Power6 Mid-Range Firmware

Applies to: 9117-MMA , 9406-MMA, and 8234-EMA

This document provides information about the installation of Licensed Machine or Licensed Internal Code, which is sometimes referred to generically as microcode or firmware.


Contents


1.0 Systems Affected

This package provides firmware for System p 570 (9117-MMA), System i570 (9406-MMA), Power 570 (9117-MMA), and Power 560 (8234-EMA) servers only.

The firmware level in this package is:

1.1 Minimum HMC Code Level

This section is intended to describe the "Minimum HMC Code Level" required by the System Firmware to complete the firmware installation process. When installing the System Firmware, the HMC level must be equal to or higher than the "Minimum HMC Code Level" before starting the system firmware update.  If the HMC managing the server targeted for the System Firmware update is running a code level lower than the "Minimum HMC Code Level" the firmware update will not proceed.

Note: Due to security enhancements and their impact on the ability to use ASM at older HMC levels, the Minimum and Recommended HMC Code level for this firmware is listed below:

HMC V7 R7.9.0 Service Pack 3  (PTF MH01546) with fix (PTF MH01666) or higher is recommended.

Important: To avoid vulnerability to security or known HMC issues, the HMC should be updated to the above recommended level (or higher),  prior to installing this server firmware level.

Note:  V7 R790 SP3 :  HMC V7.R790 is the last HMC release to support HMC Models CR4, CR3, C07, C06, C05

For specific fix level information on key components of IBM Power Systems running the AIX, IBM i and Linux operating systems, we suggest using the Fix Level Recommendation Tool (FLRT):
http://www14.software.ibm.com/webapp/set2/flrt/home

For information concerning HMC releases and the latest PTFs,  go to the following URL to access Fix Central.
http://www-933.ibm.com/support/fixcentral/

NOTE: You must be logged in as hscroot in order for the firmware installation to complete correctly.

1.2 Minimum SDMC Code Level

This section is intended to describe the "Minimum Systems Director Management Console (SDMC) Code Level" required by the System Firmware to complete the firmware installation process. When installing the System Firmware, the SDMC level must be equal to or higher than the "Minimum SDMC Code Level" before starting the system firmware update.  If the SDMC managing the server targeted for the System Firmware update is running a code level lower than the "Minimum SDMC Code Level" the firmware update will not proceed.

The Minimum SDMC Code level for this firmware is:  SDMC V6 R7.3.0 with Mandatory PTF MF53082.

Although the Minimum SDMC Code level for this firmware is listed above, SDMC level V6 R7.3.0 with PTF MF55966 (SDMC_Update_6.730.3/Service Pack 3), or higher is suggested for this firmware level.

For information concerning SDMC releases and the latest PTFs,  go to the following URL to access Fix Central:
http://www-933.ibm.com/support/fixcentral/

For specific fix level information on key components of IBM Power Systems running the AIX, IBM i and Linux operating systems, we suggest using the Fix Level Recommendation Tool (FLRT):
http://www14.software.ibm.com/webapp/set2/flrt/home


2.0 Cautions and Important Information

2.1 Cautions

Downgrading firmware from any given release level to an earlier release level is not recommended.
If you feel that it is necessary to downgrade the firmware on your system to an earlier release level, please contact your next level of support.

Upgrading from EM320_031 to EM350_xxx

If your current level of firmware is EM320_031 you must install any higher level of EM320 before upgrading your firmware to this level.

Upgrading from EM310_xxx to EM350_yyy

If your current level of firmware is EM310_xxx,  you must install EM320_040 or higher before upgrading your firmware to this level.

2.2 Important Information

HMC Notice:  Please see section "1.1 Minimum HMC Code Level" for import information on accessing the Advanced System Manager (ASM) from HMCs at older levels.

IPv6 Support and Limitations

IPv6 (Internet Protocol version 6) is supported in the System Management Services (SMS) in this level of system firmware. There are several limitations that should be considered.

