Created date | Updated date | Affects version | Fix version |
---|---|---|---|
|
| Drive Eraser SB - 7.7.1 (and newer) | N/A |
Problem
When booting a Cisco M4, M5, or M6 devices using a Blancco SB ISO image you receive a signature error when attempting to boot the Blancco Drive Eraser.
Cause
With "CIMC secure boot" setting enabled on these devices only Cisco signed firmware images can be installed and run on the servers. The operating system used by Blancco was not created by Cisco, lacking the required Cisco signature and is not allowed to boot.
After CIMC secure boot is enabled for the server, you cannot disable it anymore and the system prevents the user from downgrading to a CIMC firmware image prior to 2.1(3) which may have allowed disabling the CIMC secure boot in the past.
Based on the Cisco documentation at least below rack servers have CIMC secure boot enabled by default/the system automatically enables it after a firmware update.
Server | CIMC secure boot enabled by default | Notes |
---|---|---|
Cisco UCS C220 M4/M5/M6 | ||
Cisco C240 M4/M5/M6 | ||
Cisco C480 M5/C480 M5 ML | ||
Cisco C225 M6 | ||
Cisco C245 M6 | ||
Cisco UCS C460 M4 | Automatically enabled after upgrade to CIMC firmware 2.2(3) or higher |
Resolution
Once CIMC secure boot has been enabled in these servers it is not possible to boot any OS other than a Cisco created OS with a valid Cisco OS signature.
In order to erase the disks from affected systems, the drives need to be connected to some other system which allows booting Drive Eraser.