Concept Guide
NOTE: The verified boot hash command is only applicable for OS images in the local le
system.
3 Save the conguration.
EXEC Privilege
copy running-conguration startup-conguration
After enabling and conguring OS image hash verication, the device veries the hash checksum of the OS boot image during every
reload.
DellEMC# verified boot hash system-image A: 619A8C1B7A2BC9692A221E2151B9DA9E
Image Verication for Subsequent OS Upgrades
After enabling OS image hash verication, for subsequent Dell EMC Networking OS upgrades, you must enter the hash checksum of the
new OS image le. To enter the hash checksum during upgrade, follow these steps:
• Use the following command to upgrade the Dell EMC Networking OS and enter the hash value when prompted.
EXEC Privilege
upgrade system
DellEMC# upgrade system tftp://10.16.127.35/FTOS-SE-9.11.0.1 A:
Hash Value: e42e2548783c2d5db239ea2fa9de4232
!!!!!!!!!!!!!!...
Startup Conguration Verication
Dell EMC Networking OS comes with startup conguration verication feature. When enabled, it checks the integrity of the startup
conguration that the system uses while the system reboots and loads only if it is intact.
Important Points to Remember
• The startup conguration verication feature is disabled by default on the Dell EMC Networking OS.
• The feature is supported for startup conguration les stored in the local system only.
• The feature is not supported when the fastboot or the warmboot features are enabled on the system.
• If the startup conguration verication fails after a reload, the system does not load your startup conguration.
• After enabling the startup conguration verication feature, use the verified boot hash command to verify and store the hash
value. If you don’t store the hash value, you cannot reboot the device until you verify the image hash.
• If OS image verication fails, the system does not load your startup conguration and displays an error message until you remove the
verified boot command from the conguration.
Dell EMC Networking OS Behavior after System Power-Cycle
If the system reboots due reasons such as power-cycle, the current startup conguration may be dierent than the one you veried the
hash using the verified boot hash command. When the system comes up, the system may use the last-veried startup
conguration.
Dell EMC Networking recommends backing up the startup conguration to a safe location after you use the verified boot hash
command. When the startup conguration verication fails, you can restore it from the backup.
Security
209