Bug ID 751991: BIOS update fails with "flashrom not safe for BIOS updates yet" log message

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP All(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1

Fixed In:
15.0.0, 14.1.4

Opened: Dec 05, 2018
Severity: 2-Critical

Symptoms

Upon installing a version of BIG-IP that contains an updated version of the system BIOS onto an F5 hardware platform, the BIOS update may fail. Messages similar to the following may be seen at the console: Updating BIOS to /usr/firmware/<filename>.bin Using layout file /usr/firmware/<filename>.layout to update bios region Updating BIOS... DO NOT POWER DOWN Updating BIOS... DO NOT POWER DOWN (elapsed seconds:1) ... Updating BIOS... DO NOT POWER DOWN (elapsed seconds:##) BIOS update failed. Check /var/log/ltm for errors Broadcast message from systemd-journald@localhost (<date & time string>): chmand[####]: 012a0000:0: BIOS update failed. Check /var/log/ltm for errors A message similar to the following will be seen in the /var/log/ltm file: info chmand[####]: 012a0006:6: /bin/bios_update: flashrom not safe for BIOS updates yet.

Impact

Affected F5 hardware platforms may continue to run a non-current version of system BIOS, which may compromise system stability and/or performance.

Conditions

This may occur on F5 hardware platforms running affected versions of BIG-IP based on RHEL 7.x, when booting into an affected version that includes a newer BIOS image than the system is currently using. The "tmsh show sys hardware" command can be used to see the currently-used BIOS version. The /var/log/ltm file contains messages from chmand when BIOS (and other firmware) updates are attempted, which display the version found currently installed and the newer version for which the update was attempted.

Workaround

It is possible to work around this issue by installing a later, non-affected version of BIG-IP into a different volume, booting into that version to perform firmware updates, then booting back into the affected BIG-IP version.

Fix Information

BIOS updates are now successfully performed on versions of BIG-IP based on RHEL 7.x.

Behavior Change