Power6 Entry Systems Firmware
Applies to: 8204-E8A, 8203-E4A, 8261-E4S, 9407-M15,
9408-M25
and 9409-M50
This document provides information about the installation of
Licensed
Machine or Licensed Internal Code, which is sometimes referred to
generically
as microcode or firmware.
Contents
READ ME FIRST
IBM
has identified a PowerVM issue in this service pack with dedicated
processor partitions running IBM i. Customers using IBM i partitions
and performing processor DLPAR or switching SMT modes in dedicated
processor IBM i partitions should not install this service pack.
1.0 Systems Affected
This package provides firmware for System p 550 (8204-E8A), System p
520
(8203-E4A), 8261-E4S, System i 550 (8204-E8A), System i 520
(8203-E4A), System i 515 (9407-M15), System i 525 (9408-M25),
System i 550 (9409-M50), Power 520 and Power 550 servers
only.
The firmware level in this package is:
This level of firmware is required on systems not managed by an HMC.
1.1 Minimum HMC Code Level
This section is intended to describe the "Minimum HMC Code Level"
required by the System Firmware to complete the firmware installation
process. When installing the System Firmware, the HMC level must be
equal to or higher than the "Minimum HMC Code Level" before starting
the system firmware update. If the HMC managing the server
targeted for the System Firmware update is running a code level lower
than the "Minimum HMC
Code Level" the firmware update will not proceed.
Note:
Due to security
enhancements and their impact on the ability to use ASM at older HMC
levels, the Minimum and Recommended HMC Code level for this firmware is
listed below:
HMC V7
R7.9.0
Service Pack 3
(PTF MH01546) with fix
(PTF MH01597) or higher
is
recommended.
Important: To prevent
vulnerability to security issues, the HMC
should be updated to the above recommended level, prior to
installing this server firmware
level.
For specific fix level information on key components of IBM
Power
Systems running the AIX, IBM i and Linux operating systems, we suggest
using the Fix Level Recommendation Tool (FLRT):
http://www14.software.ibm.com/webapp/set2/flrt/home
For information concerning HMC releases and the latest PTFs,
go
to the following URL to access Fix Central.
http://www-933.ibm.com/support/fixcentral/
NOTE: You must be logged in as hscroot in order for the
firmware
installation to complete correctly.
1.2 Minimum SDMC Code
Level
This section is intended to describe the "Minimum Systems Director
Management Console (SDMC) Code Level"
required by the System Firmware to complete the firmware installation
process. When installing the System Firmware, the SDMC level must be
equal to or higher than the "Minimum SDMC Code Level" before starting
the system firmware update. If the SDMC managing the server
targeted for the System Firmware update is running a code level lower
than the "Minimum SDMC
Code Level" the firmware update will not proceed.
The Minimum SDMC Code level for
this firmware is: SDMC V6
R7.3.0 with Mandatory PTF MF53082.
Although the Minimum SDMC Code level for this firmware is listed
above, SDMC level V6 R7.3.0 with PTF MF55966
(SDMC_Update_6.730.3/Service Pack 3), or
higher is
suggested for
this
firmware level.
For information concerning SDMC releases and the latest PTFs,
go
to the following URL to access Fix Central:
http://www-933.ibm.com/support/fixcentral/
For specific fix level
information on key components of IBM
Power Systems running the AIX, IBM i and Linux operating systems, we
suggest using the Fix Level Recommendation Tool (FLRT):
http://www14.software.ibm.com/webapp/set2/flrt/home
2.0 Cautions
and Important
Information
2.1 Cautions
Downgrading firmware from any
given release level to an earlier release level is not recommended.
If you feel that it is
necessary to downgrade the firmware on
your system to an earlier release level, please contact your next level
of support.
This level of firmware is required on systems not managed by an HMC
or SDMC
For model 8203-E4A, 8261-E4S, 9407-M15, 9408-M25 systems, and 8204-E8A,
9409-M50 systems, that are not managed by an HMC, this is the required
level of EL350 firmware. This level contains a fix for the system
ports (integrated serial ports) that are not functional in
EL350_038.
ASCII terminals, modems, and the call home function are functional in
this
level.
Upgrading from EL320_031 to EL350_xxx
For 8204-E8A systems only: If your current level of firmware is
EL320_031 you must install any higher level of EL320 before upgrading
your
firmware to this level.
Service Processor flash memory errors (8204-E8A and 9409-M50
systems
running EL320_093 and earlier, or EL340_101 and
earlier only)
IBM strongly recommends updating to System Firmware level EL350_039 or
later as this firmware provides improved reliability to the 8204-E8A
and
9409-M50 servers. One enhancement prevents accumulation of single bit
errors
in the memory used to store System Firmware by periodically correcting
single bit errors automatically. If a significant number of such errors
were to accumulate, the server may not boot successfully after main
power
is lost or removed. We strongly recommend customers update both the
Temporary
and Permanent copies of System Firmware when performing this upgrade.
Updating
both the Temporary and Permanent copies allows both memory areas to be
corrected. It is critical the System Firmware update uses one of the
two
methods listed below. Updating System Firmware from the operating
system
may not correct all existing single bit errors.
Note: Do not remove main power from the server before updating the
System
Firmware.
For servers that are not managed by an HMC or SDMC
Update the System Firmware using a USB flash drive. This method will
update both the Temporary and Permanent copies of the System Firmware.
For instructions on this method of install, please use the following
link:
http://publib.boulder.ibm.com/infocenter/systems/scope/hw/index.jsp?topic=/ipha5/fix_firm_usb.htm
For servers that are HMC-managed
Note: A normal accept
operation to copy the Temporary side
contents to the Permanent side cannot be used in place of these
instructions. The update must be done using the following method
(or its command line equivalent).
IMPORTANT: Note that even if the update you are installing is
categorized as being concurrent, use of the Advanced Features option
will power off the system during this procedure.
