Verifying that the destination server supports Trusted Boot

To migrate an AIX® mobile partition that includes the Trusted Boot capability, verify that the destination server supports the Trusted Boot capability by using the Hardware Management Console (HMC).

You must be a super administrator to perform this task.

With HMC Version 7 Release 7.4.0, or later, you can enable the Virtual Trusted Platform Module (VTPM) on an AIX logical partition. A logical partition that is enabled with the VTPM is capable of the Trusted Boot capability. Trusted boot is a capability that is supported on the PowerSC™ Standard Edition. By using the Trusted Boot capability, you can determine whether the logical partition that was last booted can be considered as trusted. During booting of the logical partition that is capable of the Trusted Boot capability, cryptographic hashes of relevant data and of future executable components, such as the AIX boot loader are captured. These cryptographic hashes are securely copied to VTPM-controlled storage. When the logical partition is active, third parties can securely retrieve the hashes by using remote attestation. The hashes can then be examined to determine whether the logical partition has booted in a trusted configuration. To verify that the destination server supports the Trusted Boot capability, complete the following steps:

The HMC Classic interface is not supported in Hardware Management Console (HMC) Version 8.7.0, or later. The functions that were previously available in the HMC Classic interface are now available in the HMC Enhanced+ interface.

When the HMC is at version 8.7.0, or later, complete the following steps to verify that the logical partition supports VTPM:
  1. In the navigation pane, click the Resources icon The icon represents the Resources function of the HMC.
  2. In the work pane, select the system and click Actions > View System Properties. The Properties page is displayed.
  3. Click Advanced. The server supports VTPM if you can view information about VTPM.
  1. In the navigation pane, open Systems Management and click Servers.
  2. Select the destination server in the work pane.
  3. From the Tasks menu, click Properties.
  4. Click the Capabilities tab.
    • If Virtual Trusted Platform Module Capable is True, the destination server supports the Trusted Boot capability.
    • If Virtual Trusted Platform Module Capable is False, the destination server does not support the Trusted Boot capability, and you cannot migrate the mobile partition to the server. To migrate the mobile partition, change the mobile partition configuration so that it is not capable of the Trusted Boot capability.
  5. Click OK.
Parent topic: HMC-managed systems: Preparing the source and destination servers for partition mobility
Related information:
Installing Trusted Boot


Last updated: Tue, March 12, 2019