CHAPTER 12
BIOS Protection
• Introduction to BIOS Protection, on page 267
• ROMMON Upgrade, on page 267
• Feature History for BIOS Protection, on page 269
Introduction to BIOS Protection
BIOS protection feature enables write-protection and secure upgrade of the golden ROMMON image.
ROMMON is a bootstrap program that initializes the hardware and boots the Cisco IOS XE software image
when you power on or restart the device. ROMMON upgrades can be required to resolve firmware defects
or to support new features. Typically, ROM Monitor upgrades are infrequent and not required for every Cisco
IOS XE software upgrade.
Without BIOS protection feature, golden ROMMON may be corrupted by malicious code during software
upgrades.
ROMMON Upgrade
ROMMON images are stored on the SPI flash device as primary ROMMON and golden ROMMON. Primary
ROMMON boots every time the device is powered on or restarted. If the primary ROMMON gets corrupted,
the device uses the golden ROMMON to boot the IOS XE software image. When the device boots from the
primary ROMMON, golden ROMMON is locked. With BIOS protection, golden ROMMON is made
write-protected and cannot be upgraded using the flash utility upgrade mechanism. Access policies are governed
by the FPGA firmware. FPGA blocks the disallowed operations such as write, erase etc on the golden
ROMMON SPI flash device.
Golden ROMMON upgrade is not enabled without secure-boot FPGA upgrade.
Note
• Primary FPGA and golden FPGA (secure-boot FPGA) is automatically upgraded when the device boots.
• On the C9500-12Q, C9500-16X, C9500-24Q, C9500-40X models of the series, you must manually
upgrade the ROMMON in the primary SPI flash device, if a new version is applicable, and the release
you are upgrading from is Cisco IOS XE Gibraltar 16.12.1 or a later release. (So if you upgrade from
Cisco IOS XE Gibraltar 16.11.1 for example, a manual upgrade does not apply; the ROMMON is
System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
267
To Next Page
Loading...
Need help?
General