IOS Image Verification
The Image Verification feature, added in Cisco IOS Software Releases 12.3(4)T, 12.0(26)S, and 12.2(18)S, builds on the MD5 File Validation functionality to more easily allow network administrators to verify the integrity of an image file that is loaded on the Cisco IOS file system of a device.
The purpose of the Image Verification feature is to ensure that corruption of the Cisco IOS software image file has not occurred. The corruption detected by this feature could have occurred at any time; for example, during the download from Cisco.com or the installation process.
Note: The Image Verification feature does not check the integrity of the image running in memory.
Cisco IOS software image file verification using this feature can be accomplished using the following commands:
- file verify auto
- copy [/erase] [/verify | /noverify] source-url destination-url
- reload [warm] [/verify | /noverify] [text | in time [text] | at time [text] | cancel]
Note: Only the file verify auto global configuration command and the verify privileged EXEC command will be covered in this Security Response. For information on the copy /verify and reload /verify commands, please see the section entitled “Image Verification” (available at http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_image_verifctn.html of the “Cisco IOS Security Configuration Guide” (available at http://www.cisco.com/en/US/docs/ios/security/configuration/guide/12_4/sec_12_4_book.html).
Configuring the file verify auto Command
Network administrators can use the file verify auto global configuration command to enable verification of all images that are either copied using the copy privileged EXEC command or loaded using the reload privileged EXEC command. These images are automatically verified for image file integrity.
The following example shows how to configure the file verify auto Cisco IOS feature:
router#configure terminal router(config)#file verify auto router(config)#exit router#
In addition to file verify auto, both the copy and the reload commands have a /verify argument that enables the Image Verification feature to check the integrity of the Cisco IOS image file. This argument must be used each time an image is copied to or reloaded on a Cisco IOS device if the global configuration command file verify auto is not present.
Using the Image Verification Cisco IOS verify Command
Network administrators can also use the verify privileged EXEC command, originally introduced for the “MD5 File Validation” feature and updated by the “Image Verification” feature, to verify the integrity of image files that are stored locally on a device. The following example demonstrates how to use the updated verify command on a Cisco IOS device:
router#verify disk0:c7301-jk9s-mz.124-10.bin Verifying file integrity of disk0:c7301-jk9s-mz.124-10.bin .....<output truncated>.....Done! Embedded Hash MD5 : 0C5BE63C4E339707EFB7881FDE7D5324 Computed Hash MD5 : 0C5BE63C4E339707EFB7881FDE7D5324 CCO Hash MD5 : AD9F9C902FA34B90DE8365C3A5039A5B Signature Verified router#
In the preceding output, three MD5 hash values are displayed by the verify command. Here is an explanation of what each one of those MD5 hash values means:
- Embedded Hash: MD5 hash stored by Cisco in a section of the Cisco IOS image file during the image build process; used to verify section integrity for the Cisco IOS software image file. This MD5 hash value is calculated for certain sections of the Cisco IOS image file.
- Computed Hash: MD5 hash that the “Image Verification” feature calculates for certain sections of the Cisco IOS software image file when the verify command is executed. This value should be the same as the Embedded Hash to verify section integrity of the Cisco IOS image file. If this value is not equal to the Embedded Hash, the Cisco IOS image file may be corrupted or intentionally altered.
- CCO Hash: MD5 hash for the entire Cisco IOS image file. This hash is computed by the verify command and is not stored in the Cisco IOS software image.
