Skip to main content

Firmware Description File

POWER7 Compute Nodes

Applies to:  POWER7 Compute Nodes 1457-7FL, 7895-22X, 7895-42X, 7895-23X, 7895-43X, 7954-24X, and 7895-23A

This document provides information about the installation of licensed machine or licensed internal code, which is sometimes referred to generically as microcode or firmware.


Contents


1.0 Systems Affected

This package provides firmware for POWER7 Compute Nodes 1457-7FL, 7895-22X, 7895-42X, 7895-23X, 7895-43X, 7954-24X, 7895-23A only.

The firmware level in this package is:

  • AF773_035 / FW773.01


1.1 Minimum FSM Code Level

This section is intended to describe the "Minimum FSM Code Level" required by the system firmware to complete the firmware installation process. When installing the system firmware, the FSM level must be equal to or higher than the "Minimum FSM Code Level" before starting the system firmware update.  If the FSM managing the server targeted for the system firmware update is running a code level lower than the "Minimum FSM Code Level" the firmware update will not proceed.

The Minimum FSM code level for this firmware is:  1.1.0.
For information concerning FSM releases and the latest PTFs,  go to the following URL to access Fix Central.
http://www-933.ibm.com/support/fixcentral/

For specific fix level information on key components of IBM POWER7 Compute Nodes running the AIX, IBM i and Linux operating systems, we suggest using the Fix Level Recommendation Tool (FLRT):

http://www14.software.ibm.com/webapp/set2/flrt/home





2.0 Important Information

Using the Update Manager in the FSM to manage firmware installations.
IBM strongly recommends using the Update Manager (UM) in the FSM GUI to manage firmware installations.  The UM will verify that FSM, CMM, and Compute Node firmware levels are compatible and will download and install additional updates if necessary.  

Downgrading firmware from any given release level to an earlier release level is not recommended.
If you feel that it is necessary to downgrade the firmware on your system to an earlier release level, please contact your next level of support.

IPv6 Support and Limitations

IPv6 (Internet Protocol version 6) is supported in the System Management Services (SMS) in this level of system firmware. There are several limitations that should be considered.

When configuring a network interface card (NIC) for remote IPL, only the most recently configured protocol (IPv4 or IPv6) is retained. For example, if the network interface card was previously configured with IPv4 information and is now being configured with IPv6 information, the IPv4 configuration information is discarded.

A single network interface card may only be chosen once for the boot device list. In other words, the interface cannot be configured for the IPv6 protocol and for the IPv4 protocol at the same time.

Memory Considerations for Firmware Upgrades

Firmware release level upgrades and service pack updates may consume additional system memory.
Server firmware requires memory to support the logical partitions on the server. The amount of memory required by the server firmware varies according to several factors.
Factors influencing server firmware memory requirements include the following:
  •     Number of logical partitions
  •     Partition environments of the logical partitions
  •     Number of physical and virtual I/O devices used by the logical partitions
  •     Maximum memory values given to the logical partitions
Generally, you can estimate the amount of memory required by server firmware to be approximately 8% of the system installed memory. The actual amount required will generally be less than 8%. However, there are some server models that require an absolute minimum amount of memory for server firmware, regardless of the previously mentioned considerations.

Additional information can be found at:
  http://publib.boulder.ibm.com/infocenter/powersys/v3r1m5/topic/p7hat/iphatlparmemory.htm


3.0 Firmware Information and Description

Use the following examples as a reference to determine whether your installation will be concurrent or disruptive.

Note: The concurrent levels of system firmware may, on occasion, contain fixes that are known as deferred and/or partition-deferred. Deferred fixes can be installed concurrently, but will not be activated until the next IPL. Partition-deferred fixes can be installed concurrently, but will not be activated until a partition reactivate is performed.  Deferred and/or partition-deferred fixes, if any, will be identified in the "Firmware Update Descriptions" table of this document. For these types of fixes (deferred and/or partition-deferred) within a service pack, only the fixes in the service pack which cannot be concurrently activated are deferred.

