Skip to main content

Firmware Description File

POWER7 Compute Nodes

Applies to:  POWER7 Compute Nodes 1457-7FL, 7895-22X, 7895-42X, 7895-23X, 7895-43X, 7954-24X, and 7895-23A

This document provides information about the installation of licensed machine or licensed internal code, which is sometimes referred to generically as microcode or firmware.


Contents


1.0 Systems Affected

This package provides firmware for POWER7 Compute Nodes 1457-7FL, 7895-22X, 7895-42X, 7895-23X, 7895-43X, 7954-24X, 7895-23A only.

The firmware level in this package is:

  • AF783_026 / FW783.10 (ON HOLD)


1.1 Minimum FSM or HMC Code Level

This section is intended to describe the "Minimum FSM Code Level" required by the system firmware to complete the firmware installation process dependent upon which management console is managing the server.

When installing the system firmware, the FSM or HMC level must be equal to or higher than the "Minimum FSM Code Level" or "Minimum HMC Code Level" before starting the system firmware update. If the FSM or HMC managing the server targeted for the system firmware update is lower than the "Minimum FSM Code Level" or "Minimum HMC Code Level", the firmware update will not proceed.

The Minimum FSM code level for this firmware is:  1.1.0
Although the Minimum FSM Code level for this firmware is listed above, FSM level 1.3.2.1, or higher, is recommended.

The Minimum HMC Code level for this firmware is: HMC V7 R7.9.0
Although the Minimum HMC Code level for this firmware is listed above, HMC level V8 R8.1.0, or higher, is recommended.

For information concerning FSM or HMC releases and the latest PTFs, go to the following URL to access Fix Central:
http://www-933.ibm.com/support/fixcentral/

For specific fix level information on key components of IBM POWER7 Compute Nodes running the AIX, IBM i and Linux operating systems, we suggest using the Fix Level Recommendation Tool (FLRT):

http://www14.software.ibm.com/webapp/set2/flrt/home





2.0 Important Information

Using the Update Manager in the FSM to manage firmware installations.
IBM strongly recommends using the Update Manager (UM) in the FSM GUI to manage firmware installations.  The UM will verify that FSM, CMM, and Compute Node firmware levels are compatible and will download and install additional updates if necessary.  

Downgrading firmware from any given release level to an earlier release level is not recommended.
If you feel that it is necessary to downgrade the firmware on your system to an earlier release level, please contact your next level of support.

IPv6 Support and Limitations

IPv6 (Internet Protocol version 6) is supported in the System Management Services (SMS) in this level of system firmware. There are several limitations that should be considered.

When configuring a network interface card (NIC) for remote IPL, only the most recently configured protocol (IPv4 or IPv6) is retained. For example, if the network interface card was previously configured with IPv4 information and is now being configured with IPv6 information, the IPv4 configuration information is discarded.

A single network interface card may only be chosen once for the boot device list. In other words, the interface cannot be configured for the IPv6 protocol and for the IPv4 protocol at the same time.

Memory Considerations for Firmware Upgrades

Firmware release level upgrades and service pack updates may consume additional system memory.
Server firmware requires memory to support the logical partitions on the server. The amount of memory required by the server firmware varies according to several factors.
Factors influencing server firmware memory requirements include the following:
  •     Number of logical partitions
  •     Partition environments of the logical partitions
  •     Number of physical and virtual I/O devices used by the logical partitions
  •     Maximum memory values given to the logical partitions
Generally, you can estimate the amount of memory required by server firmware to be approximately 8% of the system installed memory. The actual amount required will generally be less than 8%. However, there are some server models that require an absolute minimum amount of memory for server firmware, regardless of the previously mentioned considerations.

Additional information can be found at:
  http://publib.boulder.ibm.com/infocenter/powersys/v3r1m5/topic/p7hat/iphatlparmemory.htm


3.0 Firmware Information and Description

Use the following examples as a reference to determine whether your installation will be concurrent or disruptive.

Note: The concurrent levels of system firmware may, on occasion, contain fixes that are known as deferred and/or partition-deferred. Deferred fixes can be installed concurrently, but will not be activated until the next IPL. Partition-deferred fixes can be installed concurrently, but will not be activated until a partition reactivate is performed.  Deferred and/or partition-deferred fixes, if any, will be identified in the "Firmware Update Descriptions" table of this document. For these types of fixes (deferred and/or partition-deferred) within a service pack, only the fixes in the service pack which cannot be concurrently activated are deferred.

Note: The file names and service pack levels used in the following examples are for clarification only, and are not necessarily levels that have been, or will be released.

System firmware file naming convention:

01AFXXX_YYY_ZZZ

  • XXX is the release level
  • YYY is the service pack level
  • ZZZ is the last disruptive service pack level
NOTE: Values of service pack and last disruptive service pack level (YYY and ZZZ) are only unique within a release level (XXX). For example, 01AF743_067_045 and 01AF763_067_053 are different service packs.

An installation is disruptive if:

  • The release levels (XXX) are different.
Example: Currently installed release is AF743, new release is AF763
  • The service pack level (YYY) and the last disruptive service pack level (ZZZ) are the same.
Example: AF743_120_120 is disruptive, no matter which level of AF743 is currently installed on the system
  • The service pack level (YYY) currently installed on the system is lower than the last disruptive service pack level (ZZZ) of the service pack to be installed.
Example: Currently installed service pack is AF743_120_120 and the new service pack is AF743_152_130

An installation is concurrent if:

  • The release level (XXX) is the same, and
  • The service pack level (YYY) currently installed on the system is the same or higher than the last disruptive service pack level (ZZZ) of the service pack to be installed.
Example: Currently installed service pack is AF743_126_120, and the new service pack is AF743_143_120.

 
Filename Size Checksum
01AF783_026_021.rpm 40952471
54395
   
Note: The checksum can be found by running the AIX sum command against the rpm file (only the first 5 digits are listed).
ie: sum 01AF783_026_021.rpm

AF783
For Impact, Severity and other Firmware definitions, Please refer to the below 'Glossary of firmware terms' url:
http://www14.software.ibm.com/webapp/set2/sas/f/power5cm/home.html#termdefs


AF783_026 / FW783.10

03/04/2015

Impact:  HIPER/Pervasive



A problem was found in this release. Service pack is ON HOLD until a resolution is found.

