IBM Support

QRadar Firmware 6.0.0 for xSeries M4 2U Appliances (ISO/IMM remote installs)

Release Notes


Abstract

This firmware update (v6.0.0) provided by IBM updates QRadar® M4 appliances with updates for UEFI, IMM2, RAID controllers, and HDD software fixes and enhancements. This firmware can be used on all QRadar M4 2U form factor appliances, but requires that the administrator configured their integrated management module (IMM).

Content

Important: Select a tab to read each step of the firmware procedure.


The M4 firmware update v6.0.0 is intended to remotely update firmware by using the onboard Integrated Management Module (IMM) on the appliance. Administrators must extract the EXE file and apply the IMM2 update, then the ISO can be mounted to apply the firmware update. Updates to the IMM firmware prevents installation issues when the core firmware update is applied. The installation instructions are on tab named 'Part 2. Installing Firmware Updates'. These instructions guide customers through a remote upgrade of their firmware.
 

Important: If your appliance is in a HA pair, there are configuration steps required to set the status properly for your primary and secondary high-availability appliances. For more information, see: http://www.ibm.com/support/docview.wss?uid=swg27047121#HA .

 

Supported appliances, types, and model information


This firmware update applies to the following IBM Security QRadar M4 (2U form factor) appliances:
Hardware Details Size
Appliance QRadar 1400 Data Node (4380-Q1E)
QRadar Event Processor 1605 (4380-Q1E)
QRadar Flow Processor 1705 (4380-Q1E)
QRadar Event Processor 1628 (4380-Q2E)
QRadar Flow Processor 1728 (4380-Q2E)
QRadar 3105 (All-in-One) (4380-Q1E)
QRadar 3105 (Console) (4380-Q1E)
QRadar 3128 (All-in-One) (4380-Q2E)
QRadar 3128 (Console) (4380-Q2E)
QRadar Log Manager 3105 (All-in-One) (4380-Q1E)
QRadar Log Manager 3105 Console (4380-Q1E)
QRadar Log Manager 3128 (All-in-One) (4380-Q2E)
QRadar Log Manager 3128 (Console) (4380-Q2E)
QRadar Vulnerability Manager (4380-Q1E)
QRadar Risk Manager (4380-Q1E)
IBM Security QRadar Incident Forensics xx28 (4531-G1E)
IBM Security QRadar Packet Capture xx28 (4531-G2E)
IBM Security QRadar Packet Capture Data Node xx28 (4531-G3E)
2U
Server Type x3650 M4 BD 2U
Server Machine Type 5466 2U
Appliance Machine type models (MTM) 4380-Q1E
4380-Q2E
4531-G1E
4531-G2E
4531-G3E
2U
  Table 1: List of appliances that the M4 appliance firmware v6.0.0 can update.
 

Important information and prerequisites in this firmware update

Firmware v6.0.0 includes the following software updates in the Base System Pack and HDD update. Administrators must ensure that their M4 appliance includes the minimum version outlined in the Prerequisite version column. If your M4 appliance does not meet the prerequisite versions outlined in the table 2, the administrator must contact IBM QRadar Support to have a custom upgrade path defined for the M4 appliance.
Component Prerequisite version Firmware version in this update File name 
IMM2 4.35 or later 1aoo88b-7.20 ibm_fw_imm2_1aoo88b-7.20_anyos_noarch.uxz
UEFI/BIOS  None yoe132c-2.50 ibm_fw_uefi_yoe132c-2.50_anyos_32-64.uxz
DSA  None dsyte2z-9.65 ibm_fw_dsa_dsyte2z-9.65_anyos_32-64.uxz
RAID Controller M5110 None 6gb-23.34.0-0023 ibm_fw_sraidmr_6gb-23.34.0-0023_linux_32-64.bin
RAID Controller M5210 None 5200-24.21.0-0097 ibm_fw_sraidmr_5200-24.21.0-0097_linux_32-64.bin
HDD Update  None sas-1.23.02 ibm_fw_hddlenovo_sas-1.23.02_linux_32-64.bin
Emulex None fc_15b-2.02x11-40 elx_fw_fc_15b-2.02x11-40_linux_32-64.bin
Table 2: Firmware updates for the M4 QRadar 2U form factor appliances are noted in this table. 
 
NOTES
  • A number of hard disk drives can be installed in this appliance. The HDD update tool examines the hard disk drives that are present and selects the latest firmware version that is available for your drive.
  • The base system pack might contain other firmware packages that are not present in QRadar appliances. Firmware updates from the base system pack can be listed when the tool compares available firmware to the hardware in the appliance and display a status of "undetected".
  • For general firmware questions and information see our FAQ page at http://ibm.biz/qradarfirmware.
 

