Release notes
ONTAP image validation
Suggest changes
-
PDF of this doc site
-
Cluster administration
-
Volume administration
-
Logical storage management with the CLI
-
-
NAS storage management
-
Configure NFS with the CLI
-
Manage NFS with the CLI
-
Manage SMB with the CLI
-
Manage file access using SMB
-
-
-
Security and data encryption
-
Data protection and disaster recovery
-
Collection of separate PDF docs
Creating your file...
ONTAP provides mechanisms to ensure the ONTAP image is valid at upgrade and at boot time.
Upgrade image validation
Code signing helps verify that ONTAP images installed through nondisruptive image updates or automated nondisruptive image updates, CLIs, or ONTAP APIs are authentically produced by NetApp and have not been tampered with. Upgrade image validation was introduced in ONTAP 9.3.
This feature is a no-touch security enhancement to ONTAP upgrading or reversion. The user is not expected to do anything differently except for optionally verifying the top-level "image.tgz" signature.
Boot-time image validation
Beginning with ONTAP 9.4, Unified Extensible Firmware Interface (UEFI) secure boot is enabled for NetApp AFF A800, AFF A220, FAS2750, and FAS2720 systems and subsequent next-generation systems that employ UEFI BIOS.
During power on, the bootloader validates the whitelist database of secure boot keys with the signature associated with each module that is loaded. After each module is validated and loaded, the boot process continues with the ONTAP initialization. If signature validation fails for any module, the system reboots.
|
These items apply to ONTAP images and the platform BIOS. |