Meraki

Community

What mechanisms does Meraki use to validate firmware integrity when auto updating thru M.Dashboard?

Solved
JFR
Conversationalist
‎Apr 30 2025 7:30 AM
‎Apr 30 2025 7:30 AM

What mechanisms does Meraki use to validate firmware integrity when auto updating thru M.Dashboard?

Edit: Resolved

---

Hello,

As part of NERC CIP-013-2, I need to validate if/how firmware integrity is validated when auto updating thru Meraki Dashboard.

I wasn't able to find a clear answer on this from the Trust Portal, Datasheet, Whitepapers, Google Searches.

 

Thanks,

0 Kudos
1 Accepted Solution
JFR
Conversationalist
‎Apr 30 2025 5:38 PM
‎Apr 30 2025 5:38 PM

The information is here:

Meraki Cloud Architecture - Cisco Meraki Documentation

Hardware and Software Security

Meraki leverages technology such as secure boot, firmware image signing, and hardware trust anchors as part of the Cisco Secure Development lifecycle to maintain hardware and software integrity.

 

And our Cisco Meraki technical reps confirmed that Meraki has secure boot as a standard.

View solution in original post

10 Replies 10
Mloraditch
Kind of a big deal
Kind of a big deal
‎Apr 30 2025 7:48 AM
‎Apr 30 2025 7:48 AM

This may not be public for security reasons. I've never seen any level of detail on the process even close to this. You may need to contact support or possibly your account manager if the info is available under NDA.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to Mloraditch
JFR
Conversationalist
‎Apr 30 2025 8:26 AM
‎Apr 30 2025 8:26 AM

Only need to find black on white that the firmware upgrade process has mechanisms to validate firmware integrity. Otherwise, I need to document how we "verify software integrity and authenticity of all software and patches provided by the vendor". 

I'm expecting this to be built in, but my assumptions won't hold in audit.

0 Kudos
RWelch
Kind of a big deal
Kind of a big deal
‎Apr 30 2025 7:53 AM
‎Apr 30 2025 7:53 AM

This white paper addresses the applicability of the Cisco Grid Security solution in response to NERC CIP mandates.

NERC CIP Compliance White Paper 

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to RWelch
JFR
Conversationalist
‎Apr 30 2025 8:23 AM
‎Apr 30 2025 8:23 AM

I've seen this but it doesn't address the issue.

0 Kudos
alemabrahao
Kind of a big deal
Kind of a big deal
‎Apr 30 2025 9:16 AM
‎Apr 30 2025 9:16 AM

No specific details are publicly available, probably for security reasons, but I believe some general practices are involved, such as:

Firmware updates are usually signed with a digital signature to verify their authenticity and integrity. This ensures that the firmware has not been tampered with and is from a trusted source.

Devices may use secure boot processes that only allow firmware with a valid digital signature to be loaded and executed.

Before applying the firmware update, the system may calculate and verify the hash of the firmware file to ensure that it matches the expected value.

You might want to contact Meraki to see if they have any detailed information or even documentation.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
Main10ence
Meraki Employee
Meraki Employee
‎Apr 30 2025 9:31 AM
‎Apr 30 2025 9:31 AM

@JFR  Hello, 

I agree with @alemabrahao. You may want to speak to your Cisco Meraki rep to see how much "sanitized" information you can get on how Cisco Meraki devices validate and authenticate to the cloud for firmware management. 

 

What @alemabrahao described can be considered as general process that is used. 

.ılı.ılı. Cisco Meraki
Network Support Engineer

"The future favors the bold."
0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 30 2025 12:38 PM
‎Apr 30 2025 12:38 PM

https://meraki.cisco.com/trust/

 

JFR
Conversationalist
‎Apr 30 2025 5:38 PM
‎Apr 30 2025 5:38 PM

The information is here:

Meraki Cloud Architecture - Cisco Meraki Documentation

Hardware and Software Security

Meraki leverages technology such as secure boot, firmware image signing, and hardware trust anchors as part of the Cisco Secure Development lifecycle to maintain hardware and software integrity.

 

And our Cisco Meraki technical reps confirmed that Meraki has secure boot as a standard.

In response to JFR
RWelch
Kind of a big deal
Kind of a big deal
‎Apr 30 2025 5:42 PM
‎Apr 30 2025 5:42 PM

You should accept YOUR response as the solution (to help others later down the road).

Nice work!!  👏  👏 👏

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to RWelch
CarolineS
Community Manager
Community Manager
‎Apr 30 2025 8:38 PM
‎Apr 30 2025 8:38 PM

@RWelch I did it for them! Thanks for coming back with the info, @JFR

Caroline S | Community Manager, Cisco Meraki
New to the community? Get started here
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
© 2025 Cisco Systems, Inc.