1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Switch
  5. Catalyst 9200 Series
  6. Configuration manual

Cisco Catalyst 9200 Configuration Manual page 62

Hide thumbs Also See for Catalyst 9200:
Table of Contents

Advertisement

Boot Integrity Visibility
Verifying Platform Identity and Software Integrity
Verifying Software Integrity
The following example displays the checksum record for the boot stages. The hash measurements
are displayed for each of the three stages of software successively booted. These hashes can be
compared against Cisco-provided reference values. An option to sign the output gives a verifier the
ability to ensure the output is genuine and is not altered. A nonce can be provided to protect against
replay attacks.
Note
Boot integrity hashes are not MD5 hashes. If you run verify /md5 cat9k_iosxe.16.10.01.SPA.bin
command for the bundle file, the hash will not match.
The following is a sample output of the show platform integrity sign nonce 123 command in install
mode. This output includes measurements of each installed package file.
Device# show platform integrity sign nonce 123
Platform: C9200L-24T-4G
Boot 0 Version: SBOOT0.v27
Boot 0 Hash:
EE98DCD0D6AEA85C8891039F649664FCC3CF709CCFC7A6F248C9D5BA8463528F
Boot Loader Version: System Bootstrap, Version 10.2, DEVELOPMENT SOFTWARE
Boot Loader Hash:
9 2 2 0 B 8 7 E 7 A 1 5 3 A 7 9 E B 9 A E 3 7 3 1 1 A 1 F D E 2 3 1 3 C 9 9 9 6 F 2 1 0 3 2 F 8 A 1 E 7 E F 4 9 3 5 D 3 E 7 4 2 7 6 5 7 E 4 C D E E 5 3 7 E 7 B 3 C 5 0 E 8 4 1 2 1 C 0 0 B D 2 D 5 5 6 7 8 6 A 4 E E 1 5 5 D 3 C 0 A F F 6 7 F 6 3 F 1 A 6 9 B
OS Version: 16.10.01
OS Hashes:
cat9k_lite-rpbase.16.10.01.SPA.pkg :
D 0 D 1 5 5 C 1 D E F D B 0 3 E B 0 C 6 4 0 5 7 A D 6 A 9 6 7 3 E 2 1 1 4 F A 7 C C C A A A 7 E D 0 A E 9 3 5 C B 0 B D 8 4 E 0 D 0 D 1 5 5 C 1 D E F B 0 3 E B 0 C 6 4 0 5 7 A D 6 A 9 6 7 3 E 2 1 1 4 F A 7 C C C A A A 7 E D 0 A E 9 3 5 C B 0 B D 8 4 E 0
cat9k_lite-rpboot.16.10.01.SPA.pkg :
A D 6 A 9 6 7 3 E 2 1 1 4 F A 7 C C C A A A 7 E D 0 A E 9 3 5 C B 0 B D 8 4 E 0 D 0 D 1 5 5 C 1 D E F D B 0 3 E B 0 C 6 4 0 5 7 A D 6 A 9 6 7 3 E 2 1 1 4 F A 7 C C C A A A 7 E D 0 A E 9 3 5 C B 0 B D 8 4 E 0 D 0 D 1 5 5 C 1 D E F B 0 3 E B 0 C 6 4 0 5 7
cat9k_lite-srdriver.16.10.01.SPA.pkg :
4 F A 7 C C C A A A 7 E D 0 A E 9 3 5 C B 0 B D 8 4 E 0 D 0 D 1 5 5 C 1 D E F D B 0 3 E B 0 C 6 4 0 5 7 A D 6 A 9 6 7 3 E 2 1 1 4 F A 7 C C C A A A 7 E D 0 A E 9 3 5 C B 0 B D 8 4 E 0 D 0 D 1 5 5 C 1 D E F B 0 3 E B 0 C 6 4 0 5 7 A D 6 A 9 6 7 3 E 2 1 1