If you are installing an update to a level within the same release (ex.
340_xxx to 340_yyy)
1) Power off the managed system.
2) Using the HMC GUI interface, click on "Updates" in the navigation
(left-hand) pane. Click in the
checkbox beside the Managed System.
a) Click on "Change Licensed Internal Code for the current release".
b) Select "Start Change Licensed Internal Code wizard" and click "OK"
c) After clicking "OK" on the readiness check panel, select the
repository where the firmware files
can be found and click "OK".
d) Click on "Next" to step through the wizard panels. Accept the
license agreement when it is
displayed, and then click "Finish" to start the update.
f) When the update completes, click on "Change Licensed Internal Code
for the current release"
g) Select "Advanced Features" and click "OK".
h) Select "Install and Activate" and click "OK".
i) After clicking "OK" on the readiness check panel, select the
repository where the firmware files
can be found and click "OK".
j) Select "Specific Levels" and click "OK".
k) Select the managed system, then select "Change Levels".
l) Select the same level chosen in step c and click "OK" and then
click "OK" again on the next panel.
m) On the "Select Installation Type" panel, ensure that the "Disruptive
install and activate" radio button is selected and click "OK".
n) Accept the license agreement when it is displayed, and then click
"OK " in the confirmation panels to start the update.
o) When the process completes, the Managed System may be powered on.
If you are installing an upgrade to a new release (ex 320_xxx to 340 or
350_xxx)
1) Power off the Managed System
2) Using the HMC GUI interface, click on "Updates" in the navigation
(left-hand) pane. Click in the
checkbox beside the Managed System.
a) Click on "Change Licensed Internal Code to a new release".
b) After clicking "OK" on the readiness check panel, select the
repository where the firmware files
can be found and click "OK". Select the new firmware level from
the selection panel displayed and click "OK".
c) Accept the license agreement and click on "OK" in the confirmation
panels to start the upgrade.
f) When the upgrade completes, both the Activate and Accepted levels
will reflect the level just installed. To effect a complete overwrite
of both sides of the Service Processor, you must continue with this
procedure.
g) Click on " Change Licensed Internal Code for the current release".
h) Select "Advanced Features" and click "OK".
i) Select "Install and Activate" and click "OK".
j) After clicking "OK" on the readiness check panel, select the
repository where the firmware files
can be found and click "OK".
k) Select "Specific Levels" and click "OK".
l) Select the managed system, then select "Change Levels".
m) Select the same level chosen in step b and click "OK" and then
click "OK" again.
n) On the "Select Installation Type" panel, ensure that the "Disruptive
install and activate" radio button is selected and click "OK".
o) Accept the license agreement when it is displayed, and then click
"OK " twice to confirm the action.
p) When the process completes, the Managed System may be powered on.
2.2 Important Information
HMC Notice: Please see section "1.1 Minimum HMC Code Level"
for import information on accessing the Advanced System Manager (ASM) from
HMCs at older levels.
IPv6 Support and Limitations
IPv6 (Internet Protocol version 6) is supported in the System
Management
Services (SMS) in this level of system firmware. There are several
limitations
that should be considered.
When configuring a network interface card (NIC) for remote IPL, only
the most recently configured protocol (IPv4 or IPv6) is retained. For
example,
if the network interface card was previously configured with IPv4
information
and is now being configured with IPv6 information, the IPv4
configuration
information is discarded.
A single network interface card may only be chosen once for the boot
device list. In other words, the interface cannot be configured for the
IPv6 protocol and for the IPv4 protocol at the same time.
Concurrent Firmware Updates
Concurrent system firmware update is only supported on HMC or SDMC -
Managed
Systems
only.
Memory Considerations for Firmware Upgrades
The increase in memory used by the firmware is due to the additional
functionality
in later firmware releases.
3.0 Firmware
Information
and Description
Use the following examples as a reference to determine whether your
installation
will be concurrent or disruptive.
For systems that are not managed by an HMC or SDMC, the installation
of
system
firmware is always disruptive.
Note: The concurrent levels
of system firmware may, on occasion,
contain
fixes that are known as Deferred and/or Partition-Deferred. Deferred
fixes can be installed
concurrently, but will not be activated until the next IPL.
Partition-Deferred fixes can be installed concurrently, but will not be
activated until a partition reactivate is performed. Deferred
and/or Partition-Deferred
fixes,
if any, will be identified in the "Firmware Update Descriptions" table
of this document. For these types of fixes (Deferred and/or
Partition-Deferred) within a service pack, only the
fixes
in the service pack which cannot be concurrently activated are
deferred.
Note: The file names and service pack levels used in the
following
examples are for clarification only, and are not
necessarily levels that have been, or will be released.
System firmware file naming convention:
01ELXXX_YYY_ZZZ
- XXX is the release level
- YYY is the service pack level
- ZZZ is the last disruptive service pack level
NOTE: Values of service pack and last disruptive service pack
level
(YYY and ZZZ) are only unique within a release level (XXX). For
example,
01EL320_067_045 and 01EL340_067_053 are different service
packs.
An installation is disruptive if:
- The release levels (XXX) are different.
Example: Currently installed release is EL320, new release is EL340
- The service pack level (YYY) and the last disruptive
service
pack level (ZZZ) are the same.
Example: EL320_120_120 is disruptive, no matter what level of EL320 is
currently
installed on the system
- The service pack level (YYY) currently installed on the
system
is
lower than the last disruptive service pack level (ZZZ) of the service
pack to be installed.
Example: Currently installed service pack is EL320_120_120 and
new service pack is EL320_152_130
An installation is concurrent if:
The release level (XXX) is the same, and
The service pack level (YYY) currently installed on the system
is the same or higher than the last disruptive service pack level (ZZZ)
of the service pack to be installed.
Example: Currently installed service pack is EL320_126_120,
new service pack is EL320_143_120.