System firmware changes that affect all systems

A problem was fixed for the Advanced System Manager Interface (ASMI) to change the Dynamic Platform Optimizer (DPO) VET capability setting from "False" to "True". DPO is available on all systems to use without a license required. Even though the VET for DPO was set to "False", it did not interfere with the running of DPO.

A problem was fixed for the iptables process consuming all available memory, causing an out of memory dump and reset/reload of the service processor.

A problem was fixed for memory relocation failing during a partition reboot with SRC B700F103 logged. The memory relocation could be part of the processing for the Dynamic Platform Optimizer (DPO), Active Memory Sharing (AMS) between partitions, mirrored memory defragmentation, or a concurrent FRU repair.

A problem was fixed to prevent a hypervisor task failure if multiple resource dumps running concurrently run out of dump buffer space. The failed hypervisor task could prevent basic logical partition operations from working.

HIPER /Pervasive A performance problem was fixed that may affect shared processor partitions where there is a mixture of dedicated and shared processor partitions with virtual IO connections, such as virtual ethernet or Virtual IO Server (VIOS) hosting, between them. In high availability cluster environments this problem may result in a split brain scenario.

A problem was fixed that could result in unpredictable behavior if a memory UE is encountered while relocating the contents of a logical memory block during one of these operations -- Reducing the size of an Active Memory Sharing (AMS) pool. -- On systems using mirrored memory, using the memory mirroring optimization tool.

A security problem was fixed in the OpenSSL (Secure Socket Layer) protocol that allowed a man-in -the middle attacker, via a specially crafted fragmented handshake packet, to force a TLS/SSL server to use TLS 1.0, even if both the client and server supported newer protocol versions. The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-3511.

A security problem was fixed in OpenSSL for formatting fields of security certificates without null-terminating the output strings. This could be used to disclose portions of the program memory on the service processor. The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-3508.

Multiple security problems were fixed in the way that OpenSSL handled Datagram Transport Layer Security (DLTS) packets. A specially crafted DTLS handshake packet could cause the service processor to reset. The Common Vulnerabilities and Exposures issue numbers for these problems are CVE-2014-3505, CVE-2014-3506 and CVE-2014-3507.

A security problem was fixed in OpenSSL to prevent a denial of service when handling certain Datagram Transport Layer Security (DTLS) ServerHello requests. A specially crafted DTLS handshake packet with an included Supported EC Point Format extension could cause the service processor to reset. The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-3509.

A security problem was fixed in OpenSSL to prevent a denial of service by using an exploit of a null pointer de-reference during anonymous Diffie Hellman (DH) key exchange. A specially crafted handshake packet could cause the service processor to reset. The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-3510.

A problem was fixed so that clearing the System Attention LED clears hypervisor I/O error logs and other critical error logs on the Chassis Management Module (CMM).

A security problem was fixed for the Network Time Protocol (NTP) client that allowed remote attackers to execute arbitrary code via a crafted packet containing an extension field. The Common Vulnerabilities and Exposures issue number is CVE-2009-1252.

A security problem was fixed for the Network Time Protocol (NTP) client for a buffer overflow that allowed remote NTP servers to execute arbitrary code via a crafted response. The Common Vulnerabilities and Exposures issue number is CVE-2009-0159.

A problem was fixed for the Network Time Protocol (NTP) client for a ntpq core dump with SRC B181EF88 logged.

A security problem was fixed in OpenSSL for padding-oracle attacks known as Padding Oracle On Downgraded Legacy Encryption (POODLE). This attack allows a man-in-the-middle attacker to obtain a plain text version of the encrypted session data. OpenSSL support was added for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV) to provide a guard against POODLE when using browser clients that also have TLS Fallback support. The Common Vulnerabilities and Exposures issue number is CVE-2014-3566. The POODLE problem may also be fully resolved by using the Chassis Management Module (CMM) to change the compute node Security Configuration from "LEGACY" to "NIST_STRICT" (NIST SP800-131A compliant). This mode of "NIST_STRICT" restricts all the SSL clients to use TLSv1.2, so some legacy connections may not be allowed if they require earlier SSL versions such as SSLv3 to connect.

A security problem was fixed in OpenSSL for memory leaks that allowed remote attackers to cause a denial of service (out of memory on the service processor). The Common Vulnerabilities and Exposures issue numbers are CVE-2014-3513 and CVE-2014-3567.

A security problem was fixed in OpenSSL where the service processor would, under certain conditions, accept Diffie-Hellman client certificates without the use of a private key, allowing a user to falsely authenticate . The Common Vulnerabilities and Exposures issue number is CVE-2015-0205.

A security problem was fixed in OpenSSL to prevent a denial of service when handling certain Datagram Transport Layer Security (DTLS) messages. A specially crafted DTLS message could exhaust all available memory and cause the service processor to reset. The Common Vulnerabilities and Exposures issue number is CVE-2015-0206.

A security problem was fixed in OpenSSL to prevent a denial of service when handling certain Datagram Transport Layer Security (DTLS) messages. A specially crafted DTLS message could do an null pointer de-reference and cause the service processor to reset. The Common Vulnerabilities and Exposures issue number is CVE-2014-3571.

A security problem was fixed in OpenSSL to fix multiple flaws in the parsing of X.509 certificates. These flaws could be used to modify an X.509 certificate to produce a certificate with a different fingerprint without invalidating its signature, and possibly bypass fingerprint-based blacklisting. The Common Vulnerabilities and Exposures issue number is CVE-2014-8275.

A security vulnerability, commonly referred to as GHOST, was fixed in the service processor glibc functions getbyhostname() and getbyhostname2() that allowed remote users of the functions to cause a buffer overflow and execute arbitrary code with the permissions of the server application. There is no way to exploit this vulnerability on the service processor but it has been fixed to remove the vulnerability from the firmware. The Common Vulnerabilities and Exposures issue number is CVE-2015-0235.

A problem was fixed for a partition deletion error on the management console with error code 0x4000E002 and message "...insufficient memory for PHYP". The partition delete operation has been adjusted to accommodate the temporary increase in memory usage caused by memory fragmentation, allowing the delete operation to be successful.

System firmware changes that affect certain systems

On systems that have Active Memory Sharing (AMS) partitions and deduplication enabled, a problem was fixed for not being able to resume a hibernated AMS partition. Previously, resuming a hibernated AMS partition could give checksum errors with SRC B7000202 logged and the partition would remain in the hibernated state.

