TITLE: HPE Superdome Flex 280 Server Firmware Bundle (for installation
from RMC)
VERSION:
Bundle Version: 1.50.50
Expected:
1.50.50
BIOS:
8.50.9.20230519_103659.biosdev.202305190535_master
BMC_BASEIO_P22654_001_PLD: 14.2.20
BMC_EMMC: 3.50.182-20230427_194050
BMC_FWU_TOOLS:
3.50.182-20230427_194050
BMC_MLB_P22643_001_PLD: 15.2.42
BMC_PWR_BRD_001_ENV_PSOC: 42.1.2
BMC_PWR_BRD_001_PS_PSOC: 41.1.2
BMC_PWR_BRD_002_ENV_PSOC: 42.1.2
BMC_PWR_BRD_002_PS_PSOC: 41.2.2
BMC_SPI: 3.50.182-20230427_194050
BMC_UBOOT: 3.50.182-20230427_194050
COMPLEX_METADATA: 1.50.50
FWU: 3.50.182-20230427-195447
L496_SMC_STAGE1: 2.1.1.16
L496_SMC_STAGE2: 2.2.1.16
L496_SMC_STAGE3: 2.3.1.36
NPAR_METADATA: 1.50.50
DESCRIPTION:
This
bundle contains the firmware file for updating the HPE Superdome Flex 280 server
firmware from the RMC. This file updates the server BIOS firmware as well as
firmware on the RMC (Rack Management Controller) and on the BMCs (Board
Management Controller).
· The SNMP MIB file
sd-flex280-MIB-1.4.tar is available at this link.
· To comply with Open Source requirements, the Open
Source file foss_SDFlex280_1.4.tar.gz used in Superdome Flex 280 BMC firmware
is provided at this
link.
UPDATE RECOMMENDATION: Critical
[X]
Critical
[ ] Panic, [ ] Hang, [ ] Abort, [ ]
Corruption, [ ] Memory Leak, [ ] Performance
[ ] Security [X] Other
[ ] Hardware Enablement, [ ]
Software Enablement
[ ] Required
[ ] Recommended
[ ] Optional
[ ] Hardware Enablement, [ ]
Software Enablement, [ ] non-critical
[ ] Initial Customer Release
SUPERSEDES:
Version: 1.45.8
PRODUCT MODEL(S):
HPE
Superdome Flex 280 Server with Intel Xeon 53xx, 63xx and 83xx processors
· OS’es Supported
with DDR4 DIMMs:
o Suse Linux Enterprise
Server 15 SP2, 15 SP3, 15 SP4, 15 SP5
o Red Hat
Enterprise Linux 7.9, 8.2, 8.3, 8.4, 8.5, 8.6, 8.7, 8.8, 9, 9.1, 9.2
o Oracle
Linux 7.9, 8.2, 8.3, 8.4, 8.5, 8.6, 8.7, 8.8, 9, 9.1, 9.2
o Oracle
Linux 7.9 with UEK Releases 5 & 6
o Oracle Linux
8.2, 8.3, 8.4, 8.5, 8.6, 8.7, 8.8 with
UEK Release 6
o
Oracle Linux 8.6,8.7,8.8, 9, 9.1, 9.2 with UEK Release
7 (*)
o VMware
vSphere 7.0 U1, 7.0 U2, 7.0 U3, 8.0, 8.0U1
o Windows
2016, 2019, 2022
·
OS’es Supported with Intel Optane Persistent Memory 200
series:
o Suse Linux
Enterprise Server 15 SP2, SP3, SP4, SP5
o Red Hat
Enterprise Linux 7.9, 8.2, 8.3, 8.4, 8.5, 8.6, 8.7, 8.8, 9, 9.1, 9.2
o Oracle
Linux 7.9, 8.2,
8.3, 8.4, 8.5, 8.6, 8.7, 8.8, 9, 9.1, 9.2 (Sector Mode only)
o Windows 2019,
2022
(*) Note:
§
Support of Oracle Linux 9 with UEK 7 requires using HFS 2.4.5(B) or
later.
§
For
support of Oracle Linux 8.6 with UEK 7, see Customer
Notice a00127601
LANGUAGES:
International
English
ENHANCEMENTS:
· RMC LDAP user names are made case insensitive whereas
local users continue to be case sensitive.
