Power7 System Firmware

System firmware changes that affect all systems

• HIPER/Pervasive:  A security problem was fixed in the OpenSSL (Secure Socket Layer) protocol that allowed clients and servers, via a specially crafted handshake packet, to use weak keying material for communication.  A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between the management console and the service processor.  The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-0224.
• HIPER/Pervasive:  A security problem was fixed in OpenSSL for a buffer overflow in the Datagram Transport Layer Security (DTLS) when handling invalid DTLS packet fragments.  This could be used to execute arbitrary code on the service processor.  The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-0195.
• HIPER/Pervasive:  Multiple security problems were fixed in the way that OpenSSL handled read and write buffers when the SSL_MODE_RELEASE_BUFFERS mode was enabled to prevent denial of service.  These could cause the service processor to reset or unexpectedly drop connections to the management console when processing certain SSL commands.  The Common Vulnerabilities and Exposures issue numbers for these problems are CVE-2010-5298 and CVE-2014-0198.
• HIPER/Pervasive:  A security problem was fixed in OpenSSL to prevent a denial of service when handling certain Datagram Transport Layer Security (DTLS) ServerHello requests. A specially crafted DTLS handshake packet could cause the service processor to reset.  The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-0221.
• HIPER/Pervasive:  A security problem was fixed in OpenSSL to prevent a denial of service by using an exploit of a null pointer de-reference during anonymous Elliptic Curve Diffie Hellman (ECDH) key exchange.  A specially crafted handshake packet could cause the service processor to reset.  The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-3470.
  

• Support was added in Advanced System Management Interface (ASMI) to facilitate capture and reporting of debug data for system performance problems.  The  "System Service Aids/Performance Dump" menu was added to ASMI to perform this function.
• Support was added to the Advanced System Management Interface (ASMI) to provide a menu for "Power Supply Idle Mode".  Using the "Power Supply Idle Mode"  menu, the power supplies can be either set enabled to save power by idling power supplies when possible or set disabled to keep all power supplies fully on and allow a balanced load to be maintained on the power distribution units (PDUs) of the system.  Power supply idle mode enabled helps to reduce overall power usage when the system load is very light by having one power supply deliver all the power while the second power supply is maintained in a low power state.
• Support was dropped for Secured Socket Layer (SSL) protocol version 2 and SSL weak and medium cipher suites in the service processor web server (Lighttpd) .  Unsupported web browser connections to the Advanced System Management Interface (ASMI) secured port 443 (using https://) will now be rejected if those browsers do not support SSL version 3.  Supported web browsers for Power7 ASMI are Netscape (version 9.0.0.4), Microsoft Internet Explorer (version 7.0), Mozilla Firefox (version 2.0.0.11), and Opera (version 9.24).
• Support was added in Advanced System Management Interface (ASMI) "System Configuration/Firmware Update Policy" menu to detect and display the appropriate Firmware Update Policy (depending on whether system is HMC managed) instead of requiring the user to select the Firmware Update Policy.  The menu also displays the "Minimum Code Level Supported" value.
  

System firmware changes that affect all systems

• A problem was fixed that caused a memory leak of 50 bytes of service processor memory for every call home operation.  This could potentially cause an out of memory condition for the service processor when running over an extended period of time without a reset.
• A problem was fixed that caused a L2 cache error to not guard out the faulty processor, allowing the system to checkstop again on an error to the same faulty processor.
• A problem was fixed that prevented a GX adapter from being added to an empty slot for location code P1-C3 using a MES add when the system was powered off.  The P1-C3 location code was not provided as candidate location for the GX add in the Service Focal Point on the management console.
• A problem was fixed that caused a HMC code update failure for the FSP on the accept operation with SRC B1811402 or FSP is unable to boot on the updated side.
• A problem was fixed that caused a system checkstop during hypervisor time keeping services.
• A problem was fixed that caused a built-in self test (BIST) for GX slots to create corrupt error log values that core dumped the service processor with a B18187DA.  The corruption was caused by a failure to initialize the BIST array to 0 before starting the tests.
  
