Release Notes
Abstract
This firmware update (V9.0.0) provided by IBM updates QRadar® M5 appliances with microcode security fixes and includes updates for UEFI, IMM2, DSA, RAID controllers, HDD software, and an Emulex update. This firmware can be used on all QRadar M5s for both 1U or 2U form factor appliances. This firmware update is intended for local USB updates of on-prem M5 xSeries 1U and 2U form factor hardware.
Content
Part 1: About the M5 firmware V9.0.0 USB (on-prem) update
The M5 firmware update V9.0.0 is intended to remotely update firmware on QRadar appliances. This update adds new firmware versions for UEFI, IMM, raid controller, and HDD updates. This firmware also resolves several CVEs as outlined in these release notes.
The USB drive creation and installation instructions are on tab 'Part 2. Installing Firmware Updates'. These instructions guide customers through the creation of a bootable USB drive to upgrade their firmware with an image (IMG) file from IBM Fix Central. A remote installation option is available for administrators who prefer to install their M5 firmware updates remotely or for administrators who do not allow USB keys in their production environments.
Administrator notes and important information
- Administrators must ensure that all firmware check boxes are selected when the comparison screen displays suggested firmware changes to be installed. We have reports that not all check boxes were selected and administrators had to apply the update again. Administrators can verify all check boxes are selected to prevent extra downtime.
- If your appliance is in a HA pair, there are configuration steps required to set the status properly for your primary and secondary high-availability appliances. For more information on HA pair status, see https://www.ibm.com/support/pages/node/713147#HA.
- Administrators must enable IMM.Over.LAN on the xSeries appliance BEFORE the firmware update is applied. For more information, see https://www.ibm.com/support/pages/node/278761.
Supported appliances, types, and model information
This firmware update applies to the following IBM Security QRadar M5 appliances, server type, or machine type models:
| Appliance name | Server type | Lenovo server machine type | IBM machine type model |
|---|---|---|---|
| IBM Security QRadar Event Collector 1501 G3 | x3550 M5 | MT 8869 | 4412-Q4D |
| IBM Security QRadar xx05 G3 | x3550 M5 | MT 8869 | 4412-Q1E |
| IBM Security QRadar Network Insights 1901 | x3550 M5 | MT 8869 | 4412-F4Y |
| IBM QRadar QFlow Collector 1202/1301 | x3550 M5 | MT 8869 | 4412-Q7C |
| IBM QRadar QFlow Collector 1310 | x3550 M5 | MT 8869 | 4412-Q8C |
| IBM Security QRadar xx29 | x3650 M5 | MT 8871 | 4412-Q2A |
| IBM Security QRadar xx48 | x3650 M5 | MT 8871 | 4412-Q3B |
| IBM Security QRadar Incident Forensics | x3650 M5 | MT 8871 | 4412-F1A |
| IBM Security QRadar Network Insights 1920 | x3650 M5 | MT 8871 | 4412-F3F |
| IBM Security QRadar Network Packet Capture | x3650 M5 | MT 8871 | 4412-F2C |
Important file changes and prerequisites in this firmware update
This table defined the software version updates contained within the firmware image (IMG). Administrators must ensure that their M5 appliance includes the minimum version outlined in the Prerequisite version column.
| Component | Prerequisite version | Firmware version in this update | File name |
|---|---|---|---|
| UEFI/BIOS (1U 8869) | UEFI v1.20 (TCE108i) | tbeg56a-3.70 | oem_fw_uefi_tbeg56a-3.70_anyos_32-64.uxz |
| UEFI/BIOS (2U 8871) | UEFI v1.20 (TCE108i) | tceg56a-3.70 | oem_fw_uefi_tceg56a-3.70_anyos_32-64.uxz |
| IMM2 | tcoe26o (version 3.75) | tcoe60a-5.90 | oem_fw_imm2_tcoe60a-5.90_anyos_noarch.uxz |
| RAID controller M1215 | None | 1200-24.21.0-0151-2 | nvgy_fw_raid_mr3.0.1200-24.21.0-0151-2_linux_x86-64.bin |
| RAID controller M5210 | None | 5200-24.21.0-0151-2 | lnvgy_fw_raid_mr3.0.5200-24.21.0-0151-2_linux_x86-64.bin |
| HDD and drives | None | 1.39.11-0 | lnvgy_fw_drives_all-1.39.11-0_linux_x86-64.bin |
| DSA | None | dsaob8a-10.8 | oem_fw_dsa_dsaob8a-10.8_anyos_32-64.uxz |
| Emulex | None | 2.10x6-12.60a1-5 | elx-lnvgy_fw_fc_lp.08-2.10x6-12.60a1-5_linux_x86-64.bin |
Security issues resolved in this firmware update
The software versions contained within the firmware package mitigate the following CVEs.
