CHAPTER 2
Boot Integrity Visibility
• Information About Boot Integrity Visibility, on page 41
• Verifying the Software Image and Hardware, on page 41
• Verifying Platform Identity and Software Integrity, on page 42
• Additional References for Boot Integrity Visibility, on page 45
• Feature History for Boot Integrity Visibility, on page 45
Information About Boot Integrity Visibility
Boot Integrity Visibility allows Cisco's platform identity and software integrity information to be visible and
actionable. Platform identity provides the platform’s manufacturing installed identity. Software integrity
exposes boot integrity measurements that can be used to assess whether the platform has booted trusted code.
During the boot process, the software creates a checksum record of each stage of the bootloader activities.
You can retrieve this record and compare it with a Cisco-certified record to verify if your software image is
genuine. If the checksum values do not match, you may be running a software image that is either not certified
by Cisco or has been altered by an unauthorized party.
Verifying the Software Image and Hardware
This task describes how to retrieve the checksum record that was created during a switch bootup. Enter the
following commands in privileged EXEC mode.
On executing the following commands, you might see the message % Please Try After Few Seconds displayed
on the CLI. This does not indicate a CLI failure, but indicates setting up of underlying infrastructure required
to get the required output. We recommend waiting for a few minutes and then try the command again.
Note
The messages % Error retrieving SUDI certificate and % Error retrieving integrity data signify a real
CLI failure.
System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
41
To Next Page
Loading...
