Required operations following a BIOS update from the web administration interface

Once you have updated the BIOS from the web administration interface, launch the operations below, in this order.

Configuring the password to access the UEFI control panel

If you had set a password to access the UEFI control panel before updating the BIOS, this password will be deleted. You will need to set it again, by following the instructions in the technical note Protecting access to the configuration panel of the UEFI on SNS firewalls.

Sealing the TPM

If the TPM had been initialized on the firewall before updating the BIOS, you will need to seal it once again. This is because at the end of the BIOS update, trusted hash values have changed, preventing the decryption of protected private keys.

The reseal the TPM, follow one of the procedures below.

From the web administration interface

This use case is exclusive to SNS 4.8.7 and higher versions.

  1. Log in to the SNS firewall’s web administration interface.

    A window will appear automatically. In a high availability configuration, a window also appears if the TPM on the passive firewall needs to be sealed. If both members of the cluster are concerned, two windows will appear one after the other.

    Window for password to seal the TPM

  2. Enter the TPM password in the relevant field.

  3. Click on OK.

     

From the CLI console

  1. Seal the TPM on the SNS firewall with the command:

    SYSTEM TPM PCRSEAL tpmpassword=<password>

    Replace <password> with the TPM password.

  2. If the SNS firewall is part of a high availability cluster, seal the TPM on the passive firewall with the command:

    SYSTEM TPM PCRSEAL tpmpassword=<password> serial=passive