• The firmware was enhanced to display on the management console the correct number of concurrent live partition mobility (LPM) operations that is supported.
• A problem was fixed that caused a 1000911E platform event log (PEL) to be marked as not call home.  The PEL is now a call home to allow for correction.  This PEL is logged when the hypervisor has changed the Machine Type Model Serial Number (MTMS) of an external enclosure to UTMP.xxx.xxxx because it cannot read the vital product data (VPD), or the VPD has invalid characters, or if the MTMS is a duplicate to another enclosure.
• A problem was fixed that caused a SRC B7006A72 calling out the adapter and the I/O Planar.
• A problem was fixed that caused the system attention LED to be lit without a corresponding SRC and error log for the event.  This problem typically occurs when an operating system on a partition terminates abnormally.
• A problem was fixed during resource dump processing that caused a read of an invalid system memory address and a SRC B181C141.  The invalid memory reference resulted from the service processor incorrectly referencing memory that had been relocated by the hypervisor.
• DEFERRED:  A problem was fixed that caused a system checkstop with SRC B113E504 for a recoverable hardware fault.  This deferred fix addresses a problem that has a very low probability of occurrence.  As such customers may wait for the next planned service window to activate the deferred fix via a system reboot.
• A problem was fixed that prevented a HMC-managed system from being converted to manufacturing default configuration (MDC) mode when the management console command "lpcfgop -m <server> -o clear" failed to create the default partition.  The management console went to the incomplete state for this error.
• A problem was fixed that caused the slot index to be missing for virtual slot number 0 for the dynamic reconfiguration connector (DRC) name for virtual devices.  This error was visible from the management console when using commands such as "lshwres -r virtualio --rsubtype slot -m machine" to show the hardware resources for virtual devices.
• A problem during a dynamic logical partitioning (DLPAR) memory operation was fixed that caused BA250020 SRCs to be logged unnecessarily for the AIX partition.  There were no memory errors for the partition.
• A problem was fixed that caused frequent SRC B1A38B24 error logs with a call home every 15 seconds when service processor network interfaces were incorrectly configured on the same subnet.  The frequency of the notification of the network subnet error has been reduced to once every 24 hours.
• Help text for the Advanced System Management Interface (ASMI) "System Configuration/Hardware Deconfiguration/Clear All Deconfiguration Errors" menu option was enhanced to clarify that when selecting "Hardware Resources" value of "All hardware resources", the service processor deconfiguration data is not cleared.   The "Service processor" must be explicitly selected for that to be cleared.
• A problem was fixed that caused a memory clock failure to be called out as failure in the processor clock FRU.
• A problem was fixed that caused Capacity on Demand (COD) to truncate On/Off "Resource Days Enabled" for users with extended amounts.
  

• On systems running Dynamic Platform Optimizer (DPO) ,  a problem was fixed that caused an incorrect placement of dedicated processors for partitions larger than a single chip.  When this occurs, the performance is impacted over what would have been gained with proper placement.
• On systems with a redundant service processor, a problem was fixed that caused fans to run at a high-speed after a failover to the sibling service processor.
• On systems with a redundant service processor, a problem was fixed that caused a guarded sibling service processor deconfiguration details to not be able to be shown in the Advanced System Management Interface (ASMI).
• On systems with a F/C 5802 or 5877 I/O drawer installed, the firmware was enhanced to guarantee that an SRC will be generated when there is a power supply voltage fault.  If no SRC is generated, a loss of power redundancy may not be detected, which can lead to a drawer crash if the other power supply goes down.  This also fixes a problem that causes an 8 GB Fiber channel adapter in the drawer to fail if the 12V level fails in one Offline Converter Assembly (OCA).
  
• On systems managed by an HMC with a F/C 5802 or 5877 I/O drawer installed, a problem was fixed that caused the hardware topology on the management console for the managed system to show "null" instead of "operational" for the affected I/O drawers.
• On systems with a redundant service processor, a problem was fixed that caused a SRC B150D15E to be erroneously logged after a failover to the sibling service processor.
• On systems with a F/C 5802 or 5877 I/O drawer installed, a problem was fixed that where an Offline Converter Assembly (OCA) fault would appear to persist after an OCA micro-reset or OCA replacement.  The fault bit reported to the OS may not be cleared, indicating a fault still exists in the I/O drawer after it has been repaired.
  
