Updating RSA Appliance Firmware (Dell R620 or R720)
Dell provides firmware updates as required to address security vulnerabilities. This guide describes how to download and install the current iDRAC and BIOS firmware updates for an RSA Appliance that runs RSA Via Lifecycle and Governance.
To update the firmware on a Dell R620 or R720, you need to download and run two updates: an iDRAC firmware update and a BIOS firmware update.
Note: RSA Via Lifecycle and Governance in an RSA Appliance configuration supports these operating systems: SuSE Linux Enterprise Edition 11 SP3 and Red Hat Enterprise Linux 5.
Vulnerabilities Addressed by the Update
- CVE-2014-3566 (POODLE),
- CVE-2010-5107, and
- CVE-2014-2532
Determine Whether an Update is Required
These updates will install the following firmware versions:
• iDRAC version: 2.10.10.10. and
• BIOS version: 2.5.4.
To check your current firmware versions
1. Log in to the iDRAC web interface.
2. In the left pane, click Overview > Server. In the Properties Summary page, the Server Information section shows the following:
• BIOS Version
• Firmware Version (This is the iDRAC firmware version.)
• Service Tag. If needed, you can use this identifier to find your Dell server model. On the
Dell Support page, under the
Auto-detect Your Product banner, click the
Detect Product button.
Download Software
The firmware updates are available from the Dell Support site:
Run the iDRAC Update
Procedure:
1. Log in to the server as root.
2. Stop all running processes including ACM and AFX:
service aveksa_server stop
<path-to-AFX>/afx stop
3. Copy the iDRAC with Lifecycle Controller v. 2.10.10.10 Update file to any directory.
4. Change directory to the file location from step 3.
5. Change permissions on the update file as follows:
chmod +x iDRAC-with-Lifecycle-Controller_Firmware_Y5K20_LN_2.10.10.10_A00_.BIN
6. Run the update:
./ iDRAC-with-Lifecycle-Controller_Firmware_Y5K20_LN_2.10.10.10_A00_.BIN
7. Read the license information and all prompts carefully and respond to each prompt with the default response. Make sure you are applying the firmware version you intend to apply. You may cancel the installation with Ctrl+C before responding to the final prompt.
8. Wait for the update to complete. There is a simple progress indicator displayed on the screen during the update process and confirmation when completed.
Run the BIOS Update
Before You Begin
- Read over the release information presented by executing the command with the --version option, for example:
./[model]_BIOS_LX_[revision].BIN --version
- Download and install any prerequisites identified in the above step before proceeding.
- Install any necessary Embedded Systems Management firmware prior to this BIOS update.
Procedure:
- Log in to the server as root.
- Stop all running processes including ACM and AFX:
service aveksa_server stop
<path-to-AFX>/afx stop
3. Copy the BIOS update file to any directory.
4. Change directory to the location of the downloaded files (from step 3).
5. Change permissions on the update file as follows:
• For R620:
chmod +x BIOS_KR1XT_LN_2.5.4.BIN
• For R720:
chmod +x BIOS_CR1RR_LN_2.5.4.BIN
6. Run the update:
• For R620:
./BIOS_KR1XT_LN_2.5.4.BIN
• For R720:
./BIOS_CR1RR_LN_2.5.4.BIN
7. Read the license information and all prompts carefully and respond to each prompt with the default response. Make sure you are applying the firmware version you intend to apply. You may cancel the installation with Ctrl+C before responding to the final prompt.
8. Wait for the update to complete. There is a simple progress indicator displayed on the screen during the upgrade process and confirmation when completed.
9. When the update completes, the BIOS will reset (or reboot) but this will not be obvious through the console. No further action is required.
