This firmware update (v3.1.0) provided by IBM is intended for xSeries firmware updates on your IBM® Security QRadar® M6 appliances. This update is intended for M6 1U and 2U form factor QRadar appliances where administrators want to update appliances using a bootable USB drive to complete an on-premise firmware update.
Part 1: About the M6 firmware V3.1.0 update
Creating your USB flash drive for the firmware update requires a Windows™ host and the administrator must be on-site with the appliance. The firmware update can take up to 60 minutes complete per appliance and the administrator is required to reboot the appliance after the firmware install completes. The firmware upgrade procedures should only be done during a change window or during maintenance time for your QRadar appliances. If your Data Center does not allow USB keys, instructions and a download are available for administrators who have configured the XClarity interface on the Lenovo appliance. For information on how to install the ISO with your XClarity interface, see: https://www.ibm.com/support/pages/node/6335251.
Supported appliances, types, and model information
This firmware update applies to the following IBM Security QRadar M6 (1U and 2U form factor) appliance types:
|Appliance and Machine type models (MTM)||
IBM QRadar Network Insights Appliance 1901 G2 (4563-F8Y)
IBM QRadar Network Insights Appliance 1910 G2 (4563-F7Y)
IBM QRadar Network Insights Appliance 1920 G2 (4563-F5F)
IBM QRadar Core Appliance XX29 G2 (4563-Q4A)
IBM QRadar Core Appliance XX48 G2 (4563-Q5B)
IBM QRadar Core Appliance XX05 G4 (4563-Q3E)
IBM QRadar Incident Forensics Appliance G4 (4563-F3A)
IBM QRadar Event/QFlow Collector Appliance 1501/1201 G4 (4563-Q5D)
IBM QRadar Network Packet Capture Appliance G2 (4563-F3C)
|Server Machine Type||SR630 / M6 1U
SR650 / M6 2U
Important file changes and prerequisites in this firmware update
|Component||Prerequisite version||Firmware version in this update||File name|
|UEFI/BIOS||ive126o-1.41 or later||ive164l-2.80||lnvgy_fw_uefi_ive164l-2.80_anyos_32-64.uxz|
|PCi and LOM adapters||None||7.21-4.11-1.2585.0||intc-lnvgy_fw_nic_net-7.21-4.11-1.2585.0-all-04_linux_x86-64.bin|
- A number of hard disk drives can be installed in this appliance. The HDD update tool examines the hard disk drives that are present and selects the latest firmware version that is available for your drive.
- The base system pack might contain other firmware packages that are not present in QRadar appliances. Firmware updates from the base system pack can be listed when the tool compares available firmware to the hardware in the appliance and display a status of "undetected".
- For firmware questions and information see: http://ibm.biz/qradarfirmware.
Security issues resolved in this firmware update
The table below lists the software versions contained within the firmware package and the applicable CVEs addressed in this firmware release.
|Component||File name||CVEs resolved in this package|
|UEFI/BIOS||lnvgy_fw_uefi_ive164l-2.80_anyos_32-64.uxz||CVE-2020-8696, CVE-2020-8755, CVE-2020-8705, CVE-2020-0587, CVE-2020-0591, CVE-2020-0592, and
|XCC||oem_fw_xcc_cdo364m-5.40_anyos_noarch.uxz||CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2016-6153, CVE-2017-3735, CVE-2017-3736, CVE-2017-3737, CVE-2017-3738, CVE-2017-5130, CVE-2017-6451, CVE-2017-6452, CVE-2017-6455, CVE-2017-6458, CVE-2017-6459, CVE-2017-6460, CVE-2017-6462, CVE-2017-6463, CVE-2017-6464, CVE-2017-7407, CVE-2017-8816, CVE-2017-8817, CVE-2017-10989, CVE-2017-12799, CVE-2017-12967, CVE-2017-13710, CVE-2017-14129, CVE-2017-14130, CVE-2017-14333, CVE-2017-14529, CVE-2017-14930, CVE-2017-14932, CVE-2017-14933, CVE-2017-14934, CVE-2017-14938, CVE-2017-14939, CVE-2017-14940, CVE-2017-14974, CVE-2017-15020, CVE-2017-15021, CVE-2017-15022, CVE-2017-15023, CVE-2017-15024, CVE-2017-15025, CVE-2017-15225, CVE-2017-15938, CVE-2017-15939, CVE-2017-15996, CVE-2017-16544, CVE-2017-16931, CVE-2017-16932, CVE-2017-17484, CVE-2017-1000100, CVE-2017-1000101, CVE-2017-1000254, CVE-2017-1000257, CVE-2017-1000494, CVE-2018-6872, CVE-2018-1000005, CVE-2018-1000007, CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122|
|PCi and LOM adapters||intc-lnvgy_fw_nic_net-7.21-4.11-1.2585.0-all-04_linux_x86-64.bin||None|
Part 2: Requirements to create a bootable USB drive
To create a bootable USB key, you must have access to the following items:
- An 8 GB or larger USB flash drive.
