BMC固件升级失败问题分析
更新时间: 2026/05/28
在Gitcode上查看源码问题背景
- 单板类型:S920X20;
- 软件版本:NA;
- 涉及功能:BMC固件升级;
- 触发条件:没有预置升级所需密钥文件的情况下升级BMC固件。
- 业务表现:预期BMC固件升级成功;实际BMC固件升级失败。
问题复现步骤
- 在升级了一个包之后,发现从web进去之后页面空白,但ssh可以进入
- 遂尝试在命令行中回滚/升级均成功,web页面依旧空白
- 回滚/升级之后,在命令行中又尝试进行恢复出厂设置,恢复成功,web页面够显示数据,也可以进行分区置换,ssh能够登录
- 但在恢复出厂设置之后进行升级时,升级失败
关键日志信息
查看固件升级组件日志,确认报错如下:
text
2025-05-12 09:26:29.354039 firmware_mgmt NOTICE: active_fructl.lua(95): get host type is Singlehost
2025-05-12 09:26:29.354406 firmware_mgmt NOTICE: utils.lua(35): The file path is local.
2025-05-12 09:26:29.363743 firmware_mgmt NOTICE: init.lua(33): update status to FS_SIMPLE_UPGRADING.
2025-05-12 09:26:29.391171 firmware_mgmt NOTICE: task_service.lua(49): task create success, task id: 443127616
2025-05-12 09:26:29.462593 firmware_mgmt NOTICE: file_transfer.lua(145): start to move file [rootfs_openUBMC.hpm] from tmp to shm
2025-05-12 09:26:29.991158 firmware_mgmt NOTICE: file_transfer.lua(150): move_file_s ok:true, err:0
2025-05-12 09:26:30.457794 firmware_mgmt NOTICE: validate_sign.lua(174): verify signature successfully
2025-05-12 09:26:30.458670 firmware_mgmt NOTICE: action.lua(37): Validate signature successfully
2025-05-12 09:26:30.470142 firmware_mgmt ERROR: [C](65535): [WSEC_CBB_CAC][][1339] EVP_DecryptFinal_ex failed 0.
2025-05-12 09:26:30.470707 firmware_mgmt ERROR: [C](65535): [WSEC_CBB_CAC][][1767] OpensslDecryptFinal failed 101
2025-05-12 09:26:30.471032 firmware_mgmt ERROR: [C](65535): [WSEC_CBB][][265] (UTC) 2025-05-12 09:26:30 CAC decrypt final failed 101.
2025-05-12 09:26:30.471141 bmc_core ERROR: kmc_file.c(170): decrypt_hmac: SdpDecryptFinalEx failed, ret = 110.
2025-05-12 09:26:30.471180 bmc_core ERROR: kmc_file.c(348): file_decrypt: decrypt failed.
2025-05-12 09:26:30.472310 firmware_mgmt ERROR: hpm_package.lua(179): read from profile_en failed, generate new key and try again
2025-05-12 09:26:30.478022 firmware_mgmt ERROR: [C](65535): [WSEC_CBB][][636] (UTC) 2025-05-12 09:26:30 The file is not KSF format.
2025-05-12 09:26:30.478343 firmware_mgmt ERROR: [C](65535): [WSEC_CBB][][830] (UTC) 2025-05-12 09:26:30 ReadRootKeyByHandle() failed 255
2025-05-12 09:26:30.478998 firmware_mgmt ERROR: [C](65535): [WSEC_CBB][][1805] (UTC) 2025-05-12 09:26:30 MemImportKsf ReadKsf failed, result = 255
2025-05-12 09:26:30.479721 firmware_mgmt ERROR: hpm_package.lua(207): decrypt srcfile failed, err:./opt/bmc/libmc/lualib/mc/logging.lua:395: kmc import ksf failed, ret = 255
2025-05-12 09:26:30.480850 firmware_mgmt WARNING: init.lua(97): hpm_package.lua:669 > hpm_package.lua:565 > hpm_package.lua:241: An error occurred during the firmware upgrade process. Details: Upgrade write config file failed
2025-05-12 09:26:30.481435 firmware_mgmt ERROR: control.lua(321): parse package(rootfs_openUBMC.hpm) failed, ret:FirmwareUpgradeError: An error occurred during the firmware upgrade process. Details: Upgrade write config file failed.
2025-05-12 09:26:30.702802 firmware_mgmt NOTICE: active_fructl.lua(95): get host type is Singlehost
2025-05-12 09:26:30.703174 firmware_mgmt NOTICE: active_single_host_fructrl.lua(61): active_single_host_fructrl fructrl get power status
2025-05-12 09:26:30.706078 firmware_mgmt NOTICE: state_simple_upgrading.lua(87): simple upgraded, current active mode is:nil, wait restart seconds:30000
2025-05-12 09:26:30.714475 firmware_mgmt NOTICE: init.lua(33): update status to FS_IDLE.定位过程
从升级流程以及升级日志可知,升级存在解密过程,而解密需要解密密钥,kmc_file.c文件170行报错返回110翻查代码确认110的具体原因。
问题原因
此环境没有预置升级所需密钥文件,所以导致了升级失败。
解决方案
恢复环境的话,可以试试先回滚到上一个版本(25.00.00),这个版本是社区包的版本,然后升一个过渡包(预置秘钥的社区包),再重新尝试去升级即可。