TITLE: HPE Superdome Flex Server Firmware Bundle (for installation from RMC)

VERSION:
Bundle Version: 3.10.174

 

VERSION 3.10.174 contains:  

   COMPLEX_METADATA: 3.10.174
    FWU: 2.10.1-20190501-145448

    NPAR_METADATA: 3.10.174

    RMC: 2.40.108

    RMC_EMMC: 2.40.108

    UV400_BIOS: 7.1.61.20190819_225224

    UV400_BMC: 2.40.108

    UV400_BMC_BASEIO_P0003171_002_PLD: 12.2.32

    UV400_BMC_BASEIO_P0003171_003_PLD: 12.3.35

    UV400_BMC_BMC_P0004912_001_PLD: 10.1.8

    UV400_BMC_EMMC: 2.40.108

    UV400_BMC_FWU_TOOLS: 2.40.108

    UV400_BMC_HARP_P0003240_001_PLD: 11.1.18

    UV400_BMC_NODE_P0001924_003_PLD: 13.3.51

    UV400_BMC_PWR_BRD_1_ENV_PSOC: 36.1.1

    UV400_BMC_PWR_BRD_1_PS_PSOC: 35.1.15

    UV400_HARP_FPGA_1590_B100: 1590_b100-0a

    UV400_HARP_FPGA_1590_B101: 1590_b101-0a

    UV400_HARP_FPGA_1590_B102: 1590_b102-0a

  

DESCRIPTION:
This bundle contains the firmware file for updating the HPE Superdome Flex server firmware from the RMC. This file updates the server BIOS firmware as well as firmware on the RMC (Rack Management Controller) and on the BMCs (Board Management Controller). 

Note: To comply with Open Source requirements, the Open Source used in Superdome Flex RMC/BMC firmware is provided in the tar file foss_SDFlex_2.1.tar.gz (only included for Open Source documentation purpose).

 

UPDATE RECOMMENDATION: Critical

 [ X] Critical                                              

    [X ] Panic, [ ] Hang, [ ] Abort, [ ] Corruption, [ ] Memory Leak, [ ] Performance

    [X ] Security  [ ] Other

    [ ] Hardware Enablement, [ ] Software Enablement

[ ] Required

[ ] Recommended

[ ] Optional

    [ ] Hardware Enablement, [ ] Software Enablement, [ ] non-critical

[ ] Initial Customer Release

 

Note: If the system is running firmware version 3.10.164, then it is not required to upgrade to 3.10.174. System firmware 3.10.164 includes all of the fixes and enhancements defined for 3.10.174. 

 

SUPERSEDES:                                
Version: 3.0.542 (and 3.10.164 – not available online)  

 

PRODUCT MODEL(S):     
HPE Superdome Flex Server

 

OPERATING SYSTEMS: 
Supported on Superdome Flex systems with Intel Xeon® Scalable processors 62XX/82XX:

·       VMware 6.7 U3 on systems with up to 8 sockets

·       Windows Server 2016, 2019 on systems up to 16 sockets 

 

Supported on Superdome Flex systems with Intel Xeon® Scalable processors 61XX/81XX:

·       Windows Server 2016, 2019 on systems up to 16 sockets


LANGUAGES:
International English

ENHANCEMENTS:  

  Note: System firmware 3.10.164 includes all of the enhancements defined for 3.10.174.

   Enhancements in firmware 3.10.164 / 3.10.174:

·       Changed the directory format default setting to “Extra-compressed” mode (1/64th size of the main memory) for optimal performance; this value is configurable, see advisory a00082677 for details

·       On Superdome Flex servers, OneView Managed Mode is supported starting with OneView version 5.0 and firmware version 3.0.512 (see OneView related fix in the Fixes section).

·       Online firmware update is supported when updating from firmware version 3.0.512 (or later) to a later version

·       Added support for Intel Xeon® Scalable processors 6240 and 6246 with firmware 3.10.164 and later

·       Added support of IPv6 addresses in UEFI, BMC and RMC

   October 2019 update:  added support of VMware 6.7 U3 with 61xx/81xx processors

 

FIXES:

    Note: System firmware 3.10.164 includes all of the fixes defined for 3.10.174.