Firmware Information and Update Description
For information about previous firmware release levels, see Section
7.0 Firmware History.
Filename |
Size |
Checksum |
01EL350_171_038.rpm |
25437819
|
11517 |
Note: The Checksum can be found by running the AIX sum command against the rpm file
(only the first 5 digits are listed).
ie: sum 01EL350_171_038.rpm
EL350
For Impact, Severity and other Firmware definitions, Please
refer to the below 'Glossary of firmware terms' url:
http://www14.software.ibm.com/webapp/set2/sas/f/power5cm/home.html#termdefs
The complete Firmware Fix History for this
Release Level can be
reviewed at the following url:
http://download.boulder.ibm.com/ibmdl/pub/software/server/firmware/EL-Firmware-Hist.html
|
EL350_171_038
02/05/16
|
Impact: Security
Severity: SPE
System firmware changes that affect all
systems
- A problem was fixed for some service processor error logs
not getting reported to the OS partitions as needed. The service
processor was not checking for a successful completion code on the
error log message send, so it was not doing retries of the send to the
OS when that was needed to ensure that the OS received the message.
- For systems with an invalid P-side or T-side in the
firmware, a problem was fixed in the partition firmware Real-Time
Abstraction System (RTAS) so that system Vital Product Data (VPD) is
returned at least from the valid side instead of returning no VPD
data. This allows AIX host commands such as lsmcode, lsvpd,
and lsattr that rely on the VPD data to work to some extent even if
there is one bad code side. Without the fix, all the VPD
data is blocked from the OS until the invalid code side is recovered by
either rejecting the firmware update or attempting to update the system
firmware again.
- A security problem was fixed for an OpenSSL specially
crafted X.509 certificate that could cause the service processor to
reset in a denial-of-service (DOS) attack. The Common
Vulnerabilities and Exposures issue number is CVE-2015-1789.
- A security problem was fixed in OpenSSL where a remote
attacker could cause an infinite loop on the service processor using
malformed Elliptic Curve parameters during the SSL
authentication. This would cause the service processor
performance problems and also prevent new management console
connections from being made. To recover from this attack, a reset
or power cycle of the service processor is needed after scheduling and
completing a normal shutdown of running partitions.. The Common
Vulnerabilities and Exposures issue number is CVE-2015-1788.
- A security problem was fixed in the lighttpd server on the
service processor OpenSSL where a remote attacker, while attempting
authentication, could insert strings into the lighttpd server log
file. Under normal operations on the service processor, this does
not impact anything because the log is disabled by default. The
Common Vulnerabilities and Exposures issue number is CVE-2015-3200.
- A problem was fixed for a Network boot/install failure
using bootp in a network with switches using the Spanning Tree Protocol
(STP). A Network boot/install using lpar_netboot on the
management console was enhanced to allow the number of retries to be
increased. If the user is not using lpar_netboot, the number of
bootp retries can be increased using the SMS menus. If the SMS
menus are not an option, the STP in the switch can be set up to allow
packets to pass through while the switch is learning the network
configuration.
System firmware changes that
affect certain systems
- For non-HMC managed systems in Manufacturing Default
Configuration (MDC) mode with a single host partition, a problem was
fixed for missing dumps of type SYSDUMP. FSPDUMP. LOGDUMP, and RSCDUMP
that were not off-loaded to the host OS. This is an infrequent
error caused by a timing error that causes the dump notification signal
to the host OS to be lost. The missing/pending dumps can be
retrieved by rebooting the host OS partition. The rebooted host
OS will receive new notifications of the dumps that have to be
off-loaded.
- On PowerVM systems with dedicated processor partitions with
low I/O utilization, the dedicated processor partition may become
intermittently unresponsive. The problem can be circumvented by
changing the partition to use shared processors.
|
EL350_166_038
05/14/15
|
Impact: Availability
Severity: SPE
System firmware changes that
affect all systems
- A problem was fixed
with the fspremote service tool to make it support TLSv1.2 connections
to the service processor to be compatible with systems that had been
fixed for the OpenSSL Padding Oracle On Dowgraded Legacy Encryption
(POODLE) vulnerabilities. After the POODLE fix is
installed, by default the system only allows secured connections
from clients using the TLSv1.2 protocol.
- A problem was fixed for a partition deletion error on the
management console with error code 0x4000E002 and message
"...insufficient memory for PHYP". The partition delete operation
has been adjusted to accommodate the temporary increase in memory usage
caused by memory fragmentation, allowing the delete operation to be
successful.
- A problem was fixed for I/O adapters so that BA400002
errors were changed to informational for memory boundary adjustments
made to the size of DMA map-in requests. These DMA size
adjustments were marked as UE previously for a condition that is normal.
- A security problem was fixed in OpenSSL where the service
processor would, under certain conditions, accept Diffie-Hellman client
certificates without the use of a private key, allowing a user to
falsely authenticate. The Common Vulnerabilities and Exposures
issue number is CVE-2015-0205.
- A security problem was fixed in OpenSSL to prevent a denial
of service when handling certain Datagram Transport Layer Security
(DTLS) messages. A specially crafted DTLS message could exhaust
all available memory and cause the service processor to reset.
The Common Vulnerabilities and Exposures issue number is CVE-2015-0206.
- A security problem was fixed in OpenSSL to prevent a denial
of service when handling certain Datagram Transport Layer Security
(DTLS) messages. A specially crafted DTLS message could do an
null pointer de-reference and cause the service processor to
reset. The Common Vulnerabilities and Exposures issue number is
CVE-2014-3571.
- A security problem was fixed in OpenSSL to fix multiple
flaws in the parsing of X.509 certificates. These flaws could be
used to modify an X.509 certificate to produce a certificate with a
different fingerprint without invalidating its signature, and possibly
bypass fingerprint-based blacklisting. The Common Vulnerabilities
and Exposures issue number is CVE-2014-8275.
