Secure Boot of Development Image

This module describes the commands used to boot the development image securely.

For detailed information about booting of the development image securely, see the Secure Boot of Development chapter in the System Security Configuration Guide for Cisco NCS 5500 Series Routers.

platform security development-image disable

To disable the secure booting of the development image on a platform, use the platform security development-image disable command in EXEC mode.

platform security development-image disable

Command Default

None

Command Modes

EXEC mode

Command History

Release

Modification

Release 24.1.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

system

read, write

Examples

The following examples shows how to use the platform security development-image disable command: 

Router# platform security development-image disable 
Fri Jul  7 10:27:24.029 UTC 
Disabling secureboot of development image status: Success

request consent-token accept-response development-image enable

To enter the consent token challenge response that you received from TAC in response to a consent token request, use the request consent-token accept-response development-image enable command in EXEC mode.

request consent-token accept-response development-image enable

Command Default

None

Command Modes

EXEC mode

Command History

Release

Modification

Release 24.1.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

system

read, write

Examples

The following examples shows how to use the request consent-token accept-response development-image enable command: 

Router# request consent-token accept-response development-image enable 

Fri Jul  7 10:22:57.380 UTC 

Please enter challenge response string for node location node0_RP0_CPU0 
rK3rpwAAAQYBAAQAAAQCAgAEAAAAAQMBYkNmeW1UbGl2YlN5V1oySGtja1VkMk1PejNXeFkwbXlnNUNKYi8rNk1hbjdhNE5mL2I4ZGQ3aWpObEpmeW16RjEN
CmlPd2hrZEdaSm0vbmhlQ0FTM3JnYS9CYW4rTmJyK3Zxb1pPbHZuZ1BUUEI2UnY3bXMrMitiVEYzekFRUEhZY0cNCmdia2gxTElKWWdIdzd0SnN5MTdDbTBp
TnFPZ0xnQmhKS2trNFVKSisvN1RkU01WdWluN3o5U29FT1RvOGFjc0MNCmNkZDdTS3htQ3JGb1lFRDJpRUprSmhWN3BIK1YzLzJja2FQaXpVdVU3L0dQeEx4
QTF3NzFxL1hpYnZCZlhUZTYNCnhEWEkzNWJtUUNtVzM3TkxFamNROS9vdzQ3V3VmNjRqUGxtWk5VeTdNUENpNW9FZkEyWUpQZTRKZGlKZzlSangNClloVzhZ
Mk51MlUrZjZvdFpsVkp4dEE9PQgDGjCCAxYwggH+oAMCAQICCQD5ZgxU/FHD7DANBgkqhkiG9w0BAQ0FADBBMQ4wDAYDVQQKEwVDaXNjbzEMMAoGA1UECxMD
UkVMMSEwHwYDVQQDExhJT1MtWFIgcnVubmluZyBvbiBuVmlzb3IwHhcNMTUwOTE0MjI1NjE0WhcNMzcxMTEyMjI1NjE0WjA4MQ4wDAYDVQQKDAVDaXNjbzEM
MAoGA1UECwwDREVWMRgwFgYDVQQDDA9OQ1MtNTV4eCBJT1MtWFIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfyRFm9E7/XvyqJs2WnbZHpgk0
4dQ+rLIfPHFrJ5+2yvfsgoeOSmJ1SMEpyNUzBs1/a6wuhLqLAuU+U6Adh7JExao+BYhSLzCSeWxz/oiyL/qvtrOrHVP3zD7NEjy3YzFOmNXf8RySyqVev6/S
nU2ZAzHNBvUnF6mo96c40Gjt8HfBGxYher5GvtlZd/t9Ylvs57xm9ZvojTemU4tEjKCtKUMXwG3aRHy+h9vCukPRKGcX3LY4gHeUkOV0x9t/eMItlah4UuhQ
uhwaxCm887YdFJdbCSiVddP9bubUQMAeptY+Nl+Ru6DDvX1EZlRj9J4Zeai+GmDPniDk5YNGjVfJAgMBAAGjGjAYMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAM
A0GCSqGSIb3DQEBDQUAA4IBAQCU0oTr8UeS4RR0QzuSAGrGkDlYhC625FzCVtJwMCt44laTOMHd/Me3PW61eCnPFlNuO8FkgXAh9hvv3GuMLbZavEp1d8jCui
+5mCC0L2IpYdczhcQon4kTZBLIyXIdP5mnAQW79RlH6NPGJP98nvdgb+epulTpPuZk1OrOqwJ8S5kASzrbdwWw6jLSmGO33MEDGJP5SW/xZMijmYFpY6tG0b9
PZ5VtUTMPiapTLKt95sLg95ggIvQtOHfJnIWlLFVEdblDZkqLiKGOHxOKwzxqOphqvhyFzF15LAhA2Qffz6tHU1dtXuQN+nkQNxL2ayN0hI3ZbjMql1lNV+hZ
xODSCQEAFUGUTFytrSEM2DDbIg4NPwKLhhXRNL44EvE1ai0/1dTpzGPCG+4lRSduYbtOq5ltAghe8SDTOscE8hVd7hskah7YTngaPWYg2eFV+sziGPrdNZ9T3
HC0JUTe3P6ugv8WcZ5zebX+MGF+RuMwnRlAPuMmAchaUrisL4b2ZCQsvSCdOem8esb9aWdShRd2k7ccgh67AVrhrvuKmNrsO0lh+oFYPF2GDbDH9KyyYNxdRG/
WZYgESBwYc+p+5x/mhlkw8FpaX6DtyX43XD5J6xb57V9axsfeGtOD42H13227KGat4u3VufAPJpqLOE+h2UIN85wKnnTB8jQseL+Ggdgcg== 

