Short and simple. If you are running Firepower 2100 or 4100 on ASA image either stand alone or context mode you have to install new IOS from FXOS/FCM (Firepower Management Center) GUI. You can’t upgrade ASA code from ASA CLI unfortunately.
Anything chassis related on Firepower appliances is managed via FCM now. I.e even Port-Channel configuration you would have to do it via FCM.
One clue that something is not right is when you try to see current boot options.
Here is snippet from the system context on 2100:
asa/act/pri# sh boot
BOOT variable =
Current BOOT variable =
CONFIG_FILE variable =
Current CONFIG_FILE variable =
As you can see there is no boot var so even if you try to push the image into disk0 you’ll get similar error:
Verifying file disk0:/cisco-asa-fp2k.184.108.40.206.SPA...
%ERROR: Signature not valid for file disk0:/cisco-asa-fp2k.220.127.116.11.SPA.
To get this going to go your FCM UI page and login
From there we will go to upper right corner and click on System > Updates
Next is to upload an image via Upload Image > Browse > Upload
Once SPA is uploaded we can proceed with pushing the firmware to the chassis. Make sure its done during a maintenance windows since it is disruptive.
That is it. If you are running ha just failover the appliances and do the same thing for the other one.