automatically updated, if applicable). Enter the upgrade r om-monitorcapsule primary switch command
in privileged EXEC mode.
• On the C9500-24Y4C, C9500-32C, C9500-32QC, and C9500-48Y4C models of the series, primary
ROMMON is upgraded automatically. When you upgrade from an existing release on your switch to a
later or newer release for the first time, and there is a new ROMMON version in the new release, the
system automatically upgrades the ROMMON in the primary SPI flash device, based on the hardware
version of the switch when you boot up your switch with the new image for the first time.
• Golden ROMMON can be upgraded using the capsule upgrade. Enter the upgrade rom-monitor capsule
golden switch command in privileged EXEC mode.
The upgrade process varies between standalone and high availability systems and is explained below.
Standalone Systems
For a standalone device, when your upgrade the device in install mode, the primary ROMMON is automatically
upgraded when the device boots. Golden ROMMON can be upgraded using the capsule upgrade.
High Availability and StackWise Virtual Systems
We recommend that you perfom In-Service-Software-Upgrade (ISSU) for devices in a high availability setup.
FPGA upgrades occur as part of ISSU.
If you are performing the upgrade in install mode with reload, do not reload both the supervisors at the same
time. With the standby supervisor in ROMMON state, boot the active supervisor. When ROMMON upgrade
is completed on each supervisor, FPGA and software image is upgraded.
Boot the standby supervisor and allow the standby supervisor to upgrade and reach standby hot state.
Capsule Upgrade
In a capsule upgrade, a secure update capsule is created and signed which is used by the primary ROMMON
after authentication for upgrading the golden ROMMON. The secure update capsule requires a secure flash
certificate. Secure flash certificate is created using the product key and added to the primary ROMMON image
to verify the authenticity of the update capsule. A capsule is now created using the secure flash certificate and
a secure boot 16 MB flash image and signed.
When the device boots, the primary ROMMON triggers the capsule upgrade for the golden ROMMON. To
perform capsule upgrade for the golden ROMMON, use the upgrade rom-monitor capsule golden switch
command in privileged EXEC mode.
The following processes occur in a capsule upgrade:
• The device checks if secure-boot FPGA upgrade is enabled. If not, the process exits.
• The device checks if bootloader protection is enabled. If not, a one-time upgrade of primary ROMMON,
golden ROMMON, and primary FPGA is initiated.
• If bootloader protection is already active, IOS copies the secure update capsule to bootflash and the
device reboots.
• When the device reboots, secure update capsule is picked for performing the upgrade.
System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
268
BIOS Protection
Capsule Upgrade
To Next Page
Loading...
Need help?
General