Differences

This shows you the differences between two versions of the page.

--- aix:aix_trustexec [2022/12/20 15:36]
manu
+++ aix:aix_trustexec [2025/01/16 16:41] (current)
manu
@@ Line 46: / Line 46: @@
 done
 </cli>
+<code>
+•	trustchk -t ALL reports an error message for
+•	/usr/ccs/lib/.recover/libc.a library.
+•
+•	# trustchk -t ALL
+•	trustchk: Verification of attributes failed: hash
+•	Disable access to the file: /usr/ccs/lib/.recover/libc.a?
+•	  (y)es,(n)o,(i)gnore all errors : n
+•	trustchk: Verification of stanza failed:
+•	/usr/ccs/lib/.recover/libc.a
+</code>
+Secure boot: Signature verification failed for /usr/sbin/xntpd
+This issue can be worked around by deleting the erroneous entry from the Trusted Signature Database (TSD) by running:
+trustchk -d /usr/sbin/ntp4/ntpd4
+If you are already hitting this problem, then you need to reduce your Secure Boot policy to allow boot.  Then, delete the TSD entry, set the Secure Boot policy back to a level of 2 or less, and boot one more time.
+https://www.ibm.com/support/pages/aix-security-considerations-enabling-trusted-execution
+https://www.ibm.com/support/pages/node/630713
+AIX and TE (Trusted Execution): an underestimated security feature? part1\\
+https://community.ibm.com/community/user/power/blogs/christian-sonnemans1/2024/02/08/aix-and-te-sec-part1
+AIX and TE (Trusted Execution): an underestimated security feature? Part 2\\
+https://community.ibm.com/community/user/power/blogs/christian-sonnemans1/2024/02/22/aix-and-te-trusted-execution-an-underestimated-sec
+AIX and TE (Trusted Execution): an underestimated security feature? Part 3\\
+https://community.ibm.com/community/user/power/blogs/christian-sonnemans1/2024/03/21/aix-and-te-trusted-execution-an-underestimated-sec
+AIX and TE (Trusted Execution): an underestimated security feature? Part 4\\
+https://community.ibm.com/community/user/power/blogs/christian-sonnemans1/2024/04/15/aix-and-te-trusted-execution-an-underestimated-sec

wiki

User Tools

Site Tools

Differences

Page Tools