From 4a4541066152f6742e7da584d8c00fecf578871c Mon Sep 17 00:00:00 2001 From: Adrian Dudau Date: Thu, 3 Oct 2019 15:55:36 +0200 Subject: GettingStarted: Remove BIOS specific info from SB chapter Change-Id: Id5a5b3f98bbd7a93cb7ce142aaf41f0f4010ab8e Signed-off-by: Adrian Dudau --- .../doc/advanced_configurations.xml | 170 ++++++--------------- 1 file changed, 43 insertions(+), 127 deletions(-) (limited to 'doc/book-enea-nfv-access-getting-started') diff --git a/doc/book-enea-nfv-access-getting-started/doc/advanced_configurations.xml b/doc/book-enea-nfv-access-getting-started/doc/advanced_configurations.xml index 0dbdd84..f048897 100644 --- a/doc/book-enea-nfv-access-getting-started/doc/advanced_configurations.xml +++ b/doc/book-enea-nfv-access-getting-started/doc/advanced_configurations.xml @@ -4,10 +4,11 @@ Advanced Configurations - This chapter describes possible configurations for select advanced features - such as the Hugepage Reservation Service, UEFI Secure Boot and Bare Metal - Provisioning. These features are optional in the Enea NFV Access platform. - If you do not intend to use these features, skip this chapter. + This chapter describes possible configurations for select advanced + features such as the Hugepage Reservation Service, UEFI Secure Boot and Bare + Metal Provisioning. These features are optional in the Enea NFV Access + platform. If you do not intend to use these features, skip this + chapter.
Hugepage Reservation Service @@ -66,8 +67,8 @@ percent_os_alloc: Decides how much memory to try to reserve for userspace applications. The algorithm will try - to reserve at least the value of percent_os_alloc of the total - system memory for userspace applications. + to reserve at least the value of percent_os_alloc + of the total system memory for userspace applications. @@ -117,8 +118,8 @@
Customizing Manual Hugepage Reservation - The automatic algorithm can be disabled and hugepages in turn, configured - manually. To do this, comment the line which defines + The automatic algorithm can be disabled and hugepages in turn, + configured manually. To do this, comment the line which defines hugepage_setup as auto and configure memory for each CPU socket in the following manner: @@ -149,20 +150,20 @@ node0.1048576kB = 3
UEFI Secure Boot - Secure Boot was designed to enhance security in the pre-boot - environment. It prevents malicious software and applications from being - loaded during the system start-up process. + Secure Boot was designed to enhance security in the pre-boot + environment. It prevents malicious software and applications from being + loaded during the system start-up process. - The basic principle of UEFI Secure Boot is that it requires all - artifacts involved in the boot process (bootloaders, kernel, initramfs) - to be signed using a set of private keys. On a Secure Boot enabled uCPE - device these artifacts are checked against a set of public certificates - which correspond to these keys. If there are any mismatches the boot - process will fail at the stage(s) they are detected. + The basic principle of UEFI Secure Boot is that it requires all + artifacts involved in the boot process (bootloaders, kernel, initramfs) to + be signed using a set of private keys. On a Secure Boot enabled uCPE + device these artifacts are checked against a set of public certificates + which correspond to these keys. If there are any mismatches the boot + process will fail at the stage(s) they are detected. - For more information about Secure Boot please refer to Secure - Boot in Modern Computer Security Solutions. + For more information about Secure Boot please refer to Secure + Boot in Modern Computer Security Solutions.
Enabling UEFI Secure Boot @@ -213,101 +214,16 @@ node0.1048576kB = 3 can be found on the EFI partition (usually the first partition of the drive) under /uefi_sb_keys. - How to manually enroll Enea - Certificates - - - - Reboot the uCPE device and press DEL to - enter into BIOS. - - - - Select Secure Boot Mode -> - Custom. - - - - Select Key Management from the - Security menu. - - - - Enroll the Platform Key (PK): - - - Select Set New Key -> - File from a file system. . - - - - Specify the folder: <user-keys>/<uefi_sb_keys>/PK.esl - - - - Select Public Key Certificate and then Ok. - - - - - - Enroll the Key Exchange key (KEK): - - - Select Set New Key -> File from a file system. - - - - Specify the folder: <user-keys>/<uefi_sb_keys>/KEK.esl - - - - Select Public Key Certificate and then Ok. - - - - - - Enroll the Authorized Signature (DB): - - - Select Set New Key -> File from a file system. - - - - Specify the folder: <user-keys>/<uefi_sb_keys>/DB.esl - - - - Select Public Key Certificate and then Ok. - - - - - - - Details on how to provision the certificates may vary with - different versions of UEFI firmware. - + These certificates need to be manually enrolled in BIOS. The + exact details on how to proceed may vary depending the version of the + UEFI firmware.
Enabling Secure Boot in BIOS - Once the certificates are provisioned we can enable the Secure - Boot feature: - - - - Within BIOS, select the Security option from the top - menu. - - - - Set the Boot Menu -> - Enabled. - - + Once the certificates are enrolled, Secure Boot needs to be + enabled in BIOS and the device rebooted.
@@ -315,21 +231,21 @@ node0.1048576kB = 3
Bare Metal Provisioning - Bare Metal Provisioning can be used for automated deployment of - the Enea NFV Access Run Time Platform on a large number of uCPE devices. - The uCPE devices may have no previous operating system installed, or are - reinstalled without preserving any existing data. Enea NFV Access Bare - Metal Provisioning is based on standardized Pre-Boot Execution - environment (PXE) booting. - - The Bare Metal Provisioning process begins by PXE booting an Enea - NFV Access installer initramfs image. The installer - downloads a configuration file, as well as the Enea NFV Access Run Time - Platform image and then proceeds to install the system by dividing the - disk into 2 partitions. A GPT partition containing the GRUB boot loader - and a second partition containing the Enea NFV Access Run Time Platform - root filesystem. When the installation is complete, the uCPE device is - automatically rebooted into Enea NFV Access Run Time Platform. + Bare Metal Provisioning can be used for automated deployment of the + Enea NFV Access Run Time Platform on a large number of uCPE devices. The + uCPE devices may have no previous operating system installed, or are + reinstalled without preserving any existing data. Enea NFV Access Bare + Metal Provisioning is based on standardized Pre-Boot Execution environment + (PXE) booting. + + The Bare Metal Provisioning process begins by PXE booting an Enea + NFV Access installer initramfs image. The installer + downloads a configuration file, as well as the Enea NFV Access Run Time + Platform image and then proceeds to install the system by dividing the + disk into 2 partitions. A GPT partition containing the GRUB boot loader + and a second partition containing the Enea NFV Access Run Time Platform + root filesystem. When the installation is complete, the uCPE device is + automatically rebooted into Enea NFV Access Run Time Platform.
Prerequisites @@ -438,8 +354,8 @@ node0.1048576kB = 3 notify_path. Location where notification - files will be placed, specified in Server IP:directory - format. + files will be placed, specified in Server + IP:directory format. -- cgit v1.2.3-54-g00ecf