Managing HPE BIOS resources

NOTE

It is possible that some properties or resources described in this section are not implemented in iLO 4 and iLO 5.

This section presents the HPE specific Bios resources (attributes and OEM resources) implemented in HPE iLO based servers. Refer to the BIOS data model section for a generic overview of the standard Redfish Bios data model.

The HPE Bios subsystem contains two families of elements:

  • A set of attributes located under the /redfish/v1/Systems/{item}/Bios standard URI, and described in the Bios registry section.
  • Sets of OEM Bios resources described in proprietary schemas (i.e. HpeTlsConfig )

The URIs of the HPE OEM Bios resources can be retrieved from /redfish/v1/Systems/{item}/Bios/Oem/Hpe as shown in the next example.

NOTE

HPE OEM Bios resource links have been moved from /redfish/v1/Systems/1/Bios in Gen10 servers to /redfish/v1/Systems/1/Oem/Hpe in Gen10 Plus and Gen11 servers. Refer to the following example for a generic method to retrieve them, regardless the server generation.

Generic requestiLOrestcURLGen10 response bodyGen10 Plus and Gen11 response body
Copy
Copied
GET /redfish/v1/systems/1/bios/?$select=Oem/Hpe/Links
Copy
Copied
# The following request retrieves Bios related URIs
# using a recursive jq request, ignoring errors
# and 'null' responses

ilorest login <ilo-ip> -u <ilo-user> -p password
ilorest rawget --silent \
        '/redfish/v1/systems/1/bios/?$select=Oem/Hpe/Links' | \
        jq -r '..|."@odata.id"?' | grep -v null
ilorest logout
Copy
Copied
# The following request retrieves Bios related URIs
# using a recursive jq request, ignoring errors
# and 'null' responses

curl --silent --insecure -u <ilo-user>:password \
     'https://<ilo-ip>/redfish/v1/systems/1/bios/?$select=Oem/Hpe/Links' | \
     jq -r '..|."@odata.id"?' \
     | grep -v null
Copy
Copied
/redfish/v1/systems/1/bios/
/redfish/v1/systems/1/bios/baseconfigs/
/redfish/v1/systems/1/bios/boot/
/redfish/v1/systems/1/bios/kmsconfig/
/redfish/v1/systems/1/bios/mappings/
/redfish/v1/systems/1/bios/serverconfiglock/
/redfish/v1/systems/1/bios/tlsconfig/
/redfish/v1/systems/1/bios/iscsi/
Copy
Copied
/redfish/v1/systems/1/bios/
/redfish/v1/systems/1/bios/oem/hpe/baseconfigs/
/redfish/v1/systems/1/bios/oem/hpe/boot/
/redfish/v1/systems/1/bios/oem/hpe/kmsconfig/
/redfish/v1/systems/1/bios/oem/hpe/mappings/
/redfish/v1/systems/1/bios/oem/hpe/serverconfiglock/
/redfish/v1/systems/1/bios/oem/hpe/tlsconfig/
/redfish/v1/systems/1/bios/oem/hpe/iscsi/
NOTE

The HPE service Bios extension is dedicated to HPE field service employees, and should not be accessed programmatically by Redfish clients.

The HPE service Bios extension URI is not mentioned explicitly under the Bios Oem/Hpe extension on purpose.

However, like other HPE Bios extensions, it is located at /redfish/v1/Systems/1/Bios/Oem/Hpe/Service in Gen10 Plus and Gen11 servers and at /redfish/v1/Systems/1/Bios/Service in Gen10 servers.

RESTful API BIOS Schemas/Registries

As explained in the Bios attribute registry overview paragraph, the Bios registry file URI of a live system can be easily located under /redfish/v1/Registries. This file is specific to the platform model and the Bios/ROM version loaded in the server. For example, if you follow the BiosAttributeRegistryA55.v1_1_62 URI, you will find the Bios attributes and registries for a DL365 Gen11 (A55) with ROM version 1.1.62.

If you want to know precisely the property and attribute differences between two Bios/ROM versions of a specific platform, you can download the corresponding Schemas/Registries from the HPE Support Center. Then, you will have to unzip the downloaded files and compare them manually using your favorite JSON editor.

