TITLE: HPE Superdome Flex Server Firmware Bundle (for installation from RMC)

VERSION:
Bundle Version: 3.25.46

 

VERSION 3.25.46 contains:  

   COMPLEX_METADATA: 3.25.46
    FWU: 2.20.3-20190829-142308

    NPAR_METADATA: 3.25.46

    RMC: 2.57.105

    RMC_EMMC: 2.57.105

    UV400_BIOS: 7.2.132.20200423_212505

    UV400_BMC: 2.57.105                      

    UV400_BMC_BASEIO_P0003171_002_PLD: 12.2.32

    UV400_BMC_BASEIO_P0003171_003_PLD: 12.3.35

    UV400_BMC_BMC_P0004912_001_PLD: 10.1.8

    UV400_BMC_EMMC: 2.57.105

    UV400_BMC_FWU_TOOLS: 2.57.105

    UV400_BMC_HARP_P0003240_001_PLD: 11.1.19

    UV400_BMC_NODE_P0001924_003_PLD: 13.3.57                                

    UV400_BMC_PWR_BRD_1_ENV_PSOC: 36.1.1

    UV400_BMC_PWR_BRD_1_PS_PSOC: 35.1.16

    UV400_HARP_FPGA_1590_B100: 1590_b100-0a

    UV400_HARP_FPGA_1590_B101: 1590_b101-0a

    UV400_HARP_FPGA_1590_B102: 1590_b102-0a

 

DESCRIPTION:
This bundle contains the firmware file for updating the HPE Superdome Flex server firmware from the RMC. This file updates the server BIOS firmware as well as firmware on the RMC (Rack Management Controller) and on the BMCs (Board Management Controller). 

Note: To comply with Open Source requirements, the Open Source used in Superdome Flex RMC/BMC firmware is provided in the tar file foss_SDFlex_2.3.tar.gz (only included for Open Source documentation purpose).

 

UPDATE RECOMMENDATION: Critical

 [X ] Critical                                              

    [X ] Panic, [ ] Hang, [ ] Abort, [ ] Corruption, [ ] Memory Leak, [ ] Performance

    [X  ] Security  [ ] Other

    [ ] Hardware Enablement, [ ] Software Enablement

[ ] Required

[ ] Recommended

[ ] Optional

    [ ] Hardware Enablement, [ ] Software Enablement, [ ] non-critical

[ ] Initial Customer Release

 

SUPERSEDES:                                
Version: 3.20.206  

 

PRODUCT MODEL(S):     
HPE Superdome Flex Server

 

OPERATING SYSTEMS: 
Supported on Superdome Flex systems with Intel Xeon® Scalable processors 62XX/82XX (Cascade Lake):
      Supported with DDR4:


Supported with PMM (HPE Persistent Memory): 

 

 (*) Note:

 - UEK6 will be included in the ISO only starting with RHEL version 8.2; for prior versions (e.g. 7.8, 8.1), you need to install the Red Hat Compatible Kernel for that version, then use YUM   to install UEK6, then select UEK6 to load at boot.

- You can directly update from OL 7.7 to OL 7.8 while remaining on UEK5 because UEK5 is included in RHEL 7.8 ISO, like on prior RHEL versions.

 

Note: For latest information on configurations supported with PMM (HPE Persistent Memory), see the HPE Persistent Memory Guide for HPE Superdome Flex as well as the white papers Installing and Running Microsoft Windows Server 2019 on HPE Superdome Flex Server” and “Running Linux on HPE Superdome Flex Server”.


Supported on Superdome Flex systems with
Intel Xeon® Scalable processors 61XX/81XX (Skylake):
      Supported with DDR4 DIMMs only (no support of PMM)
:

 

     Note: For more details on VMware support and certifications, check the Running VMware vSphere on HPE Superdome Flex Server white paper.


