Secure Boot
Overview
The Delphix Engine supports UEFI Secure Boot on selected cloud platforms. Secure Boot provides an additional layer of protection by ensuring the system loads only software signed with trusted cryptographic keys. During each reboot, the EFI firmware validates boot-critical binaries against the public keys stored in a secure key store to help ensure the integrity of the boot process.
Benefits
Secure Boot helps prevent unauthorized or malicious software (malware) from running during the boot process. Because the Delphix engine manages sensitive, mission-critical data, Secure Boot helps ensure data integrity and confidentiality across your environments.
Limitations
-
Enabled by default and cannot be disabled.
-
Supported only on newly installed Delphix Engines running version 2025.5.0.* or newer.
-
Not available through upgrade from earlier versions, due to fundamental differences in disk partitioning and boot processes.
Supported platforms
| Cloud platform | Supported versions |
|---|---|
| AWS Secure Boot | 2025.5.0.* and newer |
Migration option
If you are running an earlier release, you can migrate to a Secure Boot-enabled engine by performing a repave:
-
Upgrade your source Delphix engine to version 2025.5.0.0 or newer.
-
Deploy a new Delphix engine at version 2025.5.0.0 (Secure Boot is enabled by default).
-
Follow the Repave procedures to migrate data from the source to the target engine.
After migration, the new Delphix engine enforces Secure Boot on every startup, ensuring only trusted software runs.