- A security vulnerability, commonly referred to as GHOST,
was fixed in the service processor glibc functions getbyhostname() and
getbyhostname2() that allowed remote users of the functions to cause a
buffer overflow and execute arbitrary code with the permissions of the
server application. There is no way to exploit this vulnerability
on the service processor but it has been fixed to remove the
vulnerability from the firmware. The Common Vulnerabilities and
Exposures issue number is CVE-2015-0235.
- A security problem was fixed in OpenSSL where a remote
attacker could crash the service processor with malformed Elliptic
Curve private keys. The Common Vulnerabilities and Exposures
issue number is CVE-2015-0209.
- A security problem was fixed in OpenSSL where a remote
attacker could crash the service processor with a specially crafted
X.509 certificate that causes an invalid pointer, out-of-bounds write,
or a null pointer de-reference. The Common Vulnerabilities and
Exposures issue numbers are CVE-2015-0286, CVE-2015-0287, and
CVE-2015-0288.
System firmware changes that
affect certain systems
- On systems that have Active Memory Sharing (AMS)
partitions, a problem was fixed for Dynamic Logical Partitioning
(DLPAR) for a memory remove that leaves a logical memory block (LMB) in
an unusable state until partition reboot.
- On systems with a F/C 5802 or 5877 I/O drawer installed, a
problem was fixed for a hypervisor hang at progress code C7004091
during the IPL or hangs during serviceability tasks to the I/O drawer.
- On systems with partitions using shared processors, a
problem was fixed that could result in latency or timeout issues with
I/O devices.
- A problem was fixed that could result in unpredictable
behavior if a memory UE is encountered while relocating the contents of
a logical memory block during one of these operations:
- Using concurrent maintenance to perform a hot repair of a node.
- Reducing the size of an Active Memory Sharing (AMS) pool.
- A problem was fixed for systems in networks using the
Juniper 1GBe and 10GBe switches (F/Cs #1108, #1145, and #1151) to
prevent network ping errors and boot from network (bootp)
failures. The Address Resolution Protocol (ARP) table information
on the Juniper aggregated switches is not being shared between the
switches and that causes problems for address resolution in certain
network configurations. Therefore, the CEC network stack code has
been enhanced to add three gratuitous ARPs (ARP replies sent without a
request received) before each ping and bootp request to ensure that all
the network switches have the latest network information for the system.
- On systems in IPv6 networks, a problem was fixed for
a network boot/install failing with SRC B2004158 and IP address
resolution failing using neighbor solicitation to the partition
firmware client.
- For systems with a IBM i load source disk attached to an
Emulex-based fibre channel adapter such as F/C #5735, a problem was
fixed that caused an IBM i load source boot to fail with SRC B2006110
logged and a message to the boot console of "SPLIT-MEM Out of
Room". This problem occurred for load source disks that needed
extra disk scans to be found, such as those attached to a port other
than the first port of a fibre channel adapter (first port requires
fewest disk scans).
|
EL350_163_038
01/08/15
|
Impact: Security
Severity: SPE
System firmware changes that
affect all systems
- A security problem
was fixed in the OpenSSL (Secure Socket Layer) protocol that allowed a
man-in -the middle attacker, via a specially crafted fragmented
handshake packet, to force a TLS/SSL server to use TLS 1.0, even if
both the client and server supported newer protocol versions. The
Common Vulnerabilities and Exposures issue number for this problem is
CVE-2014-3511.
- A security problem was fixed in OpenSSL for formatting
fields of security certificates without null-terminating the output
strings. This could be used to disclose portions of the program
memory on the service processor. The Common Vulnerabilities and
Exposures issue number for this problem is CVE-2014-3508.
- Multiple security problems were fixed in the way that
OpenSSL handled Datagram Transport Layer Security (DLTS) packets.
A specially crafted DTLS handshake packet could cause the service
processor to reset. The Common Vulnerabilities and Exposures
issue numbers for these problems are CVE-2014-3505, CVE-2014-3506 and
CVE-2014-3507.
- A security problem was fixed in OpenSSL to prevent a denial
of service when handling certain Datagram Transport Layer Security
(DTLS) ServerHello requests. A specially crafted DTLS handshake
packet with an included Supported EC Point Format extension could cause
the service processor to reset. The Common Vulnerabilities and
Exposures issue number for this problem is CVE-2014-3509.
- A security problem was fixed in OpenSSL to prevent a denial
of service by using an exploit of a null pointer de-reference during
anonymous Diffie Hellman (DH) key exchange. A specially crafted
handshake packet could cause the service processor to reset. The
Common Vulnerabilities and Exposures issue number for this problem is
CVE-2014-3510.
- A security problem was fixed in OpenSSL for memory leaks
that allowed remote attackers to cause a denial of service (out of
memory on the service processor). The Common Vulnerabilities and
Exposures issue numbers are CVE-2014-3513 and CVE-2014-3567.
- A security problem was fixed in OpenSSL for padding-oracle
attacks known as Padding Oracle On Dowgraded Legacy Encryption
(POODLE). This attack allows a man-in-the-middle attacker to
obtain a plain text version of the encrypted session data. The Common
Vulnerabilities and Exposures issue number is CVE-2014-3566. The
service processor POODLE fix is based on a selective disablement of
SSLv3 using the Advanced System Management Interface (ASMI) "System
Configuration/Security Configuration" menu options. The Security
Configuration options of "Disabled", "Default", and "Enabled" for SSLv3
determines the level of protection from POODLE. The management
console also requires a POODLE fix for APAR MB03867(FIX FOR
CVE-2014-3566 FOR HMC V7 R7.7.0 SP4 with PTF MH01482) to eliminate all
vulnerability to POODLE and allow use of option 1 "Disabled" as shown
below:
-1) Disabled: This highest level of security protection does not
allow service processor clients to connect using SSLv3, thereby
eliminating any possibility of a POODLE attack. All clients must
be capable of using TLS to make the secured connections to the service
processor to use this option. This requires the management
console be at a minimum level of HMC V7 R7.7.0 SP4 with POODLE PTF
MH01482.
