Unable to programmatically clear the Bios Setup Password on a Dell PowerEdge R750

[srikarpyda]

Hello Texas,

Server Information:
Model: PowerEdge R750
Bios Version: 1.13.2
IDRAC Firmware Version: 7.00.60.00

I have been able to set the Setup bios password on my R750 server through Redfish. Although I am able to clear the Setup password manually through the BMC UI, I am unable to do so programatically through Redfish. I am trying to clear the password through hitting the same Redfish endpoint that I used to initially set the password (redfish/v1/Systems/System.Embedded.1/Bios/Actions/Bios.ChangePassword). However, specifying an empty String for the new password is returning an error: "Retry the operation with a BIOS password that conforms with system BIOS password requirements".

I see the same error when I use the BiosChangePasswordREDFISH script to try to clear the password:
`./BiosChangePasswordREDFISH.py -ip 99.999.999.999 -u root -p XXXXX --type 2 --old XXXXXX --new ""

• INFO, clearing BIOS SetupPassword

• FAIL, Command failed, error code is 400

{'_content': b'{"error":{"@Message.ExtendedInfo":[{"Message":"Invalid BIOS Password.","MessageArgs":["SetupPassword"],"[email protected]":1,"MessageId":"IDRAC.2.9.BIOS018","RelatedProperties":["#/PasswordName"],"[email protected]":1,"Resolution":"Retry the operation with a BIOS password that conforms with system BIOS password requirements.","Severity":"Warning"}],"code":"Base.1.12.GeneralError","message":"A general error has occurred. See ExtendedInfo for more information"}}', '_content_consumed': True, '_next': None, 'status_code': 400, 'headers': {'Date': 'Wed, 26 Jun 2024 11:23:21 GMT', 'Server': 'Apache', 'OData-Version': '4.0', 'Cache-Control': 'no-cache', 'X-Frame-Options': 'DENY', 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains; preload', 'Content-Length': '482', 'Connection': 'close', 'Content-Type': 'application/json;odata.metadata=minimal;charset=utf-8'}, 'raw': <urllib3.response.HTTPResponse object at 0x7f1e9cd7cb80>, 'url': 'https://10.180.247.197/redfish/v1/Systems/System.Embedded.1/Bios/Actions/Bios.ChangePassword', 'encoding': 'utf-8', 'history': [], 'reason': 'Bad Request', 'cookies': <RequestsCookieJar[]>, 'elapsed': datetime.timedelta(microseconds=303289), 'request': <PreparedRequest [POST]>, 'connection': <requests.adapters.HTTPAdapter object at 0x7f1e9cd7da80>}
`

In addition to the above approach, I have also tried hitting the Redfish endpoint to reset the BIOS default settings (../redfish/v1/Systems/System.Embedded.1/Bios/Actions/Bios.ResetBios), but that did not clear the Setup password. I also tried hitting (../redfish/v1/Managers/iDRAC.Embedded.1/Actions/Oem/DellManager.ResetToDefaults) to no avail.

Thanks

[texroemer]

Hi @srikarpyda

Thanks for bringing up this concern and looks to be a bug in iDRAC code for clearing BIOS password. I'm currently escalating this issue internally with iDRAC team, will keep you updated once i have more details.

For action Bios.ResetBios this will only reset BIOS settings to default values not clear setup or system password.

Thanks
Tex

[srikarpyda]

Hi @texroemer ,

Just wanted to follow up. Did the iDRAC team come back with any details?

Thanks,
Srikar

[texroemer]

Hi @srikarpyda

Bios password issue has been escalated internally and fixed. Fix will be available in iDRAC 7.10.70 which is scheduled to be released this Sept.

Thanks
Tex

[srikarpyda]

Hey @texroemer ,
Thanks for the update. Is there a work-around I can use until September?
Thanks,
Srikar

[texroemer]

For a workaround you can use Server Configuration Profile (SCP) feature to clear BIOS passwords (setup or system or both). See example below using script "ImportSystemConfigurationLocalFilenameREDFISH.py" along with SCP file passed in to clear BIOS setup password.

C:\Python312>type 2024-7-8_134214_export.xml
<SystemConfiguration>
<Component FQDD="BIOS.Setup.1-1">
    <!-- <Attribute Name="OldSysPassword">******</Attribute>-->
    <!-- <Attribute Name="NewSysPassword">******</Attribute>-->
    <Attribute Name="OldSetupPassword">Pass1234#</Attribute>
    <Attribute Name="NewSetupPassword"></Attribute>
</Component>
</SystemConfiguration>

C:\Python312>python ImportSystemConfigurationLocalFilenameREDFISH.py -ip 192.168.0.120 -u root -p calvin --target BIOS --shutdown-type Forced --filename 2024-7-8_134214_export.xml

- PASS, JID_204930458522 successfully created for ImportSystemConfiguration method

- INFO, "Importing Server Configuration Profile.", percent complete: 10
- INFO, "Waiting for the system to shut down.", percent complete: 20
- INFO, "Applying configuration changes.", percent complete: 20
- INFO, "The configuration operation for the specified device is in progress.", percent complete: 40
- INFO, "The component configuration update on the host system is complete", percent complete: 90
- PASS, job ID JID_204930458522 successfully marked completed

- Detailed configuration changes and job results for "JID_204930458522"

{'Message': 'The operation successfully completed.',
 'MessageID': 'SYS413',
 'Oem': {'Dell': {'@odata.type': '#DellManager.v1_0_0.ServerConfigurationProfileResults',
                  'DisplayValue': 'OldSetupPassword',
                  'FQDD': 'BIOS.Setup.1-1',
                  'Name': 'OldSetupPassword',
                  'Status': 'Success'}},
 'Severity': 'OK'}
{'Message': 'Successfully imported and applied Server Configuration Profile.',
 'MessageArgs': [],
 '[email protected]': 0,
 'MessageId': 'IDRAC.2.9.SYS053'}

- JID_204930458522 completed in: 0:08:41

Thanks
Tex