aix:aix_trustexec
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
|
aix:aix_trustexec [2021/01/01 21:21] 127.0.0.1 external edit |
aix:aix_trustexec [2025/01/16 16:41] (current) manu |
||
|---|---|---|---|
| Line 4: | Line 4: | ||
| TE will prevent you from updating your system, then you have to disable it, and enable at the end of upgrade. | TE will prevent you from updating your system, then you have to disable it, and enable at the end of upgrade. | ||
| + | |||
| + | <cli prompt='#'> | ||
| + | [root@aix73]/root# getrunmode | ||
| + | System is currently in OPERATIONAL MODE. | ||
| + | [root@aix73]/root# getsecconf | ||
| + | OPERATIONAL MODE Security Flags | ||
| + | ROOT : ENABLED | ||
| + | TRACEAUTH : DISABLED | ||
| + | </cli> | ||
| ==== List TE status: ==== | ==== List TE status: ==== | ||
| Line 37: | Line 46: | ||
| done | done | ||
| </cli> | </cli> | ||
| + | |||
| + | <code> | ||
| + | • trustchk -t ALL reports an error message for | ||
| + | • /usr/ccs/lib/.recover/libc.a library. | ||
| + | • | ||
| + | • # trustchk -t ALL | ||
| + | • trustchk: Verification of attributes failed: hash | ||
| + | • Disable access to the file: /usr/ccs/lib/.recover/libc.a? | ||
| + | • (y)es,(n)o,(i)gnore all errors : n | ||
| + | • trustchk: Verification of stanza failed: | ||
| + | • /usr/ccs/lib/.recover/libc.a | ||
| + | </code> | ||
| + | |||
| + | |||
| + | Secure boot: Signature verification failed for /usr/sbin/xntpd | ||
| + | |||
| + | This issue can be worked around by deleting the erroneous entry from the Trusted Signature Database (TSD) by running: | ||
| + | |||
| + | trustchk -d /usr/sbin/ntp4/ntpd4 | ||
| + | |||
| + | If you are already hitting this problem, then you need to reduce your Secure Boot policy to allow boot. Then, delete the TSD entry, set the Secure Boot policy back to a level of 2 or less, and boot one more time. | ||
| + | |||
| + | |||
| + | |||
| + | https://www.ibm.com/support/pages/aix-security-considerations-enabling-trusted-execution | ||
| + | |||
| + | https://www.ibm.com/support/pages/node/630713 | ||
| + | |||
| + | |||
| + | |||
| + | AIX and TE (Trusted Execution): an underestimated security feature? part1\\ | ||
| + | https://community.ibm.com/community/user/power/blogs/christian-sonnemans1/2024/02/08/aix-and-te-sec-part1 | ||
| + | |||
| + | AIX and TE (Trusted Execution): an underestimated security feature? Part 2\\ | ||
| + | https://community.ibm.com/community/user/power/blogs/christian-sonnemans1/2024/02/22/aix-and-te-trusted-execution-an-underestimated-sec | ||
| + | |||
| + | AIX and TE (Trusted Execution): an underestimated security feature? Part 3\\ | ||
| + | https://community.ibm.com/community/user/power/blogs/christian-sonnemans1/2024/03/21/aix-and-te-trusted-execution-an-underestimated-sec | ||
| + | |||
| + | AIX and TE (Trusted Execution): an underestimated security feature? Part 4\\ | ||
| + | https://community.ibm.com/community/user/power/blogs/christian-sonnemans1/2024/04/15/aix-and-te-trusted-execution-an-underestimated-sec | ||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
aix/aix_trustexec.1609532518.txt.gz · Last modified: 2021/01/01 21:21 by 127.0.0.1
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
