Runtime integrity assurance through the controller is preferred for
verification of files. However, you can also verify files manually by using the
CLI.
To manually verify files, log in to CCO and download the KGVs. You
can manually compare the hashes, which have been dumped through CLI, with the
KGVs.
To display runtime integrity information, use one of the following
commands:
-
show software integrity total - Displays the number of
measurements available in runtime integrity hash digests.
-
show software integrity
index - Displays hash digest entries by specifying the
starting index value.
 Note |
NX-API also supports the
show software integrity command. Therefore, you can write
scripts to verify the hash values received from the switch and the KGVs
downloaded from CCO.
|
Displaying Information About Runtime Integrity Assurance
The following example shows how to display the number of measurements
available in hash digests:
switch# show software integrity total
1092
The following example shows how to display the hash digest entries:
switch# show software integrity index 0
index pcr template-hash template-name al
gorithm:filedata-hash filena
me-hint
--------------------------------------------------------------------------------
-----------------------------------------------------------------------------
reference: 1481115089
1 10 1d8d532d463c9f8c205d0df7787669a85f93e260 ima-ng sh
a1:0000000000000000000000000000000000000000 boot_a
ggregate
2 10 1cb9d1e2795a75857f70d6a23cb77e4843467617 ima-ng sh
a256:850c63f1b32f19b2dcde9fa199a83da920c9e377e1e2dc52a6c7fdd045a21475 /etc/r
c.d/rcS.d/S98admin-login
3 10 95929573f5252fa80ad4bfb3b6dd644c5617d359 ima-ng sh
a256:1c684d45641dd23e1b2a763006030b9be46d8309581876c7a34feee1c87e037c /bin/b
ash