HP StorageWorks 8/80 HP StorageWorks Fabric OS 6.1.x administrator guide (5697 - Page 185

The switch manufacturer generates one private and public key pair. These key pairs are stored in the privatekey.pem and pubkey.pem files, respectively. The private key file is used to sign the firmware files. The public key file is packaged in an RPM-package as part of the firmware, and will be downloaded to the switch. After it is downloaded, it can be used to validate the firmware to be downloaded next time. The public key file on the switch contains only one public key. It is only able to validate firmware signed using one corresponding private key. If the private key changes in the future releases, you change the public key on the switch by one of the following method: a. By using firmwareDownload. If the public key file on the switch has not been modified after it is installed, when a new firmware is downloaded, firmwareDownload always replaces the public key file on the switch with what is in the new firmware. This allows you to have planned firmware key changes. b. By using the firmwarekey command. This command retrieves a specified public key file from a specific server location and replaces the one on the switch. c. Refer to the latest Fabric OS release notes for information regarding firmware versions and their corresponding public key files If the public key file has been modified using the firmwarekey command, firmwareDownload will not replace this file in the subsequent downloads because it thinks the change is intentional. The user will need to use the firmwarekey command for subsequent updates of this file. A different firmware key pair will be created for digitally signed firmware releases. The private key file for the digitally signed firmware releases will be used to sign released firmware, and the public key file will be packaged inside these digitally signed firmware releases. NOTE: If FIPS is enabled, all logins should be done through SSH or direct serial and the transfer protocol should be SCP. Updating the firmwarekey To update the firmwarekey: 1. Log in to the switch as admin. 2. Type the firmwarekeyupdate command. 3. Respond to the prompts as follows: Server Name Enter the name or IP address of the FTP server, or SSH server for SCP, where or IP Address the firmwarekey file is stored; for example, 192.1.2.3. Download from USB Optional: -U (upper case) Specify this option if you want to download from the USB device attached to the active CP. Network protocol Specify the file transfer protocol used to download the firmware from the file server. Valid values are FTP and SCP. The Values are not case-sensitive. If "-p" is not specified, firmwarekeyupdate will determine the protocol automatically by checking the config.security parameter on the switch. User name Enter the user name of your account on the server; for example, "JaneDoe". File name Specify the fully qualified path name of the firmware directory, for example, /pub/firmwarekey/pubkey.pem,12345. Absolute path names may be specified using forward slashes (/). Password Enter a password. This operand can be omitted if firmware is accessible through USB or if no password is required by the FTP server. This operand is required when accessing an SSH server. Fabric OS 6.1.x administrator guide 185