HPE provides RESTful API BIOS Schemas/Registries via the HPE Support Center. These are static files and meant as references. They are not meant to be "installed". After downloading, you will need to unzip the file. The resulting files are useful for:

  1. Comparing BIOS attribute differences between two BIOS/ROM versions of a platform.
  2. Analyzing BIOS attributes for their factory default values on a platform.
  3. Helping to create a Redfish mockup like the one the DMTF provides .
NOTE

HPE RESTful API BIOS Schemas/Registries are not intended to be installed anywhere in servers, iLOs or iLOrest configuration file.They are NOT ROM Flash Universal Firmware Packages.

ROM Flash Universal Firmware Packages should be installed from Software Support Packs (SPP) or downloaded as .fwpkg files from the HPE Support Center.

Reinitializing secure boot databases

After upgrading or downgrading HPE iLO, first reboot the server. After reboot, the BIOS rebuilds the secure boot databases. If you do not reboot the server for certain conditions, BIOS and HPE iLO secure boot databases do not synchronize.

Reboot the server only under the following conditions:

  • HPE iLO upgrade: The source version is HPE iLO 6 1.61 or earlier, and the target version is HPE iLO 6 1.62 or later.
  • HPE iLO downgrade: The source version is HPE iLO 6 1.62 or later, and the target version is HPE iLO 6 1.61 or earlier.

The length of the certificate string is 3072 bytes. The BIOS can delete certificates and signatures from the default secure boot databases stored in HPE iLO.

NOTE

The maximum length of certificates is 3 KiB.

Synchronize data with HPE iLO and BIOS

The BIOS or UEFI variable stores the secure boot databases. The OS, ROM-Based Setup Utility setting (RBSU), or Redfish API can modify the databases. To maintain consistency, the BIOS synchronizes the data with HPE iLO. The BIOS can identify the certificate or signature that must synchronize with HPE iLO. When a certificate or signature is not added to Redfish API or deleted from Redfish API, BIOS provides a POST or DELETE method to add or remove a certificate or signature from HPE iLO.

The following table lists the maximum number of certificates and signatures allowed for each of the secure boot database types:

Database Name Number of certificates Number of signatures
Platform Key (PK) 1 N/A
PKDefault 1 N/A
Key Exchange Key (KEK) 16 10
KEKDefault 10 10
db/dbx/dbt/dbr 16 N/A
dbDefault/dbxDefault /dbtDefault /dbrDefault 10 10

For more information about secure boot databases, refer Secure Databases paragraph.

Bios defaults

Bios attributes and OEM Bios resources present factory and user defined default values. This paragraph explains how to get and set them. The next paragraph explains how to reset them to factory and user defaults.

Default Bios attributes

The current configuration Bios attributes URI contains a link to a BaseConfigs[] array that holds the factory attributes, and eventually, custom user defined attributes. Default OEM Bios resources (i.e. Bios TLS) are described in the next paragraph.

The Bios attribute list depends on the server architectures (Intel, AMD, Ampere). It may depend, as well, on the ROM version installed in the system. For these reasons, it is not possible to publish their factory default values with a long term validity. Instead, you will find below methods to retrieve them from live systems or from registries available online.

Retrieving factory Bios attributes from a live system

Factory Bios attributes and their values are located in the default member of the BaseConfigs[] array. Bios custom user defined attributes are part of the default.user member of this array.

The following example retrieves factory Bios attributes from a live system using a generic GET request or iLOrest.

NOTE

The BaseConfig[] URI is different in Gen10, Gen10 Plus and Gen11 servers. Refer to the following example for detail.

Generic requestsiLOrest
Copy
Copied
Gen 10
GET /redfish/v1/Systems/1/Bios/BaseConfigs | jq '.BaseConfigs[] | .default'

Gen10 Plus and Gen11
GET /redfish/v1/Systems/1/Bios/Oem/Hpe/BaseConfigs | jq '.BaseConfigs[] | .default'
Copy
Copied
ilorest login <ilo-ip> -u <ilo-user> -p password
ilorest get BaseConfigs/default --json --selector=HpeBaseConfigs
ilorest logout

Saving and retrieving user defined Bios attributes

The following example sets various Bios attributes (Gen10, Gen10 Plus or Gen11) and requests the saving in the BaseConfigs[] array. This modification requires a reboot of the server to be visible in the default.user array member.

NOTE

A PATCH request to the Bios settings URI with a body containing "SaveUserDefaults": "Yes" saves Bios attributes and Service Bios attributes in the default.user member of their respective BaseConfigs[] array.