• On systems running Dynamic Platform Optimizer (DPO) with no free memory,  a problem was fixed that caused the management console lsmemopt command to report the wrong status of completed with no partitions affected.  It should have indicated that DPO failed due to insufficient free memory.  DPO can only run when there is free memory in the system.
• On systems with partitions using physical shared processor pools, a problem was fix that caused partition hangs if the shared processor pool was reduced to a single processor.
• On systems involved in a series of consecutive logical partition migration (LPM) operations, a memory leak problem was fixed in the run time abstraction service (RTAS) that caused a partition run time AIX crash with SRC 0c20.  Other possible symptoms include error logs with SRC BA330002 (RTAS memory allocation failure).
• A problem was fixed in the run-time abstraction services (RTAS) extended error handling (EEH) for fundamental reset that caused partitions to crash during adapter updates.  The fundamental reset of adapters now returns a valid return code.  The adapter drivers using fundamental reset affected by this fix are the following:
  o QLogic PCIe Fibre Channel adapters (combo card)
  o IBM PCIe Obsidian
  o Emulex BE3-based ethernet adapters
  o Broadcom-based PCIe2 4-port 1Gb ethernet
  o Broadcom-based FlexSystem EN2024 4-port 1Gb ethernet for compute node
  
  
• On systems that have configurations that support all the types of Capacity On Demand (Perm/OnOff/Trial/Utility-Processor,Perm.OnOff/Trial-Memory), a problem was fixed to eliminate repeated B7005300 error logs caused by hypervisor asset protection processes using slightly more memory than promised.
• On systems with a redundant service processor, a problem was fixed where the service processor allowed a clock failover to occur without a SRC B158CC62 error log and without a hardware deconfiguration record for the failed clock source.  This resulted in the system running with only one clock source and without any alerts to warn that clock redundancy had been lost.
• DEFERRED: On systems with a redundant service processor, a problem was fixed that caused a system termination with SRC B158CC62 during a clock failover initiated by certain types of clock card failures.  This deferred fix addresses a problem that has a very low probability of occurrence.  As such customers may wait for the next planned service window to activate the deferred fix via a system reboot.
• On systems in manufacturing default configuration (MDC), a problem was fixed that caused the system to change from MDC to Hardware Management Console (HMC)-managed mode even though the HMC was unable to authenticate to the service processor.   A system must be successfully discovered by a HMC as a prerequisite to becoming HMC-managed.
• On systems running Dynamic Platform Optimizer (DPO) with one or more unlicensed processors, a problem was fixed where the system performance was significantly degraded during the DPO operation.  The amount of performance degradation was more for systems with larger numbers of unlicensed processors.
• On systems with one memory clock deconfigured, a problem was fixed where the system failed to IPL using the second memory clock with SRCs B158CC62 and B181C041 logged.
  

• A problem was fixed that caused a concurrent hot add/repair maintenance operation to fail on an erroneously logged error for the service processor battery with  SRCs B15A3303, B15A3305, and  B181EA35 reported.
• A problem was fixed that caused a concurrent processor exchange to terminate during node deactivation with SRC B1814616.
• A problem was fixed that caused SRC B15A3303  to be erroneously logged as a predictive error on the service processor sibling after a successful concurrent repair maintenance operation for the real-time clock (RTC) battery.
• A problem was fixed that caused Capacity on Demand (COD) "Out of Compliance" messages during concurrent maintenance operations when the system was actually in compliance for the licensed amount of resources in use.

System firmware changes that affect certain systems

• On systems running Dynamic Platform Optimizer (DPO) ,  a problem was fixed that caused an incorrect placement of dedicated processors for partitions larger than a single chip.  When this occurs, the performance is impacted over what would have been gained with proper placement.

