IBM Support

QRadar M5 xSeries firmware V9.0.0 for 1U and 2U appliances (ISO/IMM for remote installations)

Release Notes


Abstract

This firmware update (V9.0.0) provided by IBM updates QRadar® M5 appliances with microcode security fixes and includes updates for UEFI, IMM2, DSA, RAID controller, and an HDD software update. This firmware can be used on all QRadar M5s for both 1U or 2U form factor appliances.

Content


Important: Select a tab to read each step of the firmware procedure.
 

Part 1: About the M5 Firmware V9.0.0 ISO Update

The M5 firmware update 9.0.0 is intended to remotely update firmware on QRadar appliances. This update adds new firmware versions for UEFI, IMM, raid controller, and hard disk updates. This firmware also resolves several CVEs as outlined in these release notes.

Administrators must update their IMM with the included UXZ file before they can mount and reboot with the ISO is required to install the firmware update. Updating the IMM2 firmware as the first step prevents installation issues when the core firmware update is applied. The installation instructions on tab named 'Part 2. Installing Firmware Updates'.

Important: If your appliance is in a HA pair, there are configuration steps required to set the status properly for your primary and secondary high-availability appliances. For more information, see: http://www.ibm.com/support/docview.wss?uid=swg27047121#HA.

Supported appliances, types, and model information

 

This firmware update applies to the following IBM Security QRadar M5 appliances, server type, or machine type models:

Appliance Name Server Type Lenovo Server Machine Type IBM Machine Type-Model
IBM QRadar Event Collector 1501 G3 x3550 M5 MT 8869 4412-Q4D
IBM QRadar xx05 G3 x3550 M5 MT 8869 4412-Q1E
IBM QRadar Network Insights 1901 x3550 M5 MT 8869 4412-F4Y
IBM QRadar QFlow Collector 1202/1301 x3550 M5 MT 8869 4412-Q7C
IBM QRadar QFlow Collector 1310 x3550 M5 MT 8869 4412-Q8C
IBM QRadar xx29 x3650 M5 MT 8871 4412-Q2A
IBM QRadar xx48 x3650 M5 MT 8871 4412-Q3B
IBM QRadar Incident Forensics x3650 M5 MT 8871 4412-F1A
IBM QRadar Network Insights 1920 x3650 M5 MT 8871 4412-F3F
IBM QRadar Network Packet Capture x3650 M5 MT 8871 4412-F2C
Table 1: List of appliances that the M5 appliance firmware V9.0.0 can update.

Important file changes and prerequisites in this firmware update

 

The following table lists the software versions contained within the firmware package. The core change in release V9.0.0 is to provide new UEFI microcode security updates and IMM2 updates for administrators. Administrators must ensure that their M5 appliance includes the minimum version outlined in the Prerequisite version column.

Component Prerequisite version Firmware version in this update File name 
UEFI/BIOS (1U 8869) UEFI v1.20 (TCE108i) tbeg56a-3.70 oem_fw_uefi_tbeg56a-3.70_anyos_32-64.uxz
UEFI/BIOS (2U 8871) UEFI v1.20 (TCE108i) tceg56a-3.70 oem_fw_uefi_tceg56a-3.70_anyos_32-64.uxz
IMM2 tcoe26o (version 3.75) tcoe60a-5.90 oem_fw_imm2_tcoe60a-5.90_anyos_noarch.uxz
RAID controller M1215 None 1200-24.21.0-0151-2 nvgy_fw_raid_mr3.0.1200-24.21.0-0151-2_linux_x86-64.bin
RAID controller M5210 None 5200-24.21.0-0151-2 lnvgy_fw_raid_mr3.0.5200-24.21.0-0151-2_linux_x86-64.bin
HDD and drives None 1.39.11-0 lnvgy_fw_drives_all-1.39.11-0_linux_x86-64.bin
DSA  None dsaob8a-10.8 oem_fw_dsa_dsaob8a-10.8_anyos_32-64.uxz
Emulex None 2.10x6-12.60a1-5 elx-lnvgy_fw_fc_lp.08-2.10x6-12.60a1-5_linux_x86-64.bin

Table 2: All firmware version updates are noted in this table.

