Manualshelf

Concept Guide

ManualsBrandsDell ManualsAccess PlatformsNetworking S3100 Series
801802803804805806807808809810
verified boot
2 Verify the hash checksum of the current OS image le on the local le system.
EXEC Privilege
verified boot hash system-image {A: | B:} hash-value
You can get the hash value for your hashing algorithm from the Dell EMC iSupport page. You can use the MD5, SHA1, or SHA256 hash
and the Dell EMC Networking OS automatically detects the type of hash.
NOTE: The verified boot hash command is only applicable for OS images in the local le
system.
3 Save the conguration.
EXEC Privilege
copy running-conguration startup-conguration
After enabling and conguring OS image hash verication, the device veries the hash checksum of the OS boot image during every
reload.
DellEMC# verified boot hash system-image A: 619A8C1B7A2BC9692A221E2151B9DA9E
Image Verication for Subsequent OS Upgrades
After enabling OS image hash verication, for subsequent Dell EMC Networking OS upgrades, you must enter the hash checksum of the
new OS image le. To enter the hash checksum during upgrade, follow these steps:
Use the following command to upgrade the Dell EMC Networking OS and enter the hash value when prompted.
EXEC Privilege
upgrade system
DellEMC# upgrade system tftp://10.16.127.35/FTOS-SE-9.11.0.1 A:
Hash Value: e42e2548783c2d5db239ea2fa9de4232
!!!!!!!!!!!!!!...
Startup Conguration Verication
Dell EMC Networking OS comes with startup conguration verication feature. When enabled, it checks the integrity of the startup
conguration that the system uses while the system reboots and loads only if it is intact.
Important Points to Remember
The startup conguration verication feature is disabled by default on the Dell EMC Networking OS.
The feature is supported for startup conguration les stored in the local system only.
The feature is not supported when the fastboot or the warmboot features are enabled on the system.
If the startup conguration verication fails after a reload, the system does not load your startup conguration.
After enabling the startup conguration verication feature, use the verified boot hash command to verify and store the hash
value. If you don’t store the hash value, you cannot reboot the device until you verify the image hash.
If OS image verication fails, the system does not load your startup conguration and displays an error message until you remove the
verified boot command from the conguration.
Security
807