OPNsense Forum
English Forums => Hardware and Performance => Topic started by: vpx on August 08, 2023, 09:37:18 am
-
What is your current BIOS and BMC firmware version for this mainboard?
Current:
BIOS: 1.4 (01/29/2021)
BMC: 03.88 (02/21/2020)
Latest:
BIOS: 1.7a (10/13/2022)
BMC: 03.95 (12/23/2021)
Has anybody updated these firmwares to the latest versions?
Were there any problems with OPNsense?
I know you need to purchase an Out of Band (OOB) Software License Key to be even able to update the BIOS from the GUI.
-
I have been running 1.4 and 3.88 for years. I just upgraded both my A2SDi based systems to 1.7a and 3.95. So far no adverse effects but no noticeable changes, either.
As for the license - you can always plug in a USB drive, boot FreeDOS and perform the update like we did for every BIOS all these years. For the BIOS you can alternatively copy the files to your EFI partition and perform the update from the EFI shell. Unfortunately that is not available for the BMC firmware.
-
OK, thanks, then I can do the updates without worries.
But I'm gonna buy the license anyway as it's only 24.55 EUR for the comfort of doing it in the web interface. :)
https://store.supermicro.com/nl_en/out-of-band-sft-oob-lic.html
-
Yesterday I did the BMC firmware update without any problems. As the BMC is an autonomous system you can update it whenever you like without affecting the host system with the firewall.
Today morning I did the BIOS update and it didn't quite work out as expected.
What I planned: Do the BIOS update via IPMI web interface then cancel the reboot in the popup dialog and reboot from OPNsense itself.
What happened: At about 60% of the BIOS update the OPNsense CPU usage went to 17% (don't know if it was related) and OPNsense seemed to be frozen and lost every connection. Then I of course chose the reboot from the IPMI popup.
In the remote console I saw how the system booted but it seemed to be in a boot loop. I already was in panic but after about 5 reboots it finally booted to the OPNsense boot screen.
Fortunately now everything is working again.
-
Has anybody updated these firmwares to the latest versions?
Although a slighty different variant of your board, I'm using a "A2SDi-TP8F" that I upgraded to BIOS v1.8 (20230704) and BMC v3.98 (20230424). I believe both updates are also available for your version of this board.
Were there any problems with OPNsense?
Not particulary, did the upgrade while upgrading from OPNsense 23.1 -> 23.7 and noticed the system is now aprox 5 degrees (C) hotter on average than before. If this is from the BIOS update, new CPU mitigation stuff (microcode) or the recent OPNsense release is still undecided.
I know you need to purchase an Out of Band (OOB) Software License Key to be even able to update the BIOS from the GUI.
With some creativity you can calculate that key yourself...( :-X) The BMC firmware itself can be upgraded by default through the BMC GUI.
-
You're right there is a new BMC firmware and BIOS update. I guess they're related to the new vulnerabilities Downfall and Inception. Too bad Supermicro never has a version history of their updates. And the mail notification doesn't work either, although I already checked it like 3 times on a download.
I'm very sure the higher CPU temperature is related to the new gateway_watcher.php which has a while(1) loop.
There is already a thread about it: https://forum.opnsense.org/index.php?topic=35219
The OP didn't mention any BIOS or firmware update.
-
This time the notification mail from Supermicro worked.
BMC firmware was updated to version 04.00 (08/10/2023). BIOS is still at 1.8.
https://www.supermicro.com/en/support/resources/downloadcenter/firmware/MBD-A2SDi-4C-HLN4F/BMC
Supermicro Product Security Advisory and Notification
This notification is to alert you of the following Supermicro Product Advisory:
BMC IPMI vulnerabilities: Command injection and Cross Site Scripting
Severity: High**
** Subject to change, pending final review from MITRE.org
Could somebody with a non-production environment please play food taster? :D
By the way the last BIOS update I did it the proper way and shutdown OPNsense before the BIOS update. There were still 3 reboots, maybe this is normal for Supermicro BIOS updates, can anybody confirm this?
When there is a new OPNsense update I have to observe if there are also 3 reboots when OPNsense restarts.
-
There is a new BIOS update 1.9a (12/25/2023) for the PixieFAIL vulnerability.
https://www.supermicro.com/en/support/security_BIOS_Jan_2024
https://www.supermicro.com/en/support/resources/downloadcenter/firmware/MBD-A2SDi-4C-HLN4F/BIOS
-
There is a new BIOS/BMC bundle containing:
BIOS: 2.0 (03/08/2024)
BMC: 04.01 (12/15/2023)
Supermicro Update Manager (SUM): V2.14.0 (02/15/2024)
https://www.supermicro.com/en/support/resources/downloadcenter/firmware/MBD-A2SDi-4C-HLN4F/BIOS