Secure Boot is a mechanism to ensure the integrity of firmware and software running on a hardware platform by establishing a chain-of-trust relationship in the boot process. The chain-of-trust is established by cryptographic checks at each stage of the boot process to validate the integrity and authenticity of the next stage before it can execute.
The first link in the chain-of-trust is called the “Hardware Root of Trust” (HWROT), which is always trusted and protected against any alterations once programmed. For this version of Secure Boot, the chain-of-trust is established between HWROT, bootloader(s) (ARM systems)/BIOS (X86 systems). The HWROT comprises hardware components ASP NOR Flash, TPM, the firmware ‘Secondary Program Loader‘ (SPL), and the recovery bootloader.
If the UBOOT image verification fails during boot-up, the switch halts and enters the recovery bootloader.
ExtremeSwitching 5420, 5520, 5720, 7520, and 7720 series switches.
The following two commands show you the Secure Boot status in the Trusted Delivery field:
show switch {detail}
show system