Enable SMM3 secure boot

Use this information to enable the SMM3 secure boot.

Check SMM3 primary firmware version

User the following Redfish command to check if the SMM3 primary firmware version is Q4SM06F-1.0.05 or later versions.

curl -k -H "Content-Type: application/json" -X GET https://[USERNAME]:[PASSWORD]@[SMM3_IP]/redfish/v1/UpdateService/FirmwareInventory/SMM_Primary

Note

SMM3 primary firmware version must be Q4SM06F-1.0.05 or later versions. To update the primary firmware, see SMM3 firmware update commands.

Enable IPMI and check secure boot status

Enable the IPMI interface.

Use the following Redfish command to enable the IPMI interface.

curl -k -H "Content-Type: application/json" -X PATCH -d '{"IPMI": {"ProtocolEnabled" : true}}' https://[USERNAME]:[PASSWORD]@[SMM3_IP]/redfish/v1/Managers/bmc/NetworkProtocol

Use the following Redfish command to query the IPMI interface status.

curl -k -H "Content-Type: application/json" -X GET https://[USERNAME]:[PASSWORD]@[SMM3_IP]/redfish/v1/Managers/bmc/NetworkProtocol

Use the following IPMI command to check whether Secure Boot is enabled.

Ipmitool -I lanplus -U [USERNAME] -P [PASSW0RD] -H [SMM3_IP] -C 17 raw 0x32 0xfc 0x00

If the query result is 00 00, the Secure Boot is disabled, go to Enable secure boot.
If the query result is 00 01, the Secure Boot is enabled, go to Check SMM3 backup firmware version.

Enable SMM3 secure boot

If the query result is 00 00, the Secure Boot is disable. Use the following IPMI command to enable Secure Boot.

ipmitool -I lanplus -U [USERNAME] -P [PASSW0RD] -H [SMM3_IP] -C 17 raw 0x32 0xfc 0x01

Physically reseat the SMM3.

Use the following Redfish command to reset to default.

curl -k -H "Content-Type:application/json" -X POST -d '{"ResetType": "ResetAll"}' https://[USERNAME]:[PASSW0RD]@[SMM3_IP]/redfish/v1/Managers/bmc/Actions/Manager.ResetToDefaults

Note

After resetting SMM3 to default, first login requires changing password, see Change the password for the first login in Logging in to the SMM3.

Enable the IPMI interface.

Use the following Redfish command to enable the IPMI interface.

curl -k -H "Content-Type: application/json" -X PATCH -d '{"IPMI": {"ProtocolEnabled" : true}}' https://[USERNAME]:[PASSWORD]@[SMM3_IP]/redfish/v1/Managers/bmc/NetworkProtocol

Use the following Redfish command to query the IPMI interface status.

curl -k -H "Content-Type: application/json" -X GET https://[USERNAME]:[PASSWORD]@[SMM3_IP]/redfish/v1/Managers/bmc/NetworkProtocol

Use the following IPMI command to check whether Secure Boot is enabled.

Ipmitool -I lanplus -U [USERNAME] -P [PASSW0RD] -H [SMM3_IP] -C 17 raw 0x32 0xfc 0x00

If the query result is 00 00, the Secure Boot is disabled, go to Enable secure boot.
If the query result is 00 01, the Secure Boot is enabled, go to Check SMM3 backup firmware version.

Check SMM3 backup firmware version

If the query result is 00 01, the Secure Boot is enabled. Use the following Redfish command to check if the SMM3 backup firmware version is Q4SM06F-1.0.05 or later versions.

curl -k -H "Content-Type: application/json" -X GET https://[USERNAME]:[PASSWORD]@[SMM3_IP]/redfish/v1/UpdateService/FirmwareInventory/SMM_Backup

Note

SMM3 backup firmware version must be Q4SM06F-1.0.05 or later versions. To update the backup firmware, see SMM3 firmware update commands.

Use the following Redfish command to disable IPMI or reset to default.

Use the following Redfish command to disable IPMI.

curl -k -H "Content-Type: application/json" -X PATCH -d '{"IPMI": {"ProtocolEnabled" : false}}' https://[USERNAME]:[PASSWORD]@[SMM3_IP]/redfish/v1/Managers/bmc/NetworkProtocol

Use the following Redfish command to reset to default.

curl -k -H "Content-Type:application/json" -X POST -d '{"ResetType": "ResetAll"}' https://[USERNAME]:[PASSW0RD]@[SMM3_IP]/redfish/v1/Managers/bmc/Actions/Manager.ResetToDefaults

Note

After resetting SMM3 to default, first login requires changing password, see Change the password for the first login in Logging in to the SMM3.

SMM3 firmware update commands

SMM3 firmware update OneCli commands

Use the following OneCli command to update SMM3 firmware

OneCli.exe update flash --dir <folder path> --smm [USERNAME]:[PASSWORD]@[SMM3_IP][:port] --log 5

SMM3 firmware update Redfish commands

Upload SMM3 Image File (.uxz)

curl -k -H "Content-Type: application/octet-stream" -X POST -T [SMM3_UXZ_IMAGE] https://[USERNAME]:[PASSWORD]@[SMM3_IP]/redfish/v1/UpdateService/update

Start updating firmware.

curl -k -H "Content-Type: application/json" -X POST -d '{"target": "/redfish/v1/Managers/bmc"}' https://[USERNAME]:[PASSWORD]@[SMM3_IP]/redfish/v1/UpdateService/Actions/UpdateService.StartUpdate

Query update progress.

curl -k -H "Content-Type: application/json" https://[USERNAME]:[PASSWORD]@[SMM3_IP]/redfish/v1/TaskService/Tasks/0

After the Task State shows “Completed” in Step 3, restart SMM3.

curl -k -H "Content-Type: application/json" -X POST https://[USERNAME]:[PASSWORD]@[SMM3_IP]/redfish/v1/Managers/bmc/Actions/Manager.Reset -d '{"ResetType": "GracefulRestart"}'

Give documentation feedback