Upgrading iLO 4 on a HPE ProLiant MicroServer from Linux20 Sep 2017
I recently got my hands on a ProLiant MicroServer Gen8 by Hewlett Packard Enterprise (HPE). As I always do when setting up a server I checked if the device needs a firmware upgrade.
And indeed it did: It’s version of Integrated Lights-Out (iLO) 4, its built-in server provisioning and management software, is affected by CVE-2017-12542, which is a solid 10.0 on the CVSS 2.0 score chart.
So I decided to update it. Fortunately, the iLO web interface has a page where firmware upgrades can be uploaded. Since it’s in an isolated network, using the web interface should not pose a security problem.
On the other hand, locating the proper firmware file to upload was not as easy as it should be. It’s Hewlett-Packard, after all.
In case someone else is looking for the iLO 4 *.bin file, here’s what I did:
- Visit the iLO 4 support page, but do not select OS-Independent (it’s not in there). Select “Red Hat Enterprise Linux 7” instead (direct link)
- Open the “Firmware - LOM (Lights-Out Management)” section and download
- To extract the actual firmware file from the RPM, use this command:
$ rpm2cpio hp-firmware-ilo4-2.55-1.1.i386.rpm | bsdtar -x -s'|.*/||' -f - ./usr/lib/i386-linux-gnu/hp-firmware-ilo4-2.55-1.1/ilo4_255.bin
The resulting file (
ìlo4_255.bin) can then be uploaded to the web interface:
After the upgrade process finishes, you’ll be redirected to the brand new login screen: