Release Notes
Abstract
Release of the new firmware package for the Guardium models based on Lenovo ThinkSystem SR630V2 (M7) 7Z71. ISO and IMG formats are supported.
Content
Guardium_FirmwareUpdate_SR630V2_DVD_v6.iso
- This firmware can be downloaded from IBM Fix Central.
- To create a bootable USB with version 6, you must download the BOMC 13 tool and use it to make the USB.
Guardium appliance is an 1U form factor: 4571-GxC
Guardium Firmware 6 for SR630V2 Appliances (ISO/IMG)
This version 6 firmware update updates Guardium® SR630V2 (M7) appliances with microcode security fixes and includes updates for XCC-BMC, UEFI, LXPM, Broadcom Card, and RAID 940 controllers and HDDs.
This version 6 firmware update updates Guardium® SR630V2 (M7) appliances with microcode security fixes and includes updates for XCC-BMC, UEFI, LXPM, Broadcom Card, and RAID 940 controllers and HDDs.
Before you begin
The SR630V2 (M7) firmware update v6< is intended to update firmware on Guardium appliances. This firmware includes multiple security vulnerabilities and updates. Administrators must download the ISO and burn it to a DVD or the “workingdir“ directory and the Lenovo BOMC tool (lnvgy_utl_lxce_bomc01g-13.0.1_windows_x86-64).
The newest BOMC tool has limitations, this version is not compatible with Rufus to create an USB bootable, but it is possible to create it with the same BOMC tool.
Supported appliances, types, and model information
This firmware update applies to the following IBM Guardium SR630V2 (M7) appliances, server type, or Machine type models:
|
Appliance name
|
Server type
|
Lenovo server machine type
|
IBM machine type-model
|
|---|---|---|---|
|
IBM X2464 Collector
|
SR630V2 (M7)
|
MT 7Z71
|
4731-G2D
|
|
IBM X2464 Aggregator
|
SR630V2 (M7)
|
MT 7Z71
|
4731-G3D
|
|
IBM X3364 Collector
|
SR630V2 (M7)
|
MT 7Z71
|
4731-G4D
|
|
IBM X3364 Aggregator
|
SR630V2 (M7)
|
MT 7Z71
|
4731-G5D
|
|
IBM X3364N Collector
|
SR630V2 (M7)
|
MT 7Z71
|
4731-G6D
|
|
IBM X3364N Aggregator
|
SR630V2 (M7)
|
MT 7Z71
|
4731-G7D
|
Table 1: List of SR630V2 (M7) appliances supported by the version 6 firmware updates.
Important file changes and prerequisites in this firmware update
The following table lists the software versions contained within the firmware package. The core changes in this release of version 6 are to provide new UEFI microcode security updates and XCC-BMC updates for the SR630V2 (M7) Guardium appliance.
|
Component
|
Firmware version
|
|
|---|---|---|
|
XCC-BMC |
5.10 (AFOT50F) |
oem_fw_xcc_afot50f-5.10_anyos_noarch.uxz |
|
UEFI/BIOS |
3.30 (AFE130C) |
lnvgy_fw_uefi_afe130c-3.30_anyos_32-64.uxz |
|
LXPM |
3.27 (XWL124D) 3.27 (XWL 224B) |
lnvgy_fw_lxpm_xwl124d-3.27_anyos_noarch.uxz lnvgy_fw_drvln_xwl224b-3.27_anyos_noarch.uxz |
|
RAID Controller 940 |
52.27.0-5215-0 |
lnvgy_fw_raid_mr3.5.940-52.27.0-5215-0_linux_x86-64.bin |
|
PCI and LOM Adapters |
4.30-1.3518.0-2 |
intc-lnvgy_fw_nic_net.e800.da2.pcie-4.30-1.3518.0-2_linux_x86-64.bin |
|
PCI and LOM Adapters |
227.1.115.0-4 |
brcm-lnvgy_fw_nic_nxe-227.1.115.0-4_linux_x86-64.bin |
|
OR |
||
|
PCI and LOM Adapters |
9.30-6.20-1.3450 |
intclnvgy_fw_nic_net-9.30-6.20-1.3450.0-10_linux_x86-64 |
|
HDDs |
1.50.58-0 |
lnvgy_fw_drives_all-1.50.58-0_linux_x86-64.bin |
Table 2: Components and software versions included in the SR630V2 (M7) firmware update v6.