Note: The file names and service pack levels used in the following examples are for clarification only, and are not necessarily levels that have been, or will be released.

System firmware file naming convention:

01AFXXX_YYY_ZZZ

  • XXX is the release level
  • YYY is the service pack level
  • ZZZ is the last disruptive service pack level
NOTE: Values of service pack and last disruptive service pack level (YYY and ZZZ) are only unique within a release level (XXX). For example, 01AF740_067_045 and 01AF760_067_053 are different service packs.

An installation is disruptive if:

  • The release levels (XXX) are different.
Example: Currently installed release is AF743, new release is AF763
  • The service pack level (YYY) and the last disruptive service pack level (ZZZ) are the same.
Example: AF743_120_120 is disruptive, no matter which level of AF743 is currently installed on the system
  • The service pack level (YYY) currently installed on the system is lower than the last disruptive service pack level (ZZZ) of the service pack to be installed.
Example: Currently installed service pack is AF743_120_120 and the new service pack is AF743_152_130

An installation is concurrent if:

  • The release level (XXX) is the same, and
  • The service pack level (YYY) currently installed on the system is the same or higher than the last disruptive service pack level (ZZZ) of the service pack to be installed.
Example: Currently installed service pack is AF743_126_120, and the new service pack is AF743_143_120.

 
Filename Size Checksum
01AF773_035_033.rpm 40113321
46537
   

System firmware changes that affect all systems

Note: The checksum can be found by running the AIX sum command against the rpm file (only the first 5 digits are listed).
ie: sum 01AF773_035_033.rpm

AF773
For Impact, Severity and other Firmware definitions, Please refer to the below 'Glossary of firmware terms' url:
http://www14.software.ibm.com/webapp/set2/sas/f/power5cm/home.html#termdefs


AF773_035 / FW773.01

05/09/2014

Impact:  HIPER/Pervasive


System firmware changes that affect all systems AF773_035

- A security problem was fixed for the Lighttpd web server that allowed arbitrary SQL commands to be run on the service processor of the compute node. The Common Vulnerabilities and Exposures issue number is CVE-2014-2323.

- A security problem was fixed for the Lighttpd web server where improperly-structured URLs could be used to view arbitrary files on the service processor of the compute node. The Common Vulnerabilities and Exposures issue number is CVE-2014-2324.

- HIPER /Pervasive A security problem was fixed in the OpenSSL Montgomery ladder implementation for the ECDSA (Elliptic Curve Digital Signature Algorithm) to protect sensitive information from being obtained with a flush and reload cache side-channel attack to recover ECDSA nonces from the service processor. The Common Vulnerabilities and Exposures issue number is CVE-2014-0076. The stolen ECDSA nonces could be used to decrypt the SSL sessions and compromise the Flex System Manager (FSM) access password to the service processor. Therefore, the FSM access password for the compute node should be changed after applying this fix.

- HIPER /Pervasive A security problem was fixed in the OpenSSL Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) to not allow Heartbeat Extension packets to trigger a buffer over-read to steal private keys for the encrypted sessions on the service processor. The Common Vulnerabilities and Exposures issue number is CVE-2014-0160 and it is also known as the heartbleed vulnerability. The stolen private keys could be used to decrypt the SSL sessions and and compromise the Flex System Manager (FSM) access password to the service processor. Therefore, the FSM access password for the compute node should be changed after applying this fix.

AF773_033 / FW773.00

09/10/2013

10/15/2013 - re-released for readme updates ONLY - no change to binaries

Impact:  New


New features and functions in system firmware AF773_033

- Support for the P7+ Flex System p270 compute node (DCM 2-socket compute node) with MTM 7954-24X.

- Support for the P7+ Flex System p260 compute node (SCM 2-socket compute node) with MTM 7895-23A for IBMi only.

- Support for the P7+ Flex System p460 compute node (SCM 4-socket compute node) with MTM 7895-43X.

- Support for the IBM Flex System CN4058 8-port 10Gb converged network adapter (CNA) mezzanine expansion card with feature code (F/C) EC24 for Power System compute nodes that support 10 Gb ethernet and Fibre Channel over Ethernet (FCoE).

