IBM Support

QRadar M6 ThinkSystem firmware V11.0.0 for 1U and 2U appliances (ISO XClarity Controller remote installs)

Release Notes


Abstract

This firmware update (V11.0.0) provided by IBM updates QRadar® M6 appliances with updates for UEFI, XCC, RAID controllers, and HDD software fixes and enhancements. This firmware can be used on all QRadar M6 appliances, but requires that the administrator configures their XClarity Controller (XCC) for remote management.

Content

Important: Select a tab to read each step of the firmware procedure.

Part 1: About the M6 firmware V11.0.0 update

 
The M6 firmware v11.0.0 ISO is intended to remotely update software through the XClarity Controller (XCC) user interface. Administrators must extract the EXE file and apply the uxz file to update their XClarity Controller, then the ISO can be mounted to apply the remainder of the firmware updates. The installation instructions are provided on tab named 'Part 2. Installing Firmware Updates'. These instructions guide customers through a remote upgrade of their firmware.

Important: If your appliance is in a HA pair, there are configuration steps required to set the status properly for your primary and secondary high-availability appliances. For more information, see: http://www.ibm.com/support/docview.wss?uid=swg27047121#HA.
 

 

Supported appliances, types, and model information


This firmware update applies to the following IBM Security QRadar M6 (1U and 2U form factor) appliance types:
Hardware Details
Appliance and machine type model (MTM)
1U
IBM QRadar Core Appliance XX05 G4 (4563-Q3E)
IBM QRadar Event/QFlow Collector Appliance 1501/1201 G4 (4563-Q5D)
IBM QRadar Network Insights Appliance 1901 G2 (4563-F8Y)
IBM QRadar Network Insights Appliance 1910 G2 (4563-F7Y)
IBM QRadar Core Appliance XX48 G2 (4563-Q5B)

2U
IBM QRadar Network Insights Appliance 1920 G2 (4563-F5F)
IBM QRadar Incident Forensics Appliance G4 (4563-F3A)
IBM QRadar Core Appliance XX29 G2 (4563-Q4A)
IBM QRadar Network Packet Capture Appliance G2 (4563-F3C)
IBM QRadar Network Insights 1940 (4563-F6G)
Server Type M6
Server Machine Type SR630 / M6 1U
SR650 / M6 2U
Table 1: List of appliances the M6 appliance firmware V11.0.0 can update.

Important information and prerequisites in this firmware update

Administrators must ensure that their M6 appliance includes the minimum version outlined in the Prerequisite version column. If your M6 appliance does not meet the prerequisite versions outlined in the table, the administrator must contact IBM QRadar Support to discuss a custom upgrade path for your M6 appliance.

Update: Depending on your initial firmware version, you might be required to meet a new UEFI prerequisite. If your current firmware does not have UEFI 3.31, which is required to upgrade your appliance firmware to V11.0.0, you can install the M6 V7.1.0 firmware, then upgrade to V11.0.0.
 
Component Prerequisite version Version in this update File name 
UEFI/BIOS 
IVE178I-3.31 or later
CDI3A8N-9.40 or later
Note: If required, installing M6 V7.1.0 or later meets the UEFI requirements before you attempt to upgrade to M6 11.0.0
ive184e-4.12 lnvgy_fw_uefi_ive184e-4.12_anyos_32-64.uxz
XCC
None
cdo3b2z-9.95 oem_fw_xcc_cdo3b2z-9.95_anyos_noarch.uxz
LXPM None pdl148a-2.11
pdl248f-2.11
lnvgy_fw_lxpm_pdl148a-2.11_anyos_noarch.uxz
lnvgy_fw_drvln_pdl248f-2.11_anyos_noarch.uxz
RAID controller None 530-51.20.0-4374-0
930-51.22.0-4634-2
lnvgy_fw_raid_mr3.5.530-51.22.0-5353-0_linux_x86-64.bin
lnvgy_fw_raid_mr3.5.930-51.22.0-5353-0_linux_x86-64.bin
HDD None 1.50.58-0 lnvgy_fw_drives_all-1.50.58-0_linux_x86-64.bin
PCi and LOM adapters None 9.30-6.20-1.3450.0-10 intc-lnvgy_fw_nic_net-9.30-6.20-1.3450.0-10_linux_x86-64.bin
Emulex None 35-14.2.673.40-4 elx-lnvgy_fw_fc_lp.35-14.2.673.40-4_linux_x86-64.bin
Table 2: Firmware versions and any prerequisite for each component are provided in this table.

