I’ve been enjoying my new home lab tremendously in the last couple of months. Enough oomph to run Azure Stack, DC/OS, Docker 1.12 in Swarm Mode, all kinds of unikernels; all at the same time.
The Supermicro in my lab
I’ve written about this awesome form factor on the Open Home Lab website, and have evangelized the Xeon-D and Supermicro form factors to friends and co-workers. I thoroughly enjoy my Xeon D based system, which is a fully identical system to the popular Supermicro 5028D-TN4T barebone. I have a slightly different motherboard, the X10SDV-4C-TLN2F instead of the X10SDV-TLN4F. There’s only small difference in processor (core count) and number of NICs.
Awful ways of updating the BIOS
Traditionally, updating any BIOS is cumbersome. Some vendors have integrated solutions (like Dell with their Lifecycle Controller), but all lack in some way. Luckily, I haven’t had to deal with a BIOS upgrade for a long, long time (until yesterday, when a new version for my motherboard became available). As a seasoned BIOS-upgrader on Dell and HP platforms, I knew what to do.
With Supermicro, there’s a couple of options:
- Use Rufus to create a FreeDOS-based USB key, add your BIOS upgrade files.
- With two deployment options: stick the USB key into the physical server directly
- Use the embedded IMPI interface to pass the USB key from your local workstation to the server using Virtual Media
- Use any bootable, DOS-based, ISO and boot via IPMI Virtual Media
- Use the UEFI shell to boot and flash.
There’s loads of little things to take into account, and a lot of frustration ahead. Don’t you hate to go through another and another boot cycle because you were too late for the ‘press F11 for boot menu’ option? I certainly do. And in my case, none of these options worked. I just wasn’t able to boot into DOS or the EFI shell to update my BIOS.
Better way of updating the BIOS…
Somehow, I ended up on Supermicro’s site, trying to find a solution. And I did! And oh boy, it’s a gem. I knew there was a reference to BIOS updates in the IPMI interface, but that requires an activation key.
But that did persuade me to search for ways to activate this option, and I found a separate solution from Supermicro that does, and it supplies the aforementioned activation key, too.
…courtesy of Supermicro Update Manager
That solution is called SUM, or Supermicro Update Manager. It’s an incredibly cool CLI-tool to manage and configure Supermicro servers, and I’ll dive into the tool a little later (since it’s the best way to update a Supermicro BIOS). We won’t need it to update our BIOS via IPMI, though.
The trick is that SUM needs am ‘Out-of-Band’ software license installed on each local IPMI, so getting your hands on SUM means you get one of those licenses. You can request an evaluation version on the SUM product page. With the license, and even without actually using SUM, you now have the easiest way to update your BIOS.
Actually updating the BIOS via the IPMI, a demo
So now we can activate the ‘BIOS Update’ option in the BMC IPMI interface, and the rest is easy. Upload the BIOS binary image, press some buttons and wait a while:
So Joep, what’s your point?
Well, it’s simple. Get your hands on one of those ‘activation licenses’ for Supermicro IPMI via the SUM product page, and save yourself time and frustration whenever you’re upgrading a Supermicro BIOS.
Hi, during the updating, do we have to install the CPU and ddr ram. thank.
yes, have to
The code they sent me is longer than 24 characters long. I wonder if they stopped doing this or did I do something wrong?
Looks like they have removed the option to get an evaluation code from their site. Too many people must have taken advantage of this particular loophole. Oh well.
The license costs $20. If your time in fumbling around with USB key formatting and crawling around in a closet is worth more than $20, you may just want to pay the $20.
Another way to update the BIOS via the Supermicro IPMI for free is simply calculating the license key yourself as described here: https://peterkleissner.com/2018/05/27/reverse-engineering-supermicro-ipmi/
Peter, you’re THE MAN!!!
No doubt Peter. YOU ARE THE MAN!!! AWESOME!
Thanks Peter…
Worked like a charm, Peter.
Note that for some reason “SHA-1” was not selectable in my case when I was using Microsoft’s “Edge” browser. With “Chrome” browser everything worked fine.
Thanks Peter. For anyone interested, here’s a bash script that takes the MAC as the only argument and outputs the activation key:
#!/bin/bash
function hash_mac {
mac=”$1″
key=”8544e3b47eca58f9583043f8″
sub=”\x”
#convert mac to hex
hexmac=”\x${mac//:/$sub}”
#create hash
code=$(printf “$hexmac” | openssl dgst -sha1 -mac HMAC -macopt hexkey:”$key”)
DEBUG
echo “$mac”
echo “$hexmac”
echo “$code”
echo “${code:9:4} ${code:13:4} ${code:17:4} ${code:21:4} ${code:25:4} ${code:29:4}”
}
hex output with input
hash_mac “$1”
Well done mate :-)
Worked like a charm.
Note that for some reason “SHA-1” was not selectable in my case when I was using Microsoft’s “Edge” browser. With “Chrome” browser everything worked fine.
Hi why not just use SD5 to update the BIOS?
Works for my side.
I guess SD5 is a GUI tool, properly Java. It’s more than 150MB, do I have to say more :-P
Did any get the batch script to work?
I don’t have the “hex” command on my Debian box, which package to install?
Or any alternativ?
Ahh…..a few corrections :-P
#!/bin/bash
function hash_mac {
mac=”$1″
key=”8544e3b47eca58f9583043f8″
sub=”\x”
#convert mac to hex
hexmac=”\x${mac//:/$sub}”
#create hash
code=$(printf “$hexmac” | openssl dgst -sha1 -mac HMAC -macopt hexkey:”$key”)
#DEBUG
echo “$mac”
echo “$hexmac”
echo “$code”
echo “${code:9:4} ${code:13:4} ${code:17:4} ${code:21:4} ${code:25:4} ${code:29:4}”
}
#hex output with input
hash_mac “$1”
#Look out for the quotes, they might get changed by different encoding
In ftp://ftp.supermicro.com:/utility/SuperDoctor_5/Linux/SD5_5.6.0_build.894_linux.zip there is sum binary (prep/BIOS/sum/{ExternalData,sum}) which is a cmdline tool for updating bios. Sometimes it requires reboot to enter into update mode and then do second execution to update. Not all boards are supported.
my knowledge with linux is not that good, hope someone can help me generate the key.
How about an activate all in one command: (assuming you have ipmitool installed, and sum in the current directory)
activate.sh:
#!/bin/bash
function hash_mac {
mac=”$1″
key=”8544e3b47eca58f9583043f8″
sub=”\x”
#convert mac to hex
hexmac=”\x${mac//:/$sub}”
#create hash
code=$(printf “$hexmac” | openssl dgst -sha1 -mac HMAC -macopt hexkey:”$key”)
#DEBUG
#echo “$mac”
#echo “$hexmac”
#echo “$code”
echo “${code:9:4}-${code:13:4}-${code:17:4}-${code:21:4}-${code:25:4}-${code:29:4}”
}
MAC=$( ipmitool lan print | grep “MAC Address” | awk ‘{print $4}’ )
hex output with input
KEY=$(hash_mac “$MAC”)
./sum -c ActivateProductKey –key $KEY
There doesn’t seem to be a way to request an evaluation anymore