Dell CMC, v.3.02, A01

Custom Instructions for firmimg-3.02-A01.cmc:

Download
1. Click the Download Now link to download the file.
2. When the File Download window appears, click Save to save the file to your hard drive.
Custom Instructions for firmimg-3.02-A01.cmc.sign:

Download
1. Click the Download Now link to download the file.
2. When the File Download window appears, click Save to save the file to your hard drive.

Verifying the Digital Signature
A digital signature is used to authenticate the identity of the signer of a file and to certify that the original content of the file has not been modified since it was signed.
If you do not already have it installed on your system, you must install the Gnu Privacy Guard (GPG) to verify the CMC Firmware digital signature. To use the standard verification procedure, perform the following steps:
1. Get the Dell Linux public GnuPG key, if you do not already have it. You can download it by navigating to lists.us.dell.com and clicking the Dell Public GPG key link or right click on the link and select “Save Target as…” This will save the Dell Public GPG key into a file linux-security-publickey.txt.
2. Import the public key to your gpg trust database by running the following command:
gpg --import
NOTE: You must have your private key to complete the process.
3. To avoid a distrusted-key warning, validate the public key by its fingerprint before you use it.
a. Type the following command:
gpg --edit-key 23B66A9D
b. Within the GPG key editor, type fpr. The following message appears:
pub 1024D/23B66A9D 2001-04-16 Dell, Inc. (Product Group)
Primary key fingerprint: 4172 E2CE 955A 1776 A5E6 1BB7 CA77 951D 23B6 6A9D
If the fingerprint of your imported key is the same as the key owner's, you have a correct copy of the key. You can verify the key's owner in person, over the phone, or by any other means that guarantees that you are communicating with the key's true owner.
You must import and validate the public key only once.
4. Obtain the CMC Firmware and its associated signature file from the Dell Support website at support.dell.com/support/downloads.
NOTE: Each CMC Firmware has a separate signature file, which is included in the zip package of the firmware. You need both the CMC Firmware and its associated signature file for verification. By default, the signature file is named the same as the CMC firmware filename with a .sign extension. For example, CMC firmware is named firmimg.cmc, its signature filename is firmimg.cmc.sign. To download the files, right-click on the download link and use the "Save Target As..." file option. Once downloaded extract these files to a known location.
5. Verify the CMC firmware:
NOTE: If you are in the GPG key editor, please make sure to exit from it before running the verify command.
gpg --verify

The following example illustrates the steps that you follow to verify a CMC Firmware package:
1. Download the following two files from support.dell.com:
- firmimg-3.02-A01.cmc.sign
- firmimg-3.02-A01.cmc
Import the public key by running the following command line:
gpg --import
The following output message appears:
gpg: key 23B66A9D: "Dell Computer Corporation (Linux Systems Group) " imported
gpg: Total number processed: 1
gpg: unchanged: 1
If you have already run this once, then the following output message appears.
gpg: key 23B66A9D: "Dell Computer Corporation (Linux Systems Group) " not changed
gpg: Total number processed: 1
gpg: unchanged: 1
3. Validate the Dell public key, if you haven't done so previously, by typing the following command:
gpg --edit-key 23B66A9D
At the command prompt, type the following commands:
fpr

4. Verify the CMC Firmware digital signature by running the following command:
gpg --verify firmimg-3.02-A01.cmc.sign firmimg-3.02-A01.cmc
The following output message appears:
gpg: Signature made [date] using DSA key ID 23B66A9D
gpg: Good signature from "Dell, Inc. (Product