 
NOTES
  • A number of hard disk drives can be installed in this appliance. The HDD update tool examines the hard disk drives that are present and selects the latest firmware version that is available for your drive.
  • The base system pack might contain other firmware packages that are not present in QRadar appliances. Firmware updates from the base system pack can be listed when the tool compares available firmware to the hardware in the appliance and display a status of "undetected".
  • For general firmware questions and information, see our FAQ page at http://ibm.biz/qradarfirmware.

Security issues resolved in this firmware update

The table lists the software versions and CVEs addressed in the firmware release.

Component File name  Updates
UEFI/BIOS  lnvgy_fw_uefi_ive184e-4.12_anyos_32-64.uxz

Enhancements
  • Added Microsoft KEK 2K CA 2023 certificate for secure boot support.
  • Updated OpenSSL version to 3.1.0.
  • Extended more options to "Processors 1 to 2 cores active", "Processors 3 to 4 cores active", "Processors 5 to 8 core sactive", "Processors 9 to 12cores active" at "System Settings > Processors > CPU Frequency Limits" in System Setup Utility.
  • IPU 2024.1 update.
  • Updated MCU to MBF50656_04003605, MBF50657_05003605.
Fixes
  • Fixed the issue that sometimes system with NVME would be hang if 'arrow down' key was pressed at "System Settings > Devices and I/O Ports" in System Setup Utility.
  • Changed the default value of "System Settings > Processors > LLC Prefetch" in System Setup Utility.
  • Fixed the issue that first character of DIMM serial number showed incorrectly in SMBIOS type 17. For example: from 00CE032237165F224C to 80CE032237165F224C.
  • Added system event log (FQXSFMA0012L: The [arg1] PFA Threshold limit has been exceeded on DIMM [arg2] at address [arg3].") report for some case of multi-bit CE.
XCC oem_fw_xcc_cdo3b2z-9.95_anyos_noarch.uxz
Resolved CVEs
CVE-2023-51767, CVE-2023-51385, CVE-2023-51384, CVE-2023-48795, CVE-2023-38408, CVE-2023-28531, CVE-2023-25136

 
Enhancements
  • Supported IPMI command to set fan speed and keep speed after AC cycle or OS reboot.
Fixes
  • Fix a problem that ESXi 7.0 or later can't read the asset tag.
  • Fix a problem that new DHCP IP address was not updated to LXCA and nodes go to offline.
  • Fix a problem that creating virtual drive through xcc web interface will fail.
  • Fix a problem that updating the LAN over USB IP through XCC web interface may fail.
  • Fix a problem that opening remote control will fail after WEB over HTTPS port is changed.
  • Fix a problem that LDAP authentication will fail with custom LDAP port.
  • Fix a problem to correct default setting of IMM.PowerRestorePolicy to "Always off" to match the
    power restore behavior.
LXPM lnvgy_fw_lxpm_pdl148a-2.11_anyos_noarch.uxz
lnvgy_fw_drvln_pdl248f-2.11_anyos_noarch.uxz
None
RAID controller lnvgy_fw_raid_mr3.5.530-51.22.0-5353-0_linux_x86-64.bin
lnvgy_fw_raid_mr3.5.930-51.22.0-5353-0_linux_x86-64.bin
None
HDD lnvgy_fw_drives_all-1.50.58-0_linux_x86-64.bin None
PCi and LOM adapters intc-lnvgy_fw_nic_net-9.30-6.20-1.3450.0-10_linux_x86-64.bin None
Emulex elx-lnvgy_fw_fc_lp.35-14.0.376.28-4_linux_x86-64.bin None
Table 3: Security issues resolved in the M6 firmware update 11.0.0.


