Symptoms
The following article provides information about how to update an iDRAC if it fails with error - RED007: Unable to verify Update Package signature
iDRAC7 and iDRAC8 firmware update jobs fail with "RED007: Unable to verify Update Package signature" if the following conditions are met:
Currently installed iDRAC firmware is 2.30.30.30 or older.The iDRAC firmware update is being applied through Out of Band interface.iDRAC firmware payload is 2.61.60.60 or newer.
Fig 1- RED007: Unable to verify Update Package signature.Also, the error message will also get populated within the Lifecycle Controller Logs with additional details regarding failure.
Fig 2 - RED007: Unable to verify Update Package signature.
Detailed Description:
The Update Package security signature cannot be verified.
Systems Management Applications that leverage Out of Band update methods (ex: OpenManage Essentials, OpenManage Enterprise, Chassis Manager Controller) will encounter this failure as well.
Resolution
Resolution:
iDRAC7 and iDRAC8 Dell Update Packages (DUP) no longer carry SHA-1 digital signatures. This DUP change was introduced in iDRAC firmware 2.61.60.60 and later. iDRAC7 and iDRAC8 version 2.40.40.40 or later added support to verify the SHA256 signatures. iDRAC must be running one of the following versions to support SHA-256 DUP payloads through Out of Band updates.
Workarounds:Leverage one of the following workarounds to update to the latest iDRAC firmware on impacted systems:
Update to latest iDRAC release through In-Band interface (Operating System Dell update package).Right-click and Extract the latest iDRAC Dell update package and update using the…/payload/firmimg.d7 through iDRAC Out of Band interface.Step update the iDRAC version using the "Older versions" from the Support Site bringing your iDRAC up to a version that supports SHA-256 signed Dell update packages before applying the latest update through Out of Band interface.