· A new CLI option introduced to allow transfer of rsyslog events to remote server based on selected severity.
· Added following set of new nPar attributes,
o
“Boot Retry count” that controls the
number of boot retry attempts of the Boot Order list.
o
“Enabled Cores per Processor” to
limit the number of enabled processor cores per physical processor.
o
“Base IO NIC” to enable or disable
the BaseIO NIC ports.
FIXES:
Revision 1:
·
Corrected the Oracle Linux versions
support
· Firmware includes IPU 2023.2 microcode updated to revision 07002601.
· Updated
UEFI Secure Boot revocation list dated March 14, 2023.
· Fixed an issue with Tesla T4 GPU card initialization failure when multiple cards are installed.
· Fixed incorrect reporting of Scheduled PPR (Post Package Repair) Limit
exceed alert.
· Fixed an issue where PPR Persistence data cleared after eRMC Chassis AC power cycle.
· Fixed
false reporting of PCH_RTC_POWER_FAILURE event and RTC battery indictment for BaseIO board.
COMPATIBILITY:
· Secure boot mode with Oracle UEK 6 is supported with Oracle
Linux UEK 6 Update 3 (or later)
· Secure boot mode with Oracle UEK 7 is currently not supported
· OneView supported features:
o
OneView version 5.00 (or
later) allows monitoring and management of HPE Superdome Flex 280 servers.
o
HPE OneView 6.4 or later is required to support
OneView Server Profile
o
OneView version 7.1 (or
later) allows notifying users when a new Superdome Flex server firmware version
(1.40.60 or later) becomes available on HPESC (HPE
Support Center).
· SSH DSA (Digital Signature Algorithm) key is not
supported by the RMC. If you are using OpenSSH to access the RMC, OpenSSH version
6.5 or later is required. If you are using Putty, Putty version 0.68 or later
is required.
· It is recommended to use this firmware along with the I/O Service Pack for HPE Superdome Flex
server family version 2022.09 and HFS (HPE Foundation Software) version 2.4.6
(for servers running Linux) as well as the latest DCD version:
o
DCD for
VMware is posted under Vibsdepot
o
DCD for
Windows is part of the HPE Superdome Flex 280 server I/O Service Pack
· For latest supported versions, see the HPE
Superdome Flex 280 Release Sets.
· For information on Intel Optane Persistent Memory
support, see the HPE
Persistent Memory Guide for HPE Superdome Flex 280 server document.
· For OS specific information, please see:
o
For
VMware, the “Running
VMware vSphere on HPE Superdome Flex Family” white paper
o
For
Windows, the “Deploying
Microsoft Windows Server on HPE Superdome Flex 280 Server” white paper
o
For Linux,
the "Installing Operating
Systems on HPE Superdome Flex 280 Server" Guide and the
"Running
Linux on HPE Superdome Flex 280 Server” white paper
· For more details on accessing and managing the system,
see the HPE Superdome Flex 280 user documentation located at this link.
PREREQUISITES:
1.
Isolate the management network from the normal
corporate LAN. This management network should limit and restrict access to your
RMC management interfaces using firewall, Accesses control lists (ACLs), or
VPN. This will greatly reduce a large group of security risks, (for
example Denial of Service attacks).
2.
Patch and maintain web servers.
3.
Run the up-to-date virus and malware scanners in your network environment
4.
Apply HPE firmware updates as recommended.
INSTALLATION INSTRUCTIONS:
Please review all instructions and the "Hewlett
Packard Enterprise Support Tool License Terms" or your Hewlett Packard
Enterprise support terms and conditions for precautions, scope of license,
restrictions, and limitation of liability and warranties, before installing
this package. It is important that you read and understand these instructions
completely before you begin. This can determine your success in completing the
firmware update.
Note: HPE provides four methods for updating the
server firmware, from the RMC CLI, from the RMC web GUI, using SUM or using
OneView. If you need help selecting a method, please see the “Firmware Update”
section in the Superdome
Flex 280 Server Manageability white paper.
Note: Online firmware update is only supported when
updating from version 1.10.272 or later
Important:
· Due to critical fixes in firmware version
1.20.204, downgrading back to any version below 1.20.204 is not supported
and will fail with “ERROR: Rollback to this version is not allowed“. Contact
HPE support if you need to downgrade to a version below 1.20.204.
