ExtremeXOS Image Integrity Check

If the ExtremeXOS image integrity check feature is enabled, during bootup, the system checks the integrity of the ExtremeXOS image, and notifies you if it has been compromised or not (error is reported in the Syslog).

Configuring ExtremeXOS Image Integrity Check

To enable or disable the ExtremeXOS image integrity check feature, use the following command:

configure switch integrity-check image [on | off]

To view the status and configuration of the ExtremeXOS image integrity check feature, use the following command:

show switch management

This command shows one of the following values:
  • On (Valid)—the feature is enabled, and the check was successful.
  • On (Not Checked)—the feature is enabled, but the image has not been checked. This occurs immediately after enabling the feature, but before rebooting, which will initiate the integrity check.
  • On (Invalid)—the feature is enabled, and the check failed. The ExtremeXOS image is corrupted.
  • On (Failed)—the feature is enabled, and the integrity check failed to run due to failures.
  • Off—the feature is disabled.

ExtremeXOS Image Integrity Check Syslog Messages

If an integrity failure occurs, the following error message is logged:

<ERROR> INTEGRITY: File <file-path> has invalid hash; expected <expected-hash> actual <calculate-hash>.

If all critical files have expected hash values (passed integrity check), the following messages are logged:

<INFO> INTEGRITY: INTEGRITY-CHECK-VALID 
<INFO> INTEGRITY: Image Integrity verification passed (<hash-algorithm>).

If one or more critical files have unexpected hash values (failed integrity check), the following error messages are logged:

<INFO> INTEGRITY: INTEGRITY-CHECK-INVALID
<INFO> INTEGRITY: Image Integrity verification failed (<hash-algorithm>).