When configuring a network interface card (NIC) for remote IPL, only the most recently configured protocol (IPv4 or IPv6) is retained. For example, if the network interface card was previously configured with IPv4 information and is now being configured with IPv6 information, the IPv4 configuration information is discarded.

A single network interface card may only be chosen once for the boot device list. In other words, the interface cannot be configured for the IPv6 protocol and for the IPv4 protocol at the same time.

Memory Considerations for Firmware Upgrades

The increase in memory used by the firmware is due to the additional functionality in later firmware releases.


3.0 Firmware Information and Description

Use the following examples as a reference to determine whether your installation will be concurrent or disruptive.

For systems that are not managed by an HMC or SDMC, the installation of system firmware is always disruptive.

Note: The concurrent levels of system firmware may, on occasion, contain fixes that are known as Deferred and/or Partition-Deferred. Deferred fixes can be installed concurrently, but will not be activated until the next IPL. Partition-Deferred fixes can be installed concurrently, but will not be activated until a partition reactivate is performed.  Deferred and/or Partition-Deferred fixes, if any, will be identified in the "Firmware Update Descriptions" table of this document. For these types of fixes (Deferred and/or Partition-Deferred) within a service pack, only the fixes in the service pack which cannot be concurrently activated are deferred.

Note: The file names and service pack levels used in the following examples are for clarification only, and are not necessarily levels that have been, or will be released.

System firmware file naming convention:

01EMXXX_YYY_ZZZ

NOTE: Values of service pack and last disruptive service pack level (YYY and ZZZ) are only unique within a release level (XXX).

For example, 01EM310_067_045 and 01EM320_067_053 are different service packs.

An installation is disruptive if:

Example: Currently installed release is EM310, new release is EM320 Example: EM310_120_120 is disruptive, no matter what level of EM310 is currently installed on the system Example: Currently installed service pack is EM310_120_120 and new service pack is EM310_152_130

An installation is concurrent if:

Example: Currently installed service pack is EM310_126_120, new service pack is EM310_143_120.

Firmware Information and Update Description

For information about previous firmware release levels, see  Section 7.0 Firmware History.

 
Filename Size Checksum
01EM350_176_038.rpm 25025409
60245

Note: The Checksum can be found by running the AIX sum command against the rpm file (only the first 5 digits are listed).
ie: sum 01EM350_176_038.rpm

EM350
For Impact, Severity and other Firmware definitions, Please refer to the below 'Glossary of firmware terms' url:
http://www14.software.ibm.com/webapp/set2/sas/f/power5cm/home.html#termdefs

The complete Firmware Fix History for this Release Level can be reviewed at the following url:
http://download.boulder.ibm.com/ibmdl/pub/software/server/firmware/EM-Firmware-Hist.html
EM350_176_038 / FW350.H0

01/20/17

Impact:  Availability      Severity:  ATT

System firmware changes that affect all systems
  • A problem was fixed for a Live Partition Mobility migration that resulted in the source managed system going to the management console Incomplete state after the migration to the target system was completed.  This problem is very rare and has only been detected once.. The problem trigger is that the source partition does not halt execution after the migration to the target system.   The management console went to the Incomplete state for the source managed system when it failed to delete the source partition because the partition would not stop running.  When this problem occurred, the customer network was running very slowly and this may have contributed to the failure.  The recovery action is to re-IPL the source system but that will need to be done without the assistance of the management console.  For each partition that has a OS running on the source system, shut down each partition from the OS.  Then from the Advanced System Management Interface (ASMI),  power off the managed system.  Alternatively, the system power button may also be used to do the power off.  If the management console Incomplete state persists after the power off, the managed system should be rebuilt from the management console.  For more information on management console recovery steps, refer to this IBM Knowledge Center link: https://www.ibm.com/support/knowledgecenter/en/POWER7/p7eav/aremanagedsystemstate_incomplete.htm
  • A rare problem was fixed for a system hang that can occur when dynamically moving "uncapped" partitions to a different shared processor pool.  To prevent a system hang, the "uncapped" partitions should be changed to "capped" before doing the move.
  • A problem was fixed for Live Partition Mobility (LPM) migrations from FW860.10 or FW860.11 to older levels of firmware. Subsequent DLPAR of Virtual Adapters will fail with HMC error message HSCL294C, which contains text similar to the following:  "0931-007 You have specified an invalid drc_name." This issue affects partitions installed with AIX 7.2 TL 1 and later. Not affected by this issue are partitions installed with VIOS, IBM i, or earlier levels of AIX.
System firmware changes that affect certain systems
  • On systems with IBM i partitions, a problem was fixed for frequent logging of Informational errors of B7005120 for the HMC closed pipe condition for messages sent to IBM i partitions..  The HMC closed pipe to the hypervisor does not represent an error but is a normal operating state that does not need concern or service.  Therefore, the informational logging of the HMC closed pipe condition has been removed.  Without the fix, IBM support and the customer should ignore the B7005120 informational error logs.
EM350_172_038  / FW350.G1

06/23/16

Impact:  Availability      Severity:  SPE

System firmware changes that affect all systems
  • A security problem was fixed in OpenSSL for a possible service processor reset on a null pointer de-reference during RSA PPS signature verification. The Common Vulnerabilities and Exposures issue number is CVE-2015-3194.
System firmware changes that affect certain systems
  • On systems with dedicated processor partitions,  a problem was fixed for the dedicated processor partition becoming intermittently unresponsive.  The problem can be circumvented by changing the partition to use shared processors.  This is a follow-on to the fix provided in 350.G0 for a different issue for delays in dedicated processor partitions that were caused by low I/O utilization.
EM350_171_038  / FW350.G0

02/05/16

Impact: Security         Severity:  SPE

System firmware changes that affect all systems
  • A problem was fixed for some service processor error logs not getting reported to the OS partitions as needed.  The service processor was not checking for a successful completion code on the error log message send, so it was not doing retries of the send to the OS when that was needed to ensure that the OS received the message.
  • For systems with an invalid P-side or T-side in the firmware, a problem was fixed in the partition firmware Real-Time Abstraction System (RTAS) so that system Vital Product Data (VPD) is returned at least from the valid side instead of returning no VPD data.   This allows AIX host commands such as lsmcode, lsvpd, and lsattr that rely on the VPD data to work to some extent even if there is one bad code side.  Without the fix,  all the VPD data is blocked from the OS until the invalid code side is recovered by either rejecting the firmware update or attempting to update the system firmware again.
  • A security problem was fixed for an OpenSSL specially crafted X.509 certificate that could cause the service processor to reset in a denial-of-service (DOS) attack.  The Common Vulnerabilities and Exposures issue number is CVE-2015-1789.
  • A security problem was fixed in OpenSSL where a remote attacker could cause an infinite loop on the service processor using malformed Elliptic Curve parameters during the SSL authentication.  This would cause the service processor performance problems and also prevent new management console connections from being made.  To recover from this attack, a reset or power cycle of the service processor is needed after scheduling and completing a normal shutdown of running partitions..  The Common Vulnerabilities and Exposures issue number is CVE-2015-1788.
  • A security problem was fixed in the lighttpd server on the service processor OpenSSL where a remote attacker, while attempting authentication, could insert strings into the lighttpd server log file.  Under normal operations on the service processor, this does not impact anything because the log is disabled by default.  The Common Vulnerabilities and Exposures issue number is CVE-2015-3200.
  • A problem was fixed for a Network boot/install failure using bootp in a network with switches using the Spanning Tree Protocol (STP).  A Network boot/install using lpar_netboot on the management console was enhanced to allow the number of retries to be increased.  If the user is not using lpar_netboot, the number of bootp retries can be increased using the SMS menus.  If the SMS menus are not an option, the STP in the switch can be set up to allow packets to pass through while the switch is learning the network configuration.
System firmware changes that affect certain systems
  • For non-HMC managed systems in Manufacturing Default Configuration (MDC) mode with a single host partition, a problem was fixed for missing dumps of type SYSDUMP. FSPDUMP. LOGDUMP, and RSCDUMP that were not off-loaded to the host OS.  This is an infrequent error caused by a timing error that causes the dump notification signal to the host OS to be lost.  The missing/pending dumps can be retrieved by rebooting the host OS partition.  The rebooted host OS will receive new notifications of the dumps that have to be off-loaded.
  • On PowerVM systems with dedicated processor partitions with low I/O utilization, the dedicated processor partition may become intermittently unresponsive. The problem can be circumvented by changing the partition to use shared processors.
EM350_166_038