Successfully Accepted challenge-response for Enable secureboot for development image in  node0_RP0_CPU0

request consent-token generate-challenge development-image enable auth-timeout

To obtain the consent token response string from TAC for the challenge string that is generated on the router, use the request consent-token generate-challenge development-image enable auth-timeout command in EXEC mode.

request consent-token generate-challenge development-image enable auth-timeout timeout

Syntax Description

timeout

Specifies the desired duration for the consent token response waiting time for a consent token request.

The permissible range for this wait time value is 1—10080 seconds. We recommend using a higher timeout value.

Command Default

None

Command Modes

EXEC mode

Command History

Release

Modification

Release 24.1.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

system

read, write

Examples

The following examples shows how to use the request consent-token generate-challenge development-image enable auth-timeout command: 

Router# request consent-token generate-challenge development-image enable auth-timeout 200
Fri Jul  7 10:21:22.131 UTC 

+--------------------------------------+ 

Node location: node0_RP0_CPU0 

+--------------------------------------+ 

Challenge string: 

J0JdAwAAAQYBAAQAAAQCAgAEAAAAAQMACAAAAAAAAAAABAAQiUVqKfM+qMq8YPcGQ2uj5AUABAAAAAAGAAxJT1MtWFItU1ctQ1QHAAxJT1MtW
FItU1ctQ1QIAAtOQ1MtNTUwMS1TRQkAC0ZPQzIxMjBSMjVBCwBAID5SWa8FzpGDFapWZPKHa8ZGFsi6fGStdPh6OLNNT/WfJFHJRYVWPgKe2vP
fniTjwjDLGV2K4UXNi9IhTQFULQwACE5DUy01NXh4DQACAAM=

show platform security boot status

To view the platform security boot status, use the show platform security boot status command in EXEC mode.

show platform security boot status

Command Default

None

Command Modes

EXEC mode

Command History

Release

Modification

Release 24.1.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

system

read, write

Examples

The following examples shows how to use the show platform security boot status command: 

Router# show platform security boot status
Fri Jul  7 10:25:09.344 UTC 
Secure Boot: Enabled by default 
Image type: Production /*When the image type is Production*/
Image type: Production and Developmet /*When the image type is Production and Development*/