 14-17  Verified Boot Policies
OS Version Policy Description
Oracle Solaris 11.2 Boot policy
(boot_policy)
Sets boot verification for the boot block, unix, and genunix. These modules are loaded first during a boot process.
  Module policy
(module_policy)
Sets boot verification for kernel modules that need to be loaded after genunix.
Oracle Solaris 11.3 or later Boot policy
(boot_policy)
Sets boot verification for the boot block and unix. These modules are loaded first during a boot process.
  Module policy
(module_policy)
Sets boot verification for genunix and kernel modules.
Use the setvbootconfig command of the XSCF firmware to set each policy.
Users can set the behavior of the boot process at the time of boot verification failure by setting the policies.
Table 14-18 lists values that can be set as each of the boot and module policies. The set value determines the verification operation.
Table 14-18  Policy Setting Values
Policy Setting Value Operation
none Boot verification is not performed. (Default)
warning Boot verification is performed.
Verification is performed before the target of the verification is loaded. Even if the verification fails, the target of the verification is loaded and boot processing continues.
If verification of the boot block and unix fails, the failure of the verification is recorded on the system console. It is not recorded in the system log and XSCF error log.
If verification of genunix and other kernel modules fails, the failure of the verification is recorded on the system console and in the system log. It is not recorded in the XSCF error log.
enforce Boot verification is performed.
Verification is performed before the target of the verification is loaded.
If verification of the boot block and unix fails, boot processing stops. At this time, the failure of the verification is recorded on the system console and the XSCF error log. It is not recorded in the system log.
If verification of genunix fails, boot processing stops. At this time, the failure of the verification is recorded on the system console. It is not recorded in the XSCF error log and the system log.
If verification of other kernel modules fails, the boot continues without loading the module. At this time, the failure of the verification is recorded on the system console and in the system log. It is not recorded in the XSCF error log.
Note - In Oracle Solaris 11.2 SRU11.2.8.4.0 or later, if the policy setting value is enforce, the operation after verification of genunix fails is different. If the OpenBoot PROM environment variable auto-boot? is true, a panic occurs repeatedly. If this phenomenon persists, execute the sendbreak command for the control domain, the ldm stop command for a guest domain, or the zoneadm halt command for a kernel zone to stop it.
Table 14-19 shows an example of the messages output when boot verification fails.
Table 14-19  Example of Messages Output When Boot Verification Fails
Policy Setting Value Message
none Boot verification is not performed.
warning The following warning message appears, but the start of Oracle Solaris continues.
- System console message in the case of genunix

WARNING: module /platform/sun4v/kernel/sparcv9/genunix failed elfsign verification.

- System console or system log message in the case of other kernel modules

WARNING: module /kernel/drv/sparcv9/module failed elfsign verification.
enforce
- In the case of the boot block

   The following error message appears, and the boot stops at the ok prompt.
- System console message

FATAL: Bootblk signature verification failed, verified boot policy = enforce, halting boot

- XSCF error log

boot process failed

- System console or system log message in the case of other kernel modules

The following error message appears, but the start of Oracle Solaris continues.

Module /kernel/drv/sparcv9/module failed elfsign verification; "module-policy enforce" requested.