Trusted Boot concepts

It is important to understand the integrity of the boot process and how to classify the boot as a trusted boot or a nontrusted boot.

You can configure a maximum of 60 VTPM-enabled logical partitions (LPAR ) for each physical system by using the Hardware Management Console (HMC ). When configured, the VTPM is unique to each LPAR . When used with the AIX® Trusted Execution technology, the VTPM provides security and assurance to the following partitions:
  • The boot image on the disk
  • The entire operating system
  • The application layers

An administrator can view trusted and nontrusted systems from a central console that is installed with the openpts verifier that is available on the AIX expansion pack. The openpts console manages one or more Power Systems servers, and monitors or attests the trusted state of AIX Profile Manager systems throughout the data center. Attestation is the process where the verifier determines (or attests) if a collector has performed a trusted boot.

Trusted boot status

A partition is said to be trusted if the verifier successfully attests the integrity of the collector. The verifier is the remote partition that determines if a collector has performed a trusted boot. The collector is the AIX partition that has a Virtual Trusted Platform Module (VTPM) attached and the Trusted Software Stack (TSS) installed. It indicates that the measurements that are recorded within the VTPM match a reference set held by the verifier. A trusted boot state indicates whether the partition booted in a trusted manner. This statement is about the integrity of the system boot process and does not indicate the current or ongoing level of the security of the system.

Nontrusted boot status

A partition enters a nontrusted state if the verifier cannot successfully attest the integrity of the boot process. The nontrusted state indicates that some aspect of the boot process is inconsistent with the reference information held by the verifier. The possible causes for a failed attestation include booting from a different boot device, booting a different kernel image, and changing the existing boot image.