Info
The HPE Integrated Lights-Out 6 iLO 6) and iLO 5 Online ROM Flash Component for Linux fails to update iLO firmware to v1.53 and v2.98 respectively when the security state in iLO is set to High Security, FIPS or CNSA mode.
When iLO Online ROM Flash Component for Linux is run on systems where the security state of iLO 6 or iLO 5 is set to High Security, FIPS or CNSA mode, the component fails to update (upgrade or downgrade) iLO firmware. The issue is seen only on systems having Red Hat Enterprise Linux (RHEL) 9 or SUSE Linux Enterprise Server (SLES) 15 with iLO 6 and iLO 5 v1.53 and v2.98 or earlier.
Additionally, this issue is seen if iLO security settings "Require Host Authentication" is enabled.
Scope
Any HPE system running iLO 5 or iLO 6 with RHEL 9 or SLES 15.
Resolution
As a workaround, update the iLO firmware using the iLO Web UI:
Select "Update Firmware" from the "Firmware & OS Software - Installed Firmware" page in iLO.
It is necessary to use the iLO 6 or iLO 5 FWPKG component to update firmware through iLO Web UI.
Alternately:
Use the iLOrest tool to perform an in-band firmware update from the Host OS using the iLO 6 and iLO 5 FWPKG component.
Use the following command to update the iLO 6 or iLO 5 fwpkg on the server.
ilorest -v flashfwpkg <fwpkg_file> -u <iLO_username> -p<iLO_password>
This issue has been resolved in iLO 6 v1.54 and iLO 5 v2.99 and later.
Use the Online ROM Flash Component for Linux with iLO 6 v1.54 and iLO 5 v2.99 and above to update the iLO firmware.
iLO 5 v2.99:
https://support.hpe.com/connect/s/softwaredetails?language=en_US&softwareId=MTX_63c9b8b5a94b488489beb796f3
iLO 6 v1.54:
https://support.hpe.com/connect/s/softwaredetails?language=en_US&softwareId=MTX_4a42034b5a8a4e2d8b16e8b4c0
