Updating RSA Via Lifecycle & Governance Appliance Firmware (Dell R620 or R720)

2 years ago

Originally Published: 2016-06-29

Article Number

000067373

Applies To

RSA Product Set: RSA Via Lifecycle and Governance
Platform: Hardware Appliance

Issue

The following vulnerabilities are addressed by the update:

CVE-2014-3566 (POODLE),
CVE-2010-5107, and
CVE-2014-2532

Resolution

Updating RSA Appliance Firmware (Dell R620 or R720)

Dell provides firmware updates as required to address security vulnerabilities. This guide describes how to download and install the current iDRAC and BIOS firmware updates for an RSA Appliance that runs RSA Via Lifecycle and Governance.

To update the firmware on a Dell R620 or R720, you need to download and run two updates: an iDRAC firmware update and a BIOS firmware update.

Note: RSA Via Lifecycle and Governance in an RSA Appliance configuration supports these operating systems: SuSE Linux Enterprise Edition 11 SP3 and Red Hat Enterprise Linux 5.

Vulnerabilities Addressed by the Update

CVE-2014-3566 (POODLE),
CVE-2010-5107, and
CVE-2014-2532

Determine Whether an Update is Required

These updates will install the following firmware versions:

• iDRAC version: 2.10.10.10. and

• BIOS version: 2.5.4.

To check your current firmware versions

1. Log in to the iDRAC web interface.
2. In the left pane, click Overview > Server. In the Properties Summary page, the Server Information section shows the following:

• BIOS Version
• Firmware Version (This is the iDRAC firmware version.)
• Service Tag. If needed, you can use this identifier to find your Dell server model. On the Dell Support page, under the Auto-detect Your Product banner, click the Detect Product button.

Download Software

The firmware updates are available from the Dell Support site:

• iDRAC with Lifecycle Controller v. 2.10.10.10 Update (This file is the same for both the R620 and R720):
• Dell Server BIOS PowerEdge R620 Version 2.5.4
• Dell Server BIOS PowerEdge R720/R720-xd Version 2.5.4

Run the iDRAC Update

Procedure:

1. Log in to the server as root.
2. Stop all running processes including ACM and AFX:

service aveksa_server stop
<path-to-AFX>/afx stop

3. Copy the iDRAC with Lifecycle Controller v. 2.10.10.10 Update file to any directory.
4. Change directory to the file location from step 3.
5. Change permissions on the update file as follows:

chmod +x iDRAC-with-Lifecycle-Controller_Firmware_Y5K20_LN_2.10.10.10_A00_.BIN

6. Run the update:

./ iDRAC-with-Lifecycle-Controller_Firmware_Y5K20_LN_2.10.10.10_A00_.BIN

7. Read the license information and all prompts carefully and respond to each prompt with the default response. Make sure you are applying the firmware version you intend to apply. You may cancel the installation with Ctrl+C before responding to the final prompt.
8. Wait for the update to complete. There is a simple progress indicator displayed on the screen during the update process and confirmation when completed.

Run the BIOS Update

Before You Begin

Read over the release information presented by executing the command with the --version option, for example:

./[model]_BIOS_LX_[revision].BIN --version

Download and install any prerequisites identified in the above step before proceeding.
Install any necessary Embedded Systems Management firmware prior to this BIOS update.

Procedure:

Log in to the server as root.
Stop all running processes including ACM and AFX:

service aveksa_server stop
<path-to-AFX>/afx stop

3. Copy the BIOS update file to any directory.
4. Change directory to the location of the downloaded files (from step 3).
5. Change permissions on the update file as follows:

• For R620:

chmod +x BIOS_KR1XT_LN_2.5.4.BIN

• For R720:

chmod +x BIOS_CR1RR_LN_2.5.4.BIN