Boot Loader Upgrade and Image Verification for the FIPS Mode of Operation
The following table describes upgrade and downgrade scenarios using different images and using the
FIPS mode or non-FIPS mode:
Table 1-6
Upgrade/ Downgrade Scenario
Upgrade from an image that is in
the FIPS mode to a Cisco IOS
Release 15.0(2)SE1 image in the
FIPS mode.
Upgrade from a switch that is in
the non-FIPS mode to a Cisco IOS
Release 15.0(2)SE1 image in the
FIPS mode.
Upgrade to Cisco IOS Release
15.0(2)SE1 in the non-FIPS mode.
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
1-26
Upgrade and Downgrade Scenarios Relating to FIPS Certified Images
Action
Boot with the Cisco IOS Release
15.0(2)SE1 image.
•
Configure the fips authoriza-
tion-key authorization-key global
configuration command.
Reload the switch for the FIPS key
•
to be operational. By default, the
switch automatically boots up;
however, if you have configured it
to boot up manually, you have to
initiate the reboot.
•
After the boot loader is upgraded,
boot with the Cisco IOS Release
15.0(2)SE1 image.
Boot with the Cisco IOS Release
15.0(2)SE1 image.
Chapter 1
Assigning the Switch IP Address and Default Gateway
Status or Result
The boot loader is upgraded.
•
•
The image signature is verified.
•
The following message appears in the boot
sequence: "Image passed digital signature
verification."
If you upload a corrupt or unsigned
Note
image, the following message appears
during boot up: "Image verification
failed."
•
The boot loader is upgraded.
The image signature is verified.
•
If you upload a corrupt or unsigned
Note
image, the following message appears
during boot up: "Image verification
failed."
•
The boot loader is not updated.
•
The image signature is not verified.
•
The switch works normally.
OL-25303-03