LANGUAGES:

International English

ENHANCEMENTS:    

·       Added support for RHEL 7.8

·       Added iSCSI software initiator based boot support with HPE InfiniBand EDR/Ethernet 100Gb 2-port 841QSFP28 Adapter (872726-B21) on SLES 12 SP3, SP4 , SLES 15 SP1 and supported RHEL releases

·       Support Openstack HTTP boot and Openstack T release

·       Support sector mode for HPE Persistent Memory

·       Supports Windows Server 2019 with 16 socket/24 TB of HPE Persistent Memory 

·       Added IPMI watchdog functionality; the CLI command 'set ipmi_watchdog os_managed' command may be used to enable it

·       Support in-band IPMI power operations such as power cycle, power off, power soft

·       Includes some uvdmp improvements

·       June 2020 update:

o   Added support for RHEL 8.2

o   Added support for OL 7.8 and OL 8.1 with UEK6

o   Removed Windows 2019 support on 61XX/81XX (unsupported)

·       September 2020 update:

o   Added support for SLES 15 SP2

·       October 2020 update:

o   Added support for RHEL 7.9

o   Added support for RHEL 8.2 and OL 8.1 on systems with Intel Xeon® Scalable processors 81XX/61XX

·       December 2020 update:

o   Added support for RHEL 8.3  on systems with Intel Xeon® Scalable processors 82XX/62XX

o   Added support for VMware 6.7 U3 on systems with Intel Xeon® Scalable processors 82XX/62XX and Persistent Memory

o   Added Intel microcode issue under "Known Issues"

 

FIXES:  

·       The BIOS in firmware version 3.25.46 includes updated Intel microcode that addresses some crashes caused by DDR4 memory errors. In particular, this updated microcode addresses a Machine Check Exception timeout failure when Fast Fault Tolerant Memory Mode (ADDDC) is enabled. This issue is not unique to HPE servers.

·       The updated microcode (0x2f00 on systems with 62xx/82xx processors and 0x6901 for systems with 61xx/81xx processors) also addresses security vulnerability CVE-2020_0549

·       System now reports event 1210 in case of MCA due to some uncorrected memory errors

·       The grub2 boot loader menu now successfully launches when booting grub2 boot loader via UEFI HTTP boot and when booted via either fully qualified domain name URL or via IP address URL

·       Addressed boot issues. Monarch chassis would fail to boot with erroneous "PLD or PSOC not detected" message. Other chassis would boot but nPar would be missing the chassis resources

·       Users can now successfully mount ISO images in Jviewer when the RMC/eRMC password contains one or more of %, #, or & characters

·       Dot ​(.) ​character is ​now ​accepted ​as ​part ​of ​LDAP ​User/Group ​names ​in ​Superdome ​Flex ​Server ​RMC/eRMC ​CLI

·       FRU data for HPE PCIe cards installed in slot 16 are now properly read and "SHOW CHASSIS INFO” no longer returns fields as “Unknown”

 

COMPATIBILITY:

·       Monitoring and management of HPE Superdome Flex servers with firmware version 3.20.186 or later is supported only starting from OneView version 5.00.

·       It is recommended to use this firmware along with HPE Superdome Flex I/O Service Pack version 2020.05 and HFS (HPE Foundation Software) version 2.3.2 (Linux only) as well as the latest DCD version:

o   See the Superdome Flex support matrix: HPE Superdome Flex Release Sets

·       For additional OS specific information, please see:

o   For VMware, the “Running VMware vSphere on HPE Superdome Flex Server” white paper.

o   For Windows, the “Running Microsoft Windows Server on HPE Superdome Flex Server” white paper (for Windows 2016) and “Installing and Running Microsoft Windows Server 2019 on HPE Superdome Flex Server” (for Windows 2019).

o   For Linux, theRunning Linux on HPE Superdome Flex Server” white paper as well as the “HPE Superdome Flex Server OS Installation Guide” at https://www.hpe.com/support/superdome-flex-os

PREREQUISITES:  

1.       Isolate the management network from the normal corporate LAN. This management network should limit and restrict access to your RMC management interfaces using firewall, Accesses control lists (ACLs), or VPN.  This will greatly reduce a large group of security risks, (for example Denial of Service attacks).

2.       Patch and maintain web servers.

3.       Run the up-to-date virus and malware scanners in your network environment

4.       Apply HPE firmware updates as recommended.

 

INSTALLATION INSTRUCTIONS:

Please review all instructions and the "Hewlett Packard Enterprise Support Tool License Terms" or your Hewlett Packard Enterprise support terms and conditions for precautions, scope of license, restrictions, and limitation of liability and warranties, before installing this package. It is important that you read and understand these instructions completely before you begin. This can determine your success in completing the firmware update.

Note: It is highly recommended that firmware updates be executed by Hewlett Packard Enterprise support personnel.