· DO NOT abort the firmware update once started as
this may cause the system to get in an un-usable state. In particular, DO NOT
turn off system AC power during a Firmware update.
· In case a firmware mismatch is displayed after the
update, retry the update. If you continue to see failures, please contact HPE
support
INSTALLATION
Below are the instructions
for updating the server firmware either from the RMC CLI (see A. below) or from
the RMC web GUI (See B. below).
A. To update server firmware from the RMC CLI:
1. Copy
the firmware file sd-flex280-<version>-fw.tars to your local computer.
Note: If you plan to use the RMC USB
port, copy the firmware file to root directory of a USB drive.
2. Follow the instructions provided in the
“Installation Instructions” TAB to verify the digital signature and SHA256
checksum.
3. Follow the instructions below to update the
firmware on your system.
a.
Please verify that the system date is set. If not, set
it and check if you have a NTP server up and running as it is used to set the
date.
b. For
offline FW update only (Skip step b. for online firmware update):
Log into the HPE Superdome Flex 280 Server operating
system as the root user, and enter the following command to stop the operating
system:
#
shutdown
c. Login to the RMC
as administrator user, provide the password when prompted.
d. Use of DNS is
recommended:
- If using DNS, verify that the RMC is configured to
use DNS access by running:
RMC
cli> show dns
If not, you
may use the command “add dns ipaddress=<DNS
IP>” to configure DNS access (or you can’t use DNS).
Note:
- A RMC reboot is required for
DNS changes to take effect
- If DNS
is not used, you will need to specify IP address in the <path_to_firmware>
e. For
offline update only! (Skip step e. for online FW update):
Enter the following command to power off the system
RMC cli> power off npar pnum=0
f.
Update the firmware by
running the command (see Superdome
Flex 280 Administration Guide for additional options):
RMC
cli> update
firmware url=<path_to_firmware>
[exclude_npar_fw] [reinstall]
Where <path_to_firmware> specifies the location to the firmware
file that you previously
downloaded. You can use usb, https, sftp or scp with an optional port. For instance:
RMC cli> update firmware url=scp://username@myhost.com/sd-flex280-<version>-fw.tars
RMC cli> update firmware url=sftp://username@myhost.com/sd-flex280-<version>fw.tars
RMC cli> update firmware url=https://myhost.com/sd-flex280-<version>-fw.tars
RMC cli> update firmware url=https://myhost.com:123/sd-flex280-<version>-fw.tars
RMC cli> update firmware url=usb://sd-flex280-<version>-fw.tars
And where exclude_npar_fw is used to not
update the BIOS firmware running on an nPar.
Notes:
·
The
“reinstall” option is only supported with offline firmware update, not online.
·
To use
update firmware via USB drive, plug the USB drive with the firmware in step 1
into the USB port labeled RMC of the base chassis. The RMC USB port is at the
rear of the chassis, near the VGA port.
·
After
plugging the USB key into the RMC USB port, wait thirty (30) seconds, then run
CLI ‘show rmc usb’ command
to verify that the RMC recognizes the USB drive and firmware file on it.
·
The CLI
does not accept clear text password, the password has to be manually typed in
when scp or sftp protocol is used.
·
To use a
hostname like ‘myhost.com’, RMC must be configured for DNS for name resolution,
otherwise you need to specify the IP address of ‘myhost.com’ instead. See the
command ‘add dns’ for more information.
g. Wait for RMC to reboot after a successful firmware update, then check
the new firmware version installed by running:
RMC cli> show firmware verbose
Note: The nPar
firmware version will not be updated until the next nPar
reboot. See output under “DETERMINING CURRENT VERSION” below
h. For online
FW update, reboot
the Partition when convenient to activate the new nPar
firmware:
RMC
cli> reboot npar pnum=0
For
offline FW update, power on
the system or partition:
RMC cli> power on npar pnum=0
B. To update server firmware from the RMC web GUI:
1. Copy the firmware file sd-flex280-<version>-fw.tars to
your local server that supports https download from the RMC.
2. Follow the instructions provided in the
“Installation Instructions” TAB to verify the digital signature and SHA256
checksum.
3. Follow the instructions below to update the
firmware on your system.
a.
