Boot Integrity Visibility; Information About Boot Integrity Visibility; Verifying The Software Image And Hardware - Cisco Catalyst 9500 Manual

Boot Integrity Visibility

•
•
•
•
•

Information About Boot Integrity Visibility

Boot Integrity Visibility allows Cisco's platform identity and software integrity information to be visible and
actionable. Platform identity provides the platform's manufacturing installed identity. Software integrity
exposes boot integrity measurements that can be used to assess whether the platform has booted trusted code.
During the boot process, the software creates a checksum record of each stage of the bootloader activities.
You can retrieve this record and compare it with a Cisco-certified record to verify if your software image is
genuine. If the checksum values do not match, you may be running a software image that is either not certified
by Cisco or has been altered by an unauthorized party.

Verifying the Software Image and Hardware

This task describes how to retrieve the checksum record that was created during a switch bootup. Enter the
following commands in privileged EXEC mode.
Note
On executing the following commands, you might see the message % Please Try After Few Seconds displayed
on the CLI. This does not indicate a CLI failure, but indicates setting up of underlying infrastructure required
to get the required output. We recommend waiting for a few minutes and then try the command again.
The messages % Error retrieving SUDI certificate and % Error retrieving integrity data signify a real
CLI failure.
SUMMARY STEPS
1. show platform sudi certificate [sign [nonce nonce]]
Information About Boot Integrity Visibility, on page 43
Verifying the Software Image and Hardware, on page 43
Verifying Platform Identity and Software Integrity, on page 44
Additional References for Boot Integrity Visibility, on page 46
Feature History for Boot Integrity Visibility, on page 46
System Management Configuration Guide, Cisco IOS XE Fuji 16.8.x (Catalyst 9500 Switches)
2
C H A P T E R
43