Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4128F-ON/S4128T-ON
1351135213531354135513561357135813591360
Validate the OS10 kernel, system binaries, and startup configuration file
You can validate the OS10 kernel binary image, system binary files, and startup configuration file at system startup and CLI
execution using the secure-boot verify command in EXEC mode.
OS10# secure-boot verify {kernel | file-system-integrity | startup-config}
Validate and upgrade OS10 image
You can validate and upgrade the OS10 installer image files with digital signatures using the image secure-install
command in EXEC mode.
OS10# image secure-install image-filepath {sha256 signature signature-filepath | gpg
signature signature-filepath | pki signature signature-filepath public-key key-file}
The OS10 image installer verifies the signature of the image files using hash-based authentication, GNU privacy guard (Gn uPG
or GPG)-based signatures, or digital signatures (PKI-signed). Upgraded image files are installed after they are successfully
validated.
NOTE:
When secure boot is enabled and you install an OS10 image upgrade, the image install command is disabled. Use
the image secure-install command instead. For more information, see Install OS10 upgrade.
If secure boot is not enabled, you can validate an OS10 image using PKI after you manually install the image by using the
image verify command. PKI image validation occurs only once during the installation, not during each reload. After
you manually install the image using the image install command, the image is extracted. The original binary image is
not stored in the system.
Validate OS10 image before manual installation from ONIE
When you manually install an OS10 image using ONIE, you can validate the image using hash-based authentication (sha256) or
digital certificates (PKI-signed).
The signature for the OS10 installer image is provided with the downloaded OS10 .tar file. You can extract the OS10 binary file
image from the .tar file and install it from a local server. For more information, see Download OS10 image and Installation using
ONIE.
To validate and install an image using the X.509v3 certificate and OS10 image signature, use the onie-nos-install
command during a manual installation. For more information, see Manual installation; for example:
$ onie-nos-install image_url pki signature_filepath certificate_filepath
Or
$ onie-nos-install image_url sha256 signature_filepath
The OS10 image installer verifies the signature of the image files using hash-based authentication or digital signatures (PKI-
signed). The image files are installed after they are successfully validated.
View certificate information
Use the show secure-boot pki-certificates command in EXEC mode to view the certificate information.
When working with CA certificates, view the certificate information using the show secure-boot pki-certificates
command in EXEC mode.
OS10# show secure-boot pki-certificates
Certificate Key Id : 123
Version Number : 3 (0x2)
Serial Number : 17154672033164819608 (0xee11a353271dfc98)
Signature Algorithm : sha256WithRSAEncryption
Issuer : C=IN, ST=Some-State, L=some-city, O=Internet Widgits Pty Ltd
Validity : Aug 1 11:45:39 2019 GMT - Jul 31 11:45:39 2020 GMT
Certificate Key Id : 124
1354
Security