Extract Cisco UCS BIOS and CIMC Firmware with getfw
Turns out its a royal PITA to get Cisco BIOS and CIMC firmware out of their upgrade ISO just to upgrade a Cisco UCS (in my case a UCS C22 M3) server's management and BIOS via the web UI.
According to the Cisco docs:
(Optional) If you plan to upgrade the Cisco IMC and BIOS firmware manually, do the following:Beginning with Release 3.0, the BIOS and Cisco IMC firmware files are no longer embedded inside the HUU as a standalone .zip file. BIOS and Cisco IMC firmware must now be extracted using the getfw utility, which is available in the GETFW folder of the HUU. Perform the following steps to extract the BIOS or Cisco IMC firmware files:
Note To perform this:
Openssl must be installed in the target system.
Squashfs kernel module must be loaded in the target system.
Openssl is already installed on my system so that should be easy (if it's not installed on yours, don't bother Googling, keep reading). Famous last words.
Install squashfs
There's no squashfs-modules
package in Ubuntu 16.04, 18.04 or Debian Stretch so sadly the instructions here for Debian won't work: https://www.tldp.org/HOWTO/html_single/SquashFS-HOWTO/#debian
Therefore we need to build from source to get the modules we need. Download the latest release from https://sourceforge.net/projects/squashfs/
Compile and install:
tar -zxvf squashfs4.3.tar.gz
cd squashfs4.3
make
sudo make install
sudo modprobe squashfs
Note: this will require zlib
, I didn't have it installed so make
initially failed. Install it with sudo apt install libz-dev
.
Now lsmod | grep sqash
should show it's all loaded okay.
At this point, theoretically it should be as simple as running this as root:
./getfw -s /root/Desktop/HUU/ucs-c2xxx-huu-3.0.1c.iso -d /tmp/HUU
I'd be so lucky.
# ./getfw -s ucs-c2x-huu-3.0.4j.iso -d out
Decryption failed
After some Googling about it's something about versions. Luckily though, some chap on the Cisco forums says:
I was able the run the getfw cli on a Rhel7.3 with openssl ver 1:1.0.1e
Right then, let's grab that version and try again.
wget https://ftp.openssl.org/source/old/1.0.1/openssl-1.0.1e.tar.gz
tar -zxvf openssl-1.0.1e.tar.gz
cd openssl-1.0.1e
./config
make
Now there's a version of OpenSSL 1.0.1e in apps/openssl
$ ./apps/openssl version
OpenSSL 1.0.1e 11 Feb 2013
This need to be first on the PATH so that getfw
picks it up:
sudo su
export PATH="/path/to/openssl-1.0.1e/apps:$PATH"
./getfw -s ucs-c2x-huu-3.0.4j.iso -d out
Nothing was selected hence getting only CIMC and BIOS
FW/s available at 'out/ucs-c2x-huu-3.0.4j'
And hey presto, we have firmware! With any luck this will save someone the hours it took me.