| Component | File name | CVEs resolved in this package |
|---|---|---|
| UEFI/BIOS (1U 8869) UEFI/BIOS (2U 8871) |
oem_fw_uefi_tbeg56a-3.70_anyos_32-64.uxz oem_fw_uefi_tceg56a-3.70_anyos_32-64.uxz |
CVE-2022-21166, CVE-2021-0153, CVE-2021-0154, CVE-2021-0155, CVE-2021-0190, CVE-2021-33123, CVE-2021-33124 Enhancements
|
| IMM2 | oem_fw_imm2_tcoe60a-5.90_anyos_noarch.uxz | No CVEs reported. Enhancements
|
| DSA | lnvgy_fw_dsa_dsalb8a-10.8_anyos_32-64.uxz | No CVEs reported. Enhancements
|
| Emulex | elx-lnvgy_fw_fc_lp.08-2.10x6-12.60a1-3_linux_x86-64.bin | No CVEs reported. Enhancements Updated supported OS versions. |
| RAID controller M1215 RAID controller M5210 |
lnvgy_fw_raid_mr3.0.1200-24.21.0-0151-2_linux_x86-64.bin lnvgy_fw_raid_mr3.0.5200-24.21.0-0151-2_linux_x86-64.bin |
No CVEs reported. Enhancements
|
| HDD and drives | lnvgy_fw_drives_all-1.39.11-0_linux_x86-64.bin | No CVEs reported. |
IMPORTANT: Administrators must enable IMM.Over.LAN on the xSeries appliance before the firmware update is applied. For information on how to enable this setting, see https://www.ibm.com/support/pages/node/278761.
Creating your USB flash drive for the firmware update requires a Windows™ host and the administrator or USB drive must be onsite with the appliance. The firmware update can take up to 60 minutes complete per appliance and the administrator is required to reboot the appliance after the firmware installation completes.
Requirements
- An 8 GB or larger USB flash drive
- A desktop or workstation running any version of Windows 7 or later.
Creating the bootable USB drive
- Download the M5 v9.0.0 firmware IMG file from IBM Fix Central:
- For QRadar 7.3.x: IBM Fix Central M5 firmware 9.0.0 IMG download
- For QRadar 7.4.x: IBM Fix Central M5 firmware 9.0.0 IMG download
Note: Software downloads for firmware apply to all QRadar versions, such as 7.3.0, 7.4.0, or 7.5.0. If your QRadar version is not displayed in this list, you can download any version to complete your firmware update.
- Download the Rufus tool from Rufus Downloads (http://rufus.akeo.ie/downloads/).
- Insert the USB flash drive into a USB port on your Windows laptop or workstation.
- Open Rufus and configure the properties.
Parameter Value Device Select your USB drive Boot Selection Select Qradar_All_M5_1U_MT8869_x3550_2U_MT8871_x3650_9_0_0.img Partition scheme MBR (Default) Target system BIOS (or UEFI-CSM) (Default) File system FAT32 (Default) Cluster size 4096 bytes (Default) - Click Start. The image is loaded on the USB drive.
- After the installation finishes, safely eject the USB flash drive from your computer.
- Before you install software, administrators can verify the download is valid with the included sha256 file and test the software to confirm it is code signed by IBM.
For more information, see ibm.biz/qradarcodesigning.
Installing the firmware update
This procedure requires you to reboot your QRadar appliance after the firmware update is installed. Administrators can inform users to expect a data outage while firmware updates are applied.
- Insert the USB drive in to the M5 QRadar appliance.
- Reboot the system to start the software installation process.
- As the appliance is rebooting, press the F12 key to select a boot device.
- Select the bootable firmware image, for example, USB Storage and press Enter.
NOTE: If the Legacy check box is selected, the USB drive might not boot the USB as expected. Users might be required to clear the Legacy check box, then select USB storage.
- The IBM ToolsCenter Welcome page is displayed.
- When prompted, select the Updates option.
- Verify that the bootable media shows the correct machine type for the appliance.
Hardware Number Server Type x3550 M5
x3650 M5Server Machine Type MT 8869
MT 8871 - To start the update, select click here to start update.
- Select your language and click I accept the terms in the license agreement to continue.
- The IBM UpdateXpress System Pack Installer compares the current package with the installed firmware
- Important: Verify that all check boxes are selected to complete the required updates. Previously, users reported an issue where UEFI updates were not selected by default.
- If your M5 appliance has a secondary firmware bank, it is updated automatically.
Important: If you are prompted with a Target the secondary firmware bank check box, you must click Next without selecting this option. If you target the secondary firmware bank the installer IGNORES the firmware update to the primary bank and the installation needs to be reapplied to update the appliance.
-
To start applying the updates, click Next on the Update Options page.
- To apply the firmware updates, click Next on the Update Options page.
- Verify that all the firmware updates are applied, and click Next to complete the update.
- Click Finish to reboot the appliance.
Results
Wait for the appliance to reboot. After any UEFI update, administrators need to allow the appliance to boot past the F1 prompt to ensures that all updates are installed.
Troubleshooting
If you have any issues with the appliance booting or with firmware update problems, you can open a case with QRadar Support. If you have issues with the appliance booting after you update firmware, attach your update collect preboot DSA logs from the QRadar appliance.
Related Information
Was this topic helpful?
Document Information
Modified date:
18 November 2022
UID
ibm16838607