26-01-2018 | Remy van Elst
The recent spectre and meltdown vulnerabilities require BIOS and firmware updates. Dell provides binaries for Windows and Linux, but just for Red Hat and SUSE. Some firmware updates can be run on Ubuntu or Debian, but some fail with the error that RPM could not be found. Which is correct since it's not Red Hat. In this small article I'll show you how to upgrade the firmware via the iDrac, which I recently discovered.
Usually I do upgrades automated with Ansible, via the shell. Manually this can be done as well, in this example a firmware for the power supply unit of a Dell R620:
# Download the firmware wget https://downloads.dell.com/FOLDER01988261M/1/Power_Firmware_JX7PR_LN_09.2B.80_A00.BIN # Run it bash Power_Firmware_JX7PR_LN_09.2B.80_A00.BIN
On Ubuntu the output in this case is:
Cannot find utilities on the system to execute package. Make sure the following utilities are in the path: rpm stat stty cut fmt tty tar gzip tail rm mkdir mktemp chmod ls basename dirname wc sleep
You could use the iDrac console (if you have an enterprise license) or a KVM switch to boot up a CentOS live DVD, but in this case there was no KVM or license available.
I was unaware of this feature, but using the iDrac web interface you can upgrade the firmware as well. I found this article on the Dell site which explains it.
Quoting the important parts:
Use the Windows 32-bit or 64-bit version of the Dell Update Package (DUP), which the iDRAC is able to extract and apply by itself.
For iDrac 9:
Go to Maintenance > System Update. The Firmware Update page is displayed.
For iDrac 7/8:
Go to Overview > iDRAC Settings > Update and Rollback. The Firmware Update page is displayed.
Using the job queue, reboot the machine to apply the update.
This interface has a few advantages over the shell binaries:
It is also possible to SSH into the iDrac and use
racadm to upgrade the firmware. This process involves a remote NFS or SMB share where the upgrade file is hosted, which we may cover in another article.