QRadar: M4 firmware 7.0.0 for xSeries 1U appliances (ISO/IMM remote installs)

Created by Jonathan Pechta on Tue, 06/23/2020 - 13:26
Published URL:
https://www.ibm.com/support/pages/node/6237848
6237848

Release Notes


Abstract

Appliance firmware (v7.0.0) provided by IBM updates QRadar® M4 appliances with the latest UEFI, IMM2, RAID controllers, and HDD software that has been validated by the QRadar team. This firmware update is intended for IMM remote updates of M4 1U form factor hardware on QRadar appliances.

Content

Important: Select a tab to read each step of the firmware procedure.

Part 1: About the M4 1U Firmware v7.0.0 ISO Update


To install a firmware update on an M4 1U appliance, administrators must have IMM configured. The firmware update can take up to 60 minutes complete per appliance and the administrator are required to reboot the appliance after the firmware install completes. The firmware upgrade procedures should only be done during a change window or during maintenance time for your QRadar appliances. If you do not have IMM configured on your M4 appliance, you can use the bootable USB drive instructions. For more information, see our FAQ page at https://ibm.biz/qradarfirmware.

Supported appliances, types, and model information


This firmware update applies to the following IBM Security QRadar M4 (1U form factor) appliances:
Hardware Details Size
Appliance QRadar 21xx (4380-Q1C)
QRadar Event Collector 1501 G2 (4380-Q2C)
QRadar QFlow Collector 1201 G2 (4380-Q2C)
QRadar QFlow Collector 1202 G2 (4380-Q3C)
QRadar QFlow Collector 1301 G2 (4380-Q4C)
QRadar QFlow Collector 1310 G2 (4380-Q5C)
QRadar QFlow Collector 1310 SR-C G2 (4380-Q5C)
QRadar QFlow Collector 1310 LR-C G2 (4380-Q6C)
1U
Server Type x3550 M4 1U
Server Machine Type 7914 1U
Machine type models (MTM) 4380-Q1C
4380-Q2C
4380-Q3C
4380-Q4C
4380-Q5C
4380-Q6C
1U
Table 1: List of appliances that the M4 appliance firmware v7.0.0 can update.

Important information and prerequisites in this firmware update


Administrators must ensure that their M4 appliance includes the minimum version outlined in the Prerequisite version column. If your M4 appliance does not meet the prerequisite versions outlined in the table, the administrator must contact IBM QRadar Support to discuss a custom upgrade path for your M4 appliance.
Component  Prerequisite version Firmware version  Name 
IMM2 4.31 or later 1aoo90b-7.40 ibm_fw_imm2_1aoo90b-7.40_anyos_noarch.uxz
UEFI/BIOS  None d7e172d-3.10 ibm_fw_uefi_d7e172d-3.10_anyos_32-64.uxz
DSA  None dsytd8g-9.54 ibm_fw_dsa_dsytd8g-9.54_anyos_32-64.uxz
Server RAID Controller H1110 None 1.20.02 ibm_fw_mpt2sas_h1110-1.20.02_linux_32-64.bin
Server RAID Controller M1115 None 20.13.1-0254 ibm_fw_sraidmr_1000-20.13.1-0254_linux_32-64.bin
HDD Update  None sas-1.23.02 ibm_fw_hddlenovo_sas-1.23.02_linux_32-64.bin
Table 2: Firmware updates for the M4 QRadar 1U form factor appliances are noted in this table.
NOTES
  • After the IMM firmware is installed, the appliance must be restarted. Lenovo recommends that administrators restart appliances, instead of powering down the hardware to avoid a potential high voltage motherboard condition that can occur.
  • If your appliances are in a HA pair, you must prepare your high-availability appliances using the instructions found here: http://www.ibm.com/support/docview.wss?uid=swg27047121#HA.
  • A number of hard disk drives can be installed in this appliance. The HDD update tool examines the hard disk drives that are present and selects the most current firmware level that is available.
  • The base system pack contains other firmware packages that are not in QRadar appliances. Therefore, these packages appear when the tool runs, but have a status of "undetected" and not selected to be updated.
  • IMM2 v6.00 and later requires Java version 8. If administrators do not have Java version 8 installed on their workstation, the console window does not open. Before you are able to take remote control of an appliance, a Java check is completed and instructions are provided to the administrator if Java 8 is not available. An alternative for administrators is to use ActiveX and the Internet Explorer browser.
     

Security issues resolved in this firmware update

The table lists the software versions contained within the firmware package and the applicable CVEs addressed in this firmware release.

Component File name  CVEs resolved in this package
UEFI/BIOS ibm_fw_uefi_d7e172d-3.10_anyos_32-64.uxz
  • Updated code to address security vulnerability CVE-2019-0151.
  • Removed the IPSec driver due to non-use and security issues.
IMM2 ibm_fw_imm2_1aoo90b-7.40_anyos_noarch.uxz CVE-2019-11477, CVE-2019-11478, CVE-2019-11479
 
DSA  ibm_fw_dsa_dsytd8g-9.54_anyos_32-64.uxz None
Server RAID Controller H1110 ibm_fw_mpt2sas_h1110-1.20.02_linux_32-64.bin None
Server RAID Controller M1115 ibm_fw_sraidmr_1000-20.13.1-0254_linux_32-64.bin None
HDD Update  ibm_fw_hddlenovo_sas-1.23.02_linux_32-64 None
Emulex elx_fw_fc_15b-2.02x11-40_linux_32-64.bin None
Other Security Fixes None Additional firmware changes to address security vulnerabilities in open source packages, but for which there is no IMM2 exposure: CVE-2018-15473, CVE-2018-15919
 
Table 3: Security issues resolved in the M4 firmware update v7.0.0.
 


