Power-Up Self Tests; Conditional Tests - Brocade Communications Systems 53-1001763-02 Administrator's Manual

D
Zeroization functions
TABLE 102
Keys
FCSP Challenge
Handshake
Authentication Protocol
(CHAP) Secret
Passwords
RADIUS secret
RNG seed key
SSH RSA private key
SSH RSA public key
SSH session key
Third-party keys
TLS authentication key
TLS pre-master secret
TLS private keys
TLS session key

Power-up self tests

The power-up self tests (POST) are invoked by powering on the switch in FIPS mode and do not
require any operator intervention. These power-up self tests perform power-on self-tests. If any
KATs fail, the switch goes into a FIPS Error state which reboots the system to start the tests again. If
the switch continues to fail the FIPS POSTs, you will need to boot into single-user mode and perform
a recovery procedure to reset the switch. For more information on this procedure, refer to the
Fabric OS Troubleshooting and Diagnostics Guide.

Conditional tests

These tests are for the random number generators and are executed to verify the randomness of
the random number generator. The conditional tests are executed each time prior to using the
random number provided by the random number generator.
522
Zeroization behavior (Continued)
Zeroization CLI
secAuthSecret –-remove
value | –-all
passwdDefault
fipscfg –-zeroize
aaaConfig –-remove
No CLI required
sshutil delprivkey
sshutil delpubkeys
No CLI required
secCertUtil delete -fcapall
No CLI required
No CLI required
secCertUtil delkey -all
No CLI required
Description
The secAuthSecret remove value is used to remove
--
the specified keys from the database. When the
secAuthSecret command is used with –-remove –-all
option then the entire key database is deleted.
This will remove user-defined accounts in addition to
default passwords for the root, admin, and user
default accounts. However only root has permissions
for this command. So securityadmin and admin roles
need to use fipsCfg zeroize, which in addition to
–-
removing user accounts and resetting passwords, also
does the complete zerioization of the system.
The aaaConfig remove zeroizes the secret and
--
deletes a configured server.
/dev/urandom is used as the initial source of seed for
RNG. RNG seed key is zeroized on every random
number generation.
Key-based SSH authentication is not used for SSH
sessions.
Key-based SSH authentication is not used for SSH
sessions.
This is generated for each SSH session that is
established to and from the host. It automatically
zeroizes on session termination.
Used to zeroize third-party keys.
Automatically zeroized on session termination.
Automatically zeroized on session termination.
The command secCertUtil delkey -allis used to zeroize
these keys.
Automatically zeroized on session termination.
Fabric OS Administrator's Guide
53-1001763-02