Determining successful preparation
Make sure that the boot media was successfully prepared for secure boot.
Procedure
Use zipl with the --verbose option to determine whether a
Linux boot volume was successfully prepared for secure boot:
$ sudo zipl --verbose --secure=1
...
Secure boot support: yes
...
Adding #1: IPL section 'ubuntu' (default)
initial ramdisk...: /boot/initrd.img
signature for.....: /lib/s390-tools/stage3.bin
kernel image......: /boot/vmlinuz
signature for.....: /boot/vmlinuz
...
Preparing boot device for CCW- and LD-IPL: dasda (1234).
...
Watch for the following output lines:Secure boot support: yes
This line indicates that the environment supports secure boot.
signature for...: <filename>
This line indicates that the listed boot file contains a secure boot signature. For a successful boot, this message must appear twice; once for stage3.bin and once for the Linux kernel, typically named vmlinuz or image.
Preparing boot device for CCW- and LD-IPL
This message occurs only for DASD boot devices and indicates that the DASD was prepared both for traditional CCW boot, and for LD-IPL boot, which is required for secure boot.
Results
IPB received.
IPB sent.
System version 9.
Watchdog enabled.
Running 'ZBootLoader' version '3.1.5' level 'D51C.D51C_328.13'.
OK00000000 Success
For more information about messages on the HMC, see SC28-7046-00: IPL Machine
Loader Messages, available at: https://www.ibm.com/support/pages/sites/default/files/2023-06/SC28-7046-00.pdf