 

Note: HPE provides three methods for updating the server firmware, from the RMC CLI, using SUM or using Oneview. If you need help selecting a method, please see the “Firmware Update” section in the Superdome Flex Server Manageability white paper.

 

Online Firmware Update is available when updating from FW 3.0.512 or later:

·       Server management capabilities will become unavailable until the update completes.

·       The new Partition firmware only gets programmed during the update, and a partition reboot is required to activate it. Therefore it may get activated on one partition at a time.

·       Operation with mixed complex/partition firmware is supported, providing that the complex firmware version is always greater than or equal to the partition firmware.

·       Online firmware downgrade is supported when downgrading to firmware version 3.0.512 or later.

 

Important:

·       DO NOT abort the firmware update once started as this may cause the system to get in an un-usable state. In particular, DO NOT turn off system AC power during a Firmware update.

·       In case a firmware mismatch is displayed after the update, retry the update. If you continue to see failures, please contact HPE support

 

INSTALLATION

To update server firmware from the RMC CLI:
1. Copy the firmware file sd-flex-3.25.46-fw.tars to your local computer.
 

2. Follow the instructions below to update the firmware to version 3.25.46 on your system.

 

a.       Please verify that the system date is set. If not, set it and check if you have a NTP server up and running as it is used to set the date.

 

b.      For offline FW update only (Skip step b. for online firmware update):
Log into the HPE Superdome Flex Server operating system as the root user, and enter the following command to stop the operating system:
          # shutdown

c.       Login to the RMC as administrator user, provide the password when prompted.

d.      Use of DNS is recommended:
- If using DNS, verify that the RMC is configured to use DNS access by running:
          RMC cli> show dns
   If not, you may use the command “add dns” to configure DNS access (or you can’t use DNS).

- If not using DNS, you will need to specify IP address in the <path_to_firmware>

e.       For offline update only! (Skip step e. for online FW update):
Enter the following command to power off the system
        - If there is only 1 partition, partition 0 is the default:
                 RMC cli>
power off npar pnum=0  
         - In case of multiple partitions, enter show npar to find the partition number, then enter:
                RMC cli>
power off npar pnum=x, where x is the partition number

f.        Update the firmware by running the command: 
          RMC cli>
update firmware url=<path_to_firmware> [exclude_npar_fw]

                   Where <path_to_firmware>  specifies the location to the firmware file that you previously
                   downloaded. You can use https, sftp or scp with an optional port. For instance:
                        
RMC cli> update firmware url=scp://username@myhost.com/sd-flex-<version>-fw.tars
                        
RMC cli> update firmware url=sftp://username@myhost.com/sd-flex-<version>-fw.tars
                        
RMC cli> update firmware url=https://myhost.com/sd-flex-<version>-fw.tars
                        
RMC cli> update firmware url=https://myhost.com:123/sd-flex-<version>-fw.tars

                    And where exclude_npar_fw is used to not update the BIOS firmware running on an nPar.

                    Note: The CLI does not accept clear text password, the password has to be manually typed in.
                    Note: To use a hostname like ‘myhost.com’, RMC must be configured for DNS for name
                             resolution, otherwise you need to specify the IP address of ‘myhost.com’ instead. See
                             the command ‘add dns’ for more information.

g.       Wait for RMC to reboot after a successful firmware update, then check the new firmware version installed by running:
        
RMC cli> show firmware verbose
 Note: The nPar firmware version will not be updated until the next nPar reboot. See output under “DETERMINING CURRENT VERSION” below.

h.      For online FW update, reboot the Partition when convenient to activate the new nPar firmware:
- To reboot a partition or multiple partitions, enter:
                RMC cli>  reboot npar pnum=x, where x is the partition number or 0 for a single
                                 partition chassis numbered 0

For offline FW update, Power on the system or partition:
 -
To power on a system configured with all chassis in one large nPartition numbered 0, enter:
                    RMC cli>  power on npar pnum=0.
 - If you have multiple npars, each npar can be powered on separately using:
                   RMC cli>  power on npar pnum=x, where x is the partition number.

 

DETERMINING CURRENT VERSION:
To check or verify the current firmware levels on the system, from the CLI, enter the RMC command:  
         RMC cli> show firmware
                Configured complex bundle version: 3.25.46

                Configured npar bundle version: 3.25.46

 

         Firmware on all devices matches the configured version.

