[OmniOS-discuss] [smartos-discuss] Supermicro BIOS updates

Jeffrey Mealo jmealo at stringtheoryschools.com
Thu Jul 11 14:01:19 UTC 2013


Just to jump in on the Super Micro discussion there's a remotely
exploitable uPNP library present in the BMC/IPMI. You cannot shut it off
from the GUI or console. Hopefully one of these updates fixes that. If you
have a separate management network, it's a non-issue, but for those of us
with less than ideal setups for remote management, this poses a problem. I
would recommend installing any BMC updates that come out if the change log
indicates and update to the uPNP library.

Jeffrey Mealo
Director of Data and Accountability
String Theory Schools

The Bellevue - Suite 930
200 S. Broad St
Philadelphia, PA 19102
(215) 334-4222 x111


On Mon, Jul 8, 2013 at 10:21 PM, Paul B. Henson <henson at acm.org> wrote:

> Sorry for two potentially OT supermicro posts in a row :), I just know
> they are really popular for illumos servers and there's such a wealth of
> knowledge on these mailing lists.
>
> I usually update firmware/BIOS on a fairly regular basis on my servers,
> but supermicro has a fairly scary warning on their download page:
>
> ------
> WARNING!
> Please do not download / upgrade the BIOS/Firmware UNLESS your system has
> a BIOS/firmware-related issue. Flashing the wrong BIOS/firmware can cause
> irreparable damage to the system.
>
> In no event shall Supermicro be liable for direct, indirect, special,
> incidental, or consequential damages arising from a BIOS/firmware update.
> ------
>
> Where it seems they pretty much do not want you to ever update unless you
> know of a specific issue the update will solve. Of course, they also don't
> post changelogs with their bios updates, so it's kind of hard to know 8-/.
> I can't remember the last time I had a box die due to a corrupted bios
> update (most of the ones I've worked with won't even let you try to flash
> the wrong firmware), I was wondering if that's a problem with supermicro
> boards to the point where they actively discourage updates?
>
> Their technical support sent me a changelog for the motherboard I'm
> working with upon request (seems like it would be a timesaver for them to
> just post it in the first place), and I think I do want to go ahead and
> update the bios. I haven't had to boot DOS for a bios update in a *long*
> time, my workstations for years have supported just sticking in a USB flash
> drive with the image on it and updating from the bios itself, and the
> servers I've been using supported bios updates via the IPMI web interface
> or CLI. What's the preferred way to generate a bootable DOS image with the
> bios update utility and image on it nowadays? I was thinking of just
> downloading a freeDOS floppy image, loopback mounting it to copy on the
> additional files, and then booting it via the IPMI remote media option. Is
> there an easier way?
>
> Thanks much…
>
>
> ------------------------------**-------------
> smartos-discuss
> Archives: https://www.listbox.com/**member/archive/184463/=now<https://www.listbox.com/member/archive/184463/=now>
> RSS Feed: https://www.listbox.com/**member/archive/rss/184463/**
> 24425453-7d3820db<https://www.listbox.com/member/archive/rss/184463/24425453-7d3820db>
> Modify Your Subscription: https://www.listbox.com/**
> member/?member_id=24425453&id_**secret=24425453-240156fc<https://www.listbox.com/member/?member_id=24425453&id_secret=24425453-240156fc>
> Powered by Listbox: http://www.listbox.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omniosce.org/ml-archive/attachments/20130711/caf7eb45/attachment.html>


More information about the OmniOS-discuss mailing list