• Support for the 8412-EAD.
  

System firmware changes that affect all systems

• A problem was fixed that caused a service processor dump to be generated with SRC B18187DA "NETC_RECV_ER" logged.
• A problem was fixed that prevented 1100xxxx SRCs from being sent to the partitions.
• A problem was fixed that was caused by an attempt to modify a virtual adapter from the management console command line when the command specifies it is an Ethernet adapter, but the virtual ID specified is for an adapter type other than Ethernet.  The managed system has to be rebooted to restore communications with the management console when this problem occurs; SRC B7000602 is also logged.
• The Hypervisor was enhanced to allow the system to continue to boot using the redundant data chip on the anchor (VPD) card, instead of stopping the Hypervisor boot and logging SRC B7004715,  when the primary data chip on the anchor card has been corrupted.
• A problem was fixed that caused a migrated partition to have to rebooted on the target system.
• A problem was fixed that caused a performance loss after a configuration change, such as un-licensing a processor, because the Hypervisor is unable to dispatch a partition to a shared processor.
• A problem was fixed that may cause inaccurate processor utilization reporting.
• A problem was fixed that caused erroneous A70047xx SRCs to be logged that called out the Anchor (VPD) card.   This led to unnecessary replacements of the Anchor card.
  

• When switching between turbocore and maxcore mode, a problem was fixed that caused the number of supported partitions to be reduced by 50%.
• On systems running Active Memory Sharing (AMS) partitions, a problem was fixed that may arise due to the incorrect handling of a return code in an error path during the logical partition migration (LPM) of an AMS partition.
• On systems running Dynamic Platform Optimization (DPO), a problem was fixed that caused the current DPO score for a partition to be incorrect.  When this occurs, it looks like DPO would not improve performance when in fact it would improve the performance.
  

• On systems in which there are no processors in the shared processor pool, a problem was fixed that caused the Hypervisor to become unresponsive (the service processor starts logging time-out errors against the Hypervisor, and the HMC can no longer talk to the Hypervisor) during a concurrent hot add/repair maintenance operation.  SRC B182953C will also be called home.
  

New Features and Functions

• Enablement of concurrent hot add/repair maintenance on 9117-MMD and 9179-MHD systems.
  

System firmware changes that affect all systems

• A problem was fixed that caused a card (and its children) that was removed after the system was booted to continue to be listed in the guard menus in the Advanced System Management Interface (ASMI).
• A problem was fixed that caused a firmware update to fail with SRC B1818A0F.
• A problem was fixed that caused a partition to become unresponsive when the AIX command "update_flash -s" is run.
• A problem was fixed that caused the service processor (or system controller) to crash when it boots from the new level during a concurrent firmware installation.
  
• A problem was fixed that can cause fans in the server to run at maximum speed and generate a serviceable event during system boot (B130B8AF, a predictive error with hardware callout) as a result of an incorrect calibration of a particular thermal sensor.
  
• A problem was fixed that caused system fans to be erroneously called out as failing with one or more of the following SRC's: 11007610,11007620,11007630,11007640, or 11007650.
• A problem was fixed that caused SRCs B70069F4 and B130E504 to be erroneously logged when a system was powered down.  This also results in I/O hardware being guarded out, and the hypervisor is not able to "unguard" the I/O hardware at runtime.
• A problem was fixed that caused SRC B1812A40 to be erroneously logged; a memory DIMM  and the symbolic FRU AMBTEMP were listed in the FRU list.
  

• On systems running iSCSI, a problem was fixed that caused pinging from the iSCSI menu in the System Management Services (SMS) to fail.
• On a partition with a large number of potentially bootable devices, a problem was fixed that caused the partition to fail to boot with a default catch, and SRC BA210000 may also be logged.
• On a system running a Live Partition Mobility (LPM) operation, a problem was fixed that caused the partition to successfully appear on the target system, but hang with a 2005 SRC.
  
