Fabric OS Administrator's Guide v7.0.0 (53-1002148-02, June 2011)

ManualsBrandsHP ManualsSoftwareHP StorageWorks ISL quick loop

241

242

243

244

245

246

247

248

249

250

Fabric OS Administrator’s Guide 205

53-1002148-02

FIPS Support

NOTE

If FIPS is enabled, all logins should be done through SSH or direct serial and the transfer protocol

should be SCP.

Updating the firmware key

1. Log in to the switch as admin.

2. Type the firmwareKeyUpdate command and respond to the prompts.

The firmwareDownload Command

As mentioned previously, the public key file needs to be packaged, installed, and run on your switch

before downloading a signed firmware.

When firmwareDownload installs a firmware file, it needs to validate the signature of the file.

Different scenarios are handled as follows:

• If a firmware file does not have a signature, how it is handled depends on the

“signed_firmware” parameter on the switch. If it is enabled, firmwareDownload fails.

Otherwise, firmwareDownload displays a warning message and proceeds normally. So

when downgrading to a non-FIPS compliant firmware, the “signed_firmware” flag needs to

be disabled.

• If the firmware file has a signature but the validation fails, firmwareDownload fails. This

means the firmware is not from Brocade, or the contents have been modified.

• If the firmware file has a signature and the validation succeeds, firmwareDownload

proceeds normally.

SAS, DMM, and third party application images are not signed.

Configuring the switch for signed firmware

1. Connect to the switch and log in using an account assigned to the admin role.

2. Type the configure command.

3. Respond to the prompts as follows:

System Service Default is no; press Enter to select default setting.

ssl attributes Default is no; press Enter to select default setting.

snmp

attributes

Default is no; press Enter to select default setting.

rpcd attributes Default is no; press Enter to select default setting.

cfgload

attributes

Select Yes. The following questions are displayed:

Enforce secure config Upload/Download: Select yes

Enforce signed firmware download: Select yes

Webtools

attributes

Default is no; press Enter to select default setting.

System Default is no; press Enter to select default setting.