    Fixes in version 3.10.164 / 3.10.174:

·       Latest revision of the Intel microcode which, in combination with operating system and/or hypervisor updates, provides mitigation for a new group of side-channel vulnerabilities known as Micro architectural Data Sampling (MDS). This includes support for mitigating the following vulnerabilities:

CVE-2018-12126 - Micro architectural Store Buffer Data Sampling,

CVE-2018-12130 - Micro architectural Fill Buffer Data Sampling,

CVE-2018-12127 - Micro architectural Load Port Data Sampling, and

CVE-2019-11091 - Micro architectural Data Sampling Uncacheable Memory.

·       Firmware manages setvar settings to further reduce the likelihood of PCIe Completion Timeout (CTO) issues that could lead to MCA’s

·       Addresses a limitation (with firmware 3.0.512 or 3.0.542), when using BIOS settings in OneView 5.00 Server Profile where, if the “DHCPv4” property was enabled, either the system would boot from “IPv4 PXE Server Address” (if configured to a non-default value), or the system would erroneously ignore “Boot from URL 1” and “Boot from URL 2” and proceed to fall back to existing UEFI PXE boot options.

·       Addressed error messages such as “Entry attributes invalid: RO and XP bits both cleared” that were observed at boot time due to some OS versions using tighter access controls

·       IPMI serial over LAN (SOL) now works with IPv6 on the RMC

·       SHOW NETWORK and BASEIOLIST commands now display both the IPv4 and IPv6 addresses for the base IO management port

·       The UEFI shell command “mv” no longer fails to move a file to a destination that already exists

·       When making changes using the UEFI menus, you no longer need to save the change before moving to another menu page in order for the change to be saved

·       Fixed an issue where web console login would fail if the RMC network was not properly configured or not connected to the site network prior to RMC boot

COMPATIBILITY:

·       It is recommended to use this firmware along with HPE Superdome Flex I/O Service Pack version 2019.06 and HFS (HPE Foundation Software) version 2.1 (Linux only) as well as DCD 2.1:

o   See the Superdome Flex support matrix: HPE Superdome Flex Release Sets

·       It is recommended also to install the following OS patches that address the MDS (Micro architectural Data Sampling) CVE-2018-12126, CVE-2018-12127,CVE-2018-12130, CVE-2019-11091 vulnerabilities:

o   SLES 15,12: https://www.suse.com/support/kb/doc/?id=7023736

o   RHEL 8, 7.X: https://access.redhat.com/security/vulnerabilities/mds

o   Oracle Linux / UEK: https://linux.oracle.com/cve/CVE-2018-12130.html

o   VMware: https://www.vmware.com/security/advisories/VMSA-2019-0008.html

o   Windows 2016, 2019: https://support.microsoft.com/en-us/help/4499158/windows-server-2012-update-kb4499158

·       For additional OS specific information, please see:

o   For VMware, the “Running VMware vSphere on HPE Superdome Flex Server” white paper.

o   For Windows, the “Running Microsoft Windows Server on HPE Superdome Flex Server” white paper (for Windows 2016) and “Installing and Running Microsoft Windows Server 2019 on HPE Superdome Flex Server” (for Windows 2019).

o   For Linux, theRunning Linux on HPE Superdome Flex Server” white paper as well as the “HPE Superdome Flex Server OS Installation Guide” at https://www.hpe.com/support/superdome-flex-os

PREREQUISITES:  

1.       Isolate the management network from the normal corporate LAN. This management network should limit and restrict access to your RMC management interfaces using firewall, Accesses control lists (ACLs), or VPN.  This will greatly reduce a large group of security risks, (for example Denial of Service attacks).

2.       Patch and maintain web servers.

3.       Run the up-to-date virus and malware scanners in your network environment

4.       Apply HPE firmware updates as recommended.

 

INSTALLATION INSTRUCTIONS:

Please review all instructions and the "Hewlett Packard Enterprise Support Tool License Terms" or your Hewlett Packard Enterprise support terms and conditions for precautions, scope of license, restrictions, and limitation of liability and warranties, before installing this package. It is important that you read and understand these instructions completely before you begin. This can determine your success in completing the firmware update.

Note: It is highly recommended that firmware updates be executed by Hewlett Packard Enterprise support personnel.