Security issues resolved in this firmware update

The software versions contained within the firmware package mitigate the following CVEs.

Component File name  CVEs resolved in this package
UEFI/BIOS (1U 8869)
UEFI/BIOS (2U 8871)
oem_fw_uefi_tbeg56a-3.70_anyos_32-64.uxz
oem_fw_uefi_tceg56a-3.70_anyos_32-64.uxz
CVE-2022-21166, CVE-2021-0153, CVE-2021-0154, CVE-2021-0155, CVE-2021-0190, CVE-2021-33123, CVE-2021-33124

Enhancements
  • 2022.1 Intel Platform Update (IPU)
  • Update SPS firmware version 3.1.3.131
  • Update BIOS ACM 3.1.4 and SINIT ACM 3.1.8
IMM2 oem_fw_imm2_tcoe60a-5.90_anyos_noarch.uxz No CVEs reported.

Enhancements
  • Fixed a problem where IMM2 stops logging events after update to 5.70 (TCOE56B) or later.
  • Fixed the incorrect PSU Mfg Date read from IPMI FRU
DSA  lnvgy_fw_dsa_dsalb8a-10.8_anyos_32-64.uxz No CVEs reported.

Enhancements
  • Add Emulex firmware update required library.
  • Support secure boot on ThinkAgile servers.
Emulex elx-lnvgy_fw_fc_lp.08-2.10x6-12.60a1-3_linux_x86-64.bin No CVEs reported.

Enhancements
Updated supported OS versions.
RAID controller M1215
RAID controller M5210
lnvgy_fw_raid_mr3.0.1200-24.21.0-0151-2_linux_x86-64.bin
lnvgy_fw_raid_mr3.0.5200-24.21.0-0151-2_linux_x86-64.bin
No CVEs reported.

Enhancements
  • FW 6.14 -Resolved fatal firmware error due to hitting DATA TLB exception.
  • Drive state "Prepare for removal" operation showing error message "Failed!" while changing in Ctrl-R.
  • OEM-specific iMR - StorCLI /c0 show all status is failed with "Eror code 2 command invalid".
HDD and drives lnvgy_fw_drives_all-1.39.11-0_linux_x86-64.bin No CVEs reported.

Table 3: Security issues resolved in the M5 firmware update v9.0.0.

 

A. Before you begin

  • This installation method uses the hardware's integrated management module (IMM) to remotely update firmware. If IMM network speeds are not sufficient, or the upgrade fails, use USB installation instead.
  • Administrators must enable IMM.Over.LAN on the xSeries appliance before the firmware update is applied. For information on how to enable this setting, see https://www.ibm.com/support/pages/node/278761.
  • If your appliances are in a HA pair, you must confirm your high-availability appliance status. For information on setting status on your HA appliances, see https://www.ibm.com/support/pages/node/713147#HA.
  • A number of hard disk drive updates can be installed by this firmware. The HDD update tool examines the hard disk drive types that are present and selects the latest firmware level based on the drive type.
  • The base system pack contains other firmware packages that are not in QRadar appliances. Therefore, these packages are displayed during the update with a status of "undetected" and not selected to be updated. The administrator can disregard any packages labeled as undetected
  • If the Emulex card firmware does not install as intended or you experience an issue, you can continue the firmware installation and any Emulex issues will be addressed in the next firmware update. If you do not have an Emulex card with your appliance, the installation instructions include a screen capture of the error message that is generated during the firmware installation.



 

B. Downloading and extracting the firmware update

 
  1. Download the QRadar M5 appliance firmware update from IBM Fix Central:
  2. Copy the M5 appliance firmware EXE to a directory on the Windows™ host.
  3. Double-click the file: Qradar_EXE_ISO_M5_1U_MT8869_x3550_2U_MT8871_x3650_9_0_0.exe.
  4. Select a directory path and click Extract.
    image-20221111091341-1
  5. The following files are extracted to the Windows host.
    image-20221111091839-3
  6. Before you install software, administrators can verify the download is valid with the included sha256 file and test the software to confirm it is code signed by IBM. For more information, see ibm.biz/qradarcodesigning.



