Verifying Measured Boot

Measured Boot is a mechanism to ensure that the integrity of the firmware and software running on a SLX hardware platform is maintained. This is ensured by the calculating a hash of the values of each stage in the boot process and comparing these values with the values stored on a remote verification server.

About this task

The following commands shows you how to view the various certificates installed in the Trusted Platform Module (TPM) chip on the hardware device.

Procedure

  1. Use the show tpm command.
    SLX# show tpm
    Possible completions:
    ekcert Show Endorsement Key (EK) certificate
    iakcert Show Initial Attestation Key (IAK) certificate
    idevidcert Show Initial Device Identifier (IDevID) certificate
    
    SLX# show tpm ?
    Possible completions:
    ekcert       Show Endorsement Key (EK) certificate
    iakcert      Show Initial Attestation Key (IAK) certificate
    idevidcert   Show Initial Device Identifier (IDevID) certificate
                                
  2. Use the show system command to view the current provisioning state of the TPM chip.
    SLX # show system
    Stack MAC : 40:88:2f:c1:b4:1d
    -- UNIT 0 --
    Unit Name : SLX
    Up Time : up 23 min
    Current Time : 21:32:02 GMT
    SLX-OS Version : 20.3.3
    Jumbo Capable : yes
    Burned In MAC : 40:88:2f:c1:b4:18
    .
    .
    -- Fan Status --
    Fan 1 is Ok, speed is 6400 RPM
    Fan 2 is Ok, speed is 6400 RPM
    Fan 3 is Ok, speed is 6560 RPM
    Fan 4 is Ok, speed is 6400 RPM
    Fan 5 is Ok, speed is 6400 RPM
    Fan 6 is Ok, speed is 6400 RPM
    -- TPM Status --
    TPM Provision status: Provisioned