• On a partition with the virtual Trusted Platform Module (vTPM) enabled, a problem was fixed that caused errors to occur when the memory assigned to the partition was changed.
• On a partition with the virtual Trusted Platform Module (vTPM) enabled, a problem was fixed that caused the partition to stop functioning after certain operations.  When this problem occurs, the client partition may not power off.
  
• On a system using the modem/serial port on the service processor, a problem was fixed that caused a service processor dump (with SRC B181EF88 logged) to be erroneously generated when the connection was dropped.
• On systems that support all types of both memory and processor Capacity on Demand (CoD) operations, and on which CoD operations are frequently performed, the firmware was enhanced to reduce the number of informational SRC B7005300 logged.
• On systems with redundant service processors, a problem was fixed that caused the sibling service processor state to show up as "unknown" in the service processor error log if a code synchronization problem was detected after a service processor was replaced.
• On a partition with the virtual Trusted Platform Module (vTPM) enabled, a problem was fixed that caused SRC B200F00F to be logged when the partition was resumed after hibernation.
• On a partition with the virtual Trusted Platform Module (vTPM) enabled, the Hypervisor was enhanced to display (on the management console) the minimum maximum memory required to support the partition.
• On systems running AIX or Linux, a problem was fixed that caused a partition to fail to boot with SRC CA260203.  This problem also can cause concurrent firmware updates to fail.
  
• On systems with TurboCore processors and unlicensed processors, a problem was fixed that caused the output of the AIX lparstat command for "Active Physical CPUs in system" to be incorrect.
• On systems running Active Memory Sharing (AMS) partitions, a problem was fixed that caused the system to hang after an AMS partition was deleted or mobilized, combined with either an AMS pool resize or relocation of AMS pool memory.
  
• On systems with an I/O tower attached, the a problem was fixed that caused multiple service processor reset/reloads if the tower was flooding the System Power Control Network (SPCN) with bad data. 
  

System firmware changes that affect all systems

System firmware changes that affect all systems

• A problem was fixed that caused an uncorrectable error (SRC B123E504) to be erroneously logged when 64GB DIMMs were installed in a system that already had 16GB or 32GB DIMMs.
• A problem was fixed that caused the Advanced System Management Interface (ASMI) to produce a core dump when changing the admin user password.
• A problem was fixed that caused SRC B1813221, which indicates a failure of the battery on the service processor, to be erroneously logged after a service processor reset or power cycle.
• A problem was fixed the caused the Hardware Management Console (HMC) to erroneously indicate that a partition was using hardware encryption and memory compression co-processors when those co-processors were not installed in the managed system.
• A problem was fixed that caused various parts to be erroneously guarded out when an ac power cord was unplugged when the system was powered on.
• A problem was fixed that caused invalid temperature sensor failures to be reported on memory DIMMs.  SRC B124B8A4 was logged when this problem occurred.
  

• On system running the Dynamic Platform Optimizer (DPO), a problem was fixed that caused an incomplete status output when using the "lsmemopt" HMC CLI command.  Specifically, the "requested" and "protected" sets of partitions will appear empty in the lsmemopt output, even though the user may have explicitly specified partitions in these sets on the optmem command.
  
• On systems running the virtual Trusted Platform Module (vTPM), a problem was fixed that caused a memory leak when a vTPM-enabled partition was disabled, migrated, or deleted.
• On systems running IBM i, a problem was fixed that caused the P7+ random number generator to be unavailable.
• The Power Hypervisor was enhanced to insure better synchronization of vSCSI and NPIV I/O interrupts to partitions.
  

New Features and Functions

• Support for the 9117-MMD and 9179-MHD systems.
• On 9117-MMD and 9179-MHD systems, support for attachment of the F/C 5888 I/O drawer.
• Support for a new processor power-saving deep-sleep mode.
• Enablement of the encryption accelerator.
  
• Enablement of the compression accelerator.
• Support for Dynamic Platform Optimizer.
• Support for 0.05 processor granularity.
• The Hypervisor was enhanced to enforce broadcast storm prevention between the primary and backup SEAs (Shared Ethernet Adapters).  This fix requires VIOS 2.2.2.0 or later on all VIOS partitions with SEA devices.