05/14/15

Impact:  Availability      Severity:  SPE

System firmware changes that affect all systems
  • A problem was fixed with the fspremote service tool to make it support TLSv1.2 connections to the service processor to be compatible with systems that had been fixed for the OpenSSL Padding Oracle On Dowgraded Legacy Encryption (POODLE) vulnerabilities.  After the POODLE fix is installed,  by default the system only allows secured connections from clients using the TLSv1.2 protocol.
  • A problem was fixed for a partition deletion error on the management console with error code 0x4000E002 and message "...insufficient memory for PHYP".  The partition delete operation has been adjusted to accommodate the temporary increase in memory usage caused by memory fragmentation, allowing the delete operation to be successful.
  • A problem was fixed for I/O adapters so that BA400002 errors were changed to informational for memory boundary adjustments made to the size of DMA map-in requests.  These DMA size adjustments were marked as UE previously for a condition that is normal.
  • A security problem was fixed in OpenSSL where the service processor would, under certain conditions, accept Diffie-Hellman client certificates without the use of a private key, allowing a user to falsely authenticate.  The Common Vulnerabilities and Exposures issue number is CVE-2015-0205.
  • A security problem was fixed in OpenSSL to prevent a denial of service when handling certain Datagram Transport Layer Security (DTLS) messages.  A specially crafted DTLS message could exhaust all available memory and cause the service processor to reset.  The Common Vulnerabilities and Exposures issue number is CVE-2015-0206.
  • A security problem was fixed in OpenSSL to prevent a denial of service when handling certain Datagram Transport Layer Security (DTLS) messages.  A specially crafted DTLS message could do an null pointer de-reference and cause the service processor to reset.  The Common Vulnerabilities and Exposures issue number is CVE-2014-3571.
  • A security problem was fixed in OpenSSL to fix multiple flaws in the parsing of X.509 certificates.  These flaws could be used to modify an X.509 certificate to produce a certificate with a different fingerprint without invalidating its signature, and possibly bypass fingerprint-based blacklisting.  The Common Vulnerabilities and Exposures issue number is CVE-2014-8275.
  • A security vulnerability, commonly referred to as GHOST, was fixed in the service processor glibc functions getbyhostname() and getbyhostname2() that allowed remote users of the functions to cause a buffer overflow and execute arbitrary code with the permissions of the server application.  There is no way to exploit this vulnerability on the service processor but it has been fixed to remove the vulnerability from the firmware.  The Common Vulnerabilities and Exposures issue number is CVE-2015-0235.
  • A security problem was fixed in OpenSSL where a remote attacker could crash the service processor with malformed Elliptic Curve private keys.  The Common Vulnerabilities and Exposures issue number is CVE-2015-0209.
  • A security problem was fixed in OpenSSL where a remote attacker could crash the service processor with a specially crafted X.509 certificate that causes an invalid pointer, out-of-bounds write, or a null pointer de-reference.  The Common Vulnerabilities and Exposures issue numbers are CVE-2015-0286,  CVE-2015-0287, and CVE-2015-0288.
System firmware changes that affect certain systems
  • On a system with redundant service processors, a problem was fixed for an operations panel core dump with SRC B181A0FA during an administrative failover (AFO) of the service processor.
  • On a system with redundant service processors, a problem was fixed for bad pointer reference in the mailbox function during data synchronization between the two service processors.  The de-reference of the bad pointer caused a core dump, reset/reload, and fail-over to the backup service processor.
  • On systems that have Active Memory Sharing (AMS) partitions, a problem was fixed for Dynamic Logical Partitioning (DLPAR) for a memory remove that leaves a logical memory block (LMB) in an unusable state until partition reboot.
  • On systems with a F/C 5802 or 5877 I/O drawer installed, a problem was fixed for a hypervisor hang at progress code C7004091 during the IPL or hangs during serviceability tasks to the I/O drawer.
  • On systems with partitions using shared processors, a problem was fixed that could result in latency or timeout issues with I/O devices.
  • A problem was fixed that could result in unpredictable behavior if a memory UE is encountered while relocating the contents of a logical memory block during one of these operations:
    - Using concurrent maintenance to perform a hot repair of a node.
    - Reducing the size of an Active Memory Sharing (AMS) pool.
  • A problem was fixed for systems in networks using the Juniper 1GBe and 10GBe switches (F/Cs #1108, #1145, and #1151) to prevent network ping errors and boot from network (bootp) failures.  The Address Resolution Protocol (ARP) table information on the Juniper aggregated switches is not being shared between the switches and that causes problems for address resolution in certain network configurations.  Therefore, the CEC network stack code has been enhanced to add three gratuitous ARPs (ARP replies sent without a request received) before each ping and bootp request to ensure that all the network switches have the latest network information for the system.
  • On systems in IPv6 networks, a  problem was fixed for a network boot/install failing with SRC B2004158 and IP address resolution failing using neighbor solicitation to the partition firmware client.
  • For systems with a IBM i load source disk attached to an Emulex-based fibre channel adapter such as F/C #5735, a problem was fixed that caused an IBM i load source boot to fail with SRC B2006110 logged and a message to the boot console of  "SPLIT-MEM Out of Room".  This problem occurred for load source disks that needed extra disk scans to be found, such as those attached to a port other than the first port of a fibre channel adapter (first port requires fewest disk scans).
Concurrent hot add/repair maintenance (CHARM) firmware fixes
  • A problem was fixed for concurrent maintenance operations to limit hardware retries on failed hardware so that it can be concurrently repaired.
  • A problem was fixed for a power off failure of an expansion drawer (F/C 5802 or F/C 5877) during a concurrent repair.  The power off commands to the drawer are now tried again using the System Power Control Network (SPCN) serial connection to the drawer to allow the repair to continue.
  • A problem was fixed for concurrent maintenance to prevent a hardware unavailable failure when doing consecutive concurrent remove and add operations to an I/O Hub adapter for a drawer.
EM350_163_038

01/08/15

Impact: Security         Severity:  SPE

System firmware changes that affect all systems
  • A security problem was fixed in the OpenSSL (Secure Socket Layer) protocol that allowed a man-in -the middle attacker, via a specially crafted fragmented handshake packet, to force a TLS/SSL server to use TLS 1.0, even if both the client and server supported newer protocol versions. The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-3511.
  • A security problem was fixed in OpenSSL for formatting fields of security certificates without null-terminating the output strings.  This could be used to disclose portions of the program memory on the service processor.  The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-3508.
  • Multiple security problems were fixed in the way that OpenSSL handled Datagram Transport Layer Security (DLTS) packets.  A specially crafted DTLS handshake packet could cause the service processor to reset.  The Common Vulnerabilities and Exposures issue numbers for these problems are CVE-2014-3505, CVE-2014-3506 and CVE-2014-3507.
  • A security problem was fixed in OpenSSL to prevent a denial of service when handling certain Datagram Transport Layer Security (DTLS) ServerHello requests.  A specially crafted DTLS handshake packet with an included Supported EC Point Format extension could cause the service processor to reset.  The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-3509.
  • A security problem was fixed in OpenSSL to prevent a denial of service by using an exploit of a null pointer de-reference during anonymous Diffie Hellman (DH) key exchange.  A specially crafted handshake packet could cause the service processor to reset.  The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-3510.
  • A security problem was fixed in OpenSSL for memory leaks that allowed remote attackers to cause a denial of service (out of memory on the service processor). The Common Vulnerabilities and Exposures issue numbers are CVE-2014-3513 and CVE-2014-3567.
  • A security problem was fixed in OpenSSL for padding-oracle attacks known as Padding Oracle On Dowgraded Legacy Encryption (POODLE).  This attack allows a man-in-the-middle attacker to obtain a plain text version of the encrypted session data. The Common Vulnerabilities and Exposures issue number is CVE-2014-3566.  The service processor POODLE fix is based on a selective disablement of SSLv3 using the Advanced System Management Interface (ASMI) "System Configuration/Security Configuration" menu options.  The Security Configuration options of "Disabled", "Default", and "Enabled" for SSLv3 determines the level of protection from POODLE.  The management console also requires a POODLE fix for APAR MB03867(FIX FOR CVE-2014-3566 FOR HMC V7 R7.7.0 SP4 with PTF MH01482) to eliminate all vulnerability to POODLE and allow use of option 1 "Disabled" as shown below:
    -1) Disabled:  This highest level of security protection does not allow service processor clients to connect using SSLv3, thereby eliminating any possibility of a POODLE attack.  All clients must be capable of using TLS to make the secured connections to the service processor to use this option.  This requires the management console be at a minimum level of HMC V7 R7.7.0 SP4 with POODLE PTF MH01482.
    -2) Default:  This medium level of security protection disables SSLv3 for the web browser sessions to ASMI and for the CIM clients and assures them of POODLE-free connections.  But the legacy management consoles are allowed to use SSLv3 to connect to the service processor.  This is intended to allow non-POODLE compliant HMC levels to be able to connect to the CEC servers until they can be planned and upgraded to the POODLE compliant HMC levels.  Running a non-POODLE compliant HMC to a service processor in  "Default" mode will prevent the ASMI-proxy sessions from the HMC from connecting as these proxy sessions require SSLv3 support in ASMI.
    -3) Enabled:  This basic level of security protection enables SSLv3 for all service processor client connection.  It relies on all clients being at POODLE fix compliant levels to provide full POODLE protection using the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV) to prevent fallback to vulnerable SSLv3 connections.  This option is intended for customer sites on protected internal networks that have a large investment in legacy hardware that need SSLv3 to make browser and HMC connection to the service processor.  The level of POODLE protection actually achieved in "Enabled" mode is determined by the percentage of clients that are at the POODLE fix compliant levels.
EM350_159_038

06/25/14

Impact: Security         Severity:  HIPER

New Features and Functions
  • Support was dropped for Secured Socket Layer (SSL) Version 2 and SSL weak and medium cipher suites in the service processor web server (Ligthttpd).  Unsupported web browser connections to the Advanced System Management Interface (ASMI) secured port 443 (using https://) will now be rejected if those browsers do not support SSL version 3.  Supported web browsers for Power6 ASMI are Netscape (version 9.0.0.4), Microsoft Internet Explorer (version 7.0), Mozilla Firefox (version 2.0.0.11), and Opera (version 9.24).
System firmware changes that affect all systems
  • HIPER/Pervasive:  A  security problem was fixed in the OpenSSL Montgomery ladder implementation for the ECDSA (Elliptic Curve Digital Signature Algorithm) to protect sensitive information from being obtained with a flush and reload cache side-channel attack to recover ECDSA nonces from the service processor.  The Common Vulnerabilities and Exposures issue number is CVE-2014-0076.  The stolen ECDSA nonces could be used to decrypt the SSL sessions and compromise the Hardware Management Console (HMC) access password to the service processor.  Therefore, the HMC access password for the CEC should be changed after applying this fix.
  • HIPER/Pervasive:  A  security problem was fixed in the OpenSSL Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) to not allow Heartbeat Extension packets to trigger a buffer over-read to steal private keys for the encrypted sessions on the service processor.  The Common Vulnerabilities and Exposures issue number is CVE-2014-0160 and it is also known as the heartbleed vulnerability.  The stolen private keys could be used to decrypt the SSL sessions and and compromise the Hardware Management Console (HMC) access password to the service processor.  Therefore, the HMC access password for the CEC should be changed after applying this fix.
  • HIPER/Pervasive:  A security problem was fixed in the OpenSSL (Secure Socket Layer) protocol that allowed clients and servers, via a specially crafted handshake packet, to use weak keying material for communication.  A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between the management console and the service processor.  The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-0224.
  • HIPER/Pervasive:  A security problem was fixed in OpenSSL for a buffer overflow in the Datagram Transport Layer Security (DTLS) when handling invalid DTLS packet fragments.  This could be used to execute arbitrary code on the service processor.  The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-0195.
  • HIPER/Pervasive:  Multiple security problems were fixed in the way that OpenSSL handled read and write buffers when the SSL_MODE_RELEASE_BUFFERS mode was enabled to prevent denial of service.  These could cause the service processor to reset or unexpectedly drop connections to the management console when processing certain SSL commands.  The Common Vulnerabilities and Exposures issue numbers for these problems are CVE-2010-5298 and CVE-2014-0198.
  • HIPER/Pervasive:  A security problem was fixed in OpenSSL to prevent a denial of service when handling certain Datagram Transport Layer Security (DTLS) ServerHello requests. A specially crafted DTLS handshake packet could cause the service processor to reset.  The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-0221.
  • HIPER/Pervasive:  A security problem was fixed in OpenSSL to prevent a denial of service by using an exploit of a null pointer de-reference during anonymous Elliptic Curve Diffie Hellman (ECDH) key exchange.  A specially crafted handshake packet could cause the service processor to reset.  The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-3470.
  •  A problem was fixed that caused the system information LED to be lit without a corresponding SRC and error log for the event.  This problem typically occurs when an operating system on a partition terminates abnormally.
  • A security problem was fixed in the service processor Lighttpd web server that allowed denial of service vulnerabilities for the Advanced System Manager Interface (ASMI).  The Common Vulnerabilities and Exposures issue numbers for this problem are CVE-2011-4362 and CVE-2012-5533.
