Release Notes for Intel® One Boot Flash Update (Intel® OFU) Version 14.1 Build 29 August 11, 2022 Copyright© 2022 Intel Corporation. ================================== Contents -------- 1. Introduction 2. Supported Platforms 3. Supported Operating Systems 4. Prerequisites 5. Installation and Removal 6. Usage 7. Known Issues 8. Unsupported Features 9. Change List 10. Instructions for end-user 11. Legal Information 1. Introduction --------------- The Intel® One Boot Flash Update (Intel® OFU) is a program used for updating the system BIOS, BMC, Sensor Data Records (SDR), Field-Replaceable Unit (FRU) and Intel® Management Engine (Intel® ME) of systems. 2. Supported Platforms ---------------------- Intel® Server Board based on Intel® Xeon® Scalable processors family Intel® Server Board based on 2nd Generation Intel® Xeon® Scalable processors family Intel® Server Board based on Intel® Xeon® Platinum 9200 processors family Intel® Server Board based on Intel® Xeon® processor E5-2600 v3/v4 product family (S2600WT, S2600TP, S2600KP, S2600CW) Intel® Server Board based on Intel® Xeon® processor E3-1200 v2/v3/v4/v5/v6 product family 3. Supported Operating Systems ------------------------------ Windows* Server 2019 Windows* Server 2016 Windows* Server 2012 R2 Windows* 10 RHEL* 6.8 (x64) RHEL* 7.3 RHEL* 7.5 RHEL* 7.6 RHEL* 8.0 RHEL* 8.6 SLES* 11.4 (x64) SLES* 12.2 SLES* 15&Sp1 CentOS* 7.3 (x64) Debian* 8.10 Ubuntu* 20.4 4. Prerequisites ---------------- 1. Install all the development and optional packages during RHEL* and SUSE* operating system installation. 2. On RHEL*, SLES*, CentOS*, UEFI-aware Linux*, or other Linux*: Install the necessary libraries, 64-bit libraries with "x86_64" suffix for 64-bit binary. While loading the libraries, if the utility fails with one of the following Linux* error messages (a–c), apply the described solution. For example: a. If the utility fails with the error message: "Error while loading shared libraries: libncurses.so.5: cannot open shared object file: No such file or directory" Then, use "rpm -ivh xxxx.rpm" to install libstdc++ and ncurses rpms from the operating system. b. If the utility fails with the error message: "Error: /lib/ld-linux.so.2: Bad ELF interpreter: No such file or directory" This indicates that development and optional packages are not installed. Install the necessary packages accordingly. c. If the utility installation fails with the error message: "Depends on libncurses5 (>= 6); however: Version of libncurses5:amd64 on system is 5.9+20140913-1+deb8u2." This indicates that the libncurses version must be >= 6. Install new libncurses. 3. On RHEL*, SLES*, CentOS*, UEFI-aware Linux*, or other Linux*: I. There might be a driver conflict between internal driver and kernel. You need to initialize the OpenIPMI driver. If the utility fails with any error, such as: a. "FW interface failed" when updating BMC b. "terminate called after throwing an instance of 'ResultStatus' Aborted (core dumped)" when updating SDR with CFG file Then, initialize the OpenIPMI driver and make sure that "/dev/ipmi0" device exists. A BMC update cannot continue if the OpenIPMI driver is not started. For RHEL*, run the following command and make sure that the "/dev/ipmi0" device exists. #modprobe ipmi_devintf or #modprobe ipmi_si For SLES*, run the following command and make sure that the "/dev/ipmi0" device exists. #service ipmi start II. After enabling OpenIPMI, if the utility still reports errors (see the following examples, a–c) during BMC, FRU, and SDR updates, there might be a BMC watchdog conflict with the OpenIPMI driver. The user needs to disable BMC watchdog, update, and then re-enable it after the update is finished. a. "Failed to write SDR file." b. "SDR auto-update failed" c. "Error : Error while parsing the cfg file" 4. The utility works only if it is executed with administrator privilege on Windows* and with root privilege on Linux* operating systems. 5. Updating of BIOS, Intel® ME, FRUSDR, and BMC is not supported by the utility if the BMC firmware is in Transfer Mode. 6. It is recommended to do a direct FRU update in EFI/WinPE* before doing a FRU resize with a customized CFG file. 7. On RHEL*, SLES*, CentOS*, UEFI-aware Linux*, or other Linux*: For updates based on HTTP and FTP, if the system does not have cURL, download the cURL package from https://curl.haxx.se/. 5. Installation and Removal --------------------------- Windows* Installation: ------------- 1. Copy the OFU zip package to a local folder. 2. Unzip to local folder (example: .\flashupdt). Go to the flashupdt folder (cd Flashupdt). 3. Go to the "Win_x86\Drivers" or "Win_x64\Drivers" folder (depending on the operating system). 4. Run "install.cmd" as administrator to install the drivers. 5. Go to the "Win_x86" or "Win_x64" folder to execute the flashupdt utility (depending on the operating system). Run flashupdt.exe as an administrator. 6. Then, run a command with options (for example, "flashupdt -u /tmp/flashupdt.cfg"). 