On systems that have Active Memory Sharing (AMS) partitions, a problem was fixed for Dynamic Logical Partitioning (DLPAR) for a memory remove that leaves a logical memory block (LMB) in an unusable state until partition reboot.

HIPER /Pervasive A problem was fixed in PowerVM where the effect of the problem is non-deterministic but may include an undetected corruption of data, although IBM test has not been able to make this condition occur. This problem is only possible if VIOS (Virtual I/O Server) version 2.2.3.x or later is installed and the following statement is true-- A Shared Ethernet Adapter (SEA) with fail over enabled is configured on the VIOS.

On systems using the Virtual I/O Server (VIOS) to share physical I/O resources among client logical partitions, a problem was fixed for memory relocation errors during page migrations for the virtual control blocks. These errors caused a CEC termination with SRC B700F103. The memory relocation could be part of the processing for the Dynamic Platform Optimizer (DPO), Active Memory Sharing (AMS) between partitions, mirrored memory defragmentation, or a concurrent FRU repair.

For systems running applications that are sensitive to time outs on a constrained network (network bandwidth is 1 Gb or less), a problem was fixed for Live Partition Mobility (LPM) where an LPM operation could cause a time out to occur when the partition resumes on the target side.

On systems using Virtual Shared Processor Pools (VSPP), a problem was fixed for an inaccurate pool idle count over a small sampling period.

On systems with partitions using shared processors, a problem was fixed that could result in latency or timeout issues with IO devices.

For a system with Virtual Trusted Platform Module (VTPM) partitions, a problem was fixed for a management console error that occurred while restoring a backup profile that caused the system to to go the management console "Incomplete state". The failed system had a suspended VTPM partition and a B7000602 SRC logged.

On systems in IPv6 networks, a problem was fixed for a network boot/install failing with SRC B2004158 and IP address resolution failing using neighbor solicitation to the partition firmware client.

On systems that have a boot disk located on a SAN, a problem was fixed where the SAN boot disk would not be found on the default boot list and then the boot disk would have to be selected from SMS menus. This problem would normally be seen for new partitions that had tape drives configured before the SAN boot disk.

On systems with a partition that has a 256MB Real Memory Offset (RMO) region size that has been migrated from a Power8 system to Power7 or Power6 using Live Partition Mobility (LPM), a problem was fixed that caused a failure on the next boot of the partition with a BA210000 log with a CA000091 checkpoint just prior to the BA210000. The fix dynamically adjusts the memory footprint of the partition to fit on the earlier Power systems.

AF783_022 / FW783.01

06/18/2014

Impact:  HIPER/Pervasive


System firmware changes that affect all systems

HIPER /Pervasive A security problem was fixed in the OpenSSL (Secure Socket Layer) protocol that allowed clients and servers, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between the management console and the service processor. The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-0224.

HIPER /Pervasive A security problem was fixed in OpenSSL for a buffer overflow in the Datagram Transport Layer Security (DTLS) when handling invalid DTLS packet fragments. This could be used to execute arbitrary code on the service processor. The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-0195.

HIPER /Pervasive Multiple security problems were fixed in the way that OpenSSL handled read and write buffers when the SSL_MODE_RELEASE_BUFFERS mode was enabled to prevent denial of service. These could cause the service processor to reset or unexpectedly drop connections to the management console when processing certain SSL commands. The Common Vulnerabilities and Exposures issue numbers for these problems are CVE-2010-5298 and CVE-2014-0198.

HIPER /Pervasive A security problem was fixed in OpenSSL to prevent a denial of service when handling certain Datagram Transport Layer Security (DTLS) ServerHello requests. A specially crafted DTLS handshake packet could cause the service processor to reset. The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-0221.

HIPER /Pervasive A security problem was fixed in OpenSSL to prevent a denial of service by using an exploit of a null pointer de-reference during anonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially crafted handshake packet could cause the service processor to reset. The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-3470.

AF783_021 / FW783.00

06/13/2014

Impact:  Available


New features and functions

Support was added to the Virtual I/O Server (VIOS) for shared storage pool mirroring (RAID-1) using the virtual SCSI (VSCSI) storage adapter to provide redundancy for data storage.

Support was added to the Virtual I/O Server (VIOS) for Universal Serial Bus (USB) removable hard-disk drive (HDD) devices.

Support was added to the Hardware Management Console (HMC) command line to allow configuring a shared control channel for multiple pairs of Shared Ethernet Adapters (SEAs). This simplifies the control channel configuration to reduce network errors when the SEAs are in fail-over mode. This feature is not available on the Flex System Manager (FSM). The compute node must be managed by HMC Version 7 Release 7.9.0 or later to be enabled for this feature.

Support was added in Advanced System Management Interface (ASMI) to facilitate capture and reporting of debug data for system performance problems. The "System Service Aids/Performance Dump" menu was added to ASMI to perform this function.

Support was added to the Management Console for group-based LDAP authentication.

Partition Firmware was enhanced to to be able to recognize and boot from disks formatted with the GUID Partition Table (GPT) format that are capable of being greater than 2TB in size. GPT is a standard for the layout of the partition table on a physical hard disk, using globally unique identifiers (GUID), that does not have the 2TB limit that is imposed by the DOS partition format..

The call home data for every serviceable event of the system was enhanced to include information on every guarded element (processor, memory,I/O chip, etc) and contains the part number and location codes of the FRUs and the service processor de-configuration policy settings.

Support for Dynamic Platform Optimizer (DPO) enhancements to show the logical partition current and potential affinity scores. The Management Console has also been enhanced to show the partition scoring. The operating system (OS) levels that support DPO-- AIX 6.1 TL8 or later, AIX 7.1 TL2 or later, VIOS 2.2.2.0, IBM i 7.1 PTF MF56058, Linux RHEL7, Linux SLES12. Note-- If DPO is used with an older version of the OS that predates the above levels, either--- - The partition needs to be rebooted after DPO completes to optimize placement, or - The partition is excluded from participating in the DPO operation (through a command line option on the "optmem" command that is used to initiate a DPO operation).

Support was added to the Management Console and the Virtual I/O Server (VIOS) to provide the capability to to enable and disable individual virtual ethernet adapters from the management console.