 

Security issues resolved in this firmware update

This table defines the software versions contained within the firmware package and the applicable CVEs addressed in this firmware release.

Component File name  CVEs resolved in this package
UEFI/BIOS ibm_fw_uefi_yoe132c-2.50_anyos_32-64 Updated OpenSSL code to address security vulnerabilities identified in CVE-2018-5407.

Updated Intel® Processor Microcode to address security vulnerabilities identified in CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091.

Intel is a registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.
IMM2 ibm_fw_imm2_1aoo88b-7.20_anyos_noarch CVE-2018-0737 and CVE-2019-6157
 
DSA  ibm_fw_dsa_dsyte2z-9.65_anyos_32-64 SECURITY: CVE-2012-2806, CVE-2017-15232, CVE-2018-1152, CVE-2018-11813, CVE-2014-8128, CVE-2015-7554, CVE-2016-10095, CVE-2016-10266, CVE-2016-3632, CVE-2016-5318, CVE-2016-8331, and CVE-2016-9535.
   
SECURITY: CVE-2016-9540, CVE-2017-11613, CVE-2017-5225, CVE-2018-7456, CVE-2018-8905, CVE-2018-12015, CVE-2018-1122, CVE-2018-1123, CVE-2018-1124, CVE-2018-1125, CVE-2018-1126, and CVE-2018-0732.

SECURITY: CVE-2008-1483, CVE-2016-10012, CVE-2016-10708, CVE-2017-15906, CVE-2018-11236, CVE-2018-0737, CVE-2015-8668, CVE-2016-5319, CVE-2017-17942, CVE-2018-10779, CVE-2018-14618, and CVE-2015-9262.

SECURITY: CVE-2015-5180, CVE-2017-15670, CVE-2017-15804, CVE-2018-14598, CVE-2018-14599, CVE-2018-14600, CVE-2018-14621, CVE-2018-14622, CVE-2017-9935, CVE-2018-16335, CVE-2018-17100, and CVE-2018-17101.

SECURITY: CVE-2018-17795, CVE-2018-14665, CVE-2018-15473, CVE-2018-15919, CVE-2018-16840, CVE-2018-16842, CVE-2015-8870, CVE-2016-3619, CVE-2016-3620, CVE-2016-3621, CVE-2016-9273, and CVE-2017-9117.

SECURITY: CVE-2017-9147, CVE-2018-12900, CVE-2018-18661, CVE-2018-16429, CVE-2016-10092, CVE-2016-10093, and CVE-2016-10094.
RAID Controller M5110 ibm_fw_sraidmr_6gb-23.34.0-0023_linux_32-64 None
RAID Controller M5210 ibm_fw_sraidmr_5200-24.21.0-0097_linux_32-64 None
HDD Update  ibm_fw_hddlenovo_sas-1.23.02_linux_32-64 None
Emulex elx_fw_fc_15b-2.02x11-40_linux_32-64.bin None
Other Security Fixes None Additional firmware changes to address security vulnerabilities in open source packages, but for which there is no IMM2 exposure:

CVE-2015-5180, CVE-2018-11236, and CVE-2018-15804.

Table 3: Security issues resolved in the M4 firmware update v6.0.0.

Full Release Notes from Lenovo for M4 V6.0.0 firmware

These attached text files contain the full release notes provided by Lenovo to IBM for resolved issues that administrators can review.
QRadar_M4_2U_MT5466_x3650_6_0_0_1.txt


 

A. Before you begin

  • This installation method uses the hardware's integrated management module (IMM) to remotely update files.
  • Administrators MUST enable IMM.Over.LAN on the xSeries appliance BEFORE the firmware update is applied. For information on how to enable this setting, see: http://www.ibm.com/support/docview.wss?uid=swg21982944 .
  • If your appliances are in a HA pair, you must prepare your high-availability appliances by using the instructions found here: http://www.ibm.com/support/docview.wss?uid=swg27047121#HA .
  • A number of hard disk drives can be installed in this appliance. The HDD update tool examines the hard disk drives that are present and selects the most current firmware level that is available.
  • The base system pack contains other firmware packages that are not in QRadar appliances. Therefore, these packages appear when the tool runs, but have a status of "undetected" and not selected to be updated.
 

B. Downloading and extracting the firmware update

  1. Download the QRadar M4 2U appliance firmware update v6.0.0 from IBM Fix Central:

    http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.3.0&platform=All&function=fixId&fixids=7.3.1-QRADAR-FIRMWARE-M4_2U_ISO-QRadar-QNI-PCAP-QIF-6.0.0&includeSupersedes=0&source=fc.

