Secure IOS images and files

You can secure the IOS images and configuration files stored in flash and NVRAM using a feature called Cisco IOS Resilient Configuration. This feature works by making a secure working copy of the IOS image and the startup configuration. These secure files (also known as the primary bootset) cannot be removed by a remote user. Note that this feature can be disabled only through a console session.

To secure the IOS image on your device, use the secure boot-image command:

R1(config)#secure boot-image
%IOS_RESILIENCE-5-IMAGE_RESIL_ACTIVE: Successfully secured running image

To secure the startup-config file, use the secure boot-config command:

R1(config)#secure boot-config
%IOS_RESILIENCE-5-CONFIG_RESIL_ACTIVE: Successfully secured config archive [flash:.runcfg-20150807-151124.ar]

To verify the archive, use the show secure bootset command:

R1#show secure bootset 
IOS resilience router id FTX1111W0QT
 
IOS image resilience version 12.4 activated at 15:11:00 UTC fri aug 7 2015
Secure archive flash:/c1841-advipservicesk9-mz.124-15.T1.bin type is image (elf) []
file size is 33591768 bytes, run size is 33591768 bytes
Runnable image, entry point 0x8000F000, run from ram
 
IOS configuration resilience version 12.4 activated at 15:11:24 UTC fri aug 7 2015
Secure archive flash:/.runcfg-20150807-151124.ar type is config
configuration archive size 714 bytes
Geek University 2022