Do you ever update your server motherboard bios?

[Valdor]

After doing some maintenance on my freenas server I noticed my supermicro motherboard is considerably behind.

Version 1 from 2015 and there's been over 10 updates to 2.3 in late 2019.

I looked through the changelog and there is many Intel vulnerabilities and microcode updates.

Do you ever update your bios? I never have as I used to go by 'it ain't broke don't touch it' mantra... And have heard horror stories about bios updates.

But with so many Intel vulnerabilities lately, I wonder, am I stupid for not doing it?

Obviously, vulnerabilities count for nothing if it bricks my system.

 

[Heracles]

Hey Valdor,

If you use your FreeNAS exactly how it is meant to be used in an enterprise-like environment, these Intel vuln are not that bad. If FreeNAS is doing storage only and is never reached directly by any client and only other servers, it is secured enough.

These vulnerabilities are more about a first process going rogue in the server and breaking out of the mechanism that was meant to contain it like a jail. If you are running jails, some that are reachable by clients and more, then these vulnerabilities may have a greater impact, so would justify to be patched.

Here, indeed I patch all my Dell servers, even my FreeNAS. I do have a single jail that is reached by clients (Plex), so it is not completely shielded from any external activity. I consider it more important for my ESXi server but I do it for every server I have.

 

[Valdor]

Hey Valdor,

If you use your...

That's for the reply! My freenas server is used at home, it is reachable from the outside world via Plex.

It's a supermicro x11 board and I can update via the IPMI.. looks very straight forward but just a little apprehensive about it causing any problems (lots of important personal data on the server).

 

[sretalla]

apprehensive about it causing any problems (lots of important personal data on the server).

Worst possible case would be that your motherboard is bricked and you need to get a new one, but this will not destroy your data, which will still be there when you install a replacement board.
With a 2015 BIOS version, you have certainly not patched against the spectre and meltdown vulnerablities in your Intel CPU.

 

[pschatz100]

Also, be certain to backup your FreeNAS configuration. If, for some reason, you end up needing to do a re-install of FreeNAS, then having a backup of your configuration will greatly simplify the task.

 

[seanm]

I looked through the changelog and there is many Intel vulnerabilities and microcode updates.

Do you ever update your bios? I never have as I used to go by 'it ain't broke don't touch it' mantra... And have heard horror stories about bios updates.

You don't consider all those fixed security bugs "broke"? It _is_ broke, you _should_ update.

 

[SeaFox]

I updated mine when I first got the board, because there were reports of certain components overheating on the board and the firmware update fixing this -- so I did it to protect my investment (since it's a CPU/board combo and significantly more expensive than just a board where the processor can be removed and moved to a new one). I check every once in awhile and I don't think there is any newer version now.

Really firmware is something you generally don't update unless you have an issue the update is documented as fixing. Any motherboard manual says as much. Times might be a bit different with Spectre and other exploits in silicon now. I can't understand all these people with Netgear routers that need to be updated every whipstitch. To me, all that shows is the manufacturer is rushing product out the door half-done.