IIRC you also need Virtual Flash on the LPAR – because it is relying on modules not being paged to external disk. The reasonable assumption is it’s much harder to tamper with them inside the machine than on disk.
Cheers, Martin From: IBM Mainframe Discussion List <[email protected]> on behalf of Tom Mathias <[email protected]> Date: Thursday, 3 July 2025 at 11:04 To: [email protected] <[email protected]> Subject: [EXTERNAL] Re: IPL data signing Martin, I fully agree. If you implement Validated Boot, then you really need clear procedures and processes defined. Those need to include what to do (and not do) if a validated boot fails as well as how to set up the validated boot initially and to verify the setup. Validated boot also requires ongoing work because every time you get an update from IBM, you must review the update and take appropriate actions (relative to validated boot, which needs to include testing the new version via validated boot) as required. If you don't already have clear and current procedures and processes, then you should create / update your procedures and processes even if you aren't going to implement Validated Boot. I've seen too many cases where the system wasn't IPLed in a long time and when the crisis did happen, no one had the current information needed to re-activate the LPAR and IPL the Operating System and that turned an outage measured in minutes to one lasting several hours or worse. Tom ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN Unless otherwise stated above: IBM United Kingdom Limited Registered in England and Wales with number 741598 Registered office: Building C, IBM Hursley Office, Hursley Park Road, Winchester, Hampshire SO21 2JN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