 

 

Downloading and extracting the firmware update

 
  1. Download the QRadar M4 1U appliance firmware update v7.0.0 from IBM Fix Central: http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.3.0&platform=All&function=fixId&fixids=7.3-QRADAR-FIRMWARE-M4_1U_ISO-QRadar-QNI-PCAP-QIF-7.0.0&includeSupersedes=0&source=fc
  2. Copy the M4 appliance firmware EXE to a directory on the Windows host.
  3. Double-click on the file: Qradar_IMG_M4_2U_MT5466_x3650_7_0_0.exe.
  4. Select or type a directory path for the M4 firmware update and click Extract.
  5. The following files are extracted.
    image 4511

Updating the IMM firmware

 
  1. Log in to the IMM interface on your QRadar M4 appliance.
  2. Select Server Management > Server Firmware from the menu.
  3. Click Update Firmware.

     
  4. Click Select File and choose the IMM2 firmware update ibm_fw_imm2_1aoo90b-7.40_anyos_noarch.uxz.
    image 4514
  5. Click Next to upload and verify the IMM2 firmware file.
    image 4512
  6. In the Additional Options, select Action1: Update the primary bank ONLY and click Next.
    Important: To prevent installation issues, confirm that you select the primary firmware bank during this step. The backup firmware bank is automatically updated and should not be selected. Administrators who select both check boxes must  reinstall their firmware to ensure the primary bank updates properly.
    image-20191101123450-1
     
  7. Wait for the update of the primary firmware bank to complete.

     
  8. Click Restart IMM and clear your browser cache.
  9. After the IMM firmware update is installed, the appliance must be restarted. Lenovo recommends that administrators restart appliances, instead of powering down the hardware to avoid a potential high voltage motherboard condition that can occur.

    Results
    Log in to the IMM and continue to the next section to mount the firmware ISO and configure the boot options.

Mounting the M4 Firmware ISO

  1. Click on Remote Control.

     
  2. To start the Remote Control session, click on use Active X for Internet Explorer or Java for all other Browsers.
     
  3. Click on Start Remote Control in Single User Mode.
    NOTE: Administrators should always use single user mode for remote connections for updates.
     
  4. Administrators should leave the Allow others to request my remote session disconnect check box clear. It is not recommended for administrators to allow other users to request the active session for firmware updates.
     
  5. From the menu, select Virtual Media > Activate.

     
  6. From the menu, select Virtual Media > Select Devices to Mount.

     
  7. From the Devices window click on Add Image.

     
  8. Navigate to the ISO image and click Open.
    image 4515
  9. Select the CD/DVD QRadar_All_M4 is highlighted and verify that the Mapped check box is selected.

     
  10. Click Mount Selected.

     
  11. Reboot the appliance to start the software installation process.
     
  12. As the appliance is rebooting, press the F12 key to select a boot device.

     
  13. In the Boot Devices Manager menu, use the arrow keys to navigate.
     
  14. Administrators must clear the Legacy Mode check box, then select the CD/DVDM option and press ENTER.

     
  15. The boot screen for the appliance is displayed.

     
  16. The IBM ToolsCenter Welcome page is displayed.
  17. When prompted, select Updates.

     
  18. Verify that the bootable media shows the correct machine type for the appliance.
    Hardware Details
    Server Type x3550 M4 BD
    Server Machine Type 7914
     
  19. To start the update, select Click here to start update.
    NOTE: Verify that the Updates list contains x3550 M4 BD -- machine type 7914 in the updates list.

     
  20. Select your language and click I accept the terms in the license agreement to continue.
    image-20190114101714-3
  21. The IBM UpdateXpress System Pack Installer compares the current package with the installed firmware.

     
  22. **IMPORTANT**. Verify that all Suggested or Critical check boxes are selected. Administrators can use the first check box to select all options and the installer skips any updates that are Not Required.
    image-20190114111240-4
     
  23. To start applying the updates, click Next on the Update Options page.
    The bootable media creator starts to install firmware on the M4 appliance.
     
  24. Verify that all the firmware updates are applied, and click Next to complete the update.
    image-20190114105343-2
     
  25. After the update is complete, click Save Log to save the installation log to the USB flash drive. This file can be provided to support in case any issues occurred during the update.

     
  26. Select a drive and click OK.

     
  27. When all updates are complete, click Finish to reboot the appliance.

    Results
    After the IMM firmware update is installed, the appliance must be restarted. Lenovo recommends that administrators restart appliances, instead of powering down the hardware to avoid a potential high voltage motherboard condition that can occur. If you experience any installation issues or error messages, you can contact QRadar Support for assistance and open a software support case for your appliance. The support representative can request the firmware logs for review to determine the cause of the error or if replacement hardware is required. If the issue is hardware related, the support representative can change the case type and involve the proper teams to schedule replacement parts.  
 

Emulex Update Error Messages


This update can generate an Emulex installation error message that can be ignored as not all QRadar M5 or M4 appliances ship with an Emulex card. The firmware update contains software to attempt to update the Emulex drivers; however, not all appliances contain an Emulex device and an installation error can be displayed. If the administrator sees the error Emulex "Install did not succeed", verify if the device is part of the appliance configuration.

[{"Business Unit":{"code":"BU008","label":"Security"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000blfyAAA","label":"QRadar->Hardware->Firmware Upgrades"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.3.0;7.3.1;7.3.2;7.3.3;7.4.0","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
29 June 2020

UID

ibm16237848