Fabric OS Administrator’s Guide 203
53-1002446-01
FIPS support
9
If FIPS is enabled, all logins should be done through SSH or direct serial and the transfer protocol
should be SCP.
Updating the firmware key
1. Log in to the switch as admin.
2. Type the firmwareKeyUpdate command and respond to the prompts.
The firmwareDownload command
As mentioned previously, the public key file needs to be packaged, installed, and run on your switch
before downloading a signed firmware.
When firmwareDownload installs a firmware file, it needs to validate the signature of the file.
Different scenarios are handled as follows:
• If a firmware file does not have a signature, how it is handled depends on the
“signed_firmware” parameter on the switch. If it is enabled, firmwareDownload fails.
Otherwise, firmwareDownload displays a warning message and proceeds normally. So
when downgrading to a non-FIPS compliant firmware, the “signed_firmware” flag needs to
be disabled.
• If the firmware file has a signature but the validation fails, firmwareDownload fails. This
means the firmware is not from Brocade, or the contents have been modified.
• If the firmware file has a signature and the validation succeeds, firmwareDownload
proceeds normally.
SAS, DMM, and third party application images are not signed.
Configuring the switch for signed firmware
1. Connect to the switch and log in using an account with admin permissions.
2. Type the configure command.
3. Respond to the prompts as follows:
System Service Default is no; press Enter to select default setting.
ssl attributes Default is no; press Enter to select default setting.
snmp
attributes
Default is no; press Enter to select default setting.
rpcd attributes Default is no; press Enter to select default setting.
cfgload
attributes
Select Yes. The following questions are displayed:
Enforce secure config Upload/Download: Select yes
Enforce signed firmware download: Select yes
Webtools
attributes
Default is no; press Enter to select default setting.
System Default is no; press Enter to select default setting.
To Next Page
Loading...
Need help?
General