7. For updates based on HTTP and FTP, download curl.exe from https://curl.haxx.se/download.html and copy to the same folder that contains flashupdt.exe. Removal: -------- 1. Run uninstall.cmd to remove all the drivers. 2. Delete the "Flashupdt" folder. Linux* I. RPM Installation: -------------------- 1. Copy flashupdt rpm from the corresponding folder to a local folder. -> For RHEL* older than 8.0, copy from Linux_x64\RHEL -> For RHEL* 8.0 and above, copy from Linux_x64\RHEL\RHEL8 -> For SLES* older than 15, copy from Linux_x64\SLES -> For SLES* 15 and above, copy from Linux_x64\SLES\SLES15 2. If there is another version that has been previously installed, remove that version first before installing the new version. 3. Install the flashupdt utility by using "rpm -ivh flashupdtxx.rpm". This will install the utility in "/usr/bin/flashupdt/". 4. On RHEL*/SLES*, after installing the rpm, close the terminal from which rpm was installed and then execute THE utility from a new terminal (for example, "# flashupdt -u /tmp/flashupdt.cfg"). 5. For updates based on HTTP and FTP, execute the utility from "/usr/bin/flashupdt/", as 'chaff2l.sh' file is needed for this kind of updates. RPM Removal: ------------ 1. To remove the utility, use the "rpm -e flashupdt" command. II. Regular Installation: --------------------- 1. Copy the OFU zip package (for RHEL or SLES) to local folder. 2. Unzip to local folder (example: .\flashupdt). Go to flashupdt folder (cd flashupdt). 3. # chmod 755 install.sh and # chmod 755 flashupdt 4. Install the utility using the command: "#./install.sh" 5. Go to the RHEL or SLES directory (based on operating system). To run the utility on RHEL* 8, go to the RHEL/RHEL8 directory. 6. # chmod 755 chaff2l.sh. 7. Unzip the file flashupdt.zip to get the flashupdt executable for Linux* operating systems. 8. Now, run a command with options (for example, "# ./flashupdt -u /tmp/flashupdt.cfg"). Regular Removal: ---------------- 1. Delete the "Flashupdt" folder using the rm -rf Flashupdt command. III. DEB Installation: ----------------- 1. dpkg -i xxxx.deb DEB Removal: ------------ 1. dpkg -r flashupdt 6. Usage -------- Syntax: flashupdt [-h] [-i] [-u {URL or path of update package}] -h : (or -?) Display command line help. -i : Displays the current BIOS, BMC, and SDR versions of the system. This option can also be used in conjunction with -u to display the version information contained in the update package files. -u : Updates the BIOS, BMC and SDR as specified in the CFG file. The URL or path, if any, of the update package must immediately follow this option. The package files can reside on a local drive. The current directory is used if no location is specified. -set: Sets different FRU areas, as: flashupdt /set "area name" "frufield" "value" Where "area name" can be "product" or "chassis", depending on the FRU area to be modified. The following are the FRU field parameters: Pn - Indicates product name. Pver - Indicates product version. Pnum - Indicates the part number. Snum - Indicates the serial number. Mn - Indicates the manufacturer name. At - Asset tag . Note: For the chassis area, the fields "at", "pn", and "pver" are not supported. -u fru : Will do a direct update of the platform-specific FRU file. 7. Known Issues --------------- 1. While using the tags "@ENV:TYPE:NAME" and "@ENVFILE:TYPE:NAME:#", make sure that the environment variable values be greater than one character. If only one character is used, there might be a chance of the FRU getting corrupted. 2. In Windows* 7, BIOS update percentage might not be showed at the beginning of BIOS update. After a few seconds, the percentage will be shown as greater than 50%. This is a BIOS known issue. 3. In Linux*, OpenIPMI driver needs to be started up manually. 4. Utilities, SNMP-SA, and IASC cannot run at the same time due to a KCS port conflict. There will be an error message as: "Error: Application Cannot Communicate to the BMC." Follow these steps: a. Disable services related to SNMP-SA and IASC. b. Enable the OpenIPMI driver. c. Execute the flashupdt utility for updating BIOS/BMC/FRUSDR on the server. 5. The BMC update with the force update jumper set is not supported. It is applicable only to UEFI (FWPIAUPD). 6. I/O port access is not allowed in Linux* when UEFI secure boot is enabled. Disable UEFI secure boot in the F2 menu before running the utility. 7. In RHEL* 7.x, BMC update might fail intermittently due to OpenIPMI driver conflict. Try again if it happens. 8. Debian* and SLES* 15 operating systems do not allow I/O memory map by default. The user needs to add "iomem=relaxed" to grub boot option to enable I/O memory map. Otherwise, some features may not work. 9. While the BMC is in restricted mode, by default, none of the upgrades will go through by using flashupdt /u flashupdt.cfg. This is because in default flashupdt.cfg, the BMC is the first package attempted to get upgraded, which is expected to be blocked in restricted mode. And then the utility will show insufficient privilege message and exit the update process. If the user still wants to do a BIOS/Intel® ME/FD upgrade while in restricted mode, modify the cfg file to comment out the line for BMC update. 8. Unsupported Features ------------------------ Utility cannot be executed successfully when UEFI secure boot is enabled under Linux* because Linux* closes all I/O port access when UEFI secure boot is enabled. If the customer wants to use it under Linux* environment, ensure that UEFI secure boot is disabled in the BIOS F2 menu. 9. Change List -------------- Build 29 Support CCB3708 - [Intel server boards based on the 1st or 2nd Gen Intel® Xeon® Scalable processors families] [Utilities] Updated syscfg and flashupdt for security. Fix 16015351886 - [Utilities] [flashupdt] [Agnostic] Setting the path for flashupdt to /usr/bin/. Build 28 Fix 16015351886 - [Utilities] [flashupdt] [Agnostic] Setting the path for flashupdt to /usr/bin/. Fix 22014439329 - Intel® One Boot Flash Update utility requires libncurses5, but does not work with libncurses6. Fix 16013416107 - [PSIRT][PTK0001487][PTK0001492][Mitigation Planning] Intel® One Boot Flash Update (Intel® OFU) utility escalation of privilege. Build 26 Support CCB3093 - Auto set sdr. Fix 1507953533 - Update EPS to refelct current /i /u case. Build 25 Support SLES15&Sp1 Support KCS policy for Intel server systems based on Intel® Xeon® Processors E5 v3 & v4 Families. Support KCS policy for Intel® Server Board S1200SP Family. Fix 14011287768 - SFUP OFU unprompted reboot of systems during firmware update. Build 24 Enable new build variant of Linux* to support 64-bit RHEL 8. Build 23 Fix BMC KCS privilege issue. Build 22 Fix BDBA issue by removing cURL from OFU package. Build 21 Updated cURL for Linux* to new version. Build 20 Support new SKU. Build 19 Rebuild for Windows*. Build 18 Support BIOS security version check. Build 17 Add deb package for Debian*. Build 16 Fix "Product Area" update failure when checksum is 0xC1. Build 15 Support new SKU. Build 14 Fix maximum length defect of "BMCCONFIG" command. Build 13 Support BBS version display. Build 12 Support new BMC version format Fix the issue of random BMC update failure. Build 11 Support new SKU. Support area checksum generation for FRU update. Build 10 Fix the defect that asset tag cannot be modified. Support "BMCCONFIG" in CFG file. Support new SKU. Build 9 a. Add "ccs" command option. b. Support BIOS security fix. Build 8 Add USB device polling for BMC update. Add "restore" to CFG file to restore BMC default for BMC update. Build 7 Fix incorrect version of "/i /u". Build 6 Support a new SKU. Update supported operating systems list . Build 5 Improve USB failover to KCS for BMC update. Support auto detection of FANs. Build 4 Add wildcard letter support in *.cfg file. 10. Instructions for end-user ---------------------------- 1. After performing a CFG-based update using the flashupdt utility, it is highly recommended to perform a power cycle. Continuous updates through CFG file without a power cycle or reboot in between could cause system instability. 2. For a CFG-based update, it is assumed that the HTTP/FTP server does not require any username and password. In order to access password-protected servers, change the chaff2l.sh or the batch file and include the username and password. The default in the .sh file: curl $1 -o $2 -s For password-protected server, change the previous line to: curl $1 --user admin:pwd -o $2 -s Where "admin" and "pwd" are the username and password, respectively. 11. Legal Information --------------------- ==================================================================================== LEGAL INFORMATION ==================================================================================== Information in this document is provided in connection with Intel Products and for the purpose of supporting Intel developed server boards and systems. No license, express or implied, by estoppel or otherwise, to any intellectual property rights is granted by this document. Except as provided in Intel's Terms and Conditions of Sale for such products, Intel assumes no liability whatsoever, and Intel disclaims any express or implied warranty, relating to sale and/or use of Intel products including liability or warranties relating to fitness for a particular purpose, merchantability, or infringement of any patent, copyright or other intellectual property right. Intel Corporation may have patents or pending patent applications, trademarks, copyrights, or other intellectual property rights that relate to the presented subject matter. The furnishing of documents and other materials and information does not provide any license, express or implied, by estoppel or otherwise, to any such patents, trademarks, copyrights, or other intellectual property rights. Intel products are not intended for use in medical, life saving, or life sustaining applications. Intel may make changes to specifications and product descriptions at any time, without notice. Intel is a registered trademark of Intel Corporation. *Other names and brands are the property of their respective owners. Copyright© 2022 Intel Corporation. (end)