  • A problem was fixed on the service processor where the Small-Footprint CIM Broker Daemon (SFCBD) process was accessing a null pointer and failing with a core dump, triggering a FSP dump to collect the core.
  • A problem was fixed that caused a security scan of the Advanced System Manager Interface (ASMI) to fail.  The Lighttpd web server configuration cipher list was updated to improve the security.
  • A security problem in the Secure Socket Layer (SSL) protocol on the service processor was fixed to prevent a man-in-the-middle attack.  The Common Vulnerabilities and Exposures issue number is CVE-2011-3389.
  • A  security problem was fixed for the Lighttpd web server that allowed arbitrary SQL commands to be run on the service processor of the CEC.  The Common Vulnerabilities and Exposures issue number is CVE-2014-2323.
  • A security problem was fixed for the Lighttpd web server where improperly-structured URLs could be used to view arbitrary files on the service processor of the CEC.  The Common Vulnerabilities and Exposures issue number is CVE-2014-2324..
  • A problem was fixed that caused a "code accept" during a concurrent firmware installation from the HMC to fail with SRC E302F85C.
  • A  security problem was fixed in the service processor TCP/IP stack to discard illegal TCP/IP packets that have the SYN and FIN flags set at the same time.  An explicit packet discard was needed to prevent further processing of the packet that could result in an bypass of the iptables firewall rules.
System firmware changes that affect certain systems
  • On systems using dynamic Distributed Host Control Protocol (DHCP) IP addresses, a problem was fixed that caused communication hangs when DHCP client processes were unable to renew their IP addresses.  The iptable rules needed to be updated to open DHCP ports 67 and 68 to prevent the DHCP network traffic from being filtered by the service processor.
  • On a system with partitions with redundant Virtual Asynchronous Services Interface (VASI) streams, a problem was fixed that caused the system to terminate with SRC B170E540.  The affected partitions include Active Memory Sharing (AMS), encapsulated state partitions, and hibernation-capable partitions.  The problem is triggered when the management console attempts to change the active VASI stream in a redundant configuration.  This may occur due to a stream reconfiguration caused by Live Partition Mobility (LPM); reconfiguring from a redundant Paging Service Partition (PSP) to a single-PSP configuration; or conversion of a partition from AMS to dedicated memory.
  • On systems involved in a series of consecutive Live Partition Mobility (LPM) operations, a memory leak problem was fixed in the run time abstraction service (RTAS) that caused a partition run time AIX crash with SRC 0c20.  Other possible symptoms include error logs with SRC BA330002 (RTAS memory allocation failure).
  •  On a system with a disk device with multiple boot partitions, a problem was fixed that caused System Management Services (SMS) to list only one boot partition.  Even though only one boot partition was listed in SMS, the AIX bootlist command could still be used to boot from any boot partition.
  • For a partition with a 256MB Real Memory Offset (RMO) region size that has been migrated from a Power8 system to  Power7 or Power6 using Live Partition Mobility, a problem was fixed that caused a failure on the next boot of the partition with a BA210000 log with a CA000091 checkpoint just prior to the BA210000.  The fix dynamically adjusts the memory footprint of the partition to fit on the earlier Power systems.
  • On systems with a redundant service processor, a problem was fixed that caused a SRC B150D15E to be erroneously logged after a failover to the sibling service processor.
  • On systems with a F/C 5802 or 5877 I/O drawer installed, a problem was fixed that where an Offline Converter Assembly (OCA) fault would appear to persist after an OCA micro-reset or OCA replacement.  The fault bit reported to the OS may not be cleared, indicating a fault still exists in the I/O drawer after it has been repaired.
Concurrent hot add/repair maintenance (CHARM) firmware fixes
  • A problem was fixed that caused a concurrent hot add/repair maintenance operation to fail with SRC B181394F.
EM350_149_038

