1. FIPS Compliance Guide
  2. Installing a FIPS Feature Set and Upgrading a FIPS System
  3. Upgrading the Image on a FIPS Enabled System

Upgrading the Image on a FIPS Enabled System

This procedure assumes that the FIPS feature is already installed on the system. If the FIPS feature set on your system expires, you must install a valid FIPS feature. For more information on installing a FIPS feature set, see "Installing a FIPS Feature Set".

The following are required to install the FIPS feature set:
  • SSH File Transfer Protocol (SFTP) client with access to the target Acme Packet platform.
  • SFTP access to the target Acme Packet platform's management IP address.
  • Access to the FIPS software image to which you are upgrading.

Note:

You must follow this procedure on a running device:
  1. Use SFTP to transfer <release>.bz into /boot on the target Acme Packet platform.
  2. Verify the correct image file has been uploaded. The following is an example of how to verify the image: 
    sd225v# check-boot-file /boot/nnECZ750b4.bz
Verifying signature of /boot/<release>.bz
Version: Acme Packet ECZ7.5.0 Beta 4 (WS Build 48) 201705130547
Image integrity verification passed
  3. Replace the boot file with the newly uploaded image. The following is an example of how to replace the boot file: 
    sd225v# set-boot-file /boot/<release>.bz
Verifying signature of /boot/<release>.bz
Version: Acme Packet <release> Beta 4 (WS Build 48) 201705130547
old boot file /boot/bzImage being replaced with /boot/<release>.bz
  4. Execute the reboot force command to reboot the system. 
    sd225v# reboot force
……
Starting sysmand...                                                    
---------------------------------------------------------              
This product contains third-party software provided under              
one or more open source licenses. Type "show about" after              
logging in for full license details.                                   
---------------------------------------------------------              


...
       
                               
Mocana FIPS Power Up Self Test: Started...
Mocana FIPS Power Up Self Test: Finished

FIPS_RSA_Signature_Verify: PASSED!!!
Starting tSecured...
Starting tAuthd...
Starting tCertd...
Starting tIked...
Starting tTscfd...
Starting tAppWeb...
Starting tauditd...
Starting tauditpusher...
Starting tSnmpd...
Starting snmpd...
Start platform alarm...
Starting tIFMIBd...
Initializing /opt/ Cleaner
Starting tLogCleaner task
Bringing up shell...

*************************************************************
*    System is in FIPS 140-2 level-2 compatible mode.      *
*    FIPS: All Power on self test completed successfully.   *
*************************************************************
password secure mode is enabled
Admin Security is disabled
Starting SSH...
SSH_Cli_init: allocated memory for 5 connections

*************************************************************
***    System is in FIPS 140-2 level-2 compatible mode.   ***
*************************************************************
Password: