IBM Support

QRadar Firmware v3.2.1 for xSeries M5 Appliances (USB/IMG for on-premise installations)

Release Notes


Abstract

This firmware update (v3.2.1) provided by IBM updates QRadar® M5 appliances with microcode security fixes and includes updates for UEFI, IMM2, Dynamic System Analysis, RAID controllers, HDD software, and an Emulex update. This firmware can be used on all QRadar M5s for both 1U or 2U form factor appliances. This firmware update is intended for local USB updates of on-premise M5 xSeries 1U and 2U form factor hardware.

Content

Important: Select a tab to read each step of the firmware procedure.
 

***IMPORTANT SSD NOTICE***: QRadar Support is investigating a data loss issue associated to M5 v3.2.1 firmware and Samsung solid state drives (SSDs): FRU 01GR787, Model number MZILS3T8HMLHV3. See: http://ibm.biz/qradarm5ssd for more info.

Administrator notes and important information

 
  • Important: Administrators should ensure that all firmware check boxes are selected when the comparison screen displays the firmware changes to be installed. We have reports that not all check boxes were selected and administrators had to apply the update again. To prevent additional downtime, administrators should verify all check boxes are selected as defined in the instructions on Tab 2.
  • Important: If your appliance is in a HA pair, there are configuration steps required to set the status properly for your primary and secondary high-availability appliances. For more information, see: http://www.ibm.com/support/docview.wss?uid=swg27047121#HA.
  • IMPORTANT: Administrators must enable IMM.Over.LAN on the xSeries appliance BEFORE the firmware update is applied. For information on how to enable this setting, see: http://www.ibm.com/support/docview.wss?uid=swg21982944.
  • A new .IMG file is now used to create bootable USB drives for M5 appliances to provide more flexibility for Windows operating systems when creating a USB key for your firmware update. The 2nd tab contains new installation instructions to guide customers through their firmware installations.
  • A remote installation option is available for administrators who prefer to install their M5 firmware updates remotely or for those who do not allow USB keys in their production environments. For more information, see QRadar Firmware 3.2.1 for xSeries M5 Appliances (IMM/ISO for remote installations).
     

 

Supported appliances, types, and model information

 

This firmware update applies to the following IBM Security QRadar M5 appliances, server type, or Machine type models:

Appliance Name Server Type Lenovo Server Machine Type IBM Machine Type-Model
IBM Security QRadar xx05 G3 x3550 M5 MT 8869 4412-Q1E
IBM Security QRadar Event Collector 1501 G3 x3550 M5 MT 8869 4412-Q4D
IBM Security QRadar Network Insights 1901 x3550 M5 MT 8869 4412-F4Y
IBM Security QRadar xx29 x3650 M5 MT 8871 4412-Q2A
IBM Security QRadar xx48 x3650 M5 MT 8871 4412-Q3B
IBM Security QRadar Incident Forensics x3650 M5 MT 8871 4412-F1A
IBM Security QRadar Network Insights 1920 x3650 M5 MT 8871 4412-F3F
IBM Security QRadar Network Packet Capture x3650 M5 MT 8871 4412-F2C
Table 1: List of appliances that the M5 appliance firmware 3.2.1 can update.
 
 

Important file changes and prerequisites in this firmware update

 

The table below lists the software versions contained within the firmware package. The core change in this release (3.2.1) is to provide new UEFI microcode security updates and IMM2 updates for administrators. Administrators must ensure that their M5 appliance includes the minimum version outlined in the Prerequisite version column, if any pre-requisites are defined.

Component Prerequisite version Firmware version in this update File name 
IMM2 tcoe26o (version 3.75) imm2_tcoe44c-4.90 oem_fw_imm2_tcoe44c-4.90_anyos_noarch
UEFI/BIOS  (1U 8869) uEFI v1.20 (TCE108i) tbeg36h-2.70 oem_fw_uefi_tbeg36h-2.70_anyos_32-64
UEFI/BIOS  (2U 8871) uEFI v1.20 (TCE108i) tceg36h-2.70 oem_fw_uefi_tceg36h-2.70_anyos_32-64
DSA  None dsalb2q-10.3 oem_fw_dsa_dsaob2q-10.3_anyos_32-64
Emulex* None 2.10x6-9 elx-lnvgy_fw_fc_18a-2.10x6-9_linux_x86-64
RAID Controller M1215 None 1200-24.21.0-0052-1 lnvgy_fw_sraidmr_1200-24.21.0-0052-1_linux_x86-64
RAID Controller M5210 None 5200-24.16.0-0108 lnvgy_fw_sraidmr_5200-24.21.0-0052-1_linux_x86-64
HDD Update  None sas-1.26.06 lnvgy_fw_hdd_sas-1.26.06_linux_x86-64
Table 2: Components and software versions included in the M5 firmware update v3.2.1.
 

 

Security issues resolved in this firmware update

The table below lists the software versions contained within the firmware package and the applicable CVEs addressed in this firmware release.

