Release Notes
Abstract
This firmware update (V9.0.0) provided by IBM updates QRadar® M5 appliances with microcode security fixes and includes updates for UEFI, IMM2, DSA, RAID controller, and an HDD software update. This firmware can be used on all QRadar M5s for both 1U or 2U form factor appliances.
Content
Part 1: About the M5 Firmware V9.0.0 ISO Update
The M5 firmware update 9.0.0 is intended to remotely update firmware on QRadar appliances. This update adds new firmware versions for UEFI, IMM, raid controller, and hard disk updates. This firmware also resolves several CVEs as outlined in these release notes.
Administrators must update their IMM with the included UXZ file before they can mount and reboot with the ISO is required to install the firmware update. Updating the IMM2 firmware as the first step prevents installation issues when the core firmware update is applied. The installation instructions on tab named 'Part 2. Installing Firmware Updates'.
Important: If your appliance is in a HA pair, there are configuration steps required to set the status properly for your primary and secondary high-availability appliances. For more information, see: http://www.ibm.com/support/docview.wss?uid=swg27047121#HA.
Supported appliances, types, and model information
This firmware update applies to the following IBM Security QRadar M5 appliances, server type, or machine type models:
Appliance Name | Server Type | Lenovo Server Machine Type | IBM Machine Type-Model |
---|---|---|---|
IBM QRadar Event Collector 1501 G3 | x3550 M5 | MT 8869 | 4412-Q4D |
IBM QRadar xx05 G3 | x3550 M5 | MT 8869 | 4412-Q1E |
IBM QRadar Network Insights 1901 | x3550 M5 | MT 8869 | 4412-F4Y |
IBM QRadar QFlow Collector 1202/1301 | x3550 M5 | MT 8869 | 4412-Q7C |
IBM QRadar QFlow Collector 1310 | x3550 M5 | MT 8869 | 4412-Q8C |
IBM QRadar xx29 | x3650 M5 | MT 8871 | 4412-Q2A |
IBM QRadar xx48 | x3650 M5 | MT 8871 | 4412-Q3B |
IBM QRadar Incident Forensics | x3650 M5 | MT 8871 | 4412-F1A |
IBM QRadar Network Insights 1920 | x3650 M5 | MT 8871 | 4412-F3F |
IBM QRadar Network Packet Capture | x3650 M5 | MT 8871 | 4412-F2C |
Important file changes and prerequisites in this firmware update
The following table lists the software versions contained within the firmware package. The core change in release V9.0.0 is to provide new UEFI microcode security updates and IMM2 updates for administrators. Administrators must ensure that their M5 appliance includes the minimum version outlined in the Prerequisite version column.
Component | Prerequisite version | Firmware version in this update | File name |
---|---|---|---|
UEFI/BIOS (1U 8869) | UEFI v1.20 (TCE108i) | tbeg56a-3.70 | oem_fw_uefi_tbeg56a-3.70_anyos_32-64.uxz |
UEFI/BIOS (2U 8871) | UEFI v1.20 (TCE108i) | tceg56a-3.70 | oem_fw_uefi_tceg56a-3.70_anyos_32-64.uxz |
IMM2 | tcoe26o (version 3.75) | tcoe60a-5.90 | oem_fw_imm2_tcoe60a-5.90_anyos_noarch.uxz |
RAID controller M1215 | None | 1200-24.21.0-0151-2 | nvgy_fw_raid_mr3.0.1200-24.21.0-0151-2_linux_x86-64.bin |
RAID controller M5210 | None | 5200-24.21.0-0151-2 | lnvgy_fw_raid_mr3.0.5200-24.21.0-0151-2_linux_x86-64.bin |
HDD and drives | None | 1.39.11-0 | lnvgy_fw_drives_all-1.39.11-0_linux_x86-64.bin |
DSA | None | dsaob8a-10.8 | oem_fw_dsa_dsaob8a-10.8_anyos_32-64.uxz |
Emulex | None | 2.10x6-12.60a1-5 | elx-lnvgy_fw_fc_lp.08-2.10x6-12.60a1-5_linux_x86-64.bin |
Table 2: All firmware version updates are noted in this table.
Security issues resolved in this firmware update
The software versions contained within the firmware package mitigate the following CVEs.
Component | File name | CVEs resolved in this package |
---|---|---|
UEFI/BIOS (1U 8869) UEFI/BIOS (2U 8871) |
oem_fw_uefi_tbeg56a-3.70_anyos_32-64.uxz oem_fw_uefi_tceg56a-3.70_anyos_32-64.uxz |
CVE-2022-21166, CVE-2021-0153, CVE-2021-0154, CVE-2021-0155, CVE-2021-0190, CVE-2021-33123, CVE-2021-33124 Enhancements
|
IMM2 | oem_fw_imm2_tcoe60a-5.90_anyos_noarch.uxz | No CVEs reported. Enhancements
|
DSA | lnvgy_fw_dsa_dsalb8a-10.8_anyos_32-64.uxz | No CVEs reported. Enhancements
|
Emulex | elx-lnvgy_fw_fc_lp.08-2.10x6-12.60a1-3_linux_x86-64.bin | No CVEs reported. Enhancements Updated supported OS versions. |
RAID controller M1215 RAID controller M5210 |
lnvgy_fw_raid_mr3.0.1200-24.21.0-0151-2_linux_x86-64.bin lnvgy_fw_raid_mr3.0.5200-24.21.0-0151-2_linux_x86-64.bin |
No CVEs reported. Enhancements
|
HDD and drives | lnvgy_fw_drives_all-1.39.11-0_linux_x86-64.bin | No CVEs reported. |
Table 3: Security issues resolved in the M5 firmware update v9.0.0.