Support for Management Console logical partition Universally Unique IDs (UUIDs) so that the management console preserves the UUID for logical partitions on backup/restore and migration.

Support for Management Console command line to configure the ECC call home path for SSL proxy support.

Support for Management Console to minimize recovery state problems by using the hypervisor and VIOS configuration data to recreate partition data when needed.

Support for Management Console to provide scheduled operations to check if the partition affinity falls below a threshold and alert the user that Dynamic Platform Optimizer (DPO) is needed.

Support for enhanced platform serviceability to extend call home to include hardware in need of repair and to issue periodic service events to remind of failed hardware.

Performance enhancement of main storage dumps for IBM i partitions running on virtual disks.

Performance enhancements for Flex System Manager (FSM) when managing sixteen Flex system chassis with up to 224 compute nodes.

Support for Virtual I/O Server (VIOS) to support 4K block size DASD as a virtual device.

Support for performance improvements on the Hardware Management Console (HMC) for concurrent Live Partition Mobility (LPM) migrations. This enhancement is not available on the Flex System Manager (FSM). The compute node must be managed by HMC Version 7 Release 7.9.0 or later to be enabled for this enhancement.

Support for the Hardware Management Console (HMC) to handle all Virtual I/O Server (VIOS) configuration tasks and provide assistance in configuring partitions to use redundant VIOS. This feature is not available on the Flex System Manager (FSM). The compute node must be managed by HMC Version 7 Release 7.9.0 or later to be enabled for this feature.

Support for the Hardware Management Console (HMC) to maintain a profile that is synchronized with the current configuration of the system, including Dynamic Logical Partitioning (DLPAR) changes. This feature is not available on the Flex System Manager (FSM). The compute node must be managed by HMC Version 7 Release 7.9.0 or later to be enabled for this feature.

Support for a Hardware Management Console (HMC) Performance and Capacity Monitor (PCM) feature to monitor and manage both physical and virtual resources. This feature is not available on the Flex System Manager (FSM). The compute node must be managed by HMC Version 7 Release 7.9.0 or later to be enabled for this feature.

Support for virtual server network (VSN) Phase 2 that delivers IEEE standard 802.1Qbg based on Virtual Ethernet Port Aggregator (VEPA) switching. This supports the Management Console assignment of the VEPA switching mode to virtual Ethernet switches used by the virtual Ethernet adapters of the logical partitions. The server properties in the Management Console will show the capability "Virtual Server Network Phase 2 Capable" as "True" for the system.

Support for Virtual I/O Server (VIOS) for an IBMi client data connection to a SIS64 device driver backed by VSCSI physical volumes.

Support was added in Advanced System Management Interface (ASMI) "System Configuration/Firmware Update Policy" menu to detect and display the appropriate Firmware Update Policy (depending on whether system is HMC managed) instead of requiring the user to select the Firmware Update Policy. The menu also displays the "Minimum Code Level Supported" value.

Capacity On Demand (COD) was enhanced to allow concurrent use of Utility COD and On/Off COD. Previously, these types of COD could not be used together.

System firmware changes that affect all systems

A security problem was fixed to prevent a denial of service attach in the service processor Domain Name System (DNS) protocols server. The Common Vulnerabilities and Exposures issue number is CVE-2013-4854.

A problem was fixed on the service processor Lightweight Directory Access Protocol (LDAP) client so that it accepts "domain\userid" formatted names for authentications.

A problem was fixed for the service processor Common Information Model (CIM) Provider that caused intermittent SRC B181EF88 for core dumps from the Small Footprint CIM Broker (SFCB) for memory allocation errors.

A problem was fixed to restart the Lighttpd web server on Chassis Management Module (CMM) certificate changes so that Advanced System Management Interface (ASMI) access is not lost.

A problem was fixed that logged an incorrect call home B7006956 NVRAM error during a power off of the system. This error log indicates that the NVRAM of the system is in error and will be cleared on the next IPL of the system. However, there is no NVRAM error and the error log was created because a reset/reload of the service processor occurred during the power off.

Help text for the Advanced System Management Interface (ASMI) "System Configuration/Hardware Deconfiguration/Clear All Deconfiguration Errors" menu option was enhanced to clarify that when selecting "Hardware Resources" value of "All hardware resources", the service processor deconfiguration data is not cleared. The "Service processor" must be explicitly selected for that to be cleared.

A problem was fixed that prevented guard error logs from being reported for FRUs that were guarded during the system power on. This could happen if the same FRU had been previously reported as guarded on a different power on of the system. The requirement is now met that guarded FRUs are logged on every power on of the system.

A problem was fixed for the Advanced System Management Interface (ASMI) "Login Profile/Change Password" menu where ASMI would fail with "Console Internal Error, status code 500" displayed on the web browser when an incorrect current password was entered.

A problem was fixed for the Advanced System Management Interface (ASMI) "System Information/Firmware Maintenance History" menu option on the service processor to display the firmware maintenance history instead of the message "No code update history log was found"

A problem was fixed where the IPMI Serial Over Lan (SOL) connection was disconnecting and reconnecting during a compute node OS power cycle. By incrementing the SOL session sequence numbers while the OS is down, the SOL is kept alive until power is restored to the OS.

A problem was fixed for a Live Partition Mobility (LPM) suspend and transfer of a partition that caused the time of day to skip ahead to an incorrect value on the target system. The problem only occurred when a suspended partition was migrated to a target compute node that had a hypervisor time that was later than the source compute node.

A problem was fixed for Live Partition Mobility (LPM) where a 2x performance decrease occurs during the resume phase of the migration when migrating from a system with 780 firmware back to a system with a pre-780 level of firmware.

A security problem was fixed for the Network Time Protocol (NTP) service that allows a NTP server to overwhelm the compute node with UDP traffic in a Distributed Denial of Service (DDoS) attack. The Common Vulnerabilities and Exposures issue number is CVE-2013-5211 for this problem.

A problem was corrected that resulted in B7005300 error logs.

A security problem was fixed in the service processor TCP/IP stack to discard illegal TCP/IP packets that have the SYN and FIN flags set at the same time. An explicit packet discard was needed to prevent further processing of the packet that could result in an bypass of the iptables firewall rules.

System firmware changes that affect certain systems

On systems running AIX or linux, a hang in a Live Partition Mobility (LPM) migration for remote restart-capable partitions was fixed by adding a time-out for the required paging space to become available. If after five minutes the required paging space is not available, the start migration command returns a error code of 0x40000042 (PagingSpaceNotReady) to the management console.