Look for string "Service Bios" in this documentation section for more info concerning this HPE Bios extension.

Generic requestBody requestcURLiLOrestBody response
Copy
Copied
PATCH /redfish/v1/Systems/1/Bios/Settings/
Copy
Copied
{
    "Attributes": {
        "AdminName": "Toto Content",
        "AdminEmail": "toto.content@koulapic.com",
        "AdminPhone": "+3306789012340",
        "WorkloadProfile": "TransactionalApplicationProcessing",
        "SaveUserDefaults": "Yes"
    }
}
Copy
Copied
curl --insecure --silent --location -u <ilo-user>:passsword \
     --header 'Content-Type: application/json' \
     --request PATCH \
     'https://<ilo-ip>/redfish/v1/Systems/1/Bios/Settings/' \
     --data '{"Attributes": {
          "AdminName": "Toto Content",
          "AdminEmail": "toto.content@koulapic.com", 
          "AdminPhone": "+3306789012340",
          "WorkloadProfile": "TransactionalApplicationProcessing",
          "SaveUserDefaults": "Yes"
     }
}'
Copy
Copied
ilorest login <ilo-ip> -u <ilo-user> -p password
ilorest select Bios.
ilorest set "AdminName=Toto Content" \
        AdminEmail="toto.content@koulapic.com" \
        AdminPhone="+3306789012340"            \
        WorkloadProfile="TransactionalApplicationProcessing" \
        SaveUserDefaults=Yes
ilorest commit
ilorest reboot ForceRestart
ilorest logout
Copy
Copied
{
    "error": {
        "code": "iLO.0.10.ExtendedInfo",
        "message": "See @Message.ExtendedInfo for more information.",
        "@Message.ExtendedInfo": [
            {
                "MessageId": "iLO.2.25.SystemResetRequired"
            }
        ]
    }
}

The following example reads the Bios attributes BaseConfigs[] array members from Gen10, Gen10 Plus or Gen11 systems, that has been modified with the payload of the previous example. It contains two members: default and default.user.

Refer to the Bios resets paragraph below to apply user defined attributes.

Generic requestcURLiLOrestResponse (truncated)
Copy
Copied
# Gen10 
GET /redfish/v1/Systems/{item}/Bios/BasConfigs

# Gen 10 Plus and Gen11
GET /redfish/v1/Systems/{item}/Bios/Oem/Hpe/BaseConfigs
Copy
Copied
# Gen10
curl --include --insecure -u username:password --location \
      https://{iLO6-ip}/redfish/v1/systems/1/bios/BaseConfigs/

# Gen10 Plus and Gen11
curl --include --insecure -u username:password --location \
      https://{iLO-ip}/redfish/v1/systems/1/bios/Oem/Hpe/BaseConfigs/ 
Copy
Copied
# Gen10
ilorest login <ilo-ip> -u <ilo-user> -p password
ilorest rawget --silent /redfish/v1/systems/1/bios/BaseConfigs/
ilorest logout

# Gen10 Plus and Gen10
ilorest login <ilo-ip> -u <ilo-user> -p password
ilorest rawget --silent /redfish/v1/systems/1/bios/Oem/Hpe/BaseConfigs/
ilorest logout
Copy
Copied
{
    "@odata.context": "/redfish/v1/$metadata#HpeBaseConfigs.HpeBaseConfigs",
    "@odata.etag": "W/\"D3544D1E7B21CACACAB99143115A5971\"",
    "@odata.id": "/redfish/v1/systems/1/bios/oem/hpe/baseconfigs/",
    "@odata.type": "#HpeBaseConfigs.v2_0_0.HpeBaseConfigs",
    "BaseConfigs": [
        {
            "default": {
                "AMDPerformanceWorkloadProfile": "Disabled",
                "AccessControlService": "Enabled",
                "AcpiHpet": "Enabled",
                "AcpiRootBridgePxm": "Enabled",
                "AcpiSlit": "Enabled",
                "AdminEmail": "",
                "AdminName": "",
                "AdminOtherInfo": "",
                "AdminPhone": "",
                "AdvCrashDumpMode": "Disabled",
                ...
                ...
                "VlanControl": "Disabled",
                "VlanId": 0,
                "VlanPriority": 0,
                "WakeOnLan": "Enabled",
                "WorkloadProfile": "GeneralPowerEfficientCompute",
                "XGMIForceLinkWidth": "Auto",
                "XGMIMaxLinkWidth": "Auto",
                "iSCSISoftwareInitiator": "Enabled"
            }
        },
        {
            "default.user": {
                "AMDPerformanceWorkloadProfile": "Disabled",
                "AccessControlService": "Enabled",
                "AcpiHpet": "Enabled",
                "AcpiRootBridgePxm": "Enabled",
                "AcpiSlit": "Enabled",
                "AdminEmail": "toto.content@koulapic.com",
                "AdminName": "Toto Content",
                "AdminOtherInfo": "Toto est Content",
                "AdminPhone": "+3306789012340",
                "AdvCrashDumpMode": "Disabled",
                ...
                "SaveUserDefaults": "No",
                ...
                "VlanId": 0,
                "VlanPriority": 0,
                "WakeOnLan": "Enabled",
                "WorkloadProfile": "TransactionalApplicationProcessing",
                "XGMIForceLinkWidth": "Auto",
                "XGMIMaxLinkWidth": "Auto",
                "iSCSISoftwareInitiator": "Enabled"
            }
        }
    ],
    "Capabilities": {
        "BaseConfig": true,
        "BaseConfigs": false
    },
    "Id": "baseconfigs",
    "Name": "BIOS Default Settings"
}

