HP AE370A HP StorageWorks Fabric OS 6.2 administrator guide (5697-0016, May 20 - Page 227
FIPS Support
UPC - 882780362611
View all HP AE370A manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 227 highlights
2. Enter the usbStorage -l command: BrcdDCXBB:admin> usbstorage -l firmware\ 381MB 2008 Sep 28 15:33 v6.2.0\ 381MB 2008 Oct 19 10:39 config\ 0B 2008 Sep 28 15:33 support\ 0B 2008 Sep 28 15:33 firmwarekey\ 0B 2008 Sep 28 15:33 Available space on usbstorage 79% Downloading the 6.2.0 image using the relative path 1. Log in to the switch as admin. 2. Enter the firmwareDownload command with the -U operand: admin>firmwaredownload -U v6.2.0 Downloading the 6.2.0 image using the absolute path 1. Log in to the switch as admin. 2. Enter the firmwareDownload command with the -U operand: admin>firmwaredownload -U /usb/usbstorage/brocade/firmware/v6.2.0 FIPS Support Federal information processing standards (FIPS) specify the security standards needed to satisfy a cryptographic module utilized within a security system for protecting sensitive information in the computer and telecommunication systems. For more information about FIPS, see Chapter 4, "Configuring advanced security features" on page 117. The 6.2.0 firmware is digitally signed using the OpenSSL utility to provide FIPS support.To use the digitally signed software, you must configure the switch to enable Signed Firmwaredownload. If it is not enabled, the firmware download process ignores the firmware signature and work as before. If Signed Firmwaredownload is enabled, and if the validation succeeds, the firmware download process proceeds normally. If the firmware is not signed or if the signature validation fails, firmwareDownload fails. To enable or disable FIPS, see Chapter 4, "Configuring advanced security features" on page 117. Public and Private Key Management For signed firmware, HP StorageWorks B-Series products use RSA with 1024-bit length key pairs, a private key and a public key. The private key is used to sign the firmware files when the firmware is generated. The public key is packaged in an RPM-package as part of the firmware, and is downloaded to the switch. After it is downloaded, it can be used to validate the firmware to be downloaded next time when you run firmwaredownload. The public key file on the switch contains only one public key. It is able to validate only firmware signed using one corresponding private key. If the private key changes in future releases, you need to change the public key on the switch by one of the following methods: • By using the firmwareDownload command. When a new firmware is downloaded, firmwareDownload always replaces the public key file on the switch with what is in the new firmware. This allows you to have planned firmware key changes. • By using the firmwareKey command. This command retrieves a specified public key file from a specific server location and replaces the one on the switch. So for easy access, the information regarding firmware versions and their corresponding public key files should be documented in the release notes or stored in a known location in the HP website http://www.hp.com. This command allows the customer to handle unplanned firmware key changes. However, if the public key file has been modified using the firmwarekey command, firmwareDownload will not replace this file in the subsequent downloads because it thinks the change is intentional. You must use the firmwarekey command for subsequent updates of this file. Fabric OS 6.2 administrator guide 225