Cisco IOS XR System Security Configuration Guide, Release 3.3
Configuring Software Authentication Manager on Cisco IOS XR Software
Downloads: This chapterpdf (PDF - 137.0KB) The complete bookPDF (PDF - 1.83MB) | Feedback

Configuring Software Authentication Manager on Cisco IOS XR Software

Table Of Contents

Configuring Software Authentication Manager on Cisco IOS XR Software


Configuring Software Authentication Manager on Cisco IOS XR Software


Software Authentication Manager (SAM) is a component of the Cisco IOS XR software operating system that ensures that software being installed on the router is safe, and that the software does not run if its integrity has been compromised.

For SAM to verify software during installation, the software to be installed must be in a PIE format. PIEs are digitally signed and SAM verifies the digital signature before allowing bits from that PIE to reside on the router. Each time an installed piece of software is run, SAM ensures that the integrity of the software has not been compromised since it was installed. SAM also verifies that software preinstalled on a flash card has not been tampered with while in transit.

When the initial image or a software package update is loaded on the router, SAM verifies the validity of the image by checking the expiration date of the certificate used to sign the image. If an error message is displayed indicating that your certificate has expired, check the system clock and verify that it is accurate. If the system clock is not set correctly, the system does not function properly. For information on setting the system clock, see the clock set command in the Clock Commands on Cisco IOS XR Software module in the Cisco IOS XR System Management Command Reference.

For information on SAM commands, see the Software Authentication Manager Commands on
Cisco IOS XR Software
module in the Cisco IOS XR System Security Command Reference.