Retrieving default Bios attributes from a registry file

NOTE

The method described in this paragraph for retrieving factory default Bios attribute values is only valid for Gen10 Plus and Gen11 servers.

Bios attribute registries can be downloaded from the HPE Support Center. Depending the server you are focusing on, enter a string similar to this one in the search box of the HPE Support Center: RESTful API BIOS Schemas/Registries dl365.

Download the Schemas/Registry .zip file that suites your needs and extract its content.

Drill down to the RegistryStore/en subdirectory and retrieve the DefaultValue property for each Bios attribute.

The following example retrieves the Bios default values (and other properties) from a DL385 Gen11 server (A55) Bios registry file downloaded from the HPE Support site.

bashOutput (truncated)
Copy
Copied
jq '.RegistryEntries.Attributes[] | {AttributeName, ReadOnly, Type, MenuPath, DefaultValue}'\
    BiosAttributeRegistryA55.v1_1_60_en.json
Copy
Copied
{
  "AttributeName": "WorkloadProfile",
  "DefaultValue": "GeneralPowerEfficientCompute",
  "MenuPath": "./",
  "ReadOnly": false,
  "Type": "Enumeration"
}
{
  "AttributeName": "DynamicPowerCapping",
  "DefaultValue": "Disabled",
  "MenuPath": "./SystemOptions/BootTime",
  "ReadOnly": false,
  "Type": "Enumeration"
}
{
  "AttributeName": "ExtendedMemTest",
  "DefaultValue": "Disabled",
  "MenuPath": "./SystemOptions/BootTime",
  "ReadOnly": false,
  "Type": "Enumeration"
}
....
{
  "AttributeName": "EraseUserDefaults",
  "DefaultValue": "No",
  "MenuPath": "./SysDefaultOptions/UserDefaultOptions",
  "ReadOnly": false,
  "Type": "Enumeration"
}
{
  "AttributeName": "UserDefaultsState",
  "DefaultValue": "Disabled",
  "MenuPath": "./SysDefaultOptions/UserDefaultOptions",
  "ReadOnly": true,
  "Type": "Enumeration"
}
{
  "AttributeName": "UtilityLang",
  "DefaultValue": "English",
  "MenuPath": "./LangSettings",
  "ReadOnly": false,
  "Type": "Enumeration"
}

Default HPE Bios resources

In addition to the HPE Bios attributes and their defaults described in the previous paragraph, other Bios related resources can be managed and reset to their factory defaults. Depending on the iLO generation, they may have a different location. Hence, you will have to use a generic script to locate and retrieve them.

Refer to the following sections for additional information concerning some of those resources:

The following script retrieves the location and data type of Bios configuration attributes and resources, except HPE Service Bios attributes for the reason mentioned earlier in this section.

iLOrest scriptiLO 5 outputiLO 6 Output
Copy
Copied
# The following script retrieves HPE Bios configuration links, prints them as well
# as their respective data type.

