You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/blog/hpe-firmware-updates-part-1-file-types-and-smart-components.md
+12-30Lines changed: 12 additions & 30 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -12,91 +12,74 @@ tags:
12
12
- uefi
13
13
- redfish
14
14
---
15
-
### Updated: June 10, 2022
15
+
### Updated: July 25, 2023
16
16
17
17
## Introduction
18
18
19
19
Computer firmware updates are extremely important as they offer new features, fix bugs, and deliver security improvements. The diversity of devices within a computer that contain firmware is high and, unfortunately, due to their nature and origin, there is not a single path to update them. As an example, HPE ProLiant or Synergy BIOS/ROM firmware may not be updated with the same tools as a partner add-on network card.
20
-
20
+
21
21
An efficient firmware update strategy requires the knowledge of several key components like update agents and firmware package types, as well as an awareness of all the associated tools involved. This multipart blog series describes the main objects related to firmware updates in HPE iLO 5 based servers and the relationships between them, important information to know when addressing firmware updates.
22
-
22
+
23
23
In this first part, I will cover firmware file types and Smart Components (SC), including SC security and partner-specific considerations. It should be noted that I will not be covering the potential dependencies found with high-level management software like HPE OneView or the HPE iLO Amplifier Pack. For information on those topics, please refer to the specific product [documentation](http://www.hpe.com/support/hpesc).
24
-
24
+
25
25
The [second part](/blog/hpe-firmware-updates-part-2-interaction-in-operating-modes) concerns firmware operating modes on different network topologies. Finally, once the firmware concepts are well understood, you will be ready to read part three, which deals with the automation of firmware updates using the [Redfish®](https://redfish.dmtf.org/) standard.
26
-
27
26
28
27
## Firmware binaries
29
28
30
29
Depending on the device being updated (aka flashed), the type of file containing the firmware is different. As an example, the Power Management Controller firmware is embedded in a `.hex` file while the System Programmable Logic Device firmware file uses the extension `.vme`. The exhaustive list of HPE firmware binary types is presented in a Help pop-up window of the iLO Graphical User Interface: `Firmware & OS Software --> Update Firmware` (right pane) `--> ?
HPE and partner vendor (Intel, Mellanox, Marvell, etc.) firmware binaries are packaged in Smart Components. They are distributed individually via the online [HPE Support Center](https://support.hpe.com/hpesc/public/home/) or grouped in support packs like the [Service Support Pack for ProLiant](http://www.hpe.com/servers/spp) (SPP).
39
-
37
+
40
38
Smart Components are self-executable modules that contain firmware binaries, drivers, and JSON/XML metadata, as well as the code used to install or flash the embedded firmware or driver. They are packaged in different files types: `.fwpkg, .zip, .rpm` and `.exe`. In older SPPs, you may also find`.scexe` extensions.
41
-
42
-
You can browse and extract the content from Smart Components using tools like `7-Zip` on Windows or `unzip, rpm` or `rpm2cpio` combined with `cpio` on Linux (see below picture). The following screenshots show content from the different SC types.
43
39
40
+
You can browse and extract the content from Smart Components using tools like `7-Zip` on Windows or `unzip, rpm` or `rpm2cpio` combined with `cpio` on Linux (see below picture). The following screenshots show content from the different SC types.
Smart Components are digitally signed by Hewlett Packard Enterprise (HPE) to avoid any injection of malware following the creation of the SC. The digital signature is either embedded in the SC (i.e. `.fwpkg`) or in an external companion file (`.compsig`). During the upload of Smart Components into the iLO Repository of a server, iLO verifies and validates the signature. If the signature does not validate correctly, iLO discards the SC and returns and error similar to “The file signature is invalid”.
HPE binaries contained in the SC also include an HPE signature. The following screenshot shows the beginning and the end of the fingerprint section found in an iLO. It also shows the ROM/BIOS firmware extracted from the respective Smart Components.
Smart Components larger than 32 MiB have several associated `.compsig` files, because iLO, like all of the Baseboard Management Cards (BMC) compliant to the Redfish® standard, has a limited transfer size of 32 MiB. The following picture shows a component in SPP 2020.03 with four `.compsig` files. To upload this SC into an iLO repository, you will need to first split it into chunks of 33554432 bytes (32 \* 1024 \* 1024) to match the `.compsig` files. You can automatically and seamlessly perform this split operation using tools like [iSUT](https://h20195.www2.hpe.com/V2/getpdf.aspx/4AA4-6947ENW.pdf), [SUM](https://support.hpe.com/hpesc/public/docDisplay?docId=a00097903en_us) or [iLOrest](http://hpe.com/info/resttool).
