User Security Configuration Guide Cisco IOS XE Release 3S
Image Verification
Downloads: This chapterpdf (PDF - 166.0KB) | Feedback

Image Verification

Table Of Contents

Image Verification

Finding Feature Information

Contents

Restrictions for Image Verification

Information About Image Verification

Benefits of Image Verification

How Image Verification Works

How to Use Image Verification

Globally Verifying the Integrity of an Image

What to Do Next

Verifying the Integrity of an Image That Is About to Be Copied

Verifying the Integrity of an Image That Is About to Be Reloaded

Configuration Examples for Image Verification

Global Image Verification: Example

Image Verification via the copy Command: Example

Image Verification via the reload Command: Example

Verify Command Sample Output: Example

Additional References

Related Documents

Standards

MIBs

RFCs

Technical Assistance

Feature Information for Image Verification


Image Verification


First Published: September 11, 2007
Last Updated: July 31, 2009

The Image Verification feature allows users to automatically verify the integrity of Cisco IOS XE images and provisioning files. Thus, users can be sure that an image or provisioning file is protected from accidental corruption, which can occur at any time during transit, starting from the moment the files are generated by Cisco until they reach the user.

Finding Feature Information

For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "Feature Information for Image Verification" section.

Use Cisco Feature Navigator to find information about platform support and Cisco IOS XE software image support. To access Cisco Feature Navigator, go to http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp. An account on Cisco.com is not required.

Contents

Restrictions for Image Verification

Information About Image Verification

How to Use Image Verification

Configuration Examples for Image Verification

Additional References

Feature Information for Image Verification

Restrictions for Image Verification

Image Verification is applied to and attempted on any file; however, if the file is not an image file or provisioning file, image verification will not occur and you will see the following error, "SIGNATURE-4-NOT_PRESENT."


Note The Image Verification feature can only be used to check the integrity of a Cisco IOS XE software image or provisioning file that is stored on a Cisco IOS XE device. It cannot be used to check the integrity of an image on a remote file system or an image running in memory.


Information About Image Verification


Note Throughout this document, any references to Cisco IOS XE images, also applies to provisioning files.


To use image authentication for your Cisco IOS XE images or provisioning files, you should understand the following concepts:

Benefits of Image Verification

How Image Verification Works

Benefits of Image Verification

The efficiency of Cisco IOS XE routers is improved because the routers can now automatically detect when the integrity of an image or provisioning file is accidentally corrupted as a result of transmission errors or disk corruption.

How Image Verification Works

Because a production image undergoes a sequence of transfers before it is copied into the memory of a router, the integrity of the image is at risk of accidental corruption every time a transfer occurs. When downloading an image from Cisco.com, a user can run a message-digest5 (MD5) hash on the downloaded image and verify that the MD5 digest posted on Cisco.com is the same as the MD5 digest that is computed on the user's server. However, many users choose not to run an MD5 digest because it is 128-bits long and the verification is manual. Image verification allows the user to automatically validate the integrity of all downloaded images, thereby, significantly reducing user interaction.

How to Use Image Verification

This section contains the following procedures:

Globally Verifying the Integrity of an Image

Verifying the Integrity of an Image That Is About to Be Copied

Verifying the Integrity of an Image That Is About to Be Reloaded

Globally Verifying the Integrity of an Image

The file verify auto command enables image verification globally; that is, all images that are to be copied (via the copy command) or reloaded (via the reload command) are automatically verified. Although both the copy and reload commands have a /verify keyword that enables image verification, you must issue the keyword each time you want to copy or reload an image. The file verify auto command enables image verification by default, so you no longer have to specify image verification multiple times.

If you have enabled image verification by default but prefer to disable verification for a specific image copy or reload, the /noverify keyword, along with either the copy or the reload command, will override the file verify auto command.

Use this task to enable automatic image verification.

SUMMARY STEPS

1. enable

2. configure terminal

3. file verify auto

4. exit

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

file verify auto

Example:

Router(config)# file verify auto

Enables automatic image verification.

Step 4 

exit

Example:

Router(config)# exit

Exits global configuration mode.

You must exit global configuration mode if you are going to copy or reload an image.

What to Do Next

After issuing the file verify auto command, you do not have to issue the /verify keyword with the copy or the reload command because each image that is copied or reloaded will be automatically verified.

Verifying the Integrity of an Image That Is About to Be Copied

When issuing the copy command, you can verify the integrity of the copied file by entering the /verify keyword. If the integrity check fails, the copied file will be deleted. If the file that is about to be copied does not have an embedded hash (an old image), you will be prompted whether or not to continue with the copying process. If you choose to continue, the file will be successfully copied; if you choose not to continue, the copied file will be deleted.

Without the /verify keyword, the copy command could copy a file that is not valid. Thus, after the copy command has been successfully executed, you can issue the verify command at any time to check the integrity of the files that are in the storage of the router.

Use this task to verify the integrity of an image before it is copied onto a router.

SUMMARY STEPS

1. enable

2. copy [/erase] [/verify | /noverify] source-url destination-url

3. verify [/md5 [md5-value]] filesystem:[file-url]

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

copy [/erase] [/verify | /noverify] source-url destination-url

Example:

Router# copy /verify tftp://10.1.1.1/username/c7200-js-mz disk0:

Copies any file from a source to a destination.

/verify—Verifies the signature of the destination file. If verification fails, the file will be deleted.

/noverify—Does not verify the signature of the destination file before the image is copied.

Note /noverify is often issued if the file verify auto command is enabled, which automatically verifies the signature of all images that are copied.

