SIEM is a closed system. As a result, unprivileged local users can't execute arbitrary code, which helps minimize hardware platform vulnerabilities. Lately, the frequency of hardware security vulnerabilities being identified has been increasing. Some of the vulnerabilities identified are described in the following:
You must upgrade the BIOS to correct some of these vulnerabilities. Sometimes, an operating system kernel upgrade is also needed. When discovered, updates for SIEM are released to address the vulnerabilities. This article explains how to
upgrade the BIOS of SIEM Gen4 and Gen5 hardware.
Technical Support recommends that SIEM users download the latest updates to make sure that these vulnerabilities are addressed.
Recommended BIOS and operating system kernel versions
Technical Support recommends that SIEM users with Gen5 hardware upgrade the BIOS and SIEM software to address the following vulnerabilities:
- CVE-2017-5703
- CVE-2017-5706
- CVE-2017-5709
- CVE-2017-5715
- CVE-2017-5753
- CVE-2017-5754
- CVE-2018-3639
How to identify your Intel Board and BIOS version:
- Establish an SSH connection to the appliance.
- Run the command dmidecode | more.
- Look for the Product Name and Version. The Product Name contains the Intel Board name and the Version contains the BIOS version. See the following example for reference:
Product Name: S2600GZ
Version: SE5C600.86B.01.06.0002.110120121539
NOTE: The
GZ at the end of the
Product Name is the Intel Board name identifier. In this example, the board is an Intel Grizzly. The middle set of the number in the
Version is the BIOS version number.
Identifiers for motherboards in use in SIEM products currently:
- GZ Grizzly Pass
- WT Wildcat Pass
- RP Rainbow Pass
- SP Silver Pass
SIEM Gen 4 hardware BIOS upgrade
Recommended BIOS and SIEM software upgrade for Grizzly users:
- BIOS 02.06.0007
- SIEM 11.1.0 and later or SIEM 10.3.0 and later
NOTE: BIOS firmware version 02.06.0006 or higher must be installed before you can upgrade to 02.06.0007. If the current firmware version is below this minimum requirement, upgrade it to version 02.06.0006 first. The firmware is available on the
Intel Driver and Software download site.
Recommended BIOS and SIEM software upgrade for RainbowPass users:
- BIOS 03.04.0006
- SIEM 11.1.0 and later or SIEM 10.3.0 and later
NOTES:
- If you experience issues, open a Service Request with Technical Support and request assistance.
- The screen goes blank for several minutes as the backup BIOS is updated. Don't reboot or turn off your system during this process. Power cycling during this process can lead to corruption of the BIOS. You can go to the BIOS setup "F2" during POST to verify updated BIOS/BMC/ME and FRUSDR versions.
SIEM Gen 5 hardware BIOS upgrade
Recommended BIOS and SIEM software upgrade for
SilverPass users:
- BIOS 03.01.0038
- SIEM 11.1.0 and later or SIEM 10.3.0 and later
Recommended BIOS and SIEM software upgrade for
WildcatPass users:
- BIOS 01.01.0027
- SIEM 11.1.0 and later or SIEM 10.3.0 and later
NOTES:
- If you experience issues, open a Service Request with Technical Support and request assistance.
- The current update for 1U Gen 5 boxes (1270 models) is a two-part process. When you download the .zip file, you see two folders named Step One and Step Two.
- Perform steps 1–9 on the contents of step one. When finished, repeat with step two.
- The screen goes blank for several minutes as the backup BIOS is updated. Don't reboot or turn off your system during this process. Power cycling during this process can lead to corruption of the BIOS. You can go to the BIOS setup "F2" during POST to verify updated BIOS/BMC/ME and FRUSDR versions.
Instructions for BIOS upgrade for both Gen 4 and Gen 5 hardware
Make sure that you read the notes listed above for additional information. The notes apply to
Gen 4 and
Gen 5 hardware as you complete the following steps.
IMPORTANT: Don't interrupt the BIOS upgrade process once it's started.
- Download the BIOS for your device model from the Product Downloads site.
- Format the jump drive to FAT32.
- Place the contents of the BIOS upgrade at the root of the jump drive. Make sure that there's no parent folder. The startup.nsh script must be at the root of the jump drive.
- Wipe out the BIOS password so the utility has access. After the password is wiped out, press the F10 key to Save and Reboot.
NOTE: You must use the administrator password (@ppl1@nc3) when entering the BIOS. If the option to clear the Administrator password is grayed out, you might not have used @ppl1@nc3 and might have entered the user level password.
- Plug in the jump drive to the server.
- Reboot the appliance and allow the automatic script to find the update on the jump drive (press F6 to choose boot device to "EFI" as needed).
- Allow the script to run. Don't interfere with it.
- When you see the message The system software stack update process is now complete and the USB Device can be removed, turn off the system using the front power button.
- Remove the USB jump drive, and then turn on the server using the front power button.