diff options
| author | Shivanand Tendulker <stendulker@gmail.com> | 2015-03-19 09:39:51 -0700 |
|---|---|---|
| committer | Ruby Loo <rloo@yahoo-inc.com> | 2015-03-19 20:26:59 +0000 |
| commit | f1e6bce0b27cc2d6cf27d1200f6072d70dab425f (patch) | |
| tree | 2b0c280db5bc85c46f62dff28df60df632990888 /doc | |
| parent | f0be66f96c3bcf3d852d933cf99f56f1d55cb867 (diff) | |
| download | ironic-f1e6bce0b27cc2d6cf27d1200f6072d70dab425f.tar.gz | |
Changes for secure boot support for iLO drivers
This patch implements common changes to support secure boot for
iLO drivers.
Change-Id: I9b5baf5db0f87c09209cd2f38c1e61ae389363aa
Implements: blueprint uefi-secure-boot
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/source/deploy/install-guide.rst | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/doc/source/deploy/install-guide.rst b/doc/source/deploy/install-guide.rst index 44f8ba28f..ebfa63670 100644 --- a/doc/source/deploy/install-guide.rst +++ b/doc/source/deploy/install-guide.rst @@ -675,6 +675,21 @@ steps on the Ironic conductor node to configure PXE UEFI environment. ironic node-update <node-uuid> add properties/capabilities='boot_mode:uefi' +#. For deploying signed images, update the Ironic node with ``secure_boot`` + capability in node's properties. + field:: + + ironic node-update <node-uuid> add properties/capabilities='secure_boot:true' + +#. Ensure the public key of the signed image is loaded into baremetal to deploy + signed images. + For HP Proliant Gen9 servers, one can enroll public key using iLO System + Utilities UI. Please refer to section ``Accessing Secure Boot options`` in + HP UEFI System Utilities User Guide http://www.hp.com/ctg/Manual/c04398276.pdf. + Also, one can refer to white paper on Secure Boot on Linux for HP Proliant + Servers at http://h20195.www2.hp.com/V2/getpdf.aspx/4AA5-4496ENW.pdf for + more details. + #. Make sure that bare metal node is configured to boot in UEFI boot mode and boot device is set to network/pxe. |