Bug ID 751991: BIOS update fails with "flashrom not safe for BIOS updates yet" log message

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP All(all modules)

Known Affected Versions:
14.1.2,,,,,,,,, 14.1.3,

Fixed In:
15.0.0, 14.1.4

Opened: Dec 05, 2018

Severity: 2-Critical


Upon installing a version of BIG-IP that contains an updated version of the system BIOS onto an F5 hardware platform, the BIOS update may fail. Messages similar to the following may be seen at the console: Updating BIOS to /usr/firmware/<filename>.bin Using layout file /usr/firmware/<filename>.layout to update bios region Updating BIOS... DO NOT POWER DOWN Updating BIOS... DO NOT POWER DOWN (elapsed seconds:1) ... Updating BIOS... DO NOT POWER DOWN (elapsed seconds:##) BIOS update failed. Check /var/log/ltm for errors Broadcast message from systemd-journald@localhost (<date & time string>): chmand[####]: 012a0000:0: BIOS update failed. Check /var/log/ltm for errors A message similar to the following will be seen in the /var/log/ltm file: info chmand[####]: 012a0006:6: /bin/bios_update: flashrom not safe for BIOS updates yet.


Affected F5 hardware platforms may continue to run a non-current version of system BIOS, which may compromise system stability and/or performance.


This may occur on F5 hardware platforms running affected versions of BIG-IP based on RHEL 7.x, when booting into an affected version that includes a newer BIOS image than the system is currently using. The "tmsh show sys hardware" command can be used to see the currently-used BIOS version. The /var/log/ltm file contains messages from chmand when BIOS (and other firmware) updates are attempted, which display the version found currently installed and the newer version for which the update was attempted.


It is possible to work around this issue by installing a later, non-affected version of BIG-IP into a different volume, booting into that version to perform firmware updates, then booting back into the affected BIG-IP version.

Fix Information

BIOS updates are now successfully performed on versions of BIG-IP based on RHEL 7.x.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips