Secure Software Download
This document describes how to upgrade software from RPD and Cisco cBR by using Secure Software Download feature.
- Hardware Compatibility Matrix for Cisco Remote PHY Device
- Information About Secure Software Download
- How to Upgrade Software from RPD and Cisco cBR Using SSD
- Examples for Upgrading RPD Software Using SSD
- Feature Information for Secure Software Download
Hardware Compatibility Matrix for Cisco Remote PHY Device
Note | The hardware components introduced in a given Cisco Remote PHY Device Software Release are supported in all subsequent releases unless otherwise specified. |
Note | The -PKEY suffix in the PID indicates units that enable the SCTE-55-2 Out-of-Band protocol support. |
Information About Secure Software Download
The secure software download (SSD) feature allows you to authenticate the source of a code file and verify the downloaded code file before using it in your system. The SSD is applicable to Remote PHY (R-PHY) devices installed in unsecure locations.
The Remote PHY architecture allows RPDs to download code. Hence, authenticating the source and checking the integrity of the downloaded code is important.
To authenticate and verify downloading of the code, SSD helps in verifying the manufacturer signature and the operator signature, if any. The manufacturer signature affirms the source and integrity of the code file to the RPD. If an additional signature is available from the operator, the RPD verifies both signatures with a certificate chain before accepting a code file.
Prerequisites for Upgrading Software using SSD
The following prerequisites are applicable to upgrading RPD software using SSD:
-
The R-PHY node supports downloading software initiated through the GCP message sent from Cisco cBR.
-
RPD supports a secure software download initiated using SSH and CLI directly on the RPD.
-
R-PHY uses TFTP or HTTP to access the server to retrieve the software update file.
How to Upgrade Software from RPD and Cisco cBR Using SSD
Note | To know more about the commands referenced in this module, see the Cisco IOS Master Command List. |
- Initiating RPD Software Upgrade from Cisco cBR
- Initiating Software Upgrade from RPD Using SSD
- Verifying Software Upgrade Using SSD Configuration
Initiating RPD Software Upgrade from Cisco cBR
cable rpd {all|oui|slot|RPD IP|RPD MAC} ssd server_IP { tftp|http} file_name [c-cvc-c|m-cvc-c] [CVC Chain File Name]
Initiating Software Upgrade from RPD Using SSD
If you want to initiate the software upgrade from RPD, set the SSD parameters on RPD. Use the following commands.
Setting the value for SSD CVC (Manufacturer's and Co-signer Code Validation Certificates) parameter is optional.
Configure the values for the following parameters
-
SSD server IP address
-
Filename
-
Transport method
ssd set server server_IP filename file_name transport {tftp|http} ssd set cvc {manufacturer|co-signer} cvc_chain_file_name ssd control start
Verifying Software Upgrade Using SSD Configuration
Router# cable rpd all ssd status RPD-ID ServerAddress Protocol Status Filename 0004.9f00.0591 192.0.2.0 TFTP ImageDownloading image/RPD_seres_rpd_20170216_010001.itb.SSA 0004.9f00.0861 192.0.2.2 TFTP CodeFileVerified userid/RPD_seres_rpd_20170218_010001.itb.SSA 0004.9f03.0091 192.0.2.1 TFTP ImageDownloadFail chuangli/openwrt-seres-rpd-rdb.itb.SSA
The available statuses are the following:
-
CVCVerified
-
CVCRejected
-
CodeFileVerified
-
CodeFileRejected
-
ImageDownloading
-
ImageDownloadSucceed
-
ImageDownloadFail
-
MissRootCA
Examples for Upgrading RPD Software Using SSD
This section provides example for the Software Using SSD configuration.
Example: RPD Software Upgrade Using SSD on Cisco cBR
cable rpd 0004.9f00.0861 ssd 20.1.0.33 tftp userid/RPD_seres_rpd_20170218_010001.itb.SSA rpd 0004.9f00.0861 server:20.1.0.33, proto:TFTP, file:userid/RPD_seres_rpd_20170218_010001.itb.SSA
Example: RPD Software Upgrade Using SSD on RPD
RPHY#ssd set server 10.79.41.148 filename RPD_seres_rpd_20170103_010002.itb.SSA transport tftp Router#ssd control start
Feature Information for Secure Software Download
Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Note | The table below lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature. |
Feature Name |
Releases |
Feature Information |
---|---|---|
Secure Software Download |
Cisco 1x2 RPD Software 1.1 |
This feature was introduced on the Cisco Remote PHY Device. |