# Login remote iLO
ilorest login <ilo-ip> -u <ilo-user> -p password

# Retrieve HPE Bios configuration links
BiosLinksURI='/redfish/v1/systems/1/bios/?$select=Oem/Hpe/Links'
BiosConfigLinks=$(ilorest rawget --silent $BiosLinksURI | \
          jq '.Oem.Hpe.Links')

# Exract HPE Bios configuration URIs
URIs=$(echo $BiosConfigLinks | jq -r '..|."@odata.id"?'  | grep -v null)

# Print HPE Bios URIs and their data type
for uri in $URIs ; do
    echo -n -e "Resource type of ${uri}:\t\t"
    ilorest rawget --silent "${uri}" | \
            jq '."@odata.type"'   | \
            awk -F. '{print $NF}' | \
            tr -d "\""
done

# logout
ilorest logout
Copy
Copied
Resource type of /redfish/v1/systems/1/bios/baseconfigs/:        HpeBaseConfigs
Resource type of /redfish/v1/systems/1/bios/boot/:               HpeServerBootSettings
Resource type of /redfish/v1/systems/1/bios/kmsconfig/:          HpeKmsConfig
Resource type of /redfish/v1/systems/1/bios/mappings/:           HpeBiosMapping
Resource type of /redfish/v1/systems/1/bios/serverconfiglock/:   HpeServerConfigLock
Resource type of /redfish/v1/systems/1/bios/tlsconfig/:          HpeTlsConfig
Resource type of /redfish/v1/systems/1/bios/iscsi/:              HpeiSCSISoftwareInitiator
Copy
Copied
Resource type of /redfish/v1/systems/1/bios/oem/hpe/baseconfigs/:       HpeBaseConfigs
Resource type of /redfish/v1/systems/1/bios/oem/hpe/boot/:              HpeServerBootSettings
Resource type of /redfish/v1/systems/1/bios/oem/hpe/kmsconfig/:         HpeKmsConfig
Resource type of /redfish/v1/systems/1/bios/oem/hpe/mappings/:          HpeBiosMapping
Resource type of /redfish/v1/systems/1/bios/oem/hpe/serverconfiglock/:  HpeServerConfigLock
Resource type of /redfish/v1/systems/1/bios/oem/hpe/tlsconfig/:         HpeTlsConfig
Resource type of /redfish/v1/systems/1/bios/oem/hpe/iscsi/:             HpeiSCSISoftwareInitiator

HPE OEM Bios resources (except HpeMappings, but including the Service Bios extension) contain a link to a BaseConfigs URI. This URI contains the factory default configuration of the related resource. This configuration is in the default member of a BaseConfigs[] array.

The following example retrieves the HPE Bios TLS default configuration URI from an iLO 6.

iLOrestcURLResponse body
Copy
Copied
ilorest login <ilo-ip> -u <ilo-user> -p password
ilorest select HpeTlsConfig.
ilorest list Oem/Hpe/Links/BaseConfigs --json  | \
        jq -r '..|."@odata.id"?'  | grep -v null

# Or

ilorest rawget --silent "/redfish/v1/Systems/1/bios/oem/hpe/tlsconfig" | \
        jq '.Oem.Hpe.Links.BaseConfigs'
ilorest logout
Copy
Copied
curl --silent --insecure -u <ilo-user>:password \
     'https://<ilo-ip>/redfish/v1/systems/1/bios/oem/hpe/tlsconfig' | \
     jq '.Oem.Hpe.Links.BaseConfigs'
Copy
Copied
{
  "@odata.id": "/redfish/v1/systems/1/bios/oem/hpe/tlsconfig/baseconfigs/"
}

BIOS resets

This paragraph explains how to reset Bios attributes and OEM Bios related resources to factory defaults and user defaults.

TIP

The iLOrest user guide contains a dedicated section to Bios related commands.

Reset Bios attributes to factory defaults

The generic concepts/BIOS data model section contains an example to reset the Bios attributes to their factory default values, using the Bios.ResetBios standard Redfish action against an HPE iLO 6 based server. After performing this action and a reboot of the server, the Bios attributes are reset to the values contained in the default member of the BaseConfigs[] array mentioned in the Default Bios attributes paragraph.

The following example resets Bios attributes to factory defaults using the Bios.ResetBios action and cURL against an iLO 6 based server. Refer to the iLOrest user guide for performing the same action with iLOrest.