- Support for the IBM Flex System FC5054 4-port 16Gb fibre channel adapter with feature code (F/C) EC2E. This adapter features a dual-ASIC (FC5054) controller using the Emulex XE201 design, which allows for logical partitioning on Flex Power Systems compute nodes.

- Support for the IBM Flex System Dual VIOS adapter for the p270 compute node (7954-24X) with feature code (F/C) EC2F. This adapter provides a second integrated SAS controller enabling dual VIOS support with two internal disks.

- Support for the IBM Flex System FC5052 2-port 16Gb fibre channel adapter with feature code (F/C) EC23. This adapter features a 2-port 16 Gb Fibre Channel adapter with a single-ASIC controller using the Emulex XE201 design.

- Support for the IBM Flex System compute nodes by the Hardware Management Console (HMC). Note that the HMC does not provide any Flex System chassis management capabilities.

- Support for the IBM Flex System compute nodes by the Integrated Virtualization Manager (IVM). This provides an option for very basic system partition management for customers who do not want to purchase a Flexible System Management (FSM) or Hardware Management Console (HMC) appliance for system management.

- Support for network enhancements between the IBM Flex System and the service processor.
1. Support for network configuration options for default values and DHCP configurations were added.
2. Support added for LDAP active directory forest.
3. Support added for password change/expiration support through LDAP that enable users to change password on LDAP servers.
4. Support added for LDAP DNS so that LDAP servers can be located from the DNS server instead of passing IP addresses to find the LDAP servers.
5. Support added for local authorization for LDAP on the service processor in addition to the already supported remote authorization.
6. Support added for service processor Advanced System Management Interface (ASMI) to open directly from the Flex System CMM.

- Support for Flex System LDAP configuration authentication-only mode (AOM) on the service processor.

- Support for Flexible System Manager (FSM) increase in capacity to handle eight Flex system chassis for up to 112 compute nodes.

- Support for Flexible System Manager (FSM) increase in capacity to handle up to 4096 managed system partitions running on the Flex System compute nodes.

System firmware changes that affect all systems

- Support was dropped for Secured Socket Layer (SSL) Version 2 and SSL weak and medium cipher suites in the service processor web server (Ligthttpd). Unsupported web browser connections to the Advanced System Management Interface (ASMI) secured port 443 (using https) will now be rejected if those browsers do not support SSL version 3. Supported web browsers for Power7 ASMI are Netscape (version 9.0.0.4), Microsoft Internet Explorer (version 7.0), Mozilla Firefox (version 2.0.0.11), and Opera (version 9.24).

- A problem was fixed that prevented the Advanced Management Module (AMM) and Chassis Management Module (CMM) from displaying the blade's gateway IP address when DHCP is enabled.

- A problem was fixed that caused the hypervisor to fail to read the backplane VPD. When this problem occurs, the compute node will not boot.

- A problem was fixed that caused SRC B1813221, which indicates a failure of the battery on the compute node, to be erroneously logged after a service processor reset or power cycle.

- A problem was fixed that caused a service processor dump to be generated with SRC B18187DA "NETC_RECV_ER" logged.

- A problem was fixed that caused a L2 cache error to not guard out the faulty processor, allowing the system to checkstop again on an error to the same faulty processor.

- A problem was fixed that caused a HMC code update failure for the FSP on the accept operation with SRC B1811402 or FSP is unable to boot on the updated side.

- A problem was fixed that caused the system information LED to be lit without a corresponding SRC and error log for the event. This problem typically occurs when an operating system on a partition terminates abnormally.

- A problem was fixed that may cause inaccurate processor utilization reporting.

- A problem was fixed that caused a migrated partition to reboot during transfer to a VIOS 2.2.2.0, and later, target system. A manual reboot would be required if transferred to a target system running an earlier VIOS release. Migration recovery may also be necessary.

