Signed kernel modules for UEFI secure boot
Starting with IBM Storage Scale 5.1.9.0, the secure boot that is defined by the Unified Extensible Firmware Interface (UEFI) is supported. The UEFI secure boot is a verification mechanism that ensures the code that is launched by a computer's firmware can be trusted.
For IBM Storage Scale, using the UEFI secure boot means that the kernel modules are cryptographically signed by IBM so that their integrity can be verified when the system starts.
The signed kernel modules and the public key for verification are provided by IBM at Fix Central.
The correct RPM package with signed kernel modules for your system can be determined from the name of the RPM because the name incorporates the necessary information. For example, if the name of the RPM package is gpfs.gplbin-5.14.0-284.25.1.el9_2.x86_64-5.1.9.0.x86_64.rpm:
- "5.14.0-284.25.1" is the kernel for which the modules in the RPM are built.
- "el9_2.x86_64" stands for RHEL 9.2 on x86_64.
- "5.1.9.0" refers to the IBM Storage Scale release.
The following information of the RPM package must be an exact match with the information of the system where the RPM is to be installed:
- Kernel level
- RHEL operating system level
- Architecture
- All four digits of the IBM Storage Scale release
In IBM Storage Scale 5.1.9, kernel modules for RHEL 9.2 on the x86_64 platform are supported. New signed modules will be available for all succeeding kernel updates and IBM Storage Scale PTFs in these cases:
- If a new IBM Storage Scale package is installed, make sure that you have the matching RPM for the signed kernel modules.
- If the kernel on a node that runs IBM Storage Scale is updated, make sure that you also upgrade the signed kernel modules with a matching version.