Please verify that the system date is set. If not, set
it and check if you have a NTP server up and running as it is used to set the
date.
b. For
offline FW update only (Skip step b. for online firmware update):
Log into the HPE Superdome Flex 280 Server operating
system using an account with Administrator privilege and gracefully shutdown
the partition and power off. For example, if the partition is running Linux,
login as the root user, and enter the following command to gracefully stop the
operating system and power off:
#
shutdown -h now
c. Login to the RMC
web GUI at https://<RMC name or IP>
as administrator user, with administrator’s password.
d. Use of DNS is
recommended:
- If using DNS, verify that the RMC is configured to
use DNS access by clicking on the Network tile, then verify that “Static Name
Server(s)” under General tile has at least one IP address.
If not,
click on the “Wrench” icon next to “Network”, then fill in the “Static Name
Servers” fields and click Submit.
- If not using DNS, you will need to specify IP
address in the <path_to_firmware>
e. For
offline update only! (Skip step e. for online FW update):
Click on the nPartition
tile, if power is still on, click “Force Off” under Abrupt Power.
f.
Update the firmware:
Click on
Firmware tile, then the green “Update” button. Fill out the Image URL with
proper <path_to_firmware>. For example, https://myhost.com/sd-flex280-<version>-fw.tars
Note: RMC web GUI firmware update only
accepts HTTPS protocol.
g. Wait for RMC to reboot after a successful firmware update, then check
the new firmware version installed by logging to the RMC web GUI, then click on
the Firmware tile and check the “Active
Version” column.
Note: The nPar
firmware version will not be updated until the next nPar
reboot.
h. For online
FW update, reboot
the Partition when convenient to activate the new nPar
firmware. Click on the nPartition tile, then select
“Graceful Restart” under “Graceful Power”.
For
offline FW update, Power on
the system or partition.
Click on the nPartition
tile, then “Power on”
DETERMINING CURRENT VERSION:
To check or verify the current firmware levels on
the system, from the CLI, enter the RMC command:
RMC cli> show firmware
Configured complex bundle version: 1.40.60
Configured npar bundle version: 1.40.60
Firmware on all devices matches the configured version.
nPar running a different version until their
next reboot:
nPar 0:
1.30.42 (Note: This is displayed
if the nPar is not rebooted yet)
Note: If online FW update was used and the nPar has not been rebooted yet, the command
lists the prior FW version still active on the nPar.
Note: If you want to see all the components’
versions, you may use “show firmware verbose”.
Downgrading
firmware:
·
Downgrading firmware
is not recommended as it may cause a loss of functionality and expose the
system to vulnerabilities fixed in later versions
· Rollback to versions prior to 1.20.204 is blocked. Contact HPE support if you need to downgrade to a version prior to 1.20.204.
KNOWN ISSUES & WORKAROUNDS:
· A BIOS ASSERT may be encountered when performing PXE boot from Microsoft
Windows Deployment Services, if the user attempts to select ESC in the menu
displayed by Windows Boot Manager. Workaround: Do not exit the menu
using the ESC key.
·
On HPE Superdome Flex 280
servers running with Windows 2019 or 2016, if the TPM (Trusted Platform Module)
is in a locked out state, the power shell command get-TPM incorrectly reports
the LockedOut field as “False” and the LockoutCount as “0”. These values will be corrected in a
future release.
DISCLAIMER:
The
information in this document is subject to change without notice.
Hewlett Packard Enterprise makes no warranty of any
kind with regard to this material, including, but not limited to, the implied
warranties of merchantability and fitness for a particular purpose. Hewlett
Packard Enterprise shall not be liable for errors contained herein or for
incidental or consequential damages in connection with the furnishing,
performance, or use of this material.
This document contains proprietary information that is
protected by copyright. All rights are reserved. No part of this document may
be reproduced, photocopied, or translated to another language without the prior
written consent of Hewlett Packard Enterprise.
(C) 2020-2023 Hewlett Packard Enterprise Development
L.P.
FEEDBACK
As we are
continuing to improve the firmware management process we welcome your feedback
on this document and on the firmware update process:
TEAM-FWupdateFeedback@groups.ext.hpe.com
SUPERSEDES HISTORY:
Version 1.45.8
ENHANCEMENTS:
· Remote logging
feature now supports TCP protocol along with UDP
FIXES:
· Firmware includes
Intel Reference Code revision IPU 2023.1 with microcode updated to
revision 07002503.
