Secure Boot admin commands

secure-boot

Syntax

secure-boot

Context

admin>system>security

Description

This command enters the context to issue Secure Boot commands on the 7705 SAR.

activate

Syntax

activate [card cpm-slot] serial-number CPM serial number confirmation-code signed software confirmation code

Context

admin>system>security>secure-boot

Description

This command activates Secure Boot to enforce digital signature verification of the software on every boot.

Once Secure Boot is activated on a CSM, the capability is permanently enabled and cannot be disabled.

After executing this command the CSM card is automatically rebooted in order for the change to take effect.

Parameters

cpm-slot: specifies the CSM slot
CPM serial number: specifies the CSM serial number, up to 256 characters
signed software confirmation code: the Secure Boot confirmation code

revoke-key

Syntax

revoke-key card cpm-slot serial-number CPM serial number confirmation-code signed software confirmation code

Context

admin>system>security>secure-boot

Description

This command revokes Secure Boot keys.

Parameters

cpm-slot: specifies the CSM slot
CPM serial number: specifies the CSM serial number, up to 256 characters
signed software confirmation code: the Secure Boot confirmation code

update-key

Syntax

update-key card cpm-slot serial-number cpm serial number confirmation-code signed software confirmation code software-image file-url

Context

admin>system>security>secure-boot

Description

This command updates Secure Boot keys.

Parameters

cpm-slot

specifies the CSM slot

cpm serial number

specifies the CSM serial number, up to 256 characters

signed software confirmation code

the Secure Boot confirmation code

file-url

the URL of the software image

Values


`file-url`:	`local-url` \| `remote-url`
`local-url`:	[`cflash-id`/][`file-path`] 200 chars max, including cflash-id directory length 99 chars max each
`remote-url`:	[{ftp:// \| tftp://}`login:pswd`@`remote- locn`][`file-path`] 255 chars max directory length 99 chars max each
`remote-locn`:	[`hostname` \| `ipv4-address \|ipv6-address`]
`ipv4-address`:	a.b.c.d
`ipv6-address`:	x:x:x:x:x:x:x:x[-`interface`] x:x:x:x:x:x:d.d.d.d[-`interface`] x: [0 to FFFF]H d: [0 to 255]D `interface`: 32 chars max, for link local addresses
`cflash-id`:	(7705 SAR-8 Shelf V2) cf3: \| cf3-A: \| cf3-B: (7705 SAR fixed platforms) cf3: \| cf3-A:

validate

Syntax

validate software-image url

Context

admin>system>security>secure-boot

Description

This command validates the specified software image.

Parameters

url

specifies the URL of the software image to validate

Values


`file-url`:	`local-url` \| `remote-url`
`local-url`:	[`cflash-id`/][`file-path`] 200 chars max, including cflash-id directory length 99 chars max each
`remote-url`:	[{ftp:// \| tftp://}`login:pswd`@`remote- locn`][`file-path`] 255 chars max directory length 99 chars max each
`remote-locn`:	[`hostname` \| `ipv4-address \|ipv6-address`]
`ipv4-address`:	a.b.c.d
`ipv6-address`:	x:x:x:x:x:x:x:x[-`interface`] x:x:x:x:x:x:d.d.d.d[-`interface`] x: [0 to FFFF]H d: [0 to 255]D `interface`: 32 chars max, for link local addresses
`cflash-id`:	(7705 SAR-8 Shelf V2) cf3: \| cf3-A: \| cf3-B: (7705 SAR fixed platforms) cf3: \| cf3-A: