HP StorageWorks Fabric OS 6.x administrator guide (5697-7344, March 2008)
178 Installing and maintaining firmware
3. Respond to the prompts as follows:
The firmwareDownload command
As mentioned previously, the public key file will need to be packaged, installed, and run on your switch
before downloading a signed firmware.
When firmwareDownload installs a firmware file, it needs to validate the signature of the file. Different
scenarios are handled as follows:
a. If a firmware file does not have a signature, how it is handled depends on the “signed_firmware”
parameter on the switch. If it is enabled, firmwareDownload will fail. Otherwise,
firmwareDownload will display a warning message and proceed normally. So when
downgrading to a non-FIPS compliant firmware, the “signed_firmware” flag needs to be disabled.
b. If the firmware file has a signature but the validation fails, firmwareDownload will fail. This
means the firmware is not from HP or its content has been modified.
c. If the firmware file has a signature and the validation succeeds, firmwareDownload will proceed
normally.
DMM, and Third Party Application images will not be signed.
To configure the switch for signed firmware:
1. Log in to the switch as admin.
2. Type the configure command.
3. Respond to the prompts as follows:
Server Name
or IP Address
Enter the name or IP address of the FTP server, or SSH server for SCP, where
the firmwarekey file is stored; for example, 192.1.2.3.
Download
from USB
Optional: -U (upper case) Specify this option if you want to download from
the USB device attached to the active CP.
Network
protocol
Specify the file transfer protocol used to download the firmware from the file
server. Valid values are FTP and SCP. The Values are not case-sensitive. If
“-p” is not specified, firmwarekeyupdate will determine the protocol
automatically by checking the config.security parameter on the switch.
User name Enter the user name of your account on the server; for example, “JaneDoe”.
File name Specify the fully qualified path name of the firmware directory, for example,
/pub/firmwarekey/pubkey.pem,12345. Absolute path names may be
specified using forward slashes (/).
Password Enter a password. This operand can be omitted if firmware is accessible
through USB or if no password is required by the FTP server. This operand is
required when accessing an SSH server.
System Service Default is no; press Enter to select default setting.
ssl attributes Default is no; press Enter to select default setting.
snmp attributes Default is no; press Enter to select default setting.
rpcd attributes Default is no; press Enter to select default setting.
cfgload
attributes
Select Yes. The following questions are displayed:
Enforce secure config Upload/Download: Select yes
Enforce signed firmware download: Select yes
Webtools
attributes
Default is no; press Enter to select default setting.
System Default is no; press Enter to select default setting.