-2) Default: This medium level of security protection disables
SSLv3 for the web browser sessions to ASMI and for the CIM clients and
assures them of POODLE-free connections. But the legacy
management consoles are allowed to use SSLv3 to connect to the service
processor. This is intended to allow non-POODLE compliant HMC
levels to be able to connect to the CEC servers until they can be
planned and upgraded to the POODLE compliant HMC levels. Running
a non-POODLE compliant HMC to a service processor in "Default"
mode will prevent the ASMI-proxy sessions from the HMC from connecting
as these proxy sessions require SSLv3 support in ASMI.
-3) Enabled: This basic level of security protection enables
SSLv3 for all service processor client connection. It relies on
all clients being at POODLE fix compliant levels to provide full POODLE
protection using the TLS Fallback Signaling Cipher Suite Value
(TLS_FALLBACK_SCSV) to prevent fallback to vulnerable SSLv3
connections. This option is intended for customer sites on
protected internal networks that have a large investment in legacy
hardware that need SSLv3 to make browser and HMC connection to the
service processor. The level of POODLE protection actually
achieved in "Enabled" mode is determined by the percentage of clients
that are at the POODLE fix compliant levels.
|
EL350_159_038
06/25/14
|
Impact: Security
Severity: HIPER
New Features and Functions
- Support was dropped
for Secured Socket Layer (SSL) Version 2 and SSL weak and medium cipher
suites in the service processor web server (Ligthttpd).
Unsupported web browser connections to the Advanced System Management
Interface (ASMI) secured port 443 (using https://) will now be rejected
if those browsers do not support SSL version 3. Supported web
browsers for Power6 ASMI are Netscape (version 9.0.0.4), Microsoft
Internet Explorer (version 7.0), Mozilla Firefox (version 2.0.0.11),
and Opera (version 9.24).
System firmware changes that
affect all systems
- HIPER/Pervasive:
A
security problem was fixed in the OpenSSL Montgomery ladder
implementation for the ECDSA (Elliptic Curve Digital Signature
Algorithm) to protect sensitive information from being obtained with a
flush and reload cache side-channel attack to recover ECDSA nonces from
the service processor. The Common Vulnerabilities and Exposures
issue
number is CVE-2014-0076. The stolen ECDSA nonces could be used to
decrypt the SSL sessions and compromise the Hardware Management Console
(HMC) access password to the service processor. Therefore, the
HMC
access password for the CEC should be changed after applying this fix.
- HIPER/Pervasive:
A
security problem was fixed in the OpenSSL Transport Layer Security
(TLS) and Datagram Transport Layer Security (DTLS) to not allow
Heartbeat Extension packets to trigger a buffer over-read to steal
private keys for the encrypted sessions on the service processor.
The
Common Vulnerabilities and Exposures issue number is CVE-2014-0160 and
it is also known as the heartbleed vulnerability. The stolen
private
keys could be used to decrypt the SSL sessions and and compromise the
Hardware Management Console (HMC) access password to the service
processor. Therefore, the HMC access password for the CEC should
be
changed after applying this fix.
- HIPER/Pervasive:
A security problem was fixed in the OpenSSL (Secure Socket Layer)
protocol that allowed clients and servers, via a specially crafted
handshake packet, to use weak keying material for communication.
A man-in-the-middle attacker could use this flaw to decrypt and modify
traffic between the management console and the service processor.
The Common Vulnerabilities and Exposures issue number for this problem
is CVE-2014-0224.
- HIPER/Pervasive:
A security problem was fixed in OpenSSL for a buffer overflow in the
Datagram Transport Layer Security (DTLS) when handling invalid DTLS
packet fragments. This could be used to execute arbitrary code on
the service processor. The Common Vulnerabilities and Exposures
issue number for this problem is CVE-2014-0195.
- HIPER/Pervasive:
Multiple security problems were fixed in the way that OpenSSL handled
read and write buffers when the SSL_MODE_RELEASE_BUFFERS mode was
enabled to prevent denial of service. These could cause the
service processor to reset or unexpectedly drop connections to the
management console when processing certain SSL commands. The
Common Vulnerabilities and Exposures issue numbers for these problems
are CVE-2010-5298 and CVE-2014-0198.
- HIPER/Pervasive:
A security problem was fixed in OpenSSL to prevent a denial of service
when handling certain Datagram Transport Layer Security (DTLS)
ServerHello requests. A specially crafted DTLS handshake packet could
cause the service processor to reset. The Common Vulnerabilities
and Exposures issue number for this problem is CVE-2014-0221.
- HIPER/Pervasive:
A security problem was fixed in OpenSSL to prevent a denial of service
by using an exploit of a null pointer de-reference during anonymous
Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially
crafted handshake packet could cause the service processor to
reset. The Common Vulnerabilities and Exposures issue number for
this problem is CVE-2014-3470.
- A problem was fixed that caused the system
information LED to be lit without a corresponding SRC and error log for
the event. This problem typically occurs when an operating system
on a partition terminates abnormally.
- A security problem was fixed in the service processor
Lighttpd web server that allowed denial of service vulnerabilities for
the Advanced System Manager Interface (ASMI). The Common
Vulnerabilities and Exposures issue numbers for this problem are
CVE-2011-4362 and CVE-2012-5533.
- A problem was fixed on the service processor where the
Small-Footprint CIM Broker Daemon (SFCBD) process was accessing a null
pointer and failing with a core dump, triggering a FSP dump to collect
the core.
- A problem was fixed that caused a security scan of the
Advanced System Manager Interface (ASMI) to fail. The Lighttpd
web server configuration cipher list was updated to improve the
security.
