Skip to main content
NetApp Knowledge Base

Will Microsoft 2011 Secure Boot UEFI expiration impact NetApp controllers?

  1. Last updated
  2. Save as PDF
Views:
145
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
core
Last Updated:

Applies to

  • NetApp AFF controllers
  • NetApp FAS controllers
  • ONTAP 9

Answer

NetApp AFF, FAS, and ASA controllers are NOT impacted by the expiration of the Microsoft 2011 Secure Boot UEFI certificates.

  • NetApp ONTAP systems use a proprietary, signed, and validated BIOS and bootloader trust chain, managed by NetApp’s firmware—not by Microsoft’s UEFI CA 2011 or its successors.
  • The BIOS validates the bootloader, which in turn validates the ONTAP image. This process does not depend on Microsoft’s Secure Boot certificate chain used by Windows or general-purpose Linux servers.
  • Any required certificate updates for Secure Boot on NetApp hardware are delivered automatically as part of ONTAP and Service Processor (SP/BMC) firmware updates.
  • There is no action required for NetApp AFF, FAS, or ASA controllers regarding the Microsoft certificate expiration.
NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.