Firmware & BIOS Footguns¶
Mistakes that brick servers, break boot chains, or leave hardware vulnerable.
1. Updating BIOS/firmware without a maintenance window¶
You push a BIOS update during business hours. The update requires a reboot. The server hosts a primary database. Reboot takes 10 minutes because POST re-trains memory. Your SLA just took a hit.
Fix: All firmware updates require a maintenance window. BIOS and BMC updates almost always need a reboot. Schedule them during off-peak and have failover ready.
2. Updating firmware on all servers at once¶
You script a fleet-wide BIOS update and run it against all 200 servers. Three servers brick because the update fails mid-flash. Your entire tier is degraded simultaneously.
Fix: Canary first. Update 1-2 servers, verify POST, check SEL, run diagnostics. Then roll out in small batches with a circuit breaker.
3. Ignoring correctable ECC errors in the SEL¶
You see a handful of correctable ECC errors in ipmitool sel elist and dismiss them. A month later, the DIMM fails completely with an uncorrectable error, causing a kernel panic and data corruption.
Fix: Monitor correctable ECC error rates. A rising count on a single DIMM means it is dying. Replace proactively. Set up alerting on edac-util or vendor BMC SNMP traps.
4. Clearing the SEL before reading it¶
The server rebooted unexpectedly. You run ipmitool sel clear to "reset things." Now the POST error that would have told you a DIMM failed is gone. You spend hours guessing.
Fix: Always read and document the SEL before clearing it. Pipe to a file: ipmitool sel elist > /tmp/sel-$(hostname)-$(date +%F).log. Then clear.
5. Leaving default BMC/IPMI credentials¶
Your BMC has admin/admin or ADMIN/ADMIN from the factory. Anyone on the management network can power-cycle your servers, mount ISO images, or reflash firmware.
Fix: Change BMC credentials on first rack. Use LDAP/AD integration for BMC access where possible. Isolate BMC on a dedicated management VLAN.
6. Disabling Secure Boot for convenience¶
A custom kernel module will not load because it is not signed. You disable Secure Boot entirely. Now any bootkit can load unsigned code before the OS starts.
Fix: Sign your custom modules with MOK (Machine Owner Key). Use mokutil --import to enroll your key. Keep Secure Boot enabled.
7. Flashing firmware from an unsupported OS version¶
You run a Dell DSU update from an unsupported Linux version. The BIOS update utility crashes mid-write. The server will not POST. You need a recovery USB or motherboard replacement.
Fix: Check vendor compatibility matrices before running firmware tools. Dell DSU supports specific RHEL/SLES versions. HPE SUM has its own matrix. Use the supported OS or update from the BMC web interface.
8. Not verifying firmware checksums¶
You download a firmware binary from a mirror or old bookmark. The file is corrupted or tampered with. The flash appears to succeed but the server behaves erratically after reboot.
Fix: Always download from the vendor's official site. Verify SHA256 checksums. Use fwupd when possible — it verifies signatures automatically through the LVFS (Linux Vendor Firmware Service).
9. Forgetting to update BMC firmware alongside BIOS¶
You update BIOS but skip the BMC. The new BIOS version expects a newer BMC protocol. Sensor readings become unreliable. Remote management features break. iDRAC shows stale data.
Fix: Update BMC and BIOS together as a pair. Vendor update bundles (Dell SUU/DSU, HPE SPP) handle the correct order. Update BMC first, then BIOS.
10. Changing boot order without recording the original¶
You set PXE boot for a re-image and forget to change it back. The server reboots after a kernel update and PXE boots into the provisioning environment, wiping its disks. Production data gone.
Fix: Record boot order before changing it: efibootmgr > /tmp/boot-order-backup.txt. Use one-time boot override (ipmitool chassis bootdev pxe options=efiboot) instead of changing persistent boot order.