· Fixed
frequent NFS/CIFS disconnect issue when OS image or IO bundle is presented
through remote media option from GUI or Redfish.
· Update
CAE initialization code to be able to generate related CAE events which got
missed in certain scenario.
Revision 1 :
· Addressed
CVE-2022-37939
· Updated
MIBs to address an error reported by the snmptranslate
to translate MIB OID from SMM_PETTrap.mib
Version 1.40.60
ENHANCEMENTS:
· Added
support for 1600W and 2130W Titanium PSUs (Power Supply Units)
· Added support for RHEL 8.7 and 9.1
· Added support for Oracle Linux 8.7 and 9.1
· Added support for VMware 8.0
·
Added support for collecting
IDC logs from CLI, Redfish, GUI and Remote Support
·
Added
support for SFTP/SCP protocols for firmware update through Redfish
·
Includes
corrected memory error handling improvements with respect to Post Package
Repair
·
Support notification
in HPE OneView version 7.1 (or later) of new Superdome Flex server firmware
version (1.40.60 or later) availability on HPESC (HPE Support Center)
FIXES:
January 2023 updates to release notes only
· Addressed CVE-2022-37933 to fix potential security vulnerability
December 2022 updates
· Includes content
to address CVE-2022-26837.
· Firmware
includes Intel Reference Code revision IPU 2022.2 and IPU 2022.3
·
Upgraded libexpat from 2.4.1 to 2.4.7 to address security
vulnerabilities
CVE-2022-25315,CVE-2022-25236,CVE-2022-25235,CVE-2022-23852,CVE-2022-22822,CVE-2022-22823,CVE-2022-22824,CVE-2022-23990,CVE-2022-25314,CVE-2021-45960,CVE-2021-46143,CVE-2022-22825,CVE-2022-22826,CVE-2022-22827,CVE-2022-25313
·
Upgraded curl
to 7.83.1 to address the vulnerabilities CVE-2022-27778, CVE-2022-27782,
CVE-2022-27774, CVE-2022-27776, CVE-2022-27779, CVE-2022-27780, CVE-2021-22922,
CVE-2021-22923, CVE-2021-22924
·
Upgraded
python to 3.7(3.7.11) to address the security vulnerability CVE-2022-0391
·
Upgraded zlib to version 1.2.12 to address vulnerability
CVE-2018-25032
·
Fixed a
potential BIOS Halt seen as part of persistent memory Address Range
Scrub run during partition boot
·
Addressed a PCIe fatal
error detected during Windows 2019 installation under certain scenarios
·
Reduced
maximum number of active CLI sessions from 30 to 20 to handle unexpected BMC
reboot scenarios with multiple active CLI sessions
·
"ATTN: Needs Refresh” message is cleared in the “show chassis info”
output for the LSI MegaRAID SAS 9361-4i Controller
when the npar is powered on
·
Fixed an issue where some OS drivers
were not getting attached to the device due to un-programmed PCI interrupt
registers
·
Fixed an issue where retrieving the CPU and Memory utilization metric
reports via Redfish would fail with a gateway timeout error
·
Spurious
“Link Down” SNMP/Redfish alerts are no longer reported after a BMC disconnect
and reconnect
·
Fixed an
error reported by the SNMP MIB compiler due to an error implementing the MIB
specification
Version 1.35.12:
ENHANCEMENTS:
· Increased
chassis fan speed during the boot to EFI to account for high thermal
dissipation during memory stress test such as AMT (Advanced Memory test).
Reduced DIMM temperature set point to keep DIMM cooler for all workloads. Also
reduced chassis fan oscillation for all CPU workload profiles.
· Added support for SLES
15 SP4
· Added support for Oracle
8.6 & 9 with UEK Release 7
· Added CVE-2021-33060
to the list of fixes
FIXES:
· Includes content to
address CVE-2021-33060
· Includes content from
latest Intel IPU 2022.1 addressing CVE-2022- 21166
· Includes
content from latest Intel IPU
2021.2 addressing CVE-2021-0127 and CVE-2021-0147
· RMC OpenSSL upgrade addressed
security vulnerabilities CVE-2022-0778 and CVE-2021-3712
· OpenSSH upgrade
addressed security vulnerabilities CVE-2016-20012, CVE-2020-14145,
CVE-2021-41617
· Fixed an issue where
SPPR (Soft PPR) would trigger memory test errors or failures during full memory
training on systems with healthy 256 GB DIMMs
· Fixed an issue where
power commands would sometimes fail with an internal error
· Addressed an issue where
some IO devices would not be configured because of insufficient MMIOH memory by
adding a new BIOS attribute “MmiohGranularity”. This
mew attribute allows to support a larger number of GPU/SmatNIC IO
devices requiring large MMIOH memory.