- Entitlement for IBM Fix Central is required download firmware for QRadar appliances.
- A workstation or laptop running one the following operating systems:
- Windows™ 10
- Windows™ 7
- Windows™ Server 2008R2
- Windows™ Server 20016
NOTE: Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both.
Creating the bootable USB drive
- Download the M6 V3.1.0 firmware IMG file from IBM Fix Central.
Note: Administrators can select either download link as the firmware download is identical for all QRadar software versions.
- Download the Rufus Bootable USB Tool.
- Insert the USB flash drive into a USB port on your Windows™ laptop or workstation.
- Open Rufus and configure the properties.
Parameter Value Device Select your USB drive Boot Selection Select Qradar_IMG_M6_1U_SR630_7X02_2U_SR650_7X06_3_1_0.img Partition scheme MBR (Default) Target system BIOS (or UEFI-CSM) (Default) File system FAT32 (Default) Cluster sizeThis value defaults to the best option based on size of the USB drive.
- Click Start. The image is loaded on the USB drive.
- After the installation finishes, safely eject the USB flash drive from your computer.
The bootable drive is ready to be used to install firmware on the M6 appliance.
Part 3. Installing the Firmware on the QRadar M6 applianceThe instructions below are intended for M6 appliances that are not configured as HA (high-availability) pairs. If your appliance is in a HA pair, you must use the High-Availability update instructions found here: http://www.ibm.com/support/docview.wss?uid=swg27047121#HA .
Booting from the USB Drive
- Insert the USB drive that has the bootable image into the QRadar appliance.
IMPORTANT: Do not remove the USB flash drive until the IBM ToolsCenter completes the firmware installation.
- From the terminal or the KVM switch for the appliance, log in with root user credentials.
- From the command prompt, type: reboot
- As the appliance reboots, press F12.
- From the Boot Devices Manager, verify the Legacy Mode check box is clear (NOT selected).
- Locate your USB drive in the Boot Devices Menu and press Enter.
- In the Update Settings menu, verify all check boxes are clear (not selected) and click Next.
- In the Update Comparison menu, click Begin.
- The IBM UpdateXpress System Pack Installer compares the current package with the installed firmware.
- Verify all check boxes are selected where new firmware versions are available and click Next.
IMPORTANT: Administrators must review the New Version column and confirm the firmware update is selected (checked). Issues have been reported previously where not all firmware changes were installed and administrators were required to run a firmware update two times to install updates.
- Wait for the firmware updates to load.
- Click Begin Update to install the firmware.
NOTE: Administrators might be prompted with a confirmation dialogue and need to click Next to continue.
- Verify that all updates complete successfully and click Next.
- If you experienced any errors, click Save Log or click Finish to exit after a successful installation.
- The appliance must reboot to complete the firmware installation.
The appliance reboots and is available for use in the QRadar deployment. If you experience any installation issues, you can contact QRadar Support for assistance and open a software support case for your appliance. The support representative can request the firmware logs for review to determine the root cause of the issue or if replacement hardware is required. If the issue is hardware related, the support representative can change the case type and involve the proper teams to schedule replacement parts.
01 April 2021