A. Before you begin
- This installation method uses the hardware's integrated management module (IMM) to remotely update firmware. If IMM network speeds are not sufficient, or the upgrade fails, use USB installation instead.
- Administrators must enable IMM.Over.LAN on the xSeries appliance before the firmware update is applied. For information on how to enable this setting, see https://www.ibm.com/support/pages/node/278761.
- If your appliances are in a HA pair, you must confirm your high-availability appliance status. For information on setting status on your HA appliances, see https://www.ibm.com/support/pages/node/713147#HA.
- A number of hard disk drive updates can be installed by this firmware. The HDD update tool examines the hard disk drive types that are present and selects the latest firmware level based on the drive type.
- The base system pack contains other firmware packages that are not in QRadar appliances. Therefore, these packages are displayed during the update with a status of "undetected" and not selected to be updated. The administrator can disregard any packages labeled as undetected
- If the Emulex card firmware does not install as intended or you experience an issue, you can continue the firmware installation and any Emulex issues will be addressed in the next firmware update. If you do not have an Emulex card with your appliance, the installation instructions include a screen capture of the error message that is generated during the firmware installation.
B. Downloading and extracting the firmware update
- Download the QRadar M5 appliance firmware update from IBM Fix Central:
- For QRadar 7.4.x: IBM Fix Central M5 firmware 9.0.0 EXE download
- For QRadar 7.5.x: IBM Fix Central M5 firmware 9.0.0 EXE download
Note: Software downloads for firmware apply to all QRadar versions, such as 7.3.0, 7.4.0, or 7.5.0. If your QRadar version is not displayed in this list, you can download any version to complete your firmware update.
- Copy the M5 appliance firmware EXE to a directory on the Windows™ host.
- Double-click the file: Qradar_EXE_ISO_M5_1U_MT8869_x3550_2U_MT8871_x3650_9_0_0.exe.
- Select a directory path and click Extract.
- The following files are extracted to the Windows host.
- Before you install software, administrators can verify the download is valid with the included sha256 file and test the software to confirm it is code signed by IBM. For more information, see ibm.biz/qradarcodesigning.
C. Updating the IMM firmware
- Log in to the IMM interface on your QRadar M5 appliance.
- Select Server Management > Server Firmware from the menu.
- Click Update Firmware
- Click Select File and browser to the IMM2 firmware update: oem_fw_imm2_tcoe60a-5.90_anyos_noarch.uxz.
- Click Next to upload and verify the IMM2 firmware file.
- Wait for the update the primary and secondary firmware banks to complete.
- Click Restart IMM.
- Clear your browser cache.
Results
After the IMM interface reboots, log in to the IMM and continue to the next section to mount the firmware ISO and configure the boot options.
D. Mounting the M5 firmware ISO & restart procedure
- Click Remote Control.
- To start the Remote Control session click use Active X for Internet Explorer or Java for all other Browsers.
- Click Start Remote Control in Single User.
NOTE: Administrators are expected to use single user mode for firmware updates.
- Administrators should leave the Allow others to request my remote session disconnect check box clear. It is not recommended for administrators to allow other users to request the active session during a firmware update.
- From the menu, select Virtual Media > Activate.
- From the menu, select Virtual Media > Select Devices to Mount.
- From the Devices window, click Add Image.
- Select the ISO image and click Open.
- Select the CD/DVD with the ISO file name and verify that the Mapped check box is selected.
- Click Mount Selected.
- Reboot the appliance to start the firmware installation.
- As the appliance starts, press the F12 key to select a boot device.
- At the Boot Devices Manager window use the arrow keys to navigate.
- Administrators must clear the Legacy Mode check box, then select the CD/DVDM option and press ENTER.
- The boot screen for the appliance is displayed. The IBM ToolsCenter Welcome page is displayed.
- When prompted, select the Updates option.
- Verify that the Updates list shows the correct machine type for the appliance.
NOTE: For example, System x3650 M5 -- machine type 8871.Hardware Details Server Type x3550 M5
x3650 M5Server Machine Type MT 8869
MT 8871
- To start the update link, select click here to start update.
- Select your language and click I accept the terms in the license agreement to continue.
- The IBM UpdateXpress System Pack Installer compares the current package with the installed firmware.
- Important: Verify that all check boxes are selected to complete the required updates. Some users reported issues where uEFI updates were not selected by default. All new version updates must be checked to ensure they install.
- If your M5 appliance has a secondary firmware bank, it is updated automatically.
Important: If you are prompted with a Target the secondary firmware bank check box, you must click Next without selecting this option. If you target the secondary firmware bank the installer IGNORES the firmware update to the primary bank and the installation must be reapplied to update the appliance.
- To start applying the updates, click Next on the Update Options page.
- Verify that all the firmware updates are applied, and click Next to complete the update.
- When all updates are complete, click Finish to reboot the appliance.
Results
Wait for the appliance to reboot. After any UEFI update, administrators need to allow the appliance to boot past the F1 prompt to ensures that all updates are installed.
Troubleshooting
Note: If you can't reconnect to the IMM, you need to send someone to the site to check on the machine status. In some rare circumstances, IMM can disconnect and the server maybe waiting for someone to press ENTER key locally.
Related Information
Was this topic helpful?
Document Information
Modified date:
24 August 2023
UID
ibm16838609