Generic requestcURL/iLO 6
Copy
Copied
POST /redfish/v1/Systems/1/Bios/Actions/Bios.ResetBios

Payload:
{}
Copy
Copied
curl --insecure --silent --location -u <ilo-user>:password \
     '<ilo-ip>/redfish/v1/systems/1/bios/Actions/Bios.ResetBios/' \
     --request POST \
     --header 'Content-Type: application/json' \
     --data '{}'

The following example resets Bios attributes to factory defaults using the Bios.ResetBios action and cURL against an HPE iLO 5 based server. Refer to the iLOrest user guide for performing the same action with iLOrest.

Generic requestcURL/iLO 5
Copy
Copied
POST /redfish/v1/Systems/1/Bios/Settings/Actions/Bios.ResetBios

Payload:
{
    "Action": "Bios.ResetBios"
}
Copy
Copied
curl --insecure --silent --location  -u <ilo-user>:password \
      'https://<ilo-ip>/redfish/v1/Systems/1/Bios/Settings/Actions/Bios.ResetBios' \
     --request POST                 \
     --header 'Content-Type: application/json' \
     --data '{
                "Action": "Bios.ResetBios"
             }'
NOTE

A Python example using the Bios.ResetBios action and the HPE Python Library is available on GitHub.

The following example resets Bios attributes to factory defaults using a PUT request against the Bios attributes settings location. This example is valid for both HPE iLO 5 and iLO 6 based servers.

Generic requestcURL
Copy
Copied
PUT /redfish/v1/Systems/1/Bios/Settings

Payload:
{
    "Attributes": {
        "BaseConfig": "default"
    }
}
Copy
Copied
curl --insecure --silent -u <ilo-user>:password --location \
     --request PUT '<ilo-ip>/redfish/v1/systems/1/bios/settings' \
--header 'Content-Type: application/json' \
--data '{
    "Attributes": {
        "BaseConfig": "default"
    }
}'
TIP

You can easily view the attribute values that will be restored with iLOrest and its pending command before restarting the server.

NOTE

The BaseConfig Bios attribute might not be visible in the current BIOS or BIOS settings resources.

Reset Bios attributes to user defaults

HPE allows the saving of custom Bios attributes of iLO based systems. As mentioned earlier, these user defined Bios attributes are stored in the default.user member of the BaseConfigs[] array.

NOTE

The HPE Service Bios HPE extension also contains a default.user object under the /redfish/v1/Sytems/1/Bios/Oem/Hpe/Baseconfigs URI that can be customized as mentioned earlier in this documentation section.

The following example retrieves the default user defined Bios attributes from an HPE iLO 6.

Generic requestcURLiLOrestOutput (truncated)
Copy
Copied
GET /redfish/v1/systems/1/bios/Oem/Hpe/BaseConfigs/
Copy
Copied
curl --insecure --silent --location -u <ilo-user>:password \
     'https://<ilo-ip>/redfish/v1/systems/1/bios/Oem/Hpe/BaseConfigs' | \
     jq '.BaseConfigs[] | ."default.user"'
Copy
Copied
ilorest login 
ilorest rawget --silent /redfish/v1/systems/1/bios/Oem/Hpe/BaseConfigs | \
        jq '.BaseConfigs[] | ."default.user"'
ilorest logout
Copy
Copied
null
{
  "AMDPerformanceWorkloadProfile": "Disabled",
  "AccessControlService": "Enabled",
  "AcpiHpet": "Enabled",
  "AcpiRootBridgePxm": "Enabled",
  "AcpiSlit": "Enabled",
  "AdminEmail": "titi.content@koulapic.com",
  "AdminName": "Titi Content",
  "AdminOtherInfo": "Toto est Content",
  "AdminPhone": "+3306789012340",
  ...
  ...
  "WakeOnLan": "Enabled",
  "WorkloadProfile": "TransactionalApplicationProcessing",
  "XGMIForceLinkWidth": "Auto",
  "XGMIMaxLinkWidth": "Auto",
  "iSCSISoftwareInitiator": "Enabled"
}

The following example resets the Bios attributes to the user default settings. This PUT request is valid against iLO 5 and iLO 6 based servers.