· Fixed an issue where
DIMM in pre-failed status was not getting indicted
Version 1.30.42:
ENHANCEMENTS:
·
DIMM
pre-fail is a new feature that may be used to monitor DDR4 DIMMs and notify
users if there is a risk of failure (disabled by default). To manage the DIMM pre-fail feature, commands
enable/disable/show predictive_mem_health are added
in the CLI interface, see details in the HPE
Superdome Flex 280 Administration Guide
·
Removed
unsupported inband IPMI command for configuring user
id 1
·
Added
support for communicating securely with LDAP server using the combination of
LDAP and TLS
·
Added
Redfish API support to enable/disable telemetry collection
·
Provides
better security through improved password hashing
· Login delay is now imposed after 3 failed login attempts with a user-configurable delay (default 10 seconds)
April 19th update:
·
Added
Security Bulletin reference for CVE-2022-23702
·
Removed
CVE-2021-26691 from the fixes (already addressed in version 1.20.180)
FIXES:
·
Addressed
vulnerability CVE-2022-23702; for details, see Security Bulletin HPESBHF04266
·
Fixed an issue
where Bios would attempt full memory training on every boot leading to an
increase in Boot time
·
The “acquit" command may now be used to clear the
“Link Down: Warning” that may be displayed in “Show Health” status after
disconnecting and reconnecting an Ethernet/FC cable attached to an Ethernet or
FC card
·
Fixed an
issue where RMC would send duplicate records to remote log server after reboot
·
Increased
a timeout value to prevent the RMC CLI command 'set ldap bindpw' from failing with timeout
·
Discontinued support
for the HTTP OPTIONS method
·
An MCA event sourced by an HPE Persistent Memory DIMM
no longer results in an incorrect service event 306 and the DIMM is now
indicted instead of being de-configured at next boot
Version 1.20.204:
ENHANCEMENTS:
· User confirmation is now requested prior to adding or
removing any IPMI commands to/from the restricted list
·
Replaced VMware 7.0 U3
support with VMware 7.0 U3c support (see details from VMware in
https://kb.vmware.com/s/article/86398)
FIXES:
· Fixed an issue where, after performing a firmware update to version
1.20.192, the system would log multiple THERMAL_FAULT_DETECTED, BIOS_ABORTED or
CATERR_HOLD_DETECTED events at power on or would fail to reach UEFI with
x86_CPU_EXCEPTION.
·
When IPMI
BT is disabled, npar OS boot/shutdown no longer takes
longer time and the Linux kernel no longer logs many error messages on boot
(see Customer Advisory a00119330)
Version:
1.10.292
ENHANCEMENTS:
Firmware version 1.20.192:
· Updated Persistent Memory Firmware
version to 02.02.00.1553. BIOS will automatically update persistent memory
modules when BIOS Attribute PmemAutoFwUpdate is
Enabled (default). This will result in a onetime longer boot to perform
the update and a reboot.