Step 3 

verify [/md5 [md5-value]] filesystem:[file-url]

Example:

Router# verify bootflash://c7200-kboot-mz.121-8a.E

(Optional) Verifies the integrity of the images in the router's storage.

Verifying the Integrity of an Image That Is About to Be Reloaded

By issuing the reload command with the /verify keyword, the image that is about to be loaded onto your system will be checked for integrity. If the /verify keyword is specified, image verification will occur before the system initiates the reboot. Thus, if verification fails, the image will not be loaded.


Note Because different platforms obtain the file that is to be loaded in various ways, the file specified in BOOTVAR will be verified. If a file is not specified, the first file on each subsystem will be verified.

On certain platforms, because of variables such as the configuration register, the file that is verified may not be the file that is loaded.


Use this task to verify the integrity of an image before it is reloaded onto a router.

SUMMARY STEPS

1. enable

2. reload [
[
warm] [/verify | /noverify] text |
[
warm] [/verify | /noverify] in [hh:]mm [text] |
[warm] [/verify | /noverify] at hh:mm [month day | day month] [text] |
[
warm] [/verify | /noverify] cancel]

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

reload [[warm] [/verify | /noverify] text | [warm] [/verify | /noverify] in [hh:]mm [text] | [warm] [/verify | /noverify] at hh:mm [month day | day month] [text] |
[
warm] [/verify | /noverify] cancel]

Example:

Router# reload /verify

Reloads the operating system.

/verify—Verifies the signature of the destination file. If verification fails, the file will be deleted.

/noverify—Does not verify the signature of the destination file before the image is reloaded.

Note /noverify is often issued if the file verify auto command is enabled, which automatically verifies the signature of all images that are copied.

Configuration Examples for Image Verification

This section contains the following configuration examples:

Global Image Verification: Example

Image Verification via the copy Command: Example

Image Verification via the reload Command: Example

Verify Command Sample Output: Example

Global Image Verification: Example

The following example shows how to enable automatic image verification. After enabling this command, image verification will automatically occur for all images that are either copied (via the copy command) or reloaded (via the reload command).

Router(config)# file verify auto

Image Verification via the copy Command: Example

The following example shows how to specify image verification before copying an image:

Router# copy /verify tftp://10.1.1.1/jdoe/c7200-js-mz disk0:

Destination filename [c7200-js-mz]? 
Accessing tftp://10.1.1.1/jdoe/c7200-js-mz...
Loading jdoe/c7200-js-mz from 10.1.1.1 (via FastEthernet0/0):!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK - 19879944 bytes]

19879944 bytes copied in 108.632 secs (183003 bytes/sec)
Verifying file integrity of disk0:/c7200-js-mz  
..................................................................................
..................................................................................
..................................................................................
.........................Done!
Embedded Hash 		MD5 :CFA258948C4ECE52085DCF428A426DCD
Computed Hash    			MD5 :CFA258948C4ECE52085DCF428A426DCD
CCO Hash            			MD5 :44A7B9BDDD9638128C35528466318183

Signature Verified

Image Verification via the reload Command: Example

The following example shows how to specify image verification before reloading an image onto the router:

Router# reload /verify

Verifying file integrity of bootflash:c7200-kboot-mz.121-8a.E
%ERROR:Signature not found in file bootflash:c7200-kboot-mz.121-8a.E.
Signature not present. Proceed with verify? [confirm]
Verifying file disk0:c7200-js-mz 
..........................................................................
............................................................Done!
Embedded Hash   		MD5 :CFA258948C4ECE52085DCF428A426DCD
Computed Hash   			MD5 :CFA258948C4ECE52085DCF428A426DCD
CCO Hash        		MD5 :44A7B9BDDD9638128C35528466318183
Signature Verified

Proceed with reload? [confirm]n

Verify Command Sample Output: Example

The following example shows how to specify image verification via the verify command:

Router# verify disk0:c7200-js-mz

%Filesystem does not support verify operations
Verifying file integrity of disk0:c7200-js-mz.......................................
...............................................................................Done!
Embedded Hash   		MD5 :CFA258948C4ECE52085DCF428A426DCD
Computed Hash   			MD5 :CFA258948C4ECE52085DCF428A426DCD
CCO Hash        		MD5 :44A7B9BDDD9638128C35528466318183

Signature Verified

Additional References

The following sections provide references related to the Image Verification feature.

Related Documents

Related Topic
Document Title

Configuration tasks and information for loading, maintaining, and rebooting system images

Cisco ASR 1000 Series Aggregation Services Routers Software Configuration Guide

Additional commands for loading, maintaining, and rebooting system images

Cisco IOS Master Command List, All Releases


Standards

Standard
Title

No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.


MIBs

MIB
MIBs Link

No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature.

To locate and download MIBs for selected platforms, Cisco IOS XE software releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs


RFCs

RFC
Title

No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature.


Technical Assistance

Description
Link

The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

http://www.cisco.com/techsupport


Feature Information for Image Verification

Table 1 lists the release history for this feature.

Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS XE software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp. An account on Cisco.com is not required.


Note Table 1 lists only the Cisco IOS XE software release that introduced support for a given feature in a given Cisco IOS XE software release train. Unless noted otherwise, subsequent releases of that Cisco IOS XE software release train also support that feature.


Table 1 Feature Information for Image Verification 

Feature Name
Releases
Feature Information

Image Verification

Cisco IOS XE Release 2.1

The Image Verification feature allows users to automatically verify the integrity of Cisco IOS XE images.

In Cisco IOS XE Release 2.1, this feature was introduced on the Cisco ASR 1000 Series Aggregation Services Routers.

The following commands were introduced or modified: copy, file verify auto, reload, verify.