Dell OME Hash Check

Hi, thanks for choosing Dell. I wonder the file you downloaded was legitimate...Could you double-check?

"What is a hash check?

A cryptographic hash, or checksum, is a digital fingerprint of a piece of data (e.g., a block of text) which can be used to check that you have an unaltered copy of that data."

I'm not asking about a specific file and I don't have an issue with a file not installing. 

I'm looking to find out more information on what OME is doing during the part that can be skipped "Skip Signature and Hash Check".  Does this mean that, without checking the 'skip' box, OME does a Hash check on the firmware/file that it will be installing? If so, is it doing a hash check against what it knows from a catalog file or from it's Update Repository?

Hi,
the function of " signature and hash check " : a hash is used to only verify the message integrity - if a message changes, the hash of a message will change, too. Hashing is not used to authenticate the sender. A digital signature is used to guarantee that a known source generated the message (non-repudiation), and that the message was not altered in transit (integrity). A digital signature typically includes a hash, subsuming hash functionality.

I do understand what a hash & signature do.  I am trying to understand what OME does to hash or validate the firmware before applying the system update. Can you please explain what, if anything, OME does when installing a firmware/system update on a remote server where 'Skip Signature & Hash check' is NOT selected (implying that OME will do a signature/hash check).  

For example, if I apply a firmware to a remote server with bad/corrupt firmware (fails the hash check), will OME stop the install because it did an automatic check during the installation process?

JRut11,

With OpenManage Essentials it will do an MD5 hash check for any updates, and there is a signature aspect to running updates in-band as well. As far as the example, it would NOT apply the firmware.

Let me know if this helps, and clarifies things.

Thanks Chris! That does help clarify things a bit more.  

We currently operate OME in an 'offline' environment and utilize the Dell Firmware Catalog.cab as our file system source (SUU) as our OME server cannot talk to Dell.com/Internet directly. Can you confirm that OME generates the MD5 hash check of your firmware file and compares that value to this Catalog.cab file before applying the update?  

Also, is there Dell documentation that talks about this OME process?  It would be a great help to have, in my case, as we are a compliance driven organization and I would love the evidence to show that OME validates the system update files before installing. 

Thanks Chris 

JRut11,

Unfortunately there wouldn't be any explicit info on security checks for OM Essentials, as the product has been End of Life for 4 years, also it normally isn't provided in detail to avoid giving a blueprint for attackers.