- A problem was fixed that caused an error log generated by the partition firmware to show conflicting firmware levels. This problem occurs after a firmware update or a logical partition migration (LPM) operation on the system.

System firmware changes that affect certain systems

- A problem was fixed that was caused by an attempt to modify a virtual adapter from the management console command line when the command specifies it is an Ethernet adapter, but the virtual ID specified is for an adapter type other than Ethernet. The managed system has to be rebooted to restore communications with the management console when this problem occurs; SRC B7000602 is also logged.

- On a P7 system, a problem was fixed that caused a system checkstop during hypervisor time keeping services. This deferred fix addresses a problem that has a very low probability of occurrence. As such customers may wait for the next planned service window to activate the deferred fix via a system reboot.

- A problem was fixed in the run-time abstraction services (RTAS) extended error handling (EEH) for fundamental reset that caused partitions to crash during adapter updates. The fundamental reset of adapters now returns a valid return code. The adapter drivers using fundamental reset affected by this fix are the following-- QLogic PCIe Fibre Channel adapters (combo card), IBM PCIe Obsidian, Emulex BE3-based ethernet adapters, Broadcom-based PCIe2 4-port 1Gb ethernet, Broadcom-based FlexSystem EN2024 4-port 1Gb ethernet for compute nodes

- On a compute node, a problem was fixed that caused a Flexible Service Processor (FSP) dump with SRC B1818A0F when the Dynamic Host Control Protocol (DHCP) server failed to respond with a valid IPV4 address. For this scenario, the FSP network configuration will now issue an informational error log for DHCP and continue with the previously known IP address if possible.

- On a compute node, a problem was fixed that caused SRCs B1818601, B1818611, and B181F12C to be logged with the chassis fans speeding up to the maximum fan speed. A race condition was found in the Common Information Model (CIM) process when it was changing IP addresses on the compute node that caused CIM pointer corruption and the associated errors.

- On a compute node, a problem was fixed that caused a virtual session (Vtty) to fail to a partition with the message 'Unable to open virtual serial connection - lock failed".

- On a compute node, a problem was fixed that caused the compute node to log SRC B1768BBF when resetting the network adapters to factory configuration using the Advanced System Manager Interface (ASMI).

- On a compute node, a problem was fixed to stop frequent Secure Socket Layer (SSL) certificate provisioning from the Flex System Chassis Management Module (CMM) in the case of a DHCP server not responding. If the DHCP server is unresponsive, the previously received DHCP IP address is used by the compute node without further certificate provisioning.

- On a compute node, a problem was fixed where the Flexible Service Manager (FSM) could not establish communications to the Flexible Service Processor (FSP) due to a FSP process deadlock condition. The deadlock error also caused dumps on the FSP anytime the FSM tried to connect to the FSP.

- On a compute node, a problem was fixed for Flex System Chassis Management Module (CMM) failovers causing the Flexible Service Processor (FSP) to log SRC B181D50E for an out of memory condition for threads.

- On a compute node, a problem was fixed where "VPD has changed" messages were not sent to the Flex System Chassis Management Module (CMM) for mezzanine I/O card updates, resulting in old firmware levels being displayed on the CMM for the cards.

- On Power7+ systems, a problem was fixed that caused a system checkstop during hypervisor time keeping services.

- On a compute node, a problem was fixed that caused the Common Information Model (CIM) server to core dump and have a long restart time when loading new Secure Socket Layer (SSL) certificates provided by the Flex System Chassis Management Module (CMM). This fix allows faster changes in the network configuration of the compute node and facilitates faster node discovery by the Flexible System Manager (FSM).

- A problem was fixed that can cause Anchor (VPD) card corruption and A70047xx SRCs to be logged. Note-- If a serviceable event with SRC A7004715 is present or was logged previously, damage to the VPD card may have occurred. After the fix is applied, replacement of the Anchor VPD card is recommended in order to restored full redundancy.

AF763_052 / FW763.10

05/01/2013

Impact:  Available.

