The Update Package security signature cannot be verified.

Mlatto,

The error often appears when OME or other tools use older validation logic or when the update package is not properly extracted before upload, so it’s not a setting you can enable; it’s about the update method and ensuring the correct payload is used.

This has started to occur because Dell changed the digital signature algorithm for update packages: 

• Dell Update Packages (DUPs) for firmware updates no longer use SHA-1 signatures; they now use SHA-256.
• iDRAC7/iDRAC8 versions prior to 2.40.40.40 do not support SHA-256 verification for out-of-band updates.
• Even though your iDRAC is at 2.86.86.86, the issue can still occur if:
  • The update is being applied through OpenManage Essentials/Enterprise (OME) or another out-of-band method.
  • The Lifecycle Controller or update workflow is referencing older validation logic.  

What I would suggest is to do the following to resolve the issue.

1. Verify iDRAC and Lifecycle Controller Firmware

   • Ensure both are updated to the latest versions (2.86 is good, but confirm LC is also current).
   • If LC is older than 2.40.40.40, update it first.

2. Use In-Band Update Method

   • Run the update from the operating system using Dell DUP for Windows/Linux:
     • Example:
       Windows: Run the .exe update package locally.
       Linux: Use dsu or rpm package.
   • This bypasses the signature check issue in out-of-band workflows.

3. Alternative Out-of-Band Workaround

   • Extract the DUP on a Windows/Linux system.
   • Locate the payload file (e.g., firmimg.d7).
   • Upload this file directly via iDRAC or Lifecycle Controller update tab.

4. Stepwise Update (if jumping too far)

   • If the system was previously on a very old version, apply intermediate updates (do not update the idrac without also walking the BIOS up with it):
     • 2.40.40.40 → 2.61.60.60 → 2.75.x → 2.86.x.
   • This ensures proper certificate handling for SHA-256

Let me know if this helps.