- Written by Baptiste Covolato
- Posted on April 1, 2026
- Updated on April 1, 2026
- 209 Views
Systems with support for Arista secure boot protect against tampering of the BIOS firmware & Aboot by write-protecting the BIOS SPI flash before EOS is loaded (refer to the “Security model” section in the secure boot TOI for details). While effective at protecting against unauthorized changes made from EOS, such a mechanism has limitations. For example, it is ineffective at protecting against physical reprogramming of the contents of the BIOS SPI flash, tampering through privileged serial console access, undiscovered security vulnerabilities in BIOS upgrade mechanism, etc.
- Written by Baptiste Covolato
- Posted on January 13, 2026
- Updated on January 13, 2026
- 967 Views
Secure boot is a security feature available in Aboot (Arista bootloader) that verifies the cryptographic signature of the EOS SWI (software image) before it is booted. Aboot embeds certificates that allow it to recognize and validate official EOS releases from Arista. If the signature verification is successful, the secure boot check passes and Aboot proceeds to boot the SWI. If the signature verification fails, the boot is aborted.
- Written by Baptiste Covolato
- Posted on June 17, 2019
- Updated on June 27, 2025
- 14184 Views
Secure boot is a security feature available in Aboot (Arista bootloader) that verifies the cryptographic signature of the EOS SWI (software image) before it is booted. Aboot embeds certificates that allow it to recognize and validate official EOS releases from Arista. If the signature verification is successful, the secure boot check passes and Aboot proceeds to boot the SWI. If the signature verification fails, the boot is aborted.
- Written by Baptiste Covolato
- Posted on April 23, 2018
- Updated on May 14, 2018
- 10520 Views
This feature allows the possibility to enable/disable the hardware watchdog. By default the hardware watchdog is