 

C. Updating the IMM firmware

 
  1. Log in to the IMM interface on your QRadar M5 appliance.
     
  2. Select Server Management > Server Firmware from the menu.
  3. Click Update Firmware

     
  4. Click Select File and browser to the IMM2 firmware update: oem_fw_imm2_tcoe60a-5.90_anyos_noarch.uxz.
    image-20221111092555-2
  5. Click Next to upload and verify the IMM2 firmware file.
    image 12416
  6. Wait for the update the primary and secondary firmware banks to complete.
  7. Click Restart IMM.
  8. Clear your browser cache.

    Results
    After the IMM interface reboots, log in to the IMM and continue to the next section to mount the firmware ISO and configure the boot options.




 

D. Mounting the M5 firmware ISO & restart procedure

 
  1. Click Remote Control.

     
  2. To start the Remote Control session click use Active X for Internet Explorer or Java for all other Browsers.
     
  3. Click Start Remote Control in Single User.
    NOTE: Administrators are expected to use single user mode for firmware updates.
     
  4. Administrators should leave the Allow others to request my remote session disconnect check box clear. It is not recommended for administrators to allow other users to request the active session during a firmware update.
     
  5. From the menu, select Virtual Media > Activate.

     
  6. From the menu, select Virtual Media > Select Devices to Mount.

     
  7. From the Devices window, click Add Image.

     
  8. Select the ISO image and click Open.
    image-20221111092530-1
  9. Select the CD/DVD with the ISO file name and verify that the Mapped check box is selected.

     
  10. Click Mount Selected.
  11. Reboot the appliance to start the firmware installation.
     
  12. As the appliance starts, press the F12 key to select a boot device.

     
  13. At the Boot Devices Manager window use the arrow keys to navigate.
     
  14. Administrators must clear the Legacy Mode check box, then select the CD/DVDM option and press ENTER.

     
  15. The boot screen for the appliance is displayed. The IBM ToolsCenter Welcome page is displayed.

     
  16. When prompted, select the Updates option.

     
  17. Verify that the Updates list shows the correct machine type for the appliance.
    Hardware Details
    Server Type x3550 M5
    x3650 M5
    Server Machine Type MT 8869
    MT 8871
    NOTE: For example, System x3650 M5 -- machine type 8871.
     
  18. To start the update link, select click here to start update.
    image-20190403184657-1
     
  19. Select your language and click I accept the terms in the license agreement to continue.

     
  20. The IBM UpdateXpress System Pack Installer compares the current package with the installed firmware.
    image-20190924140014-1
     
  21. Important: Verify that all check boxes are selected to complete the required updates. Some users reported issues where uEFI updates were not selected by default. All new version updates must be checked to ensure they install.
     
  22. If your M5 appliance has a secondary firmware bank, it is updated automatically.
    Important: If you are prompted with a Target the secondary firmware bank check box, you must click Next without selecting this option. If you target the secondary firmware bank the installer IGNORES the firmware update to the primary bank and the installation must be reapplied to update the appliance.
     
  23. To start applying the updates, click Next on the Update Options page.
    image-20190924140027-2
     
  24. Verify that all the firmware updates are applied, and click Next to complete the update.
    image-20190409155858-1
     
  25. When all updates are complete, click Finish to reboot the appliance.

    Results
    Wait for the appliance to reboot. After any UEFI update, administrators need to allow the appliance to boot past the F1 prompt to ensures that all updates are installed.  

Troubleshooting

A green screen is not indicative of failure by itself, press CTRL on your keyboard to wake up the screen saver. If CTRL does not wake up the screensaver, you might need to press ENTER key. After ENTER key is pressed, if the Green background screen remains, check the power state of the IMM by going to the OEM Controller home page to view the power status in the upper left screen.

Note: If you can't reconnect to the IMM, you need to send someone to the site to check on the machine status. In some rare circumstances, IMM can disconnect and the server maybe waiting for someone to press ENTER key locally.
If you have any issues with the appliance booting or with firmware update problems, you can open a case with QRadar Support. If you have issues with the appliance booting after you update firmware, attach your update collect preboot DSA logs from the QRadar appliance.
 

 

 

Note: Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both.

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtcAAA","label":"Hardware"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions"}]

Document Information

Modified date:
24 August 2023

UID

ibm16838609