 

A. Before you begin

  • The V11 firmware release uses the hardware's integrated XCC interface to remotely update firmware. Before you being an upgrade of your firmware, you must confirm the XCC network speeds are sufficient. Due to Bootable Media Creator (BoMC) issues, no local USB installation options are available for administrators at this time for the v11 firmware.
  • Administrators must enable Ethernet over USB (called IMM.LanOverUsb in OneCLI config) on the ThinkSystem appliance before the firmware update is applied. For information on how to enable this setting, see https://www.ibm.com/support/pages/node/278761.
  • If your appliances are in a HA pair, you must prepare your high-availability appliances by using the instructions found here: http://www.ibm.com/support/docview.wss?uid=swg27047121#HA .
  • A number of hard disk drives can be installed in this appliance. The HDD update tool examines the hard disk drives that are present and selects the most current firmware level that is available.

B. Downloading and extracting the firmware update

  1. Download the QRadar M6 appliance firmware from IBM Fix Central for QRadar 7.5.x: IBM Fix Central M6 firmware 11.0.0 EXE.
    Note: Administrators can select either download link as the firmware download is identical for all QRadar versions.
  2. Copy the M6 appliance firmware EXE to a directory on the Windows host.
  3. Double-click the file Qradar_EXE_M6_1U_SR630_7X02_2U_SR650_7X06_11_0_0.exe.
  4. Select or type a directory path for the firmware update and click Extract.
    image-20240625112519-1
  5. The following files are extracted:
    image-20240729223240-21

C. Updating the XCC firmware

  1. Log in to the XClarity interface on your QRadar M6 appliance.
  2. From the navigation sidebar, click Firmware Update.
    image-20230701205343-3
  3. Click Update Firmware.
    image-20230701205501-4
  4. Click Browse and select the XCC firmware update file: oem_fw_xcc_cdo3b2h-9.80_anyos_noarch.uxz.
    image-20230701210100-6
  5. Click Next to upload and verify the XCC firmware file.
    image-20230701210242-7
  6.  Select the BMC (Primary) check box and click Next.
    Important: The backup firmware bank is automatically updated in the background after the host is running stable on the primary bank. It could be several weeks before the backup is updated. Administrators must ensure the BMC (Backup) check box is not selected.
    image-20230701210834-8
  7. Wait for the update the primary firmware banks to complete.
    image-20230701211003-9
  8. Click Restart BMC and clear your browser cache.
    image-20230701211133-10

    Results
    Wait for 5 minutes for the XCC interface to restart and log in. Continue to the next section to mount the firmware ISO and configure the boot options.

