Verifying that Linux was booted securely

Edit online

Use the secure sysfs attribute to determine whether Linux was booted securely.

About this task

A reliable method of checking whether a Linux instance was booted using secure boot is to use the HMC Load panel or the z/VM CP LOADDEV command. However, to quickly check on a running Linux instance, you can use this procedure.

Procedure

On your Linux instance, issue the following command to check whether the instance was booted using Secure Boot: 
# cat /sys/firmware/ipl/secure 
1
A value of 1 indicates that Linux was booted using secure boot, otherwise the result is 0.

Alternatively, search the Linux kernel console log for a message containing the text Secure-IPL enabled:

# dmesg -t | grep Secure-IPL
setup: Linux is running with Secure-IPL enabled
Note: These indications from within the Linux instance should be used for informational purposes only, as they could be forged if the system is compromised.