Secure Software Download

This document describes how to upgrade software from RPD and Cisco cBR by using Secure Software Download feature.

Hardware Compatibility Matrix for Cisco Remote PHY Device


Note

The hardware components introduced in a given Cisco Remote PHY Device Software Release are supported in all subsequent releases unless otherwise specified.

Table 1 Hardware Compatibility Matrix for the Cisco Remote PHY Device

Cisco HFC Plaform

Remote PHY Device

Cisco GS7000 Node

Cisco 1x2 RPD Software 1.1 and Later Releases

Cisco Remote PHY Device 1x2

  • PID—RPD-1X2=

  • RPD-1X2-PKEY=

Intelligent NODE (iNODE)

Cisco 1x2 RPD Software 3.1 and Later Releases

Cisco Remote PHY Device 1x2

  • IRPD-1X2=

  • IRPD-1X2-PKEY=

Note

The -PKEY suffix in the PID indicates units that enable the SCTE-55-2 Out-of-Band protocol support.

Information About Secure Software Download

The secure software download (SSD) feature allows you to authenticate the source of a code file and verify the downloaded code file before using it in your system. The SSD is applicable to Remote PHY (R-PHY) devices installed in unsecure locations.

The Remote PHY architecture allows RPDs to download code. Hence, authenticating the source and checking the integrity of the downloaded code is important.

To authenticate and verify downloading of the code, SSD helps in verifying the manufacturer signature and the operator signature, if any. The manufacturer signature affirms the source and integrity of the code file to the RPD. If an additional signature is available from the operator, the RPD verifies both signatures with a certificate chain before accepting a code file.

Prerequisites for Upgrading Software using SSD

The following prerequisites are applicable to upgrading RPD software using SSD:

  • The R-PHY node supports downloading software initiated through the GCP message sent from Cisco cBR.

  • RPD supports a secure software download initiated using SSH and CLI directly on the RPD.

  • R-PHY uses TFTP or HTTP to access the server to retrieve the software update file.

How to Upgrade Software from RPD and Cisco cBR Using SSD


Note

To know more about the commands referenced in this module, see the Cisco IOS Master Command List.

Initiating RPD Software Upgrade from Cisco cBR

The RPD software upgrade can be initiated from Cisco cBR-8 Router. Use the following commands for initiating the upgrade:
cable rpd {all|oui|slot|RPD IP|RPD MAC} ssd server_IP {
            tftp|http} file_name [c-cvc-c|m-cvc-c] 
                [CVC Chain File Name]

Initiating Software Upgrade from RPD Using SSD

If you want to initiate the software upgrade from RPD, set the SSD parameters on RPD. Use the following commands.

Setting the value for SSD CVC (Manufacturer's and Co-signer Code Validation Certificates) parameter is optional.

Configure the values for the following parameters

  • SSD server IP address

  • Filename

  • Transport method

ssd set server server_IP filename file_name transport {tftp|http}
ssd set cvc {manufacturer|co-signer} cvc_chain_file_name  
ssd control start

Verifying Software Upgrade Using SSD Configuration

To display the RPD SSD status, use the cable rpd [all|oui|slot|RPD IP|RPD MAC] ssd status command as given in the following example. 
Router# cable rpd all ssd status 
RPD-ID         ServerAddress Protocol Status            Filename 
0004.9f00.0591 192.0.2.0     TFTP     ImageDownloading  image/RPD_seres_rpd_20170216_010001.itb.SSA
0004.9f00.0861 192.0.2.2     TFTP     CodeFileVerified  userid/RPD_seres_rpd_20170218_010001.itb.SSA
0004.9f03.0091 192.0.2.1     TFTP     ImageDownloadFail chuangli/openwrt-seres-rpd-rdb.itb.SSA

The available statuses are the following:

  • CVCVerified

  • CVCRejected

  • CodeFileVerified

  • CodeFileRejected

  • ImageDownloading

  • ImageDownloadSucceed

  • ImageDownloadFail

  • MissRootCA

Examples for Upgrading RPD Software Using SSD

This section provides example for the Software Using SSD configuration.

Example: RPD Software Upgrade Using SSD on Cisco cBR

cable rpd 0004.9f00.0861 ssd 20.1.0.33 
  tftp userid/RPD_seres_rpd_20170218_010001.itb.SSA 
rpd 0004.9f00.0861 server:20.1.0.33, proto:TFTP, 
file:userid/RPD_seres_rpd_20170218_010001.itb.SSA

Example: RPD Software Upgrade Using SSD on RPD

RPHY#ssd set server 10.79.41.148 
filename RPD_seres_rpd_20170103_010002.itb.SSA transport tftp 
Router#ssd control start

Feature Information for Secure Software Download

Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http:/​/​www.cisco.com/​go/​cfn. An account on Cisco.com is not required.


Note

The table below lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Table 2 Feature Information for Secure Software Download

Feature Name

Releases

Feature Information

Secure Software Download

Cisco 1x2 RPD Software 1.1

This feature was introduced on the Cisco Remote PHY Device.