IBM Support

QRadar: M4 Firmware 7.0.0 for xSeries 2U Appliances (USB local installs)

Release Notes


Abstract

This firmware update (7.0.0) provided by IBM® is the latest firmware for your QRadar® xSeries M4 2U appliances. Firmware fix pack 7.0.0 for QRadar M4 2U appliances include several firmware updates and remediations for reported security issues. These instructions are intended for administrators who are on-premise with the appliance to complete a local firmware update with a USB key.

Content


Important: Select a tab to read each step of the firmware procedure.

Part 1: About the M4 firmware 7.0.0 update

Creating your USB flash drive for the firmware update requires a Windows host and the administrator or USB drive must be on-site with the appliance. The firmware update can take up to 60 minutes complete per appliance and the administrator is required to reboot the appliance after the firmware install completes. Firmware updates are intended to be completed during planned maintenance for your QRadar appliances. If your Data Center does not allow USB keys, instructions and a download are available for administrators who have Integrated Management Module (IMM2) interfaces. For information about other installation options, see: http://ibm.biz/qradarfirmware.
This firmware update applies to the following IBM Security QRadar M4 (2U form factor) appliances, server type, or Machine type models:
Hardware Details Size
Appliance QRadar 1400 Data Node (4380-Q1E)
QRadar Event Processor 1605 (4380-Q1E)
QRadar Flow Processor 1705 (4380-Q1E)
QRadar Event Processor 1628 (4380-Q2E)
QRadar Flow Processor 1728 (4380-Q2E)
QRadar 3105 (All-in-One) (4380-Q1E)
QRadar 3105 (Console) (4380-Q1E)
QRadar 3128 (All-in-One) (4380-Q2E)
QRadar 3128 (Console) (4380-Q2E)
QRadar Log Manager 3105 (All-in-One) (4380-Q1E)
QRadar Log Manager 3105 Console (4380-Q1E)
QRadar Log Manager 3128 (All-in-One) (4380-Q2E)
QRadar Log Manager 3128 (Console) (4380-Q2E)
QRadar Vulnerability Manager (4380-Q1E)
QRadar Risk Manager (4380-Q1E)
IBM Security QRadar Incident Forensics xx28 (4531-G1E)
IBM Security QRadar Packet Capture xx28 (4531-G2E)
IBM Security QRadar Packet Capture Data Node xx28 (4531-G3E)
2U
Server Type x3650 M4 BD 2U
Server Machine Type 5466 2U
Appliance Machine type models (MTM) 4380-Q1E
4380-Q2E
4531-G1E
4531-G2E
4531-G3E
2U
Table 1: List of appliances that the M4 appliance firmware v7.0.0 can update.

Important information and prerequisites in this firmware update

Firmware v7.0.0 includes the following software updates in the Base System Pack and HDD update. Administrators must ensure that their M4 appliance includes the minimum version outlined in the Prerequisite version column. If your M4 appliance does not meet the prerequisite versions outlined in the table 2, the administrator must contact IBM QRadar Support to have a custom upgrade path defined for the M4 appliance.
Component Prerequisite version Firmware version in this update File name 
IMM2 4.35 or later 1aoo90b-7.40 ibm_fw_imm2_1aoo90b-7.40_anyos_noarch.uxz
UEFI/BIOS  None yoe134d-2.60 ibm_fw_uefi_yoe134d-2.60_anyos_32-64.uxz
DSA  None dsyte2z-9.66 ibm_fw_dsa_dsyte2a-9.66_anyos_32-64.uxz
RAID Controller M5110 None 23.34.0-0023 ibm_fw_sraidmr_6gb-23.34.0-0023_linux_32-64.bin
RAID Controller M5210 None 24.21.0-0112 ibm_fw_sraidmr_5200-24.21.0-0112_linux_32-64.bin
HDD Update  None sas-1.23.02 ibm_fw_hddlenovo_sas-1.23.02_linux_32-64.bin
Emulex None 15b-2.02x11-40 elx_fw_fc_15b-2.02x11-40_linux_32-64.bin
Table 2: Firmware updates for the M4 QRadar 2U form factor appliances are noted in this table.

NOTES
  • After the firmware update is installed, the appliance must be restarted. Lenovo recommends that administrators restart appliances, instead of powering down the hardware to avoid a potential high voltage motherboard condition that can occur.
  • Administrators MUST enable IMM.Over.LAN on the xSeries appliance BEFORE the firmware update is applied. For information on how to enable this setting, see: http://www.ibm.com/support/docview.wss?uid=swg21982944 .
  • A number of hard disk drives can be installed in this appliance. The HDD update tool examines the hard disk drives that are present and selects the latest firmware version that is available for your drive.
  • The base system pack might contain other firmware packages that are not present in QRadar appliances. Firmware updates from the base system pack can be listed when the tool compares available firmware to the hardware in the appliance and display a status of "undetected".
  • For general firmware questions and information, see: http://ibm.biz/qradarfirmware.

Security issues resolved in this firmware update

This table defines the software versions contained within the firmware package and the applicable CVEs addressed in this firmware release.