 

         nPars running a different version until their next reboot:

                    nPar 0: 3.20.206        (Note: One line is displayed for any nPar not rebooted yet)

 

   Note: If online FW update was used and some nPars have not been rebooted yet, the command
               lists the prior FW version still active on these nPar’s.

   Note: If you want to see all the components’ versions, you may use “show firmware verbose”.

 

Downgrading firmware:

Note: Downgrading firmware is not recommended as it may cause a loss of functionality and expose the system to vulnerabilities fixed in later versions. If you need to downgrade, here are some guidelines:

- After online downgrade completes, you will need to reboot the nPAR using the “reboot npar pnum=x” command to activate the newly installed BIOS.

- After offline downgrade completes, power on the system or nPAR using the “power on” command.

 

KNOWN ISSUES & WORKAROUNDS:  

·       Due to faulty Intel microcode (02006a08 for Skylake, 04003003 or 05003003 for Cascade Lake), Superdome Flex servers running with these microcode versions may stop running, fail to boot or experience random de-configuration of processors and/or processor cores. The following OS versions are affected:

o   SLES 15 SP2: ucode-intel-20201110-2.10.1.x86_64,  ucode-intel-20201118-2.13.1.x86_64

o   SLES 12 SP5: ucode-intel-20201110-3.23.1.x86_64,  ucode-intel-20201118-2.13.1.x86_64

o   RHEL : microcode_ctl-2.1-73.2.el7_9.x86_64.rpm,  microcode_ctl-20200609-2.el8.x86_64.rpm

o   Windows Server 2016: KB4589210

o   Windows Server 2019: KB4589208 

For details and workaround, see Customer Advisory a00108899

·       On systems running with SLES 15 SP1 or 15 SP2, an IO card may rarely go offline with the console log showing a message “Device recovery failed”. An OS reboot is required to recover.

·       Installation of Windows Server 2019 on a 16 socket partition with Hyper-Threading enabled may take hours on servers with hundreds of logical processors. Workaround: Either disable Hyper-Threading prior to installing the OS (and re-enable it after OS is installed), or modify to an 8 (or less) socket partition, install the OS, and change back to a 16 socket partition after the OS is installed.

·       On systems (8 or 16 socket) configured with PMM (HPE Persistent Memory) and running with Windows 2019, a BSOD (Blue Screen of Death) may be intermittently encountered while creating or deleting namespaces using new-pmemdisk or remove-pmemdisk powershell cmdlets. When this occurs, the following bug check happens: STOP 0x00000101 CLOCK_WATCHDOG_TIMEOUT. Workaround: Retry the operation after the system comes back up.

·       From the Device Manager’s iSCSI configuration menu, “Add an attempt” is used to create iSCSI boot attempt entries. The firmware currently supports a maximum of 8 entries. Adding a 9th entry results in a SFW assertion.

·       A BIOS ASSERT may be encountered when performing PXE boot from Microsoft Windows Deployment Services, if the user attempts to select ESC in the menu displayed by Windows Boot Manager. Workaround: Do not exit the menu using the ESC key.

·       After a RMC reboot, Insight Remote Support (IRS) may not collect all the inventory data. Workaround: Rediscover the missing device in IRS (in IRS console, under Devices, check all the devices from the Device Summary TAB and select Discover); for information on Insight Remote Support, see “Manage Devices” in the IRS Help.

·       A Superdome Flex server may rarely crash during boot due to a timeout occurring in the BIOS. When this happens, the system will automatically reboot and recover.

·       Firmware update with certificate checking enabled is not supported with OneView or SUM (SUM does not support providing a certificate for client verification). Workaround: disable certificate checking prior to updating firmware with SUM or OneView.

·       Superdome Flex server registration with IRS fails if the system is configured with certificate checking enabled. Workaround: Install IRS patch 7.10 to fix the issue.

·       Deconfigured PMMs in the expansion chassis may at times result in multiple persistent memory regions being inaccessible to the OS. User should call HPE Support to check on the reason for the deconfigured PMM and get it addressed.  

·       After a PMM becomes deconfigured, Windows Server 2019 may not be able to access PMM logical devices if the PMM region is setup in the default AppDirect (interleaved) mode, causing the PMM disk data to be inaccessible. Workaround: Do not use the interleaved mode. Also call HPE Support to check on the reason for the deconfigured PMM and get it addressed. 