D. Mounting the M6 Firmware ISO

 
  1. From the OEM Controller menu, click Remote Console.
  2. Click Remote Console Preview.
    IMPORTANT: Confirm the following parameters:
    1. Launch the session in Single User Mode.
    2. Clear the Allow others to request my remote session disconnect check box.
    3. Click Launch Remote Console to connect to the appliance.image-20230701211303-11
  3. To boot to the QRadar firmware ISO, click Media to mount the ISO image.
    image-20230701215151-23
  4. Click Activate.
    image-20240729223709-22
  5. Click Browse and select Qradar_ISO_M6_1U_SR630_7X02_2U_SR650_7X06_11_0_0.iso that was extracted previously.
  6. Click Mount all local media.
    Note: If successful, a check mark appears next to the uploaded ISO file.
    image-20240729224123-25
  7. Select Power > Restart Server Normally
    image-20230701214724-22
  8. When the machine powers back on, press F12 to select F12: One Time Boot Device.
    Note: The field F12: One Time Boot Device displays with a blue background to indicate the virtual keyboard is selected.
    image-20230701215307-24
  9. Optional. If the F12: One Time Boot Device field is not selected, launch the virtual keyboard to press the F12 key.
    image-20230701215426-25
  10. From the Boot Devices Manager menu:
    1. In the Legacy Mode field, press the Space Bar to clear the value. Legacy Mode is selected by default and you must be clear the value before you continue.
    2. Select XCC Virtual Media and press Enter.
      image-20230701213701-18
  11. The Lenovo XClarity Essentials UpdateXpress tool is launched.
  12. In the Setting menu for Target Server, leave the check box clear (not selected), then click Next.
    Target Server - Leave Blank
  13. In the Update Setting menu, leave the check box clear (not selected), then click Next.
    image-20240729205008-3
  14. From the Update Recommendation menu, click Begin.
    image-20240729205449-4
  15. The IBM UpdateXpress System Pack Installer compares the current package with the installed firmware.
  16. Review the list of updates.
    Important: In the next step, administrators must confirm that all recommended updates that have a newer version available are CHECKED.
    Lenovo XClarity Controller XCC should not be selected (checked) as this firmware was updated manually by the administrator in previous steps. The Lenovo XClarity Controller (XCC/BMC) Installed Version and New Version should match.
  17. Pay special attention to the Lenovo Storage Linux Firmware Update. If the New Version is higher than the Installed Version, Click the check box for the Lenovo Storage Linux Firmware Update.
    Note: Screen capture is an example only. Versions displayed during your firmware update may not match the example image.
    image-20240729210418-5
  18. Once the down level Storage Firmware shows as selected, click Next.
    image-20240729211303-7
  19. If you manually selected the Storage firmware, you should see a pop-up window to confirm proceeding with the update.
    Note: The pop-up message will state that there is a missing requisite package, however for the Lenovo Storage Update Program, this is a false alert as the Lenovo Storage Update Program does not require a prerequisite drive firmware version.
    Note: Only the drive firmware should bypass the warning. If the UEFI firmware shows it is missing the requisite packages, you will need to cancel and exit this ISO, then update the UEFI to the M6 V7.1.0 firmware package first.
    Select the Proceed anyway checkbox, then click Proceed.
    image-20240729213040-9
  20. Wait for the firmware updates to upload to the host machine.image-20240729213436-10
  21. Click Begin Update to install the firmware.
    image-20240729214043-12
     
  22. The UpdateXpress Tool will show a progress bar as the devices are updated.
    image-20240729214353-13
  23. Verify that all updates complete successfully then click Next.
    image-20240729215009-15
  24. On the Finish screen, click Close to exit.
    image-20240729215441-17
  25. The appliance must reboot to complete the firmware installation.
    Note: Depending on your current firmware versions, the appliance might reboot multiple times to apply required updates.
    image 3796
  26. After the system boots, click Media
    image-20240729221356-18
  27. Click Deactivate to unmount the ISO and disable the virtual media.
    image-20240729222249-20
  28. Close the Mount Virtual Media window and allow the host to continue to boot normally.

    Results
    After the ISO file is unmounted, the administrator can log out and complete this procedure on other QRadar appliances. If you experience any installation issues, you can contact QRadar Support for assistance and open a software support case for your appliance. The support representative can request the firmware logs for review to determine the root cause of the issue or if replacement hardware is required. If the issue is hardware-related, the support representative can change the case type and involve the proper teams to schedule replacement parts.
Troubleshooting
A green screen is not indicative of failure by itself, press CTRL on your keyboard to wake up the screen saver. If CTRL does not wake up the screensaver, you might need to press ENTER key. After ENTER key is pressed, if the Green background screen remains, check the power state of the XCC by going to the OEM Controller home page to view the power status in the upper left screen.

Note: If you cannot reconnect to the XCC, you need to send someone to the site to check on the machine status. In some rare circumstances, the server maybe waiting for someone to press ENTER key locally.
 
 

[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtcAAA","label":"Hardware"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Version(s)"}]

Document Information

Modified date:
29 August 2024

UID

ibm17157430