How Cloudflare Updates The BIOS & Firmware Across Thousands Of Servers

Written by Michael Larabel in LVFS on 14 March 2023 at 06:28 AM EDT. 10 Comments
LVFS
For those wondering how Cloudflare keeps their thousands of servers around the world up-to-date for the latest BIOS and firmware, Cloudflare's engineering blog has put out an interesting post that outlines their process of handling system BIOS updates as well as various other firmware updates.

With BIOS/firmware updates often being done in the name of security, they are dedicated to ensuring their servers are on the latest versions. While there exists the likes of the Linux Vendor Firmware Service (LVFS) and Fwupd for handling firmware updates, sadly, they aren't using that but rather their own set of solutions.

It's too bad they hadn't thrown their weight behind the likes of LVFS/fwupd for encouraging more vendor adoption, but Cloudflare's current approach amounts to maintaining a set of homegrown scripts.


System BIOS/firmware updates are done via an iPXE boot script. Cloudflare reboots their servers monthly (or sooner if needed for security reasons) and so they rely on an iPXE boot script that queries the current UEFI BIOS version. If that BIOS version is out of date, it proceeds to download and flash against the latest specified version using UEFI. If the system BIOS is up-to-date, it proceeds to boot the Linux kernel.

For keeping the BMC, network cards, and other component firmware up-to-date is where things get a bit messier. Cloudflare leverages a "pre-flight" systemd service to run on boot that checks various firmware versions and then proceeds to take the different steps to flash the component firmware when necessary.

Those interested in learning more about Cloudflare's firmware flashing adventures across their thousands of servers can see this blog post.
10 Comments
Related News
Fwupd 2.0 Released To Drop Legacy & Deprecated Bits, Adds New Features
Fwupd 1.9.25 Supports Firmware Updates For A Few More Devices Under Linux
Fwupd 1.9.24 Adds Support For More Mediatek & Parade Tech Devices
Over 9 Years LVFS Has Served Over 110 Million Firmware Files To Linux Systems
Fwupd 1.9.22 Released With Framework SD Expansion Card & Raspberry Pi 5 Support
Fwupd 1.9.21 Released With Synaptics Carrera & Wacom Movink Support
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Linus Torvalds Lands A 2.6% Performance Improvement With Minor Linux Kernel Patch
VMware Workstation Shifting From Proprietary Code To Using Upstream KVM
Intel Spots A 3888.9% Performance Improvement In The Linux Kernel From One Line Of Code
Rust-Based Redox OS Gets RISC-V Working, Also Now Booting On The Raspberry Pi 4
Ubuntu Hoping To Remove Qt 5 Before Ubuntu 26.04 LTS
Valve Engineer Fixes Massive Performance Issue For RADV Driver With AMD FSR2 Sample
KDE Will Nicely Notify You When Apps Are Being Killed Due To Out-Of-Memory
Ubuntu's Great Mainline Kernel PPA Hasn't Been Working Since Mid-September