After downgrading iDRAC8 firmware from the 2.70.70.70 release, PowerEdge 13G servers may stop at POST with an UEFI0315 Error Banner. The error persists on each HOST reboot/ power-on.
UEFI0315: Unable to process an iDRAC request to configure Secure Boot keys because of a communication error between BIOS and iDRAC.
Example of Lifecycle Controller Logs:
UEFI0315 |
Unable to process an iDRAC request to configure Secure Boot keys because of a communication error between BIOS and iDRAC. |
This error banner is displayed when BIOS fails to receive an expected Secure Boot setting value during the Power-On Self-Test (POST) sequence. When iDRAC8 is downgraded from 2.70.70.70, this reading fails regardless of Secure Boot settings within the server BIOS.
The Lifecycle Controller Logs of the iDRAC8 record if the iDRAC8 firmware has changed. Searching for the event "PR36" shows the history of firmware updates that are applied to the server.
PR36 |
Version change detected for Lifecycle Controller firmware. Previous version:2.70.70.70, Current version:2.61.60.60 |
iDRAC8 firmware 2.70.70.70 resolved an issue that was leading to this sighting randomly. Downgrading from the iDRAC8 2.70.70.70 is persistently causing the error to return. If the iDRAC8 firmware is confirmed to have been downgraded, this error is not an indication of faulty hardware.
Use one of the following methods to clear the condition from impacted servers.
Option 1: Update iDRAC8 to 2.70.70.70
Reinstalling iDRAC8 to firmware version 2.70.70.70 restores the fix that corrects this condition. The server must be rebooted after the iDRAC firmware update completes.
iDRAC8 2.70.70.70 is available for download here.
Option 2: Reset Secure Boot Keys using Redfish API
If the server must remain on downgraded iDRAC8 firmware, the Secure Boot Keys of the system BIOS must be reset. Redfish API is the only method to modify this setting. Follow the instructions below to modify the /redfish/v1/Systems/System.Embedded.1/SecureBoot/Actions/SecureBoot.ResetKeys
value.
The secure Boot Policy setting must be set to Custom attempting to reset Secure Boot Keys. Secure Boot can be either Enable or Disabled.
F2 System Setup >> System BIOS >> System Security >> Secure Boot:
Postman App was used in the following examples. Define the following fields in the application before sending the Redfish POST command.
Post URL Bar:
https://iDRAC_IP/redfish/v1/Systems/System.Embedded.1/SecureBoot/Actions/SecureBoot.ResetKeys
Authorization Tab:
Headers Tab:
Body Tab:
{"ResetKeysType":"ResetAllKeysToDefault"}
to text fieldIf the Redfish post command was successful, Postman shows similar messaging in the Response field:
{
"@Message.ExtendedInfo": [
{
"Message": "Successfully Completed Request",
"MessageArgs": [],
"MessageArgs@odata.count": 0,
"MessageId": "Base.1.0.Success",
"RelatedProperties": [],
"RelatedProperties@odata.count": 0,
"Resolution": "None",
"Severity": "OK"
},
{
"Message": "The operation successfully completed.",
"MessageArgs": [],
"MessageArgs@odata.count": 0,
"MessageId": "IDRAC.1.6.SYS413",
"RelatedProperties": [],
"RelatedProperties@odata.count": 0,
"Resolution": "No response action is required.",
"Severity": "Informational"
}
]
}