BIOS security Low and High level classification 7.0.16
The BIOS security level has been updated from levels 0/1/2 to levels Low and High. Level High will correspond to previous behaviors in level 2, and level Low will correspond to behaviors in level 1. A BIOS that still uses levels 0 will now behave like level Low.
This change is supported in models:
-
With only a BIOS level security level switch, and no physical security level switch or display.
-
With a 3 physical security level switch (such as FortiGate 50G, 70G, 90G and 120G and variants).
-
With a 2 physical security level switch.
To summarize, loading firmware images that are dual-signed, single-signed, or unsigned will produce the following outcomes based on the security levels:
|
Use case |
Certificate signed by |
Outcome based on security level |
||
|---|---|---|---|---|
|
Fortinet CA |
Third-party CA |
Level High (Previously Level 2) |
Level Low (Previously Level 0 or 1) |
|
|
GA-Certified (GA firmware, Beta firmware, Top3 final builds) |
Yes |
Yes |
Accept |
Accept |
|
Non-GA certified (Special builds: Top3 and NPI quick builds) |
Yes |
No |
Warning |
Accept |
|
Interim and Dev builds, or unknown build |
No |
Yes or No |
Reject |
Warning |
The following table summarizes the use cases and the potential outcome based on the security level:
| Security Level | Use case | Behavior |
|---|---|---|
| High | Load certified GA image in TFTP in boot menu | FortiGate boots up without warning messages. |
| High | Restore certified GA image in CLI | FortiGate boots up without warning messages. |
| High | Load certified non-GA image in TFTP in boot menu |
FortiGate boots up with a warning message: Warning: Non GA FOS image! |
| High | Restore certified non-GA image in CLI |
FortiGate displays a warning upon upload: Warning: This firmware image is no GA certified! FortiGate boots up with a warning message: Warning: Non GA FOS image! |
| High | Load un-certified interim image in TFTP in boot menu |
The upload is blocked. A warning is displayed: Checking image… This firmware image is not certified! Aborting firmware installation. Please power cycle. System halted. |
| High | Restore un-certified interim image in CLI |
The upload is blocked. A warning is displayed: Image verification failed! … |
| Low | Load certified GA or non-GA image in TFTP in boot menu | FortiGate boots up without warning messages. |
| Low | Restore certified GA or non-GA image in CLI | FortiGate boots up without warning messages. |
| Low | Load un-certified interim image in TFTP in boot menu |
FortiGate outputs a warning message, but the upload is allowed to proceed: Warning: Image decode failed. Try to continue under security level 1… OK This firmware image is not certified! Save as Default firmware/Backup firmware/Run image without saving [D/B/R]? After boot up: System file integrity init check failed! |
| Low | Restore un-certified interim image in CLI |
FortiGate outputs a warning message, but the upload is allowed to proceed: Image verification failed! ... Please continue only if you understand and are willing to accept the risks. Do you want to continue? (y/n) During boot up: Warning: FOS is not authenticated! Continue booting under security level 1... Initializing firewall... After boot up: System file integrity init check failed! |
Whether the FortiGate has a physical switch with 3 levels, 2 levels, or no physical switch at all. They should all produce the same results above, with the understanding that if the BIOS security level is set to 0, that means level Low.
Platforms with old BIOS versions will support security levels 0, 1, and 2, while FortiOS will support levels High and Low. The following table summarizes the potential behavior between FortiOS and the BIOS version:
| BIOS level | FortiOS level | Behavior |
|---|---|---|
| 2 | High | FortiOS and BIOS only accept certified images. Security level check behaviors are the same as BIOS security level High. |
|
0 and 1 |
Low |
FortiOS and BIOS only accept certified images without a warning and un-certified images with a warning. Security level check behaviors are the same as BIOS security level Low. |