HPE iLO can flash its own firmware as well as the firmware of other devices. However, it is not able to flash all types of firmware to their target locations. Other update agents exist that can help with this and are listed in the `UpdatableBy` JSON array mentioned in the [HPE Redfish API reference document](https://hewlettpackard.github.io/ilo-rest-api-docs/ilo5/#updatableby-array). The description of each element (`Uefi, RuntimeAgent` and `Bmc`) is shown in the following screenshot.
78
-
66
+
HPE iLO can flash its own firmware as well as the firmware of other devices. However, it is not able to flash all types of firmware to their target locations. Other update agents exist that can help with this and are listed in the `UpdatableBy` JSON array mentioned in the [HPE Redfish API reference document](https://servermanagementportal.ext.hpe.com/docs/redfishservices/ilos/ilo6/ilo6_145/ilo6_hpe_resourcedefns145/#updatableby-array). The description of each element (`Uefi, RuntimeAgent` and `Bmc`) is shown in the following screenshot.
Smart Components contain metadata stored in one or more files with different suffixes (`.xml`, `.json`, etc). The `payload.json` file lists the update agents able to process the component. This list can be viewed from the iLO Graphical User Interface in the `Firmware & OS Software – iLO Repository` screen.
Note that, if you modify the SC metadata file and its list of supported update agents, iLO will refuse to upload the SC since the signature has changed.
93
-
77
+
94
78
## Partner Smart Components
95
79
96
80
HPE partner (Intel, Marvell, Mellanox, etc.) firmware and drivers are packaged in signed Smart Components by HPE. Very often, they also contain executables, scripts, and dynamically linked libraries (`.dll`) that are proprietary to the partner. It is crucial to understand that the list of update agents that are able to flash a partner’s firmware is dictated by the partner. Neither HPE nor end customers have the possibility to alter this list.
97
-
98
-
For example, Smart Component `cp040152.exe` contains firmware updates for Intel Fortville based adapters. As shown below, the embedded `payload.json` only lists `RuntimeAgent` in the `UpdatableBy` array. Moreover, the `FirmwareImages` section explicitly mentions that UEFI is not able to flash the binary file `.//FW/BootIMG.FLB`. In other words, only OS-based applications, like [iSUT](https://h20195.www2.hpe.com/V2/getpdf.aspx/4AA4-6947ENW.pdf) or [SUM](https://support.hpe.com/hpesc/public/docDisplay?docId=a00097903en_us), are able to perform the firmware updates of these converged network adapters by launching the tools provided by the partner. The consequences of using this type of SC is discussed in Part 2 of this series.
99
81
82
+
For example, Smart Component `cp040152.exe` contains firmware updates for Intel Fortville based adapters. As shown below, the embedded `payload.json` only lists `RuntimeAgent` in the `UpdatableBy` array. Moreover, the `FirmwareImages` section explicitly mentions that UEFI is not able to flash the binary file `.//FW/BootIMG.FLB`. In other words, only OS-based applications, like [iSUT](https://h20195.www2.hpe.com/V2/getpdf.aspx/4AA4-6947ENW.pdf) or [SUM](https://support.hpe.com/hpesc/public/docDisplay?docId=a00097903en_us), are able to perform the firmware updates of these converged network adapters by launching the tools provided by the partner. The consequences of using this type of SC is discussed in Part 2 of this series.
@@ -107,9 +90,8 @@ For example, Smart Component `cp040152.exe` contains firmware updates for Intel
107
90
In this article, I covered the following objects and concepts involved in HPE firmware updates, as well as their relationships:
108
91
109
92
* HPE Firmware binary types
110
-
111
93
* HPE and partner Smart Components
112
-
113
94
* Update agents
114
95
115
-
This is important information you need to plan your firmware update strategy, but it is not sufficient. In my second article on this subject, I will describe different update operating modes as well as the interactions between different objects. Make sure you check the [HPE DEV blog](/blog) site often to view my next post as well as other interesting tutorials and articles.
96
+
97
+
This is important information you need to plan your firmware update strategy, but it is not sufficient. In my second article on this subject, I will describe different update operating modes as well as the interactions between different objects. Make sure you check the [HPE DEV blog](/blog) site often to view my next post as well as other interesting tutorials and articles.
0 commit comments