On systems with a management console and service processors configured with Internet Protocol version 6 (IPv6) addresses, a problem was fixed that prevented the management console from discovering the service processor. The Service Location Protocol (SLP) on the service processor was not being enabled for IPv6, so it was unable to respond to IPv6 queries.

On a system with a disk device with multiple boot partitions, a problem was fixed that caused System Management Services (SMS) to list only one boot partition. Even though only one boot partition was listed in SMS, the AIX bootlist command could still be used to boot from any boot partition.

On a system with a VIOS boot device, a problem was fixed for an intermittent boot failure for a IBM i partition with SRC B2003110. When this error occurs, there is a one minute delay and retry of the IPL which resolves the problem without user intervention.

On a system with sixteen or more logical partitions with selective memory mirroring, a problem was fixed for a memory relocation error during mirrored memory defragmentation that caused a hang or a failure.

A problem was fixed for Live Partition Mobility (LPM) migrations from Power7+ compute nodes that use the nest accelerator (NX) for compression and encryption usage that caused the migrated partition to revert to software compression instead of using the NX hardware. Some operating system negotiated functions may not operate correctly and could impact performance. This problem does not affect the 7895-22X, 7895-42X, or 1457-7FL compute nodes that use the Power7 processor.

AF773_058 / FW773.13

07/02/2014

Impact:  HIPER/Pervasive


System firmware changes that affect all systems

- HIPER /Pervasive A security problem was fixed in the OpenSSL (Secure Socket Layer) protocol that allowed clients and servers, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between the management console and the service processor. The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-0224.

- HIPER /Pervasive A security problem was fixed in OpenSSL for a buffer overflow in the Datagram Transport Layer Security (DTLS) when handling invalid DTLS packet fragments. This could be used to execute arbitrary code on the service processor. The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-0195.

- HIPER /Pervasive Multiple security problems were fixed in the way that OpenSSL handled read and write buffers when the SSL_MODE_RELEASE_BUFFERS mode was enabled to prevent denial of service. These could cause the service processor to reset or unexpectedly drop connections to the management console when processing certain SSL commands. The Common Vulnerabilities and Exposures issue numbers for these problems are CVE-2010-5298 and CVE-2014-0198.

- HIPER /Pervasive A security problem was fixed in OpenSSL to prevent a denial of service when handling certain Datagram Transport Layer Security (DTLS) ServerHello requests. A specially crafted DTLS handshake packet could cause the service processor to reset. The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-0221.

- HIPER /Pervasive A security problem was fixed in OpenSSL to prevent a denial of service by using an exploit of a null pointer de-reference during anonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially crafted handshake packet could cause the service processor to reset. The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-3470.

AF773_056 / FW773.12

06/05/2014

Impact:  HIPER/Pervasive


New features and functions

- Support was added for higher speed processors of 4.1 GHz in the IBM Flex System p460 compute node (7895-43X).

System firmware changes that affect all systems

- HIPER/Pervasive A firmware code update problem was fixed that caused the Flex System Manager (FSM) to go to "Incomplete State" for the system with SRC E302F880 when assignment of a partition universal unique identifier (UUID) failed for a partition that was already running. This problem happens for disruptive code updates from AF773 firmware levels (GA4) to AF783 (GA5) or later levels.

AF773_054 / FW773.11

04/23/2014

Impact:  HIPER/Pervasive


Republished for metadata changes ONLY on 05/09/2014. There are NO CHANGES to the package binaries.

System firmware changes that affect all systems

- A security problem was fixed for the Lighttpd web server that allowed arbitrary SQL commands to be run on the service processor of the compute node. The Common Vulnerabilities and Exposures issue number is CVE-2014-2323.

- A security problem was fixed for the Lighttpd web server where improperly-structured URLs could be used to view arbitrary files on the service processor of the compute node. The Common Vulnerabilities and Exposures issue number is CVE-2014-2324.

- HIPER /Pervasive A security problem was fixed in the OpenSSL Montgomery ladder implementation for the ECDSA (Elliptic Curve Digital Signature Algorithm) to protect sensitive information from being obtained with a flush and reload cache side-channel attack to recover ECDSA nonces from the service processor. The Common Vulnerabilities and Exposures issue number is CVE-2014-0076. The stolen ECDSA nonces could be used to decrypt the SSL sessions and compromise the Flex System Manager (FSM) access password to the service processor. Therefore, the FSM access password for the compute node should be changed after applying this fix.

- HIPER /Pervasive A security problem was fixed in the OpenSSL Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) to not allow Heartbeat Extension packets to trigger a buffer over-read to steal private keys for the encrypted sessions on the service processor. The Common Vulnerabilities and Exposures issue number is CVE-2014-0160 and it is also known as the heartbleed vulnerability. The stolen private keys could be used to decrypt the SSL sessions and and compromise the Flex System Manager (FSM) access password to the service processor. Therefore, the FSM access password for the compute node should be changed after applying this fix.

AF773_051 / FW773.10

12/06/2013

Impact:  Available


New features and functions in system firmware AF773_051

- Support was added to upgrade the service processor to openssl version 1.0.1 and for compliance to National Institute of Standards and Technologies (NIST) Special Publications 800-131a. SP800-131a compliance required the use of stronger cryptographic keys and more robust cryptographic algorithms.

- Support was added to the Advanced System Management Interface (ASMI) to provide a menu for "Memory Low Power State Control" to enable or disable the custom memory buffer low power mode. If set to disabled, it disables low power mode (a power-saving feature) to speed memory and improve performance for some workloads.

- IBM Flex System Chassis Management Module (CMM) provisioning support was enhanced to provide Transport Layer Security (TLS) version 1.2 mode to the service processor on the compute node.

System firmware changes that affect all systems

- A problem was fixed that caused the IBM Flex System Chassis Management Module (CMM) to display the wrong firmware level after a service processor side switch from permanent to temporary (or temporary to permanent). The CMM showed the firmware level of the previous side instead of the new side using the "info -T blade[x]" command.

- A problem was fixed that caused the IBM Flex System Chassis Management Module (CMM) to issue an event log with message "Node xx VPD was changed" every time the service processor was reset even though there was no VPD change for the compute node.