·       Whenever an nPAR is created, removed, or modified that results in a change in monarch chassis, all existing Redfish sessions will immediately expire. Redfish client will need to re-authenticate with the Superdome Flex Redfish to establish a new Redfish session.

·       The UEFI shell accepts invalid directory names such as ‘..’ appended to a valid directory name. Workaround: Retry using a proper directory name.

·       The UEFI shell command ‘dh’ fails to display EFI_DEVICE_PATH_PROTOCOL information for some device handles. It also displays “IPv6 (Not Available)” for devices including IPv6 device path node information.

·       If the BMC stops responding, a watchdog timer resets it to recover automatically with an event BMC_RESET_BY_WATCHDOG. This event reflects that normal BMC operation has resumed and it may be ignored. 

·       The BMC may occasionally reboot to recover from a software error condition. If a BMC_KERNEL_PANIC is logged, you may ignore it as it does not affect system operation.

·       Virtual Media connection may cause slow-boot. Workaround: Disconnect Virtual Media to resolve the slow boot. In general, it is recommended to disable Virtual Media when not needed.

·       Virtual Media does not support UEFI reconnect -r command.
Workaround: After attaching Virtual Media to the partition, use POWER RESET to reset the partition and activate Virtual Media.

·       By default, the Virtual Media instance setting for CD/DVD and hard disk are set to 0. To use virtual media, CD/DVD must be set to at least 1. For more details, refer to the Superdome Flex OS installation guide (http://www.hpe.com/support/superdome-flex-os)

·       The JViewer application VMedia hard disk size must be between 4 MB and 512 MB. If any larger size is needed, create an ISO and mount it via the CD/DVD tab.

·       Mac OS browsers (Safari, etc) are not supported on KVM and JViewer. Use Windows Internet Explorer, Firefox and Chrome instead.

·       Right after nPar creation, the partition status may show as Unknown due to a delay in status update. Workaround: Run SHOW NPAR command to check the nPar status.

·       Failure due to timeout during directed pxe boot when directed PXE boot is requested and the PXE server is not enabled to respond to the DHCPINFORM message request. You must use a PXE server that supports DHCPINFORM message requests.

·       When upgrading firmware from version 2.4.98, a unique certificate per RMC/eRMC is re-generated. For systems using OneView, the RMC’s older certificate residing in OneView’s trust store will become stale and communication with the RMC will not succeed.
Workaround: To restore OneView to RMC communication after updating from version 2.4.98, follow the steps below (to address it before update, see pre-requisites):

In OneView instance,

i) go to Settings -> Security

ii) Click Manage certificates button.

iii) Delete the RMC certificate from the list.

iv) Initiate rack manager refresh

·       The CLI provides a convenient ‘ipmi’ wrapper script. However, serial over lan (SOL) is not supported by this convenient ‘ipmi’ command. Attempting to activate partition console via ‘ipmi command=”sol activate”’ will fail with the message: “Error: This command is only available over the lanplus interface”. User should use CLI ‘connect npar’ or ‘uvcon’ to connect to partition console.

 

For more details on accessing and managing the system, see the HPE Superdome Flex user documentation located at this link.

 

DISCLAIMER:
The information in this document is subject to change without notice.
Hewlett Packard Enterprise makes no warranty of any kind with regard to this material, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Hewlett Packard Enterprise shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material.

This document contains proprietary information that is protected by copyright. All rights are reserved. No part of this document may be reproduced, photocopied, or translated to another language without the prior written consent of Hewlett Packard Enterprise.

(C) Copyright 2017-2020 Hewlett Packard Enterprise Development L.P.

 

SUPERSEDES HISTORY:
Version 3.20.186/3.20.206:
ENHANCEMENTS:  

February 2020 update:

·       Server firmware 3.20.186 and later supports also Oracle VM 3.4.6


December 17, 2019 update:

·       Firmware version 3.20.186 and later includes mitigation for CVE-2019-14607 in the Intel Microcode.

In firmware version 3.20.206:

·       POWER_SUPPLY_INPUT_LOST (event 1106) is now generated in case of loss of AC input to the chassis power supply.

·       When inserting a power supply, POWER_SUPPLY_TYPE_PROBE_FAILED (event 1111) is now generated in case the power supply is detected but FRU data cannot be read, likely because the power supply needs reseating.

 

In Firmware version 3.20.186 (not available as web release):

·       Supports 128/256/512 GB Intel PMM (HPE Persistent Memory Module):

o   For details on supported PMM configurations, see the HPE Persistent Memory Guide for HPE Superdome Flex.