  2. Copy the M4 appliance firmware EXE to a directory on the Windows host.
     
  3. Double-click the file: Qradar_M4_2U_MT5466_x3650_6_0_0.exe.
     
  4. Select or type a directory path for the M4 firmware update and click Extract.

     
  5. The following files are extracted from the EXE file.
    image-20191101005138-1

 

C. Updating the IMM firmware

  1. Log in to the IMM interface on your QRadar M4 appliance.
     
  2. Select Server Management > Server Firmware from the menu.
  3. Click Update Firmware

     
  4. Click Select File and choose the IMM2 firmware update ibm_fw_imm2_1aoo88b-7.20_anyos_noarch.uxz.
    image-20191101005219-2
     
  5. Click Next to upload and verify the IMM2 firmware file.
    image-20191101005235-3
     
  6.  In the Additional Options, select Action1: Update the primary bank ONLY and click Next.
    Important: To prevent installation issues, administrators much confirm that they select the primary firmware bank during this step. The backup firmware bank is automatically updated and the Action 2 check box should be clear (not selected). Administrators who select both check boxes must reinstall their firmware to ensure the primary bank updates properly.
    image-20191101005633-1
     
  7. Wait for the update the primary firmware banks to complete.

     
  8. Click Restart IMM and clear your browser cache.

    Results
    After the IMM interface reboots, log in to the IMM and continue to the next section to mount the firmware ISO and configure the boot options.

D. Mounting the M4 Firmware ISO

 
  1. Click Remote Control.

     
  2. To start the Remote Control session, select either: Use Active X for Microsoft Internet Explorer or Java for all other browsers, such as Mozilla FireFox or Google Chrome.
     
  3. Click Start Remote Control in Single User Mode.
    NOTE: Administrators should always use single user mode for remote connections for updates.
     
  4. Administrators should leave the Allow others to request my remote session disconnect check box clear. It is not recommended for administrators to allow other users to request the active session during a firmware update.
     
  5. From the menu, select Virtual Media > Activate.

     
  6. From the menu, select Virtual Media > Select Devices to Mount.

     
  7. From the Devices window, click Add Image.

     
  8. Locate the ISO image you wish to use. Click Open.
    image-20191101005346-4
     
  9. Select the CD/DVD QRadar_All_M4 is highlighted and verify that the Mapped check box is selected.

     
  10. Click Mount Selected.

     
  11. Power Up or Reboot the system to start the software installation process.
     
  12. As the appliance is rebooting, press the F12 key to select a boot device.

     
  13. In the Boot Devices Manager menu, use the arrow keys to navigate.
     
  14. Administrators must clear the Legacy Mode check box, then select the CD/DVDM option and press ENTER.

     
  15. The boot screen for the appliance is displayed. The IBM ToolsCenter Welcome page is displayed.

     
  16. When prompted, select the Updates option.

     
  17. Verify that the bootable media shows the correct machine type for the appliance.
    Hardware Details
    Server Type x3650 M4 BD
    Server Machine Type 5466
     
  18. To start the update, select Click here to start update.
    NOTE: Verify that the Updates list contains x3650 M4 BD -- machine type 5466 in the updates list.

     
  19. Select your language and click I accept the terms in the license agreement to continue.

     
  20. The IBM UpdateXpress System Pack Installer compares the current package with the installed firmware.

     
  21. Verify that the check boxes for all Suggested firmware updates are selected before you continue. Some end users have reported issues where uEFI updates were not selected by default and the firmware update needed to be installed a second time.
    image-20190110121249-4
     
  22. IMPORTANT: Some administrators are experiencing an issue where the UEFI firmware generates an error message stating that a required uEFI version 2.01 is not found. The QRadar firmware ships with UEFI v2.x by default. Administrators who experience this message can click OK to ignore this message and continue the firmware update.
    image-20180918121355-3
     
  23. To start applying the updates, click Next on the Update Options page.
    The bootable media creator starts to install firmware on the M4 appliance.
     
  24. Verify that all the firmware updates are applied, and click Next to complete the update.
    image-20190114094217-1
     
  25. After the update is complete, click Save Log to save the installation log to the USB flash drive. This file can be provided to support in case any issues occurred during the update.

     
  26. Select the USB flash drive and click OK.

     
  27. When all updates are complete, click Finish to reboot the appliance.

    Results
    The appliance reboots and starts up normally.
 

Emulex Update Error Messages


This update can generate an Emulex installation error message that can be ignored as not all QRadar M5 or M4 appliances ship with an Emulex card. The firmware update contains software to attempt to update the Emulex drivers; however, not all appliances contain an Emulex device and an installation error can be displayed. If the administrator sees the error Emulex "Install did not succeed", verify if the device is part of the appliance configuration.




 

[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU008","label":"Security"},"Component":"Hardware","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.3.1;7.3;7.2.8;7.2","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
08 June 2020

UID

ibm11102347