 

Online Firmware Update is available when updating from FW 3.0.512 or later to FW 3.10.174 or later:

·       Server management capabilities will become unavailable until the update completes.

·       The new Partition firmware only gets programmed during the update, and a partition reboot is required to activate it. Therefore it may get activated on one partition at a time.

·       Operation with mixed complex/partition firmware is supported, providing that the complex firmware version is always greater than or equal to the partition firmware.

·       Online firmware downgrade is supported when downgrading to firmware version 3.0.512 or later.

 

Important:

·       DO NOT abort the firmware update once started as this may cause the system to get in an un-usable state. In particular, DO NOT turn off system AC power during a Firmware update.

·       In case a firmware mismatch is displayed after the update, retry the update. If you continue to see failures, please contact HPE support

 

INSTALLATION
1. Copy the firmware file sd-flex-3.10.174-fw.tars to your local computer.
 

2. Follow the instructions below to update the firmware version 3.10.174 on your system.

 

a.       Please verify that the system date is set. If not, set it and check if you have a NTP server up and running as it is used to set the date.

 

b.      For offline FW update only (Skip step b. for online firmware update):
Log into the HPE Superdome Flex Server operating system as the root user, and enter the following command to stop the operating system:
          # shutdown

c.       Login to the RMC as administrator user, provide the password when prompted.

d.      Use of DNS is recommended:
- If using DNS, verify that the RMC is configured to use DNS access by running:
          RMC cli> show dns
   If not, you may use the command “add dns” to configure DNS access (or you can’t use DNS).

- If not using DNS, you will need to specify IP address in the <path_to_firmware>

e.       For offline update only! (Skip step e. for online FW update):
Enter the following command to power off the system
        - If there is only 1 partition, partition 0 is the default:
                 RMC cli> power off npar pnum=0  
         - In case of multiple partitions, enter show npar to find the partition number, then enter:
                RMC cli> power off npar pnum=x, where x is the partition number

f.        Update the firmware by running the command: 
          RMC cli> update firmware url=<path_to_firmware> [exclude_npar_fw]

                   Where <path_to_firmware>  specifies the location to the firmware file that you previously
                   downloaded. You can use https, sftp or scp with an optional port. For instance:
                         RMC cli> update firmware url=scp://username@myhost.com/sd-flex-<version>-fw.tars
                         RMC cli> update firmware url=sftp://username@myhost.com/sd-flex-<version>-fw.tars
                         RMC cli> update firmware url=https://myhost.com/sd-flex-<version>-fw.tars
                         RMC cli> update firmware url=https://myhost.com:123/sd-flex-<version>-fw.tars

                    And where exclude_npar_fw is used to not update the BIOS firmware running on an nPar.

                    Note: The CLI does not accept clear text password, the password has to be manually typed in.
                    Note: To use a hostname like ‘myhost.com’, RMC must be configured for DNS for name
                             resolution, otherwise you need to specify the IP address of ‘myhost.com’ instead. See
                             the command ‘add dns’ for more information.

g.       Wait for RMC to reboot after a successful firmware update, then check the new firmware version installed by running:
         RMC cli> show firmware verbose
 Note: The nPar firmware version will not be updated until the next nPar reboot. See output under “DETERMINING CURRENT VERSION” below.

h.      For online FW update, reboot the Partition when convenient to activate the new nPar firmware:
- To reboot a partition or multiple partitions, enter:
                RMC cli>  reboot npar pnum=x, where x is the partition number or 0 for a single
                                 partition chassis numbered 0

For offline FW update, Power on the system or partition:
 - To power on a system configured with all chassis in one large nPartition numbered 0, enter:
                    RMC cli>  power on npar pnum=0.
 - If you have multiple npars, each npar can be powered on separately using:
                   RMC cli>  power on npar pnum=x, where x is the partition number.

 

DETERMINING CURRENT VERSION:
To check or verify the current firmware levels on the system, from the CLI, enter the RMC command:  
         RMC cli> show firmware
                Configured complex bundle version: 3.10.174

                Configured npar bundle version: 3.10.174

 

         Firmware on all devices matches the configured version.

 

         nPars running a different version until their next reboot:

                    nPar 0: 3.0.542         (Note: One line is displayed for any nPar not rebooted yet)

 

   Note: If online FW update was used and some nPars have not been rebooted yet, the command
              now lists the prior FW version still active on these nPar’s.