- A security problem in the Secure Socket Layer (SSL)
protocol on the service processor was fixed to prevent a
man-in-the-middle attack. The Common Vulnerabilities and
Exposures issue number is CVE-2011-3389.
- A security problem was fixed for the Lighttpd web
server that allowed arbitrary SQL commands to be run on the service
processor of the CEC. The Common Vulnerabilities and Exposures
issue number is CVE-2014-2323.
- A security problem was fixed for the Lighttpd web server
where improperly-structured URLs could be used to view arbitrary files
on the service processor of the CEC. The Common Vulnerabilities
and Exposures issue number is CVE-2014-2324..
- A problem was fixed that caused a "code accept" during a
concurrent firmware installation from the HMC to fail with SRC E302F85C.
- A security problem was fixed in the service processor
TCP/IP stack to discard illegal TCP/IP packets that have the SYN and
FIN flags set at the same time. An explicit packet discard was
needed to prevent further processing of the packet that could result in
an bypass of the iptables firewall rules.
System firmware changes that
affect certain systems
- On systems using dynamic Distributed Host Control Protocol
(DHCP) IP addresses, a problem was fixed that caused communication
hangs when DHCP client processes were unable to renew their IP
addresses. The iptable rules needed to be updated to open DHCP
ports 67 and 68 to prevent the DHCP network traffic from being filtered
by the service processor.
- On a system with partitions with redundant Virtual
Asynchronous Services Interface (VASI) streams, a problem was fixed
that caused the system to terminate with SRC B170E540. The
affected partitions include Active Memory Sharing (AMS), encapsulated
state partitions, and hibernation-capable partitions. The problem
is triggered when the management console attempts to change the active
VASI stream in a redundant configuration. This may occur due to a
stream reconfiguration caused by Live Partition Mobility (LPM);
reconfiguring from a redundant Paging Service Partition (PSP) to a
single-PSP configuration; or conversion of a partition from AMS to
dedicated memory.
- On systems involved in a series of consecutive Live
Partition Mobility (LPM) operations, a memory leak problem was fixed in
the run time abstraction service (RTAS) that caused a partition run
time AIX crash with SRC 0c20. Other possible symptoms include
error logs with SRC BA330002 (RTAS memory allocation failure).
- A problem was fixed in the run-time abstraction services
(RTAS) extended error handling (EEH) for fundamental reset that caused
partitions to crash during adapter updates. The fundamental reset
of adapters now returns a valid return code. The adapter driver
using fundamental reset affected by this fix are the following:
o IBM PCIe Obsidian
- On a system with a
disk device with multiple boot partitions, a problem was fixed that
caused System Management Services (SMS) to list only one boot
partition. Even though only one boot partition was listed in SMS,
the
AIX bootlist command could still be used to boot from any boot
partition.
- For a partition with a 256MB Real Memory
Offset (RMO) region size that has been migrated from a Power8 system
to Power7 or Power6 using Live Partition Mobility, a problem was
fixed
that caused a failure on the next boot of the partition with a BA210000
log with a CA000091 checkpoint just prior to the BA210000. The
fix
dynamically adjusts the memory footprint of the partition to fit on the
earlier Power systems.
- On systems with a F/C 5802 or 5877 I/O drawer installed, a
problem was fixed that where an Offline Converter Assembly (OCA) fault
would appear to persist after an OCA micro-reset or OCA
replacement. The fault bit reported to the OS may not be cleared,
indicating a fault still exists in the I/O drawer after it has been
repaired.
|
EL350_149_038
07/25/13
|
Impact: Availability
Severity: SPE
System firmware changes that affect all
systems
- A problem was fixed that caused the managed system to go to
the incomplete state on the management console after a partition was
deleted.
- On systems managed by an HMC, a problem was fixed that
caused the managed system to go to the incomplete state on the
management console after a partition was deleted.
- A problem was fixed that caused an error log generated by
the partition firmware to show conflicting firmware levels. This
problem occurs after a firmware update or a logical partition migration
(LPM) operation on the system.
- The firmware was enhanced to display on the management
console the correct number of concurrent live partition mobility (LPM)
operations that is supported.
- A problem was fixed that caused the state of the Host
Ethernet Adapter (HEA) port of be reported as down when the physical
port is actually up.
- A problem was fixed that caused the partition target of a
logical partition migration (LPM) to have its UTC time shifted forward
from the actual time on the source partition.
- A problem was fixed that that caused a HMC code update
failure for the FSP on the accept operation with SRC B1811402 or FSP is
unable to boot on the updated side.
System firmware changes that
affect certain systems
- On systems with I/O towers attached, a problem was fixed
that caused multiple service processor reset/reloads if the tower was
continuously sending invalid System Power Control Network (SPCN) status
data.
- On systems with F/C EU07, the RDX SATA internal docking
station for removable disk cartridge, a problem was fixed that caused
SRCs BA210000 and BA210003 to be logged, and the System Management
Services (SMS) menu firmware to drop into the ok> prompt, when the
default boot list was built.
- On a partition with a large number of potentially bootable
devices, a problem was fixed that caused the partition to fail to boot
with a default catch, and SRC BA210000 may also be logged.
- On systems running AIX or Linux, a problem was fixed that
caused the operating system to halt when an InfiniBand Host Channel
Adapter (HCA) adapter fails or malfunctions.
- On systems running Active Memory Sharing (AMS) partitions,
a timing problem was fixed that may occur if the system is undergoing
AMS pool size changes.
- On systems with a F/C 5802 or 5877 I/O drawer installed,
the firmware was enhanced to guarantee that an SRC will be generated
when there is a power supply voltage fault. If no SRC is
generated, a loss of power redundancy may not be detected, which can
lead to a drawer crash if the other power supply goes down. This
also fixes a problem that causes an 8 GB Fiber channel adapter in
the drawer to log errors if the 12V level fails in the drawer.