cat9k_lite-webui.16.10.01.SPA.pkg :
C C C A A A 7 E D 0 A E 9 3 5 C B 0 B D 8 4 E 0 D 0 D 1 5 5 C 1 D E F D B 0 3 E B 0 C 6 4 0 5 7 A D 6 A 9 6 7 3 E 2 1 1 4 F A 7 C C C A A A 7 E D 0 A E 9 3 5 C B 0 B D 8 4 E 0 D 0 D 1 5 5 C 1 D E F B 0 3 E B 0 C 6 4 0 5 7 A D 6 A 9 6 7 3 E 2 1 1 4 F A 7
cat9k-wlc.16.10.01.SPA.pkg :
A A 7 E D 0 A E 9 3 5 C B 0 B D 8 4 E 0 D 0 D 1 5 5 C 1 D E F D B 0 3 E B 0 C 6 4 0 5 7 A D 6 A 9 6 7 3 E 2 1 1 4 F A 7 C C C A A A 7 E D 0 A E 9 3 5 C B 0 B D 8 4 E 0 D 0 D 1 5 5 C 1 D E F B 0 3 E B 0 C 6 4 0 5 7 A D 6 A 9 6 7 3 E 2 1 1 4 F A 7 C C C A
PCR0: 750E5D2EDAE6E3A68050638E0BFD8619BE4EA13066025D39DF79408719F5177E
PCR8: EB6E739A63F53E703B6CDAF3F6188833CEF6D32E2F726006B9AA34E1E73048C4
Signature version: 1
Signature:
5 A A 4 1 E 6 C 7 2 2 D 8 4 1 D 0 2 F 5 A 7 B 6 D 0 9 6 3 9 5 E 7 8 6 D 6 9 4 9 C F C 9 E C 1 C 4 7 6 F 7 7 6 B C 1 C 5 9 9 C B E F 3 E 6 9 A 9 8 9 1 D C 1 0 0 E A 2 5 6 C E 1 9 B 7 C C A 2 7 7 7 4 A A 7 8 9 4 F 1 A C 1 4 D 1 7 F 6 7 1 7 6 0 2 9 0 2 9 2 2 2 8 2 5 8 6 1 B 6 7 9 4 9 3 A 0 B B 2 0 7 F 6 7 4 6 3 1 7 2 A 0 9 8 9 E 2 C B 3 A 3 D 8 2 9 3 7 9 9 B 2 A 6 A 8 F A 4 7 5 7 E 2 7 7 6 7 A C B F F 9 4 7 D B 8 2 6 D 9 4 A A B 4 7 A C 3 B 6 E B E 6 9 7 F 7 9 A 5 6 B 2 D 0 5 0 1 B F 2 2 C F 7 3 3 1 7 8 7 C 3 C 4 2 F 4 B D C 7 8 8 4 3 D 3 9 4 9 D 1 0 E 7 8 B B B C F 3 9 D D 8 B 4 2 D 9 D 4 B 0 B B B D 8 0 3 3 5 5 F 6 8 6 3 1 5 9 8 9 2 6 5 8 3 3 7 9 9 6 8 5 1 0 B 0 F 8 F A 3 E B F 6 D 0 9 B 3 F C 4 6 D 0 9 E D E 9 C 0 B D 6 A F 9 E 2 4 6 5 8 3 9 9 C 5 4 8 1 8 C E 6 1 C 4 A C 8 5 5 8 0 5 B D C E F F D 7 3 9 0 5 A B 8 1 1 7 4 5 B 4 B 2 0 F 9 B C 0 7 A A 8 D 6 B 2 4 B 3 4 3 5 1 F D F 7 5 1 5 1 C 8 4 9 6 0 9 0 3 8 2 A 9 3 6 C 7 7 B 2 3 D C A F 9 0 D 0 D 5 9 9 6 F 0 A A F C 0 1 9 C 5 3 F 1 2 F 4 E 4 0 2 8 5 D 1 8 2 4
The following is a sample output of the show platform integrity sign nonce 123 command in bundle
mode. This output includes measurements of the bundle file and each installed package.
Device# show platform integrity sign nonce 123
Platform: C9200L-24T-4G
Boot 0 Version: SBOOT0.v27
Boot 0 Hash:
EE98DCD0D6AEA85C8891039F649664FCC3CF709CCFC7A6F248C9D5BA8463528F
Boot Loader Version: System Bootstrap, Version 10.2, DEVELOPMENT SOFTWARE
System Management Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9200 Switches)
48
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Cisco Catalyst 9200

Related Products for Cisco Catalyst 9200

Table of Contents