- A problem was fixed that occurred when the IBM Flex System Chassis Management Module (CMM) throttled the power on the compute node and caused the service processor to reset with a SRC B181D50E logged. The power throttle process on the service processor was leaking memory and eventually caused the reset on an out of memory condition.

- A problem was fixed that occurred when the IBM Flex System Chassis Management Module (CMM) failed over from the primary CMM to standby CMM or when the FSP IP is changed. This caused the service processor to reset and SRC B181D50E to be logged. The Small-Footprint CIM Broker Daemon (SFCBD) process on the service processor was leaking memory and eventually caused the reset on an out of memory condition.

- A problem was fixed that caused an SRC B1818611 error log entry and a CIMPSRV core dump. A proper lockout mechanism was not being used when two process threads both accessed the network configuration (NCFG) object at the same time.

- For the sequence of a reboot of a system partition followed immediately by a power off of the partition, a problem was fixed where the hypervisor virtual service processor (VSP) incorrectly retained locks for the powered off partition, causing the power compute node to go into recovery state during the next power on attempt.

- A problem was fixed that caused a SRC B7006A72 calling out the adapter and the I/O Planar.

- A problem during a dynamic logical partitioning (DLPAR) memory operation was fixed that caused BA250020 SRCs to be logged unnecessarily for the AIX partition. There were no memory errors for the partition.

- A problem was fixed that prevented a HMC-managed system from being converted to manufacturing default configuration (MDC) mode when the management console command "lpcfgop -m -o clear" failed to create the default partition. The management console went to the incomplete state for this error.

- A problem was fixed that caused the slot index to be missing for virtual slot number 0 for the dynamic reconfiguration connector (DRC) name for virtual devices. This error was visible from the management console when using commands such as "lshwres -r virtualio --rsubtype slot -m machine" to show the hardware resources for virtual devices.

- A problem was fixed that prevented the IBM Flex System Chassis Management Module (CMM) compute node error state from being cleared when the System Information Indicator was turned off by using the Advanced System Management Interface (ASMI) on the service processor for the compute node, the CMM, or the IBM Flex System Manager (FSM).

- A problem was fixed during resource dump processing that caused a read of an invalid system memory address and a SRC B181C141. The invalid memory reference resulted from the service processor incorrectly referencing memory that had been relocated by the hypervisor.

- A problem was fixed that prevented the Flex System Manager (FSM) management console from turning on a compute node fault indicator LED when a fault occurred. The fault LED was reported correctly by the Advanced System Management Interface (ASMI) and the IBM Flex System Chassis Management Module (CMM).

- DEFERRED A problem was fixed that caused a system checkstop with SRC B113E504 for a recoverable hardware fault. This deferred fix addresses a problem that has a very low probability of occurrence. As such customers may wait for the next planned service window to activate the deferred fix via a system reboot.

System firmware changes that affect certain systems

- On systems involved in a series of consecutive logical partition migration (LPM) operations, a memory leak problem was fixed in the run time abstraction service (RTAS) that caused a partition run time AIX crash with SRC 0c20. Other possible symptoms include error logs with SRC BA330002 (RTAS memory allocation failure).

- On Power7+ compute nodes, a problem was fixed that caused the L3 cache size to display as 4MB instead of 10MB on the IBM Flex System Chassis Management Module (CMM).

AF773_036 / FW773.02

07/18/2014

Impact:  HIPER/Pervasive


System firmware changes that affect all systems

HIPER /Pervasive A security problem was fixed in the OpenSSL (Secure Socket Layer) protocol that allowed clients and servers, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between the management console and the service processor. The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-0224.

HIPER /Pervasive A security problem was fixed in OpenSSL for a buffer overflow in the Datagram Transport Layer Security (DTLS) when handling invalid DTLS packet fragments. This could be used to execute arbitrary code on the service processor. The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-0195.

HIPER /Pervasive Multiple security problems were fixed in the way that OpenSSL handled read and write buffers when the SSL_MODE_RELEASE_BUFFERS mode was enabled to prevent denial of service. These could cause the service processor to reset or unexpectedly drop connections to the management console when processing certain SSL commands. The Common Vulnerabilities and Exposures issue numbers for these problems are CVE-2010-5298 and CVE-2014-0198.

HIPER /Pervasive A security problem was fixed in OpenSSL to prevent a denial of service when handling certain Datagram Transport Layer Security (DTLS) ServerHello requests. A specially crafted DTLS handshake packet could cause the service processor to reset. The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-0221.

HIPER /Pervasive A security problem was fixed in OpenSSL to prevent a denial of service by using an exploit of a null pointer de-reference during anonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially crafted handshake packet could cause the service processor to reset. The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-3470.

AF773_035 / FW773.01

05/09/2014

Impact:  HIPER/Pervasive


(AF773_035/FW773.01 was shipped after FW773.11 for those customers that needed the following critical fixes, but were unable to move up to FW773.11. This content is listed here for consistency.)

System firmware changes that affect all systems

- A security problem was fixed for the Lighttpd web server that allowed arbitrary SQL commands to be run on the service processor of the compute node. The Common Vulnerabilities and Exposures issue number is CVE-2014-2323.

- A security problem was fixed for the Lighttpd web server where improperly-structured URLs could be used to view arbitrary files on the service processor of the compute node. The Common Vulnerabilities and Exposures issue number is CVE-2014-2324.

- HIPER /Pervasive A security problem was fixed in the OpenSSL Montgomery ladder implementation for the ECDSA (Elliptic Curve Digital Signature Algorithm) to protect sensitive information from being obtained with a flush and reload cache side-channel attack to recover ECDSA nonces from the service processor. The Common Vulnerabilities and Exposures issue number is CVE-2014-0076. The stolen ECDSA nonces could be used to decrypt the SSL sessions and compromise the Flex System Manager (FSM) access password to the service processor. Therefore, the FSM access password for the compute node should be changed after applying this fix.

- HIPER /Pervasive A security problem was fixed in the OpenSSL Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) to not allow Heartbeat Extension packets to trigger a buffer over-read to steal private keys for the encrypted sessions on the service processor. The Common Vulnerabilities and Exposures issue number is CVE-2014-0160 and it is also known as the heartbleed vulnerability. The stolen private keys could be used to decrypt the SSL sessions and and compromise the Flex System Manager (FSM) access password to the service processor. Therefore, the FSM access password for the compute node should be changed after applying this fix.