Firmware version 1.20.180:
November 2021:
· Added support for RHEL 8.5 and Oracle Linux 8.5
December 2021:
·
Added known issue about critical
THERMAL_FAULT_DETECTED event occurring due to thermal monitoring sometimes
erroneously set to OFF after firmware update to version 1.20.192
·
Added a step in the installation instructions to
prevent running into the above issue
February 2022:
·
Replaced support of VMware 7.0 U3 with VMware 7.0 U3c
(see KB 86398 for details)
FIXES:
Firmware version 1.20.192:
·
Addressed an issue where incorrect PPR
(Post Package Repair) data would be applied to a DIMM if the DIMM had been
replaced in an expansion chassis and the BMC on the base chassis had not been
rebooted
·
Addressed an issue where PPR (Post Package
Repair) data would not be cleared after acquitting the DIMM on an expansion
chassis
Firmware version 1.20.180:
·
Addressed security
vulnerability CVE-2021-23841 in OpenSSL
·
Addressed security vulnerability
CVE-2018-20843 and CVE-2019-15903 in libexpat
·
Addressed security vulnerability
CVE-2021-26691 in Apache HTTP server
·
DBX in this firmware will revoke HPE signed
images that were vulnerable to UEFI Secure Boot Evasion
Vulnerability (CVE-2021-20233, CVE-2020-25632, CVE-2020-27779,
CVE-2021-20225, CVE-2020-27749, CVE-2020-25647). However this firmware
does not include the UEFI Microsoft DBX which will revoke UEFI signed images
vulnerable to the Secure Boot Evasion Vulnerability. This is because some Linux
distributions have not released updates that will boot at the time of this
release. If your OS has released fixes for this vulnerability, UEFI Microsoft DBX hashes may be applied manually.
They are available from uefi.org's UEFI
DBX Revocation List.
·
The firmware
update no longer fails to update the monarch BMC if the NFS share link is
broken between client and server while the server firmware is being updated
·
Some
actions, such as DIMM replacement or BIOS parameter changes, may result in BIOS
performing a full memory training at boot time. This training can be
time-consuming. Events have been added to the IEL (Integrated Event Log) that
document the progress of the training
·
Addressed
an issue where a server fully loaded with DDR4 and persistent memory would
become unresponsive and log many MEM_DDR4_SPPR events
Version
1.10.284
ENHANCEMENTS:
·
Added ability to set a BIOS filter to help suppress transient
CPU core throttling messages seen at the operating-system level on servers under CPU intensive workloads
FIXES:
·
Fixed an issue
where PSU fans would run at maximum speed when the chassis had 3 or fewer PSUs
(Power Supply Units) installed
· Persistent single-bit memory errors no longer cause BIOS_ABORT on systems with one DIMM per socket
·
The system no longer
reports PCIe_reduced_bandwidth events when a Pensando DSC 25G card trains at x8 when plugged into a x16
slot
·
If an npar had its npar attribute workloadprofile
set to custom with AdvancedMemProtection set to
mirrored, running ‘npar modify workloadprofile=mc’
no longer fails to switch AdvancedMemProtection back
to ADDDC (Advanced Memory Protection)
·
Addressed an intermittent issue where a multi-chassis system might fail
to reset with a CLI_NPAR_POWER_RESET_FAILED error after running the “reboot npar force” CLI command
Version:
1.10.272
ENHANCEMENTS:
FIXES:
§ Addressed a potential security vulnerability
(CVE-2021-26581) that could be exploited to cause Denial of Service to the web
interface (see Security Bulletin hpesbhf04102)
Version:
1.0.178
ENHANCEMENTS:
·
Added support for Oracle Linux 7.9, 8.2, 8.3 on HPE Superdome Flex 280 servers
FIXES:
·
Updated
Intel microcode to address some hang issues
·
Updated to
OpenSSL 1.0.2x to address vulnerability
CVE-2020-1971
Version:
1.0.164: Initial web release version
FIXES:
· Addressed a rare memory uncorrectable error where a DIMM would experience two DRAM failures while ADDDC was enabled
·
Fixed an issue where a bugcheck
or unexpected process termination would be seen after an uncorrectable memory
error on systems running Microsoft Windows Server 2016
·
Some I/O devices in some configurations require the
firmware to reallocate memory assignments. If the system had a de-configured
CPU socket, this reallocation logic would sometimes cause an assert and the
system would not boot. This is now fixed.
·
Fixed an issue where encountering a
DIMM failure with Sub-NUMA Clustering (SNC)
enabled would result in a CATERR_HOLD event
·
Fixed an issue where a USB 3.0 thumb drive attached to
the system USB port would sometimes come up in 2.0 mode, affecting the boot
option order
·
When the RMC was configured with an IP address in 192.168.x.0/24
subnet (x being a number from 0 to 254) and Zeroconf
(Zero Configuration Networking) was enabled, the following networking
functionality over IPv4 was not working: IPMI over LAN to the RMC, RMC NTP, RMC
DNS look up, Ping from RMC. This is now fixed.
Version: 1.0.152: Initial factory release.