Secure Boot is a mechanism to ensure the integrity of firmware and software running on a hardware platform by establishing a chain-of-trust relationship in the boot process. The chain-of-trust is established by cryptographic checks at each stage of the boot process to validate the integrity and authenticity of the next stage before it can execute.
The first link in the chain-of-trust is called the “Hardware Root of Trust” (HWROT), which is always trusted and protected against any alterations once programmed. For this version of Secure Boot, the chain-of-trust is established between HWROT, bootloader(s) (ARM systems)/BIOS (X86 systems). The HWROT comprises hardware components ASP NOR Flash, TPM, the firmware ‘Secondary Program Loader‘ (SPL), and the recovery bootloader.
ExtremeSwitching 5520 series switches.
The following commands now show Secure Boot information.
show system
show switch {detail}