Signing byte-encoded TCL script for EEM

Unanswered Question
Joe Clarke Tue, 03/16/2010 - 09:19

Customer-signing of EEM policies is not yet feasible.  Only the Cisco trustpoint is supported, and when that is enabled, unsigned policies cannot run.  More flexible signing support for EEM Tcl policies is coming in a future version of EEM.

Joe Clarke Tue, 03/16/2010 - 09:32

EEM 3.4 should support third party signing of Tcl policies.  As to whether or not byte-code compiled policies will be supported is uncertain.  However, you should be able to sign a byte-code compiled Tcl script (regular Tcl script, and not EEM policy) by putting the signature after the closing tbcload '}'.  I assume the same thing will eventually be doable with EEM.


This Discussion