C613-50631-01 Rev A Command Reference for IE340 Series 158
AlliedWare Plus™ Operating System - Version 5.5.3-0.x
FILE AND CONFIGURATION MANAGEMENT COMMANDS
CRYPTO
VERIFY BOOTROM
crypto verify bootrom
Overview Use this command to compare the SHA256 checksum hash value of a bootloader
with its correct checksum. This confirms that the bootloader has not been
corrupted or interfered with.
If the verification fails, contact Allied Telesis customer support.
If the device is in Secure Mode, running crypto verify bootrom also stores the
hash value permanently. When in Secure Mode, we recommend only using this
command in networks with extremely strict security requirements, such as in
FIPS-compliant networks. This is because you can only remove the hash value by
erasing flash memory (for example, by using the erase factory-default command).
If the device is not in Secure Mode, you can use the write command to save the
hash value to the boot configuration file. The device will verify the checksum every
time it boots up and will warn you if it fails the verification.
When not in Secure Mode, you can use the no variant of this command to remove
the bootrom/hash combination from the running configuration.
Syntax
crypto verify bootrom <hash-value>
no crypto verify <filename>
Default No default
Mode Global Configuration
Usage notes All models of a particular series run the same bootloader file and therefore have
the same checksum. For example, all x930 Series switches have the same
boatloader checksum.
Examples To verify the bootrom file, use the commands:
awplus# configure terminal
awplus(config)# crypto verify bootrom
5e80e70b6a2200965abf5f62f72af1bdc1654f3726bdff554afcbd76270c91
Note that the hash in this example is an example only; it is not the hash of the
device’s bootloader.
Related
commands
crypto secure-mode
crypto verify
crypto verify signed
Parameter Description
<hash-value> The known correct checksum of the bootloader. To see the correct
hash value, run the command show hash bootrom straight after
you first boot the device up, or check the Deployment Guide for
the device.
To Next Page
Loading...
Need help?
General