System firmware changes that affect all systems
- A problem was fixed that caused a warning message indicating "VPD is not available" to be erroneously logged in the Chassis Management Module (CMM) after the concurrent firmware update of a compute node from the Flex System Manager (FSM).
- A problem was fixed that caused the compute node to experience a Flexible Service Processor (FSP) dump with SRC B181EF88 and the CIM status on the security screen on the FSM to be displayed as "No access" when the state was actually "Partial access".

System firmware changes that affect certain systems
- On compute nodes managed by a Flex System Manager (FSM), a problem was fixed that caused a mismatch between the state of the compute node power LED and the status of the power LED displayed on the FSM.
- On systems running AIX or Linux, a problem was fixed that caused a partition to fail to boot with SRC CA260203. This problem also can cause concurrent firmware updates to fail.
- On a partition with the virtual Trusted Platform Module (vTPM) enabled, a problem was fixed that caused errors to occur when the memory assigned to the partition was changed.
- On a system running a Live Partition Mobility (LPM) operation, a problem was fixed that caused the partition to successfully appear on the target system, but hang with a 2005 SRC.
- On a partition with the virtual Trusted Platform Module (vTPM) enabled, a problem was fixed that caused the partition to stop functioning after certain operations. When this problem occurs, the client partition may not power off.
- On systems running more than one instance of VIOS, a problem was fixed that prevented the partition that obtained the IBM Fabric Manager (IFM) lock from performing IFM operations when two VIOS partitions were powered on at the same time.
- On systems managed by a management console, a problem was fixed that caused a partition to become unresponsive when the AIX command "update_flash -s" is run.
- On systems with the 10GbE converged network adapter mezzanine card (F/C EC24) installed, a problem was fixed that caused SRC B146D547 to be erroneously logged.
- On systems running Active Memory Sharing (AMS) partitions, a problem was fixed that may arise due to the incorrect handling of a return code in a error path during the logical partition (LPM) of an AMS partition.
- On systems running Active Memory Sharing (AMS) partitions, a timing problem was fixed that may occur if the system is running Dynamic Platform Optimization (DPO).

AF763_043 / FW763.01

12/05/2012

Impact:  Available.

System firmware changes that affect all systems
- A problem was fixed that can cause fans in the server to run at maximum speed and generate a serviceable event during system boot (B130B8AF, a predictive error with hardware callout), as a result of an incorrect calibration of a particular thermal sensor.

AF763_042 / FW763.00

12/04/2012

Impact:  Available.

New Features and Functions in AF763_042:

- Support for 7895-23X and 1457-7F2
- 16GB Fibre Channel mezzanine card, feature code EC23
- 2-port 10GB RDMA - RoCE adapter, feature code EC26
- 32GB DIMM, feature code EEMA


4.0 How to Determine Currently Installed Firmware Level

You can view the server's current firmware level on the Advanced System Management Interface (ASMI) Welcome pane. It appears in the top right corner.
Example: AF763_052

5.0 Downloading the Firmware Package

Follow the instructions on Fix Central. You must read and agree to the license agreement to obtain the firmware packages.

Note: If your FSM is not internet-connected you will need to download the new firmware level to a CD-ROM or ftp server.


6.0 Installing the Firmware

The method used to install new firmware will depend on the release level of firmware which is currently installed on your server. The release level can be determined by the prefix of the new firmware's filename.

Example: AFXXX_YYY_ZZZ

Where XXX = release level

  • If the release level will stay the same (Example: Level AF743_075_075 is currently installed and you are attempting to install level AF743_081_075) this is considered an update.
  • If the release level will change (Example: Level AF743_081_075 is currently installed and you are attempting to install level AF743_096_096) this is considered an upgrade.
Instructions for installing firmware updates and upgrades can be found at:
http://publib.boulder.ibm.com/infocenter/flexsys/information/index.jsp?topic=%2Fcom.ibm.acc.8731.doc%2Fupdating_firmware_and_software.html

See also:
http://publib.boulder.ibm.com/infocenter/flexsys/information/index.jsp?topic=%2Fcom.ibm.acc.7895.doc%2Fupdating_firmware.html




Content navigation