Setup Guide
Important Points to Remember
• The OS image verication feature is disabled by default on the Dell EMC Networking OS.
• The OS image verication feature is supported for images stored in the local system only.
• The OS image verication feature is not supported when the fastboot or the warmboot features are enabled on the system.
• If OS image verication fails after a reload, the system does not load the startup conguration. The System displays an appropriate
error message until the no verified boot command is used on the system.
• After you enable The OS image verication feature, the system prompts you to enter The OS image hash when you upgrade the Dell
EMC Networking OS to a later version. The system checks if your hash matches with The OS image hash only after reloading.
• After enabling The OS image verication feature, use the verified boot hash command to verify and store the hash value. If you
don’t store the hash value, you cannot reboot the device until you verify The OS image hash.
Enabling and Conguring OS Image Hash Verication
To enable and congure Dell EMC Networking OS image hash verication, follow these steps:
1 Enable the OS image hash verication feature.
CONFIGURATION mode
verified boot
2 Verify the hash checksum of the current OS image le on the local le system.
EXEC Privilege
verified boot hash system-image {A: | B:} hash-value
You can get the hash value for your hashing algorithm from the Dell EMC iSupport page. You can use the MD5, SHA1, or SHA256 hash
and the Dell EMC Networking OS automatically detects the type of hash.
NOTE
: The verified boot hash command is only applicable for OS images in the local le
system.
3 Save the conguration.
EXEC Privilege
copy running-conguration startup-conguration
After enabling and conguring OS image hash verication, the device veries the hash checksum of the OS boot image during every
reload.
DellEMC# verified boot hash system-image A: 619A8C1B7A2BC9692A221E2151B9DA9E
Image Verication for Subsequent OS Upgrades
After enabling OS image hash verication, for subsequent Dell EMC Networking OS upgrades, you must enter the hash checksum of the
new OS image le. To enter the hash checksum during upgrade, follow these steps:
• Use the following command to upgrade the Dell EMC Networking OS and enter the hash value when prompted.
EXEC Privilege
upgrade system
DellEMC# upgrade system tftp://10.16.127.35/FTOS-SE-9.11.0.1 A:
Hash Value: e42e2548783c2d5db239ea2fa9de4232
!!!!!!!!!!!!!!...
836
Security