AF773_033 / FW773.00

09/10/2013

10/15/2013 - re-released for readme updates ONLY - no change to binaries

Impact:  New


New features and functions in system firmware AF773_033

- Support for the P7+ Flex System p270 compute node (DCM 2-socket compute node) with MTM 7954-24X.

- Support for the P7+ Flex System p260 compute node (SCM 2-socket compute node) with MTM 7895-23A for IBMi only.

- Support for the P7+ Flex System p460 compute node (SCM 4-socket compute node) with MTM 7895-43X.

- Support for the IBM Flex System CN4058 8-port 10Gb converged network adapter (CNA) mezzanine expansion card with feature code (F/C) EC24 for Power System compute nodes that support 10 Gb ethernet and Fibre Channel over Ethernet (FCoE).

- Support for the IBM Flex System FC5054 4-port 16Gb fibre channel adapter with feature code (F/C) EC2E. This adapter features a dual-ASIC (FC5054) controller using the Emulex XE201 design, which allows for logical partitioning on Flex Power Systems compute nodes.

- Support for the IBM Flex System Dual VIOS adapter for the p270 compute node (7954-24X) with feature code (F/C) EC2F. This adapter provides a second integrated SAS controller enabling dual VIOS support with two internal disks.

- Support for the IBM Flex System FC5052 2-port 16Gb fibre channel adapter with feature code (F/C) EC23. This adapter features a 2-port 16 Gb Fibre Channel adapter with a single-ASIC controller using the Emulex XE201 design.

- Support for the IBM Flex System compute nodes by the Hardware Management Console (HMC). Note that the HMC does not provide any Flex System chassis management capabilities.

- Support for the IBM Flex System compute nodes by the Integrated Virtualization Manager (IVM). This provides an option for very basic system partition management for customers who do not want to purchase a Flexible System Management (FSM) or Hardware Management Console (HMC) appliance for system management.

- Support for network enhancements between the IBM Flex System and the service processor.
1. Support for network configuration options for default values and DHCP configurations were added.
2. Support added for LDAP active directory forest.
3. Support added for password change/expiration support through LDAP that enable users to change password on LDAP servers.
4. Support added for LDAP DNS so that LDAP servers can be located from the DNS server instead of passing IP addresses to find the LDAP servers.
5. Support added for local authorization for LDAP on the service processor in addition to the already supported remote authorization.
6. Support added for service processor Advanced System Management Interface (ASMI) to open directly from the Flex System CMM.

- Support for Flex System LDAP configuration authentication-only mode (AOM) on the service processor.

- Support for Flexible System Manager (FSM) increase in capacity to handle eight Flex system chassis for up to 112 compute nodes.

- Support for Flexible System Manager (FSM) increase in capacity to handle up to 4096 managed system partitions running on the Flex System compute nodes.

System firmware changes that affect all systems

- Support was dropped for Secured Socket Layer (SSL) Version 2 and SSL weak and medium cipher suites in the service processor web server (Ligthttpd). Unsupported web browser connections to the Advanced System Management Interface (ASMI) secured port 443 (using https://) will now be rejected if those browsers do not support SSL version 3. Supported web browsers for Power7 ASMI are Netscape (version 9.0.0.4), Microsoft Internet Explorer (version 7.0), Mozilla Firefox (version 2.0.0.11), and Opera (version 9.24).

- A problem was fixed that prevented the Advanced Management Module (AMM) and Chassis Management Module (CMM) from displaying the blade's gateway IP address when DHCP is enabled.

- A problem was fixed that caused the hypervisor to fail to read the backplane VPD. When this problem occurs, the compute node will not boot.

- A problem was fixed that caused SRC B1813221, which indicates a failure of the battery on the compute node, to be erroneously logged after a service processor reset or power cycle.

- A problem was fixed that caused a service processor dump to be generated with SRC B18187DA "NETC_RECV_ER" logged.

- A problem was fixed that caused a L2 cache error to not guard out the faulty processor, allowing the system to checkstop again on an error to the same faulty processor.

- A problem was fixed that caused a HMC code update failure for the FSP on the accept operation with SRC B1811402 or FSP is unable to boot on the updated side.

- A problem was fixed that caused the system information LED to be lit without a corresponding SRC and error log for the event. This problem typically occurs when an operating system on a partition terminates abnormally.

- A problem was fixed that may cause inaccurate processor utilization reporting.

- A problem was fixed that caused a migrated partition to reboot during transfer to a VIOS 2.2.2.0, and later, target system. A manual reboot would be required if transferred to a target system running an earlier VIOS release. Migration recovery may also be necessary.

- A problem was fixed that caused an error log generated by the partition firmware to show conflicting firmware levels. This problem occurs after a firmware update or a logical partition migration (LPM) operation on the system.

System firmware changes that affect certain systems

- A problem was fixed that was caused by an attempt to modify a virtual adapter from the management console command line when the command specifies it is an Ethernet adapter, but the virtual ID specified is for an adapter type other than Ethernet. The managed system has to be rebooted to restore communications with the management console when this problem occurs; SRC B7000602 is also logged.

- On a P7 system, a problem was fixed that caused a system checkstop during hypervisor time keeping services. This deferred fix addresses a problem that has a very low probability of occurrence. As such customers may wait for the next planned service window to activate the deferred fix via a system reboot.

- A problem was fixed in the run-time abstraction services (RTAS) extended error handling (EEH) for fundamental reset that caused partitions to crash during adapter updates. The fundamental reset of adapters now returns a valid return code. The adapter drivers using fundamental reset affected by this fix are the following-- QLogic PCIe Fibre Channel adapters (combo card), IBM PCIe Obsidian, Emulex BE3-based ethernet adapters, Broadcom-based PCIe2 4-port 1Gb ethernet, Broadcom-based FlexSystem EN2024 4-port 1Gb ethernet for compute nodes

- On a compute node, a problem was fixed that caused a Flexible Service Processor (FSP) dump with SRC B1818A0F when the Dynamic Host Control Protocol (DHCP) server failed to respond with a valid IPV4 address. For this scenario, the FSP network configuration will now issue an informational error log for DHCP and continue with the previously known IP address if possible.