§  Supported with Intel Xeon processors 82xx/62xx only

§  Support of App direct mode on 4/8/16 socket systems  

§  For OS support, see the Operating Systems section above

o   Supports management and configuration of PMM’s

o   Supports PMM related events and logging as well as health monitoring and reporting

o   Supports creation of XFS root file system for Linux on PMM

·       Supports additional CPUs: 6226, 8253

·       Supports additional OS’es: RHEL 8.1, Oracle UEK 7.7, SLES 12 SP5 

·       Supports new I/O cards:

o   RTx 8000 GPU

o   HPE Infiniband HDR/Ethernet 200GB 1-port  & HDR100/Ethernet 100GB 1-port/2-port 940QSFP56

·       Improved manageability using Redfish and Openstack Ironic release (see HPE Superdome Flex Manageability white paper)

·       Improved security: supports certificate checking on web console and Redfish connections

o   Note: Certificate checking is not supported with SUM or OneView; you need to disable certificate checking prior to updating firmware

·       Improved BMC stability by significantly reducing occurrences of random BMC reboots

·       Improved diagnosing of damaged cables while preventing mis-diagnosis of other parts

·       Improved chassis power supply AC loss handling and reporting

·       Improved power supply redundancy reporting

·       Supports RMC power supply fault as well as thermal fault reporting

 

FIXES:
Fixes in 3.20.206:  

·       Addresses an issue where an error occurring on PMMs (HPE Persistent Memory) in the expansion chassis would rarely result in unexpected behavior, including an OS crash

·       Fixed an issue where deconfigured PMMs in any chassis would prevent Windows Server 2019 from accessing any PMM devices (physical or logical), resulting in users being unable to see any physical or logical PMM devices in device manager, or in the output of Windows PowerShell cmdlets Get-PmemPhysicalDevice or Get-PmemDisk, and PMM disk data being inaccessible.


Fixes in 3.20.186 (not available as web release):

·       Critical - Addressed an issue seen with 64GB DDR4 DIMMs in socket 0 and using 2 DIMMs per channel, where ADDDC (Adaptive Double Device Data Correction) bank sparing would result in a crash due to an uncorrected memory error.

·       The System ROM in firmware version 3.20.186 or later includes the latest revision of the Intel Reference Code that provides mitigations for security vulnerabilities. The following vulnerability has been addressed in this release: CVE-2019-0152. This issue is not unique to HPE servers.

·       The system ROM in firmware version 3.20.186 or later includes the latest revision of the Intel microcode which provides mitigation for CVE-2017-5715, CVE-2019-11135, CVE-2019-11139 and CVE-2019-14607, as well as mitigation for an Intel sighting where under complex micro-architectural conditions, executing X87 or AVX or integer divide instructions may result in unpredictable system behavior. These issues are not unique to HPE servers.

·       Addressed an issue where, after power cycling all the chassis in the complex, the system boot would fail with a BIOS ASSERT DETECTED due to an ASSERT EFI ERROR

·       Indicted or deconfigured FRUs are now acquitted upon AC power-cycling of the entire complex (all BMCs and RMC)

·       Firmware now sends service events or SNMP traps when a Rack Management Controller (RMC) hardware error occurs

·       Superdome Flex now supports IPMI over LAN via any IPv6 IP address listed within the subnet, not just the first one configured

·       Fixed an issue where uncorrected memory errors would rarely occur without deconfiguration or indictment

 

Version 3.10.164/3.10.174:

ENHANCEMENTS:

Note: System firmware 3.10.164 includes all of the enhancements defined for 3.10.174.

Enhancements in firmware 3.10.164 / 3.10.174:

FIXES:

Note: System firmware 3.10.164 includes all of the fixes defined for 3.10.174.

Fixes in version 3.10.164 / 3.10.174:

·       Fixed an issue where web console login would fail if the RMC network was not properly configured or not connected to the site network prior to RMC boot

Version 3.0.542:

ENHANCEMENTS:  

June 2019: Release notes were updated to add some fixes and known issues and add a link to the Superdome Flex Support Matrix (Release Sets).

