IIRC you also need Virtual Flash on the LPAR – because it is relying on modules 
not being paged to external disk. The reasonable assumption is it’s much harder 
to tamper with them inside the machine than on disk.

Cheers, Martin

From: IBM Mainframe Discussion List <[email protected]> on behalf of Tom 
Mathias <[email protected]>
Date: Thursday, 3 July 2025 at 11:04
To: [email protected] <[email protected]>
Subject: [EXTERNAL] Re: IPL data signing
Martin,

I fully agree.  If you implement Validated Boot, then you really need clear 
procedures and processes defined.  Those need to include what to do (and not 
do) if a validated boot fails as well as how to set up the validated boot 
initially and to verify the setup.  Validated boot also requires ongoing work 
because every time you get an update from IBM, you must review the update and 
take appropriate actions (relative to validated boot, which needs to include 
testing the new version via validated boot) as required.

If you don't already have clear and current procedures and processes, then you 
should create / update your procedures and processes even if you aren't going 
to implement Validated Boot.  I've seen too many cases where the system wasn't 
IPLed in a long time and when the crisis did happen, no one had the current 
information needed to re-activate the LPAR and IPL the Operating System and 
that turned an outage measured in minutes to one lasting several hours or worse.

Tom

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN

Unless otherwise stated above:

IBM United Kingdom Limited
Registered in England and Wales with number 741598
Registered office: Building C, IBM Hursley Office, Hursley Park Road, 
Winchester, Hampshire SO21 2JN

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN

Reply via email to