Component File name  CVEs resolved in this package
IMM2 oem_fw_imm2_tcoe44c-4.90_anyos_noarch

CVE-2018-7182, CVE-2018-7183, CVE-2018-7184, and CVE-2018-7185

UEFI/BIOS  (1U 8869) oem_fw_uefi_tbeg36h-2.70_anyos_32-64 CVE-2018-3639 and CVE-2018-3640.
UEFI/BIOS  (2U 8871) oem_fw_uefi_tceg36h-2.70_anyos_32-64 CVE-2018-3639 and CVE-2018-3640.
DSA  oem_fw_dsa_dsaob2q-10.3_anyos_32-64 CVE-2018-5732 and CVE-2018-5733.
Emulex* elx-lnvgy_fw_fc_18a-2.10x6-9_linux_x86-64 None
RAID Controller M1215 lnvgy_fw_sraidmr_1200-24.21.0-0052-1_linux_x86-64 None
RAID Controller M5210 lnvgy_fw_sraidmr_5200-24.21.0-0052-1_linux_x86-64 None
HDD Update  lnvgy_fw_hdd_sas-1.26.06_linux_x86-64 None
Other Security Fixes None Security vulnerabilities resolved in open source packages where there is no IMM exposure:

CVE-2017-3145, CVE-2017-13733, CVE-2016-7141, CVE-2018-1000007, CVE-2017-3144, CVE-2017-12132, CVE-2017-8804, CVE-2018-1000001, CVE-2018-6485, CVE-2018-6551, CVE-2018-5344, CVE-2016-10396, CVE-2016-5131, CVE-2017-15412, CVE-2017-16932, CVE-2017-5130, CVE-2016-5732, CVE-2018-5733, CVE-2017-12133, CVE-2016-1549, CVE-2018-7170, CVE-2017-14062.
Table 3: Security issues resolved in the M5 firmware update v3.2.1.

NOTE: Administrators can use any text editor to review a detailed change list for firmware update v3.2.1. Click the .txt file and open the document in any text editor program.

QRadar_All_M5_1U_MT8869_x3550_2U_MT8871_x3650_3_2_1.txt

 
 

Before you begin

 

***IMPORTANT SSD NOTICE***: QRadar Support is investigating a data loss issue associated to M5 v3.2.1 firmware and Samsung solid state drives (SSDs): FRU 01GR787, Model number MZILS3T8HMLHV3. See: http://ibm.biz/qradarm5ssd for more info.

IMPORTANT: Administrators must enable IMM.Over.LAN on the xSeries appliance BEFORE the firmware update is applied. For information on how to enable this setting, see: http://www.ibm.com/support/docview.wss?uid=swg21982944.

Creating your USB flash drive for the firmware update requires a Windows host and the administrator or USB drive must be on-site with the appliance. The firmware update can take up to 60 minutes complete per appliance and the administrator will be required to reboot the appliance after the firmware install completes. The firmware upgrade procedures should only be done during a change window or during maintenance time for your QRadar appliances.

You must have access to the following items:

  • An 8 GB or larger USB flash drive
  • A desktop or notebook system running one the following operating systems:
    • Windows 10
    • Windows 7
    • Windows 2008R2
    • Windows 2008
    • Windows Vista
    • Windows XP
 

Creating the bootable USB drive

 
  1. Download the M5 v3.2.1 firmware IMG file from IBM Fix Central: http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.3.0&platform=All&function=fixId&fixids=7.3.1-QRADAR-FIRMWARE-M5_1U_USB-QRadar-QNI-PCAP-QIF-3.2.1&includeSupersedes=0&source=fc
  2. Download the Rufus tool from Rufus Downloads (http://rufus.akeo.ie/downloads/).
  3. Insert the USB flash drive into a USB port on your Windows laptop or workstation.
  4. Open Rufus and configure the properties.
    Parameter Value
    Device Select your USB drive
    Boot Selection Select Qradar_All_M5_1U_MT8869_x3550_2U_MT8871_x3650_3_2_1.img
    Partition scheme MBR (Default)
    Target system BIOS (or UEFT-CSM) (Default)
    File system FAT32 (Default)
    Cluster size 4096 bytes (Default)
  5. Click Start. The image is loaded on the USB drive.
    image-20181204171911-1
  6. After the installation finishes, safely eject the USB flash drive from your computer.
 

Installing the firmware update

 

This procedure requires you to reboot your QRadar appliance after the firmware update is installed. Administrators should expect a data outage while firmware updates are applied.

  1. Insert the USB drive in to the M5 QRadar appliance.
  2. Reboot the system to start the software installation process.
  3. As the appliance is rebooting, press the F12 key to select a boot device.
    image-20180813083406-5
  4. Select the bootable firmware image, for example, USB Storage and Press Enter.
    image-20180813083546-7
  5. The IBM ToolsCenter Welcome page is displayed.
  6. When prompted, select the Updates option.
    image-20180813083630-8
  7. Verify that the bootable media shows the correct machine type for the appliance.
    Hardware Number
    Server Type x3550 M5
    x3650 M5
    Server Machine Type MT 8869
    MT 8871
  8. To start the update, select Click here to start update.
    image-20180813083815-9
  9. Select your language and click I accept the terms in the license agreement to continue.
    image-20180813084457-10
  10. The IBM UpdateXpress System Pack Installer compares the current package with the installed firmware
    image-20181205081923-1
  11. **IMPORTANT:** Review the list of updates and confirm that all Suggested updates are included. It has been reported that some suggested updates are not selected by default. Administrators should verify check boxes are selected to prevent additional downtime.
    image-20181205081955-2
  12. To apply the firmware updates, click Next on the Update Options page.
    image-20181205082007-3
  13. Verify that all the firmware updates are applied, and click Next to complete the update.
  14. After the update is complete, click Save Log to save the installation log to the USB flash drive. This file can be provided to support in case any issues occurred during the update.
    image-20181205082044-4
  15. Select the USB flash drive and click OK.
  16. After the log is saved, click Finish to reboot the appliance.

    Results
    After the appliance boots, the system is ready to be used normally. 
 

 

[{"Business Unit":{"code":"BU008","label":"Security"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Component":"Hardware;Firmware","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
31 March 2020

UID

ibm10743953