 

FIXES:

Version 3.0.542:

 

Version 3.0.512:

ENHANCEMENTS:

·       Added support for Intel Xeon® Scalable processors 8280, 8276, 8270, 8268, 8260, 8256, 6254, 6252, 6248, 6244, 6242, 6240, 6230; requires firmware version 3.0.512 or later

·       Added support for Windows 2019 on systems with Intel Xeon® Scalable processors 62XX/82XX

·       Added support for IPv6 USGv6

·       On 4 socket systems, TEST FABRIC now displays a warning instead of an error message when the 3 Numa Link loop back cables are not installed.

·       Superdome Flex internal management network uses by default 172.16.0.0/16, 172.30.50.0/24 and 172.30.60.0/24 subnets. However, the RMC “set network internal” command now allows to change these subnets to any legal subnet.

·       APPWT limit has been increased to the 29 WT (Weighted Teraflops) threshold, effective since October 2018

 

Note:

·       Default NIC naming differs on systems with Intel Xeon® Scalable processors 62XX/82XX versus 61XX/81XX. On servers with 62XX/82XX processors, NIC naming is based on udev property “ID_NET_NAME_SLOT”. This was introduced with firmware 3.0.542. On systems with 61XX/81XX processors, NIC naming continues to be based on “ID_NET_NAME_PATH” and there is no impact after updating to 3.0.542. However, if customers wish to use the consistent device naming standard on systems with  61XX/81XX processors, then they can follow the steps in the DETAILS section of the customer notice https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00075568en_us

·       The RMC factory default password has been changed from a common password to a random password, unique on each system, provided on a label on the rear of the RMC or eRMC base chassis. For details, see advisory a00073630.

·       The web console, virtual media, and JViewer default login now use the RMC/eRMC administrator account and password. The user 'admin' can no longer login to the web console.

FIXES:

·       Provided enhancements and multiple fixes in memory and IO error handling to help prevent MCAs

·       Addressed occurrences of MCAs, BIOS HALTs due to HWERR, and ASSERTs at boot time

·       Addressed a number of false critical alerts that were seen at boot or after a power cycle

·       Addressed an eRMC hang after a MC warm reset is triggered from ipmitool

 

SUM 8.4.0 fixes:

·       SUM version 8.4.0 fixed an issue where SUM would falsely report that update had completed less than 2 minutes after deployment had started.

 

Version 2.5.314:

ENHANCEMENTS:

·       None

FIXES:

·       CRITICAL: Fixed an issue where a system under heavy workload would sometimes MCA with error messages such as "Fatal Link Timeout to PCIe Device" and "LER_ENTERED".

·       CRITICAL: Optimized memory controller for RAS features to prevent MCA’s when a system is under a heavy workload and a DIMM sparing operation is required.

·       Addressed the privilege escalation vulnerability CVE-2018-12204

 

Version 2.5.300:

ENHANCEMENTS:

FIXES:

·       Updated to latest Intel microcode

·       Firmware update no longer reports an error when updating chassis with rack number greater than 9

·       Extended range of rack numbers supported from 0 to 254

 

Version 2.5.90:

FIXES:

·       Firmware version 2.5.290 resolves certain potential unexpected system behavior when operating the Superdome Flex system or nPar(s) in HPC mode. For systems or partitions running in HPC mode, the frequency of system memory errors may increase after the update. These memory errors will be fully visible in memlog.  HPE strongly recommends that customers run in RAS mode, but if they elect to continue using HPC mode, they should update to this firmware version to eliminate the risk of unintended side effects from memory correction including possible system crashes. Refer to this advisory for more details.

 

Version 2.5.80:

ENHANCEMENTS:

FIXES:

The following issue has been addressed in firmware version 2.5.280:

·       Fixed an issue where a bugcheck or unexpected process termination would be seen after an uncorrectable memory error on systems running Microsoft Windows Server 2016.

 

The following issues have been addressed in firmware version 2.5.270 and later:

Version 2.5.256:

FIXES:

-       L1 Terminal Fault - OS, SMM (CVE-2018-3620). Please note this mitigation also requires operating system software updates.

-       L1 Terminal Fault - OS, VMM (CVE-2018-3646). Please note this mitigation also requires operating system software updates, and VMM software updates.