Component File name  CVEs resolved in this package
UEFI/BIOS ibm_fw_uefi_yoe134d-2.60_anyos_32-64.uxz
  • Updated code to address security vulnerability CVE-2019-0151.
  • Removed the IPSec driver due to non-use and security issues.
IMM2 ibm_fw_imm2_1aoo90b-7.40_anyos_noarch.uxz CVE-2019-11477, CVE-2019-11478, CVE-2019-11479
 
DSA  ibm_fw_dsa_dsyte2a-9.66_anyos_32-64.uxz
RAID Controller M5110 ibm_fw_sraidmr_6gb-23.34.0-0023_linux_32-64.bin None
RAID Controller M5210 ibm_fw_sraidmr_5200-24.21.0-0112_linux_32-64.bin None
HDD Update  ibm_fw_hddlenovo_sas-1.23.02_linux_32-64.bin None
Emulex elx_fw_fc_15b-2.02x11-40_linux_32-64.bin None
Other Security Fixes None Additional firmware changes to address security vulnerabilities in open source packages, but for which there is no IMM2 exposure:

CVE-2015-5180, CVE-2018-11236, CVE-2018-15804.
Table 3: Security issues resolved in the M4 firmware update v7.0.0.

Part 2. Create the USB

 
To create a bootable USB key, you must have access to the following tools and software:
  • An 8 GB or larger USB flash drive.
  • IBM Fix Central to download the appliance firmware.
  • A desktop or notebook system running one the following operating systems:
    • Windows 10
    • Windows 7
    • Windows 2008R2
    • Windows 2008
    • Windows Vista
    • Windows XP
      NOTE: Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both.
 

Creating the bootable USB drive

  1. Download the M4 7.0.0 firmware IMG file from IBM Fix Central: http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.3.0&platform=All&function=fixId&fixids=7.3-QRADAR-FIRMWARE-M4_2U_USB-QRadar-QNI-PCAP-QIF-7.0.0&includeSupersedes=0&source=fc
  2. Download the Rufus Bootable USB Tool.
  3. Insert the USB flash drive into a USB port on your Windows laptop or workstation.
  4. Open Rufus and configure the properties.
    Parameter Value
    Device Select your USB drive
    Boot Selection Select Qradar_IMG_M4_2U_MT5466_x3650_7_0_0.img
    Partition scheme MBR (Default)
    Target system BIOS (or UEFI-CSM) (Default)
    File system FAT32 (Default)
    Cluster size
    This value will default to the best option based on size of the USB drive.
    image 4498
  5. Click Start. The image is loaded on the USB drive.
    image 4501
  6. After the installation finishes, safely eject the USB flash drive from your computer.

    Results
    The bootable drive is ready to be used to install firmware on the M4 appliance.
 

 

 

Part 3. Installing the Firmware on the QRadar M4 appliance

These instructions are intended for M4 appliances that are not configured as HA (high-availability) pairs. If your appliance is in a HA pair, you must use the High-Availability update instructions found here:  http://www.ibm.com/support/docview.wss?uid=swg27047121#HA .

Booting from the USB Drive

  1. Insert the USB drive that has the bootable image into the QRadar appliance.
    IMPORTANT: Do not remove the USB flash drive until the IBM ToolsCenter completes the firmware installation.
     
  2. From the terminal of the KVM switch for the appliance, log in by using the root credentials.
     
  3. From the command prompt, type: reboot.

     
  4. As the appliance is rebooting, press the F12 key to select a boot device.
     
  5. Select the bootable firmware image, for example, USB Storage and Press Enter.

     
  6. When prompted, select the Updates option.
  7. Verify that the bootable media shows the correct machine type for the appliance.
    Hardware Details
    Server Type x3650 M4 BD
    Server Machine Type 5466
  8. To start the update, select Click here to start update.
    NOTE: Verify that the Updates list contains x3650 M4 BD -- machine type 5466 in the updates list.

     
  9. Select your language and click I accept the terms in the license agreement to continue.
    image-20190110163313-1
  10. The IBM UpdateXpress System Pack Installer compares the current package with the installed firmware.

     
  11. From the list of selected firmware items, verify that the selected items match the firmware items to update.
    image-20190114093209-1
     
  12. To start applying the updates, click Next on the Update Options page.
    The bootable media creator starts to install firmware on the M4 appliance.
     
  13. Verify that all the firmware updates are applied, and click Next to complete the update.
    image-20190114093759-5
     
  14. After the update is complete, click Save Log to save the installation log to the USB flash drive. This file can be provided to support in case any issues occurred during the update.
    image-20190114122837-1
     
  15. Select the USB flash drive and click OK.
  16. When all updates are complete, click Finish to reboot the appliance.

    Results
    After the IMM firmware update is installed, the appliance must be restarted. Lenovo recommends that administrators restart appliances, instead of starting the appliance the hardware from the powered-down state. A warm start avoids a potential high voltage motherboard condition that can occur. If you experience any installation issues or error messages, you can contact QRadar Support for assistance and open a software support case for your appliance. The support representative can request the firmware logs for review to determine the cause of the error or if replacement hardware is required. If the issue is hardware related, the support representative can change the case type and involve the proper teams to schedule replacement parts.  
 

[{"Business Unit":{"code":"BU008","label":"Security"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000blfyAAA","label":"QRadar->Hardware->Firmware Upgrades"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.3.0;7.3.1;7.3.2;7.3.3;7.4.0","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
29 June 2020

UID

ibm16238148