Hardware Management Console Readme For use with Version 8 Release 8.5.0 Date: 28 July 2016 Contents <#ibm-content> The information in this Readme contains the fix list and other package information about the Hardware Management Console. * PTF MH01640 <#MH01640> * Package information <#package> * List of fixes <#fixes> * Installation <#install> * Additional information <#additional> PTF MH01640 This package includes fixes for HMC Version 8 Release 8.5.0. You can reference this package by APAR MB04027 and PTF MH01640. This image must be installed on top of HMC Version 8 Release 8.5.0 Recovery DVD (PTF MH01616) with mandatory PTF MH01617 installed. /Package information/ Package name Size Checksum (sha1sum) APAR# PTF# MH01640.iso 1514985472 d9d41d2520a1602d6289f9b51836f58177086ac3 MB04027 MH01640 Splash Panel information (or lshmc -V output) "version= Version: 8 Release: 8.5.0 Service Pack: 0 HMC Build level 20160615.1 MH01617: Required fix for HMC V8R8.5.0 (05-20-2016) MH01640: Fix for HMC V8R8.5.0 (06-15-2016) ","base_version=V8R8.5.0 " Known Issues 1. *Special Install Instructions: *Installing this PTF using the Enhanced+ interface may hang. Prior to installing this PTF using the web browser graphical interface perform the following: 1. Log in again selecting the Log In option of "Classic". 2. If already logged in to the HMC using Enhanced GUI, log off the HMC. 3. Install using the normal installation instructions. Alternatively, Install this PTF using the CLI updhmc command. 2. After installing this PTF, the security mode cannot be changed. The *chhmc -c security -s modify --mode nist_sp800_131a *command will fail with "/Invalid Parameter/". 3. After installing this PTF and rebooting, if a Save Upgrade Data is run and no upgrade is done after and later a reboot is performed, the REST API functions will no longer be available. This impacts Enhanced GUI login, Power Enterprise Pools, PowerVC, PCM and any other function that utilizes the REST API on the HMC. For additional details and information please see http://www-01.ibm.com/support/docview.wss?uid=nas8N1021472 *Workaround*: Only run Save Upgrade Data immediately prior to an upgrade to a new release of HMC. Command line changes This PTF adds a new option to the chhmc command to allow an admin to set a grub password at bootup. To resolve this security vulnerability, users apply the PTF (with mandatory reboot) then set a password. Syntax: *chhmc -c grubpasswd* *-s* {*enable *|*disable *|*modify*} [*--passwd* _password_] * To enable and set the password *chhmc -c grubpasswd -s enable --passwd *_password_ * To disable the grub password c*hhmc -c grubpasswd -s disable* * To modify the grub password *c**hmc -c grubpasswd -s modify --passwd *_password_ List of fixes *Security Fix* * Added functionality to the chhmc command to allow an admin to set a grub password at bootup. * Fixed openSSL vulnerabilities: CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, and CVE-2016-2109 * Fixed security scan vulnerability by enabling TLSv1.2 by default for HMC vterm port (9960) when HMC is in Legacy mode. * Fixed Java vulnerability: CVE-2016-3426 * Fixed Power Hardware Management Console: CVE-2016-0230 *General fixes* * Fixed an issue with installing HMC R8 V8.5.0 onto HMC hardware model 7042-CR9 if the version of SMBIOS is greater than v2.8. The install fails with "/The current system does not have a valid machine type/model. Installation cannot be performed/." * Fixed an issue where the call home from the Manage Dumps panel was uploading incomplete data. * Fixed an issue to prevent call home of SRC E2FF1801 during software transmissions. Installation *Special Install Instructions: *Installing this PTF using the Enhanced+ interface may hang. Prior to installing this PTF using the web browser graphical interface perform the following: 1. Log in again selecting the Log In option of "Classic". 2. If already logged in to the HMC using Enhanced GUI, log off the HMC. 3. Install using the normal installation instructions. Alternatively, Install this PTF using the CLI updhmc command. Installation instructions for HMC Version 8 upgrades and corrective service can be found at these locations: Upgrading or restoring HMC Version 8 Installation methods for HMC Version 8 fixes Instructions and images for upgrading via a remote network install can be found here: HMC V8 network installation images and installation instructions Additional information Notes: 1. The Install Corrective Service task now allows you to install corrective service updates from the ISO image files of these updates. You can download these ISO image files for the HMC, and then use the ISO image file to install the corrective service update. You no longer need to burn CD-R or DVD-R media to use the ISO image file to install corrective service. 2. This image requires DVD -R media. 3. To install updates over the network, select the *.iso file on the "Select Service Package" panel of the Install Corrective Service task. The HMC application extracts the files needed to install the corrective service. If you are using USB flash media, copy the *.iso file to the flash media, and then select the file when prompted. 4. The *updhmc* command line command has also been modified to use the *.iso file. To use the command, follow the syntax in this example: updhmc -t s -h -f -u -i In all cases, the HMC application extracts the files needed to install the corrective service.