- On a compute node, a problem was fixed that caused SRCs B1818601, B1818611, and B181F12C to be logged with the chassis fans speeding up to the maximum fan speed. A race condition was found in the Common Information Model (CIM) process when it was changing IP addresses on the compute node that caused CIM pointer corruption and the associated errors.

- On a compute node, a problem was fixed that caused a virtual session (Vtty) to fail to a partition with the message 'Unable to open virtual serial connection - lock failed".

- On a compute node, a problem was fixed that caused the compute node to log SRC B1768BBF when resetting the network adapters to factory configuration using the Advanced System Manager Interface (ASMI).

- On a compute node, a problem was fixed to stop frequent Secure Socket Layer (SSL) certificate provisioning from the Flex System Chassis Management Module (CMM) in the case of a DHCP server not responding. If the DHCP server is unresponsive, the previously received DHCP IP address is used by the compute node without further certificate provisioning.

- On a compute node, a problem was fixed where the Flexible Service Manager (FSM) could not establish communications to the Flexible Service Processor (FSP) due to a FSP process deadlock condition. The deadlock error also caused dumps on the FSP anytime the FSM tried to connect to the FSP.

- On a compute node, a problem was fixed for Flex System Chassis Management Module (CMM) failovers causing the Flexible Service Processor (FSP) to log SRC B181D50E for an out of memory condition for threads.

- On a compute node, a problem was fixed where "VPD has changed" messages were not sent to the Flex System Chassis Management Module (CMM) for mezzanine I/O card updates, resulting in old firmware levels being displayed on the CMM for the cards.

- On Power7+ systems, a problem was fixed that caused a system checkstop during hypervisor time keeping services.

- On a compute node, a problem was fixed that caused the Common Information Model (CIM) server to core dump and have a long restart time when loading new Secure Socket Layer (SSL) certificates provided by the Flex System Chassis Management Module (CMM). This fix allows faster changes in the network configuration of the compute node and facilitates faster node discovery by the Flexible System Manager (FSM).

- A problem was fixed that can cause Anchor (VPD) card corruption and A70047xx SRCs to be logged. Note-- If a serviceable event with SRC A7004715 is present or was logged previously, damage to the VPD card may have occurred. After the fix is applied, replacement of the Anchor VPD card is recommended in order to restored full redundancy.

AF763_052 / FW763.10

05/01/2013

Impact:  Available.

System firmware changes that affect all systems
- A problem was fixed that caused a warning message indicating "VPD is not available" to be erroneously logged in the Chassis Management Module (CMM) after the concurrent firmware update of a compute node from the Flex System Manager (FSM).
- A problem was fixed that caused the compute node to experience a Flexible Service Processor (FSP) dump with SRC B181EF88 and the CIM status on the security screen on the FSM to be displayed as "No access" when the state was actually "Partial access".

System firmware changes that affect certain systems
- On compute nodes managed by a Flex System Manager (FSM), a problem was fixed that caused a mismatch between the state of the compute node power LED and the status of the power LED displayed on the FSM.
- On systems running AIX or Linux, a problem was fixed that caused a partition to fail to boot with SRC CA260203. This problem also can cause concurrent firmware updates to fail.
- On a partition with the virtual Trusted Platform Module (vTPM) enabled, a problem was fixed that caused errors to occur when the memory assigned to the partition was changed.
- On a system running a Live Partition Mobility (LPM) operation, a problem was fixed that caused the partition to successfully appear on the target system, but hang with a 2005 SRC.
- On a partition with the virtual Trusted Platform Module (vTPM) enabled, a problem was fixed that caused the partition to stop functioning after certain operations. When this problem occurs, the client partition may not power off.
- On systems running more than one instance of VIOS, a problem was fixed that prevented the partition that obtained the IBM Fabric Manager (IFM) lock from performing IFM operations when two VIOS partitions were powered on at the same time.
- On systems managed by a management console, a problem was fixed that caused a partition to become unresponsive when the AIX command "update_flash -s" is run.
- On systems with the 10GbE converged network adapter mezzanine card (F/C EC24) installed, a problem was fixed that caused SRC B146D547 to be erroneously logged.
- On systems running Active Memory Sharing (AMS) partitions, a problem was fixed that may arise due to the incorrect handling of a return code in a error path during the logical partition (LPM) of an AMS partition.
- On systems running Active Memory Sharing (AMS) partitions, a timing problem was fixed that may occur if the system is running Dynamic Platform Optimization (DPO).

AF763_043 / FW763.01

12/05/2012

Impact:  Available.

System firmware changes that affect all systems
- A problem was fixed that can cause fans in the server to run at maximum speed and generate a serviceable event during system boot (B130B8AF, a predictive error with hardware callout), as a result of an incorrect calibration of a particular thermal sensor.

AF763_042 / FW763.00

12/04/2012

Impact:  New.

New Features and Functions in AF763_042:

- Support for 7895-23X and 1457-7F2
- 16GB Fibre Channel mezzanine card, feature code EC23
- 2-port 10GB RDMA - RoCE adapter, feature code EC26
- 32GB DIMM, feature code EEMA


4.0 How to Determine Currently Installed Firmware Level

You can view the server's current firmware level on the Advanced System Management Interface (ASMI) Welcome pane. It appears in the top right corner.
Example: AF783_021

5.0 Downloading the Firmware Package

Follow the instructions on Fix Central. You must read and agree to the license agreement to obtain the firmware packages.

Note: If your FSM is not internet-connected you will need to download the new firmware level to a CD-ROM or ftp server.


6.0 Installing the Firmware

The method used to install new firmware will depend on the release level of firmware which is currently installed on your server. The release level can be determined by the prefix of the new firmware's filename.

Example: AFXXX_YYY_ZZZ

Where XXX = release level

  • If the release level will stay the same (Example: Level AF743_075_075 is currently installed and you are attempting to install level AF743_081_075) this is considered an update.
  • If the release level will change (Example: Level AF743_081_075 is currently installed and you are attempting to install level AF743_096_096) this is considered an upgrade.
Instructions for installing firmware updates and upgrades can be found at:
http://publib.boulder.ibm.com/infocenter/flexsys/information/index.jsp?topic=%2Fcom.ibm.acc.8731.doc%2Fupdating_firmware_and_software.html

See also:
http://publib.boulder.ibm.com/infocenter/flexsys/information/index.jsp?topic=%2Fcom.ibm.acc.7895.doc%2Fupdating_firmware.html




Content navigation