Processes
- ISO image is for remote installation using XCC-BMC functionalities.
- IMG image is only for USB key installation (Physical access to the server. Using The Lenovo BOMC 13.0.1 tool and the “workingdir” for this version.)
Firmware package changes
- Image package process
- Use of Tool center 13.0.1
Important fixes
UEFI
Update Change History
V Version 3.30, Build ID AFE130C [Critical]
Release date: July 2024
Release Ref: FOD24B
3.0 Security fixes
- Integrated Intel IPU 2024.3.
- Update MCU to d0003e7.
- Update ACM to BIOS ACM 1.3.7 SINIT ACM 1.3.8.
- Addressed CVE-2024-25939(Medium), CVE-2024-24968(Medium), CVE-2024-24853(High), CVE-2024-23984(Medium), CVE-2024-24980(Medium), CVE-2024-21820(High), CVE-2024-23918(High), CVE-2024-21829(High), CVE-2024-21781(High), CVE-2023-43753(Medium).
4.0 Other fixes
Fixed the issue that memory page retire request from UEFI could not be consumed by VMware 7.0.3.
5.0 Enhancements
Fixed the issue that memory page retire request from UEFI could not be consumed by VMware 7.0.3.
5.0 Enhancements
- Added the support of Windows 2025.
- UEFI Update for WS2025 Certification - Whitley, etc.
- Added support for DDR4 ADATA DIMMs.
- Supported Microsoft AsHCI (Azure Stack HCI) activation of OEM SKU.
- Supported “persistent” option for boot order through the IPMI command and “continuous” option through Redfish interface. This feature also needs the related support at XCC side through version afbt50f-5.10.
6.0 Other changes
None
7.0 Limitations
None
XClarity Controller Firmware Update
Change History
Version 5.10 AFBT50F [Suggest]
Release date: August 2024
Release Ref: FOD 24B
3.0 Security fixes
Version 5.10 AFBT50F [Suggest]
Release date: August 2024
Release Ref: FOD 24B
3.0 Security fixes
Security incident: LEN-167401
CVE-2024-6387 CVE-2024-39894 CVE-2024-33601 CVE-2024-33602 CVE-2024-33600 CVE-2024-33599 CVE-2024-2961 CVE-2023-45145 CVE-2023-41056
CVE-2024-6387 CVE-2024-39894 CVE-2024-33601 CVE-2024-33602 CVE-2024-33600 CVE-2024-33599 CVE-2024-2961 CVE-2023-45145 CVE-2023-41056
CVE-2023-41053 CVE-2023-29491 CVE-2023-45918 CVE-2023-50495 CVE-2023-4016 CVE-2024-39702 CVE-2024-0853 CVE-2024-25062 CVE-2023-45322
CVE-2023-39615 CVE-2023-29469 CVE-2023-28484 CVE-2024-28835 CVE-2024-0567 CVE-2024-0553 CVE-2023-5981 CVE-2021-3345 CVE-2021-33560
CVE-2020-13757 CVE-2023-52425 CVE-2023-52426 CVE-2024-28757 CVE-2020-10531 CVE-2023-4156 CVE-2023-37920 CVE-2022-23491 CVE-2023-37920
CVE-2022-23491
4.0 Other fixes
- Fixed a problem of connecting to XCC which installed a SSL certificate with Subject Alternative Name (SAN)
- Fixed a problem that XCC can't detect one of the SSD drive after booting to OS
- Fixed a problem that XCC doesn't report the component status like Fan/PSU/adapter link status and similar after XCC update
- Fixed a problem of reporting ME error after UEFI/XCC update with specific sequence (UEFI update/XCC update/Host reboot)
5.0 Enhancements
- Added support of whitlist for XCC network
- Added write ability of mounting virtual media remotely
- Changed country name from “Turkey” to “Türkiye” in XCC interface
- Added new Redfish API to support SED rekey and expose keyID of the SED authentication key
- Added support to configure UEFI persistent boot option through Redfish interface
6.0 Other changes
None
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"ARM Category":[{"code":"a8m3p000000PCTuAAO","label":"Platform\/Installation\/Deployment"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
18 September 2024
UID
ibm17168830