    Note: If you want to see all the components’ versions, you may use “show firmware verbose”.

 

KNOWN ISSUES & WORKAROUNDS:  

·       The UEFI shell accepts invalid directory names such as ‘..’ appended to a valid directory name. Workaround: Retry using a proper directory name.

·       The UEFI shell command ‘dh’ fails to display EFI_DEVICE_PATH_PROTOCOL information for some device handles. It also displays “IPv6 (Not Available)” for devices including IPv6 device path node information.

·       If the BMC stops responding, a watchdog timer resets it to recover automatically with an event BMC_RESET_BY_WATCHDOG. This event reflects that normal BMC operation has resumed and it may be ignored. 

·       The BMC may occasionally reboot to recover from a software error condition. If a BMC_KERNEL_PANIC is logged, you may ignore it as it does not affect system operation.

·       Virtual Media connection may cause slow-boot. Workaround: Disconnect Virtual Media to resolve the slow boot. In general, it is recommended to disable Virtual Media when not needed.

·       Virtual Media does not support UEFI reconnect -r command.
Workaround: After attaching Virtual Media to the partition, use POWER RESET to reset the partition and activate Virtual Media.

·       By default, the Virtual Media instance setting for CD/DVD and hard disk are set to 0. To use virtual media, CD/DVD must be set to at least 1. For more details, refer to the Superdome Flex OS installation guide (http://www.hpe.com/support/superdome-flex-os)

·       The JViewer application VMedia hard disk size must be between 4 MB and 512 MB. If any larger size is needed, create an ISO and mount it via the CD/DVD tab.

·       Mac OS browsers (Safari, etc) are not supported on KVM and JViewer. Use Windows Internet Explorer, Firefox and Chrome instead.

·       Right after nPar creation, the partition status may show as Unknown due to a delay in status update. Workaround: Run SHOW NPAR command to check the nPar status.

·       Failure due to timeout during directed pxe boot when directed PXE boot is requested and the PXE server is not enabled to respond to the DHCPINFORM message request. You must use a PXE server that supports DHCPINFORM message requests.

·       When upgrading firmware from version 2.4.98, a unique certificate per RMC/eRMC is re-generated. For systems using OneView, the RMC’s older certificate residing in OneView’s trust store will become stale and communication with the RMC will not succeed.
Workaround: To restore OneView to RMC communication after updating from version 2.4.98, follow the steps below (to address it before update, see pre-requisites):

In OneView instance,

i) go to Settings -> Security

ii) Click Manage certificates button.

iii) Delete the RMC certificate from the list.

iv) Initiate rack manager refresh

·       The CLI provides a convenient ‘ipmi’ wrapper script. However, serial over lan (SOL) is not supported by this convenient ‘ipmi’ command. Attempting to activate partition console via ‘ipmi command=”sol activate”’ will fail with the message: “Error: This command is only available over the lanplus interface”. User should use CLI ‘connect npar’ or ‘uvcon’ to connect to partition console.

 

For more details on accessing and managing the system, see the HPE Superdome Flex user documentation located at this link.

 

DISCLAIMER:
The information in this document is subject to change without notice.
Hewlett Packard Enterprise makes no warranty of any kind with regard to this material, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Hewlett Packard Enterprise shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material.

This document contains proprietary information that is protected by copyright. All rights are reserved. No part of this document may be reproduced, photocopied, or translated to another language without the prior written consent of Hewlett Packard Enterprise.

(C) Copyright 2017-2019 Hewlett Packard Enterprise Development L.P.

 

SUPERSEDES HISTORY:
Version 3.0.542:

ENHANCEMENTS:  

June 2019: Release notes were updated to add some fixes and known issues and add a link to the Superdome Flex Support Matrix (Release Sets).

 

FIXES:

Version 3.0.542:

 

Version 3.0.512:

ENHANCEMENTS:

·       Added support for Intel Xeon® Scalable processors 8280, 8276, 8270, 8268, 8260, 8256, 6254, 6252, 6248, 6244, 6242, 6240, 6230; requires firmware version 3.0.512 or later

·       Added support for Windows 2019 on systems with Intel Xeon® Scalable processors 62XX/82XX

·       Added support for IPv6 USGv6

·       On 4 socket systems, TEST FABRIC now displays a warning instead of an error message when the 3 Numa Link loop back cables are not installed.