- On systems managed by an HMC with a F/C 5802 or 5877 I/O
drawer installed, a problem was fixed that caused the hardware topology
on the management console for the managed system to show "null" instead
of "operational" for the affected I/O drawers.
- A problem was fixed that caused a migrated partition to
reboot during transfer to a VIOS 2.2.2.0, and later, target system. A
manual reboot would be required if transferred to a target system
running an earlier VIOS release. Migration recovery may also be
necessary.
|
EL350_143_038
01/09/13
|
Impact: Function
Severity: ATT
System firmware changes that affect all
systems
- A problem was fixed that caused the service processor to
fail to boot after a concurrent firmware update; this causes a system
crash.
System firmware changes that
affect certain systems
- A problem was fixed that prevented the HMC command
"lshwres" from showing any I/O adapters if any adapter name contained
the ampersand character in the VPD.
- The Power Hypervisor was enhanced to insure better
synchronization of vSCSI and NPIV I/O interrupts to partitions.
- On systems running AIX or Linux, a problem was fixed that
caused a partition to fail to boot with SRC CA260203. This
problem also can cause concurrent firmware updates to fail.
- On systems that are managed by a Hardware Management
Console (HMC), a problem was fixed that caused the hypervisor to be
left in an inconsistent state after a partition create operation failed.
- On systems that are managed by a Hardware Management
Console (HMC), a problem was fixed that caused the hypervisor to become
unresponsive and the managed system to go the incomplete state on the
management console.
|
EL350_132_038
07/27/12
|
Impact: Availability
Severity: SPE
New Features and Functions
- Support for live
partition mobility between systems running Ex350
system firmware, and 8246-L2S systems.
System firmware changes that
affect all systems
- The firmware was
enhanced to improve the isolation of the failing component when SRC
110016x1 (VRM failure) is logged.
System firmware changes that
affect certain systems
- On systems booting from an NPIV (N-port ID virtualization)
device, a problem was fixed that caused the boot to intermittently
terminate with the message "PReP-BOOT: unable to load full PReP
image.". This problem occurs more frequently on the IBM V7000
Storage System running the SAN Volume Controller (SVC), but not on
every boot.
- On systems that are not managed by an HMC, a problem was
fixed that caused SRCs B200813A and BA201002 to be erroneously logged
when the system was powered on using the Advanced System Management
Interface (ASMI). This problem only occurs after the system has
been powered on using the ASMI several hundred times.
- On systems managed by an HMC, and on which Internet
Explorer (IE) is used to access the Advanced System Management
Interface (ASMI), a problem was fixed that caused IE to hang for about
10 minutes after saving changes to network parameters on the ASMI.
- On systems running the AIX operating system, a problem was
fixed that caused the hypervisor to crash with SRC B7000103, after an
HEA (Host Ethernet Adapter) error was logged, when there is a lot of
AIX activity on the HEAs.
|
EL350_126_038
05/02/12
|
Impact: Availability
Severity: HIPER - High Impact/PERvasive, Should be installed as soon as
possible.
System firmware changes that
affect all systems
- The firmware was enhanced to log SRCs BA180030 and BA180031
as informational instead of predictive.
- The firmware was enhanced to increase the threshold of soft
NVRAM errors on the service processor to 32 before SRC B15xF109 is
logged. (Replacement of the service processor is recommended if
more than one B15xF109 is logged per week.)
System firmware changes that
affect certain systems
- The firmware resolves undetected N-mode stability problems
and improves error reporting on the feature code (F/C) 5802 and 5877
I/O drawer power subsystem.
- HIPER/Pervasive:
On systems with PCI adapters in a feature code (F/C) F/C 5802 or 5877
I/O drawer assigned to a Virtual I/O Server (VIOS), and on systems with
the I/O adapters in a CEC drawer assigned to a VIOS, a problem was
fixed that caused the system to crash with SRC B700F103.
- A problem was fixed that caused the hypervisor to hang
during a concurrent operation on a F/C 5802, 5803, 5873 or 5877 I/O
drawer. Recovering from the hypervisor hang required a platform
reboot.
- A problem was fixed that prevented the operating system
from being notified that a F/C 5802 or 5877 I/O drawer had recovered
from an input power fault (SRC 10001512 or 10001522).
- The firmware was enhanced to improve soft error recovery
and error reporting on feature code (F/C) 5802 and 5877 I/O drawers.
- On
system performing Live Partition Mobility (LPM), a problem was fixed
that caused a partition to crash if the following sequence of
operations is performed:
1. The partition is configured with, and is using,
more than 1
dedicated processor.
2. The partition is migrated using LPM from a POWER6
to a POWER7
platform.
3. At any time following the migration from POWER6
to POWER7, one
or more of the dedicated processors is removed from the partition using
a Dynamic Logical Partitioning (DLPAR) operation.
Once
these 3 steps operations have been done, a partition crash is likely if
either:
- The partition is subsequently migrated to any other
platform (POWER6
or POWER7) using LPM, or
- The partition is resumed from hibernation.
- A problem was fixed that caused the output of the AIX
command "uname -m" to be incorrect on the POWER7 system after a
successful Live Partition Migration (LPM) operation from a POWER6 to a
POWER7 system.
- A problem was fixed that caused booting from a virtual
fibre channel tape device to fail with SRC B2008105.
|
EL350_118_038
10/27/11
|
Impact: Availability
Severity: HIPER - High Impact/PERvasive, Should be installed as soon as
possible.
System firmware changes that
affect all systems
- A problem was fixed that
caused the system to terminate when rebooting after the power was
removed, then reapplied.
- A problem was fixed that
caused the message "IPL: 500 - Internal Server Error" to be displayed
when the Hardware Management Console option was selected (which is
under the System Information option) on the Advanced System Management
Interface (ASMI).
- On systems running more than
100 logical partitions, a problem was fixed that caused a concurrent
firmware installation to fail.
