Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP Install/Upgrade
Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1
Fixed In:
16.1.0, 16.0.1.1, 15.1.2.1, 14.1.4, 13.1.1.2
Opened: Aug 07, 2018 Severity: 2-Critical
Automatic ISO digital signature checking occurs but is not required when FIPS license active. The system logs an error message upon an attempt to install or update the BIG-IP system: failed (Signature file not found - /shared/images/BIGIP-13.1.0.0.0.1868.iso.sig)
Installation does not complete if the .sig file is not present or not valid. Installation failure.
When the FIPS license is active, digital signature checking of the ISO is automatically performed. This requires that both the ISO and the digital signature (.sig) file are uploaded to the system.
To validate the ISO on the BIG-IP system, follow the procedure described in K24341140: Verifying BIG-IP software images using .sig and .pem files :: https://support.f5.com/csp/article/K24341140.
The restriction of requiring automatic signature checking of the ISO is removed. The procedure described in K24341140: Verifying BIG-IP software images using .sig and .pem files :: https://support.f5.com/csp/article/K24341140 to perform the checks on or off the BIG-IP system is still valid, but that checking is optional.