In cases where the platform is not installed in a physically secure location, the user can encrypt the BOF and the configuration file to halt or hinder interpretation of the file content.
By default, the BOF and configuration files are not encrypted. When encryption is enabled for either file and a change is saved (using the admin save or commit commands), the original file is moved to filename.1 and the encrypted file becomes the new filename.cfg.
When the BOF is encrypted on the compact flash, the BOF interactive menu can be used during node startup to access the file and modify BOF fields. To prevent unauthorized modification of the BOF using the BOF interactive menu, configure a password using the bof>password command. The BOF interactive menu is accessible only when the configured password is entered. If the correct password is not entered in 30 s, the node reboots.
See Configuring BOF encryption for information about configuring BOF encryption. See Configuring the BOF interactive menu password for information about configuring the BOF interactive menu password. See Configuring configuration file encryption for information about configuring the configuration file encryption.