- A problem was fixed that caused a system's partition
dates to revert back to 1969 after the service processor or its battery
was replaced. This occurred regardless of whether or not the
service processor's time-of-day (TOD) clock was correctly set during
the service action.
- A problem was fixed that
caused a partition migration operation to abort when the partition has
more than 4096 virtual slots.
- A problem was fixed that
caused the message "500 - Internal Server Error." to be displayed when
a setting was changed on the Advanced System Management Interface's
(ASMI's) power on/off menu, when the change was attempted when the
system was powering down.
- A problem was fixed that
caused booting or installing a partition or system from a USB device to
fail with error code BA210012. This usually occurs when an
operating system (OS) other than the OS that is already on the
partition or system is being booted or installed.
- On the System Management Services (SMS) remote IPL (RIPL)
menus, a problem was fixed that caused the SMS menu to continue to show
that an Ethernet device is configured for iSCSI, even though the user
has changed it to BOOTP.
- A problem was fixed that left
the service processor in an inaccessible state after a power off or
service processor reset. When this problem occurred, SRCs
B160B73F and B1813410 were logged, and a service processor dump was
generated.
System firmware changes that
affect certain systems
- On systems
running IBM i partitions, a problem was fixed that caused changing the
processor weight on an IBM i partition to 255 to have no effect.
- On systems managed by an HMC
or SDMC, a problem was fixed that caused a firmware installation from
the HMC or SDMC with the "do not auto accept" option selected to fail.
- On 8204-E8A and 9409-M50
systems using the utility capacity on demand (COD) feature, a problem
was fixed that prevented the hypervisor from correctly crediting the
time used when the sequence number of the activation code reached
certain values.
- HIPER/Non-Pervasive:
On systems running Active Memory Sharing (AMS) with a feature code
(F/C) 5802 or 5877 I/O drawer attached, a problem was fixed that caused
the system to crash with SRC B170E540 after a warm boot or platform
dump IPL.
- On systems with an iSCSI
network, a problem was fixed that caused the system to hang when
booting from an iSCSI device in the system management services (SMS)
menus.
- On systems with an iSCSI
network, when booting a logical partition using that iSCSI network, a
problem was fixed that caused the iSCSI gateway parameter displayed on
the screen to be incorrect. It did not impact iSCSI boot
functionality.
- On systems using fibre channel
adapters, the firmware was enhanced by the addition of a new option in
the system management services (SMS) Mutliboot menu that facilitates
zoning of physical and virtual fibre channel adapters.
- On systems with
external I/O drawers, the firmware was enhanced such that SRCs 10001B02
and 1000911C place a call home.
- On systems with
external InfiniBand or PCI-E drawers or towers, a problem was fixed
that caused the system to crash with SRC B7000103 if the I/O hub
adapter crashed at the same time an external drawer or tower was being
initialized.
|
4.0
How to Determine Currently Installed Firmware Level
For HMC mangaged systems:
From the HMC, select Updates in the navigation (left-hand) pane, then
view the current levels of the desired server(s).
For SDMC managed systems:
From the SDMC Welcome page, select the desired server(s), then select
Release Management, then select Power System Firmware Management. Click
Gather Target Information, then view the current levels of the desired
server(s).
NOTE:
If Inventory has not previously been collected, a message will be
displayed indicating to "View and Collect Inventory" to proceed.
For System i systems without an HMC or
SDMC:
From a command line, issue DSPFMWSTS.
For System p systems without an HMC:
From a command line, issue lsmcode.
Alternately, use the Advanced System
Management Interface (ASMI) Welcome pane. The current server
firmware appears in the top right
corner.
Example: EL350_171.
5.0
Downloading the Firmware Package
Follow the instructions on Fix Central. You must read and agree to
the
license agreement to obtain the firmware packages.
Note: If your HMC or SDMC is not internet-connected you will need
to
download
the new firmware level to a CD-ROM or ftp server.
6.0 Installing the
Firmware
The method used to install new firmware will depend on the release
level
of firmware which is currently installed on your server. The release
level
can be determined by the prefix of the new firmware's filename.
Example: ELXXX_YYY_ZZZ
Where XXX = release level
- If the release level will stay the same (Example: Level
EL320_075_075
is
currently installed and you are attempting to install level
EL320_081_075)
this is considered an update.
- If the release level will change (Example: Level EL320_081_075 is
currently
installed and you are attempting to install level EL340_096_096) this
is
considered an upgrade.
HMC Managed Systems
Instructions for installing firmware updates and upgrades on systems
managed by an HMC can be found at
http://publib.boulder.ibm.com/infocenter/systems/scope/hw/topic/ipha1/updupdates.htm
SDMC Managed Systems:
Instructions for
installing firmware updates and upgrades
on systems
managed by an SDMC can be found at:
http://publib.boulder.ibm.com/infocenter/director/v6r2x/index.jsp?topic=/dpsm/dpsm_managing_hosts/dpsm_managing_hosts_power_firmware.html
Systems not Managed by an HMC or SDMC:
p Systems:
Instructions for installing firmware on systems that are not managed
by an HMC can be found at:
http://publib.boulder.ibm.com/infocenter/powersys/v3r1m5/index.jsp?topic=/ipha5/fix_firm_no_hmc_aix.htm
IBM i Systems:
Refer to "IBM i Support: Recommended
Fixes":
http://www-912.ibm.com/s_dir/slkbase.nsf/recommendedfixes
When ordering firmware for IBM i
Operating System managed systems from Fix Central,
choose "Select product", under Product Group specify "System i", under
Product specify "IBM i", then Continue and specify the desired firmware
PTF accordingly.
7.0 Firmware History
The complete Firmware Fix History for this Release level can be
reviewed at the following url:
http://download.boulder.ibm.com/ibmdl/pub/software/server/firmware/EL-Firmware-Hist.html
8.0
Change History
Date
|
Description
|
May 02, 2016 |
- Added READ ME FIRST
warning at the start of this document. |