Secure IOS images and files
You can secure the IOS images and configuration files stored in flash and NVRAM using a feature called Cisco IOS Resilient Configuration. This feature works by making a secure working copy of the IOS image and the startup configuration. These secure files (also known as the primary bootset) cannot be removed by a remote user. Note that this feature can be disabled only through a console session.
To secure the IOS image on your device, use the secure boot-image command:
R1(config)#secure boot-image %IOS_RESILIENCE-5-IMAGE_RESIL_ACTIVE: Successfully secured running image
To secure the startup-config file, use the secure boot-config command:
R1(config)#secure boot-config %IOS_RESILIENCE-5-CONFIG_RESIL_ACTIVE: Successfully secured config archive [flash:.runcfg-20150807-151124.ar]
To verify the archive, use the show secure bootset command:
R1#show secure bootset
IOS resilience router id FTX1111W0QT
IOS image resilience version 12.4 activated at 15:11:00 UTC fri aug 7 2015
Secure archive flash:/c1841-advipservicesk9-mz.124-15.T1.bin type is image (elf) []
file size is 33591768 bytes, run size is 33591768 bytes
Runnable image, entry point 0x8000F000, run from ram
IOS configuration resilience version 12.4 activated at 15:11:24 UTC fri aug 7 2015
Secure archive flash:/.runcfg-20150807-151124.ar type is config
configuration archive size 714 bytes