set device usb-deployment hmac

Function

The set device usb-deployment hmac command enables hashed message authentication code (HMAC) check for the configuration file used for USB-based deployment.

The undo set device usb-deployment hmac command disables HMAC check for the configuration file used for USB-based deployment.

By default, HMAC check is disabled.

If upgrade files for USB-based deployment include a configuration file, it is recommended that you enable HMAC check to improve security of the configuration file.

Format

set device usb-deployment hmac

undo set device usb-deployment hmac

Parameters

None

Views

System view

Default Level

3: Management level

Usage Guidelines

Prerequisites

Before enabling the HMAC check function, run the set device usb-deployment config-file password command to configure an encryption password for the configuration file used for USB-based deployment.

Applications

If upgrade files for USB-based deployment include a configuration file, you can enable HMAC check to ensure validity of the configuration file to be loaded. After HMAC check is enabled on a device, the device uses the password configured by the set device usb-deployment config-file password command to calculate the HMAC for the configuration file, and compares the calculated value with the HMAC field value in the index file. If the two values are the same, the configuration file is considered valid and loaded to the device. If not, the configuration file is considered invalid and cannot be loaded.

Example

# Enable HMAC check for the configuration file used for USB-based deployment.

<HUAWEI> system-view
[HUAWEI] set device usb-deployment hmac