Generic requestcURLiLOrest
Copy
Copied
PUT /redfish/v1/systems/1/bios/settings

Payload:
{
    "Attributes": {
        "BaseConfig": "default.user"
    }
}
Copy
Copied
curl --insecure --silent --location -u <ilo-user>:password \
     --header "Content-Type: application/json" \
     --request PUT --data {"Attributes":{"BaseConfig": "default.user"}} \
     https://<ilo-ip>/redfish/v1/Systems/1/bios/settings/
Copy
Copied
ilorest login <ilo-ip> -u <ilo-user> -p password
ilorest biosdefaults --userdefaults
ilorest reboot ForceRestart
ilorest logout
NOTE

To reset the Service Bios extension attributes to the default.user values, send a PUT request with same workload as in the previous example to the corresponding settings area (/redfish/v1/systems/1/Bios/Oem/Hpe/Service/Settings)

Reset Bios attributes and HPE Bios resources

HPE iLO offers the possibility to reset both Bios attributes and Bios related properties in a single operation to their factory defaults using the OEM HPE property RestoreManufacturingDefaults :

From the BiosSettingsUri end point, you only need to PATCH the RestoreManufacturingDefaults property in the request body with the Yes value and then reset the server.

The following example resets Bios attributes and Bios related properties to their factory defaults using cURL and iLOrest.

TIP

As shown in the following example, you can use the ilorest biosdefaults --manufacturingdefaults command to perform this operation, and then reboot the server.

Generic requestcURLiLOrest
Copy
Copied
PATCH /redfish/v1/Systems/1/Bios/Settings/

Payload:
{
    "Attributes":{
        "RestoreManufacturingDefaults":"Yes"
        }
}
Copy
Copied
curl --insecure --silent --location -u <ilo-user>:password \
     --header "Content-Type: application/json" \
     --request PATCH --data {"Attributes":{"RestoreManufacturingDefaults":"Yes"}} \
     https://<ilo-ip>/redfish/v1/Systems/1/bios/settings/
Copy
Copied
ilorest login <ilo-ip> -u <ilo-user> -p password
ilorest biosdefaults --manufacturingdefaults
ilorest reboot ForceRestart
ilorest logout

If you just need to reset a single Bios resource set, send a PUT request to its settings URI and then restart the server. The following example resets the TlsConfig Bios resources using cURL and iLOrest against an HPE iLO 6 based system.

Generic requestcURLiLOrest
Copy
Copied
PUT /redfish/v1/systems/1/bios/oem/hpe/tlsconfig/settings

Workload:
{
    "BaseConfig": "default"
}
Copy
Copied
curl --insecure --silent --location \
     --request PUT '<ilo-ip>/redfish/v1/systems/1/bios/oem/hpe/tlsconfig/settings' \
     --header 'Content-Type: application/json' \
     --header 'X-Auth-Token: a9fb364e8fc6eb9f33dfb7c7910bed1c' \
     --data '{
        "BaseConfig": "default"
     }'
Copy
Copied
ilorest login <ilo-ip> -u <ilo-user> -p password
ilorest rawput TlsDefault.json
ilorest pending
ilorest reboot ForceRestart
ilorest logout

cat TlsDefault.json
{
  "/redfish/v1/systems/1/bios/oem/hpe/tlsconfig/settings": {
    "BaseConfig": "default"
  }
}
TIP

The reset to the default BaseConfig configuration can be combined with other property values changes. This allows to first reset everything to default and then apply some specific settings with only one system reboot.

The following example resets to defaults the Bios TLS configuration and configures the VerifyMode to a specific value (different from the default), on an HPE iLO 5 based system.

Generic requestcURLiLOrest
Copy
Copied
PUT /redfish/v1/systems/1/bios/tlsconfig/settings

Workload:
{
    "BaseConfig": "default",
    "VerifyMode": "NONE"
}
Copy
Copied
curl --insecure --silent --location -u username:password  \
     --header "Content-Type: application/json" \
     -X PUT --data '{"BaseConfig": "default", "VerifyMode": "NONE"}' \
     https://{iLO}/redfish/v1/systems/1/bios/tlsconfig/settings 
Copy
Copied
ilorest login <ilo-ip> -u <ilo-user> -p password
ilorest PUT TLSdata.json
ilorest reboot ColdBoot
ilorest logout

cat TLSdata.json
{
  "/redfish/v1/systems/1/bios/tlsconfig/settings": {
    "BaseConfig": "default",
    "VerifyMode": "NONE"
  }
}
TIP

Use the Action specified in the Service Bios extension URI to reset these attributes to their factory defaults.