-       For more information, see the bulletin a00055017en  

Version 2.5.246:

ENHANCEMENTS:  

·       Added support for CPU models 8170M, 8170, 8168, 6140, 6140M, 6150, 6142M, 6142, 6138

·       Added support for 24 and 28 socket configurations (in addition to 4, 8, 12, 16, 20 and 32)

·       Added partitioning (nPAR) support with ability to convert non partitioned systems to partitionable

·       Added support for HPE Ethernet 10Gb 2-port 562T adapter, 32Gb Fibre Channel SN1600Q, SN1600E HBAs

·       Added support for Windows Server 2016 with up to 16 sockets

·       Added support for RHEL 7.5

·       Added support for VMware 6.5 U2

·       Added support for Oracle VM 3.4.4

·       Added new security and management features (secure boot, SSH upgrade, reduced port usage)

·       Added support for offline firmware update via SUM (Smart Update Manager)

·       Added support for OneView monitoring (requires OneView version 4.1 or later)

·       Added support for provisioning OS with redfish using the OpenStack Ironic  (Requires Openstack Ironic version ‘Pike’  or later)

·       Enhances security with SSH

FIXES:

·       New BIOS addresses the following known vulnerabilities, CVE-2018-3639 and CVE-2018-3640.

·       Fixed an issue where the firmware update would fail on rare occasions to update the BIOS image.

·       Some IO errors no longer cause an incorrect decoding to be logged in the Integrated Event Log with the string “[physloc_err=5]”.

·       Fixed an issue where rebooting the Board Management Controller (BMC) when the Operating System was Running would cause the BMC to stop responding.

·       Fixed an issue on 2-socket clump systems (i.e. chassis with Intel Intel Xeon® Scalable 61xx series processors installed) where the fans would jump to maximum speed and remain there if the BMC was rebooted with the system power on.

·       The ‘SHOW UVDMP’ command always displayed one screen at a time and require user to interact with the keyboard to move to the next page, even with the CLI in script mode. This is now fixed.

·       IPMI watchdog is unsupported and can no longer be enabled. This prevents an issue seen in prior versions where a multi-chassis reboot from OS would fail when IPMI watchdog was enabled.

·       Fixed a syntax issue allowing to use the CLI ADD LOCATION command with “module=rmc” on eRMC.


Version 2.4.98:

FIXES:
BIOS:

·       Updated Intel microcode to address CVE-2017-5715

·       Some I/O Fatal errors (e.g. Malformed TLP, RxOverflow, FlowCntl, DLLP, etc) detected at the End Point device no longer cause an MCA and the system now allows OS recovery instead of rebooting.

 

Version 2.3.132:

FIXES:

·       Removed the Intel microcode that was issued to address the Spectre/Meltdown security vulnerability, which Intel then asked vendors not to use (see Intel guidance here).

 

Version 2.3.122:   REMOVED due to Intel microcode issue.

FIXES:

·       Fixed an issue where the eRMC SET FACTORY command could cause the eRMC to become unusable while trying to initialize the configuration flash partition. The SET FACTORY command is now supported on eRMC.

·       Fixed an issue where CAE service event id #306 (uncorrectable memory data read error) incorrectly encoded DIMM group number, causing the wrong DIMM to be indicted.

Version 2.3.110: REMOVED due to Intel microcode issue.
FIXES:

The following issues were fixed:

·       Addresses security vulnerability CVE-2017-5715; see updates in this advisory.

·       DCD was not supported with firmware version 2.3.94.

·       The eRMC uses NTP daemon internally to keep the management times synchronized. The internal NTP daemon usage is very limited in scope, but is of older ntpd version (4.2.6p5). As a result of older ntpd version, security scanner may falsely flag vulnerabilities that are not applicable to Superdome Flex eRMC system. To mitigate security impact, follow HPE required security best practices.

·        When BIOS de-configures a DIMM, the eRMC will correctly record the data, but will incorrectly return no de-configuration the next time BIOS boots. This incorrect information causes BIOS to retrain the DIMM and attempt to use it. Marginal DIMM may sometime pass the retrain and be included in the system for OS use. Because the DIMM is marginal, it may fail at a later time and cause the OS to crash. To minimize the chance of marginal DIMM being used at next boot, run SHOW DECONFIG and SHOW INDICT after the system is booted and replace any DIMM that has been indicted and de-configured.

·       Memory on some sockets may be in SDDC mode instead of the intended ADDDC mode

 

Version: 2.3.94: Initial version.

FEEDBACK
As we are continuing to improve the firmware management process we welcome your feedback on this document and on the firmware update process: TEAM-FWupdateFeedback@groups.ext.hpe.com