·       Superdome Flex internal management network uses by default 172.16.0.0/16, 172.30.50.0/24 and 172.30.60.0/24 subnets. However, the RMC “set network internal” command now allows to change these subnets to any legal subnet.

·       APPWT limit has been increased to the 29 WT (Weighted Teraflops) threshold, effective since October 2018

 

Note:

·       Default NIC naming differs on systems with Intel Xeon® Scalable processors 62XX/82XX versus 61XX/81XX. On servers with 62XX/82XX processors, NIC naming is based on udev property “ID_NET_NAME_SLOT”. This was introduced with firmware 3.0.542. On systems with 61XX/81XX processors, NIC naming continues to be based on “ID_NET_NAME_PATH” and there is no impact after updating to 3.0.542. However, if customers wish to use the consistent device naming standard on systems with  61XX/81XX processors, then they can follow the steps in the DETAILS section of the customer notice https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00075568en_us

·       The RMC factory default password has been changed from a common password to a random password, unique on each system, provided on a label on the rear of the RMC or eRMC base chassis. For details, see advisory a00073630.

·       The web console, virtual media, and JViewer default login now use the RMC/eRMC administrator account and password. The user 'admin' can no longer login to the web console.

FIXES:

·       Provided enhancements and multiple fixes in memory and IO error handling to help prevent MCAs

·       Addressed occurrences of MCAs, BIOS HALTs due to HWERR, and ASSERTs at boot time

·       Addressed a number of false critical alerts that were seen at boot or after a power cycle

·       Addressed an eRMC hang after a MC warm reset is triggered from ipmitool

 

SUM 8.4.0 fixes:

·       SUM version 8.4.0 fixed an issue where SUM would falsely report that update had completed less than 2 minutes after deployment had started.

 

Version 2.5.314:

ENHANCEMENTS:

·       None

FIXES:

·       CRITICAL: Fixed an issue where a system under heavy workload would sometimes MCA with error messages such as "Fatal Link Timeout to PCIe Device" and "LER_ENTERED".

·       CRITICAL: Optimized memory controller for RAS features to prevent MCA’s when a system is under a heavy workload and a DIMM sparing operation is required.

·       Addressed the privilege escalation vulnerability CVE-2018-12204

 

Version 2.5.300:

ENHANCEMENTS:

FIXES:

·       Updated to latest Intel microcode

·       Firmware update no longer reports an error when updating chassis with rack number greater than 9

·       Extended range of rack numbers supported from 0 to 254

 

Version 2.5.90:

FIXES:

·       Firmware version 2.5.290 resolves certain potential unexpected system behavior when operating the Superdome Flex system or nPar(s) in HPC mode. For systems or partitions running in HPC mode, the frequency of system memory errors may increase after the update. These memory errors will be fully visible in memlog.  HPE strongly recommends that customers run in RAS mode, but if they elect to continue using HPC mode, they should update to this firmware version to eliminate the risk of unintended side effects from memory correction including possible system crashes. Refer to this advisory for more details.

 

Version 2.5.80:

ENHANCEMENTS:

FIXES:

The following issue has been addressed in firmware version 2.5.280:

·       Fixed an issue where a bugcheck or unexpected process termination would be seen after an uncorrectable memory error on systems running Microsoft Windows Server 2016.

 

The following issues have been addressed in firmware version 2.5.270 and later:

Version 2.5.256:

FIXES:

-       L1 Terminal Fault - OS, SMM (CVE-2018-3620). Please note this mitigation also requires operating system software updates.

-       L1 Terminal Fault - OS, VMM (CVE-2018-3646). Please note this mitigation also requires operating system software updates, and VMM software updates.

