Charles Mills wrote on 7/1/2025 10:23 AM:
On Tue, 1 Jul 2025 12:41:04 +0000, [email protected]
<[email protected]> wrote:
Hi!
Since z/OS V2R5 there exists the possibility of implementing "IPL data
signing". As I understand it, this gives some assurance that critical IBM load
modules were not unauthorizedly modified (after the last time they were digitally signed).
NewEra Software has done a lot of work with "Validated Boot" as it is called.
You might want to speak with them.
From my very peripheral involvement I would say that it looks as complex as
you might expect. A lot of pieces to get right.
Charles
Sounds like an opportunity to lock yourself out of the house.
What is the official position on what to do if IPL fails due to
validated boot?
/Leonard
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