-       For more information, see the bulletin a00055017en  

Version 2.5.246:

ENHANCEMENTS:  

·       Added support for CPU models 8170M, 8170, 8168, 6140, 6140M, 6150, 6142M, 6142, 6138

·       Added support for 24 and 28 socket configurations (in addition to 4, 8, 12, 16, 20 and 32)

·       Added partitioning (nPAR) support with ability to convert non partitioned systems to partitionable

·       Added support for HPE Ethernet 10Gb 2-port 562T adapter, 32Gb Fibre Channel SN1600Q, SN1600E HBAs

·       Added support for Windows Server 2016 with up to 16 sockets

·       Added support for RHEL 7.5

·       Added support for VMware 6.5 U2

·       Added support for Oracle VM 3.4.4

·       Added new security and management features (secure boot, SSH upgrade, reduced port usage)

·       Added support for offline firmware update via SUM (Smart Update Manager)

·       Added support for OneView monitoring (requires OneView version 4.1 or later)

·       Added support for provisioning OS with redfish using the OpenStack Ironic  (Requires Openstack Ironic version ‘Pike’  or later)

·       Enhances security with SSH

FIXES:

·       New BIOS addresses the following known vulnerabilities, CVE-2018-3639 and CVE-2018-3640.

·       Fixed an issue where the firmware update would fail on rare occasions to update the BIOS image.

·       Some IO errors no longer cause an incorrect decoding to be logged in the Integrated Event Log with the string “[physloc_err=5]”.

·       Fixed an issue where rebooting the Board Management Controller (BMC) when the Operating System was Running would cause the BMC to stop responding.

·       Fixed an issue on 2-socket clump systems (i.e. chassis with Intel Intel Xeon® Scalable 61xx series processors installed) where the fans would jump to maximum speed and remain there if the BMC was rebooted with the system power on.

·       The ‘SHOW UVDMP’ command always displayed one screen at a time and require user to interact with the keyboard to move to the next page, even with the CLI in script mode. This is now fixed.

·       IPMI watchdog is unsupported and can no longer be enabled. This prevents an issue seen in prior versions where a multi-chassis reboot from OS would fail when IPMI watchdog was enabled.

·       Fixed a syntax issue allowing to use the CLI ADD LOCATION command with “module=rmc” on eRMC.


Version 2.4.98:

FIXES:
BIOS:

·       Updated Intel microcode to address CVE-2017-5715

·       Some I/O Fatal errors (e.g. Malformed TLP, RxOverflow, FlowCntl, DLLP, etc) detected at the End Point device no longer cause an MCA and the system now allows OS recovery instead of rebooting.

 

Version 2.3.132:

FIXES:

·       Removed the Intel microcode that was issued to address the Spectre/Meltdown security vulnerability, which Intel then asked vendors not to use (see Intel guidance here).

 

Version 2.3.122:   REMOVED due to Intel microcode issue.

FIXES:

·       Fixed an issue where the eRMC SET FACTORY command could cause the eRMC to become unusable while trying to initialize the configuration flash partition. The SET FACTORY command is now supported on eRMC.

·       Fixed an issue where CAE service event id #306 (uncorrectable memory data read error) incorrectly encoded DIMM group number, causing the wrong DIMM to be indicted.

Version 2.3.110: REMOVED due to Intel microcode issue.
FIXES:

The following issues were fixed:

·       Addresses security vulnerability CVE-2017-5715; see updates in this advisory.

·       DCD was not supported with firmware version 2.3.94.

·       The eRMC uses NTP daemon internally to keep the management times synchronized. The internal NTP daemon usage is very limited in scope, but is of older ntpd version (4.2.6p5). As a result of older ntpd version, security scanner may falsely flag vulnerabilities that are not applicable to Superdome Flex eRMC system. To mitigate security impact, follow HPE required security best practices.

·        When BIOS de-configures a DIMM, the eRMC will correctly record the data, but will incorrectly return no de-configuration the next time BIOS boots. This incorrect information causes BIOS to retrain the DIMM and attempt to use it. Marginal DIMM may sometime pass the retrain and be included in the system for OS use. Because the DIMM is marginal, it may fail at a later time and cause the OS to crash. To minimize the chance of marginal DIMM being used at next boot, run SHOW DECONFIG and SHOW INDICT after the system is booted and replace any DIMM that has been indicted and de-configured.

·       Memory on some sockets may be in SDDC mode instead of the intended ADDDC mode

 

Version: 2.3.94: Initial version.

FEEDBACK
As we are continuing to improve the firmware management process we welcome your feedback on this document and on the firmware update process: TEAM-FWupdateFeedback@groups.ext.hpe.com