07/25/13

Impact:  Availability      Severity:  SPE

System firmware changes that affect all systems
  • A problem was fixed that caused the managed system to go to the incomplete state on the management console after a partition was deleted.
  • A problem was fixed that caused an error log generated by the partition firmware to show conflicting firmware levels.  This problem occurs after a firmware update or a logical partition migration (LPM) operation on the system.
  • The firmware was enhanced to display on the management console the correct number of concurrent live partition mobility (LPM) operations that is supported.
  • A problem was fixed that caused the state of the Host Ethernet Adapter (HEA) port of be reported as down when the physical port is actually up.
  • A problem was fixed that caused the partition target of a logical partition migration (LPM) to have its UTC time shifted forward from the actual time on the source partition.
  • A problem was fixed that that caused a HMC code update failure for the FSP on the accept operation with SRC B1811402 or FSP is unable to boot on the updated side.
System firmware changes that affect certain systems
  • On systems with I/O towers attached, a problem was fixed that caused multiple service processor reset/reloads if the tower was continuously sending invalid System Power Control Network (SPCN) status data.
  • On a partition with a large number of potentially bootable devices, a problem was fixed that caused the partition to fail to boot with a default catch, and SRC BA210000 may also be logged.
  • On systems running AIX or Linux, a problem was fixed that caused the operating system to halt when an InfiniBand Host Channel Adapter (HCA) adapter fails or malfunctions.
  • On systems running Active Memory Sharing (AMS) partitions, a timing problem was fixed that may occur if the system is undergoing AMS pool size changes.
  • On systems with a F/C 5802 or 5877 I/O drawer installed, the firmware was enhanced to guarantee that an SRC will be generated when there is a power supply voltage fault.  If no SRC is generated, a loss of power redundancy may not be detected, which can lead to a drawer crash if the other power supply goes down.  This also fixes a problem that causes an  8 GB Fiber channel adapter in the drawer to log errors if the 12V level fails in the drawer.
  • On systems with a F/C 5802 or 5877 I/O drawer installed, a problem was fixed that caused the hardware topology on the management console for the managed system to show "null" instead of "operational" for the affected I/O drawers.
  • A problem was fixed that caused a migrated partition to reboot during transfer to a VIOS 2.2.2.0, and later, target system. A manual reboot would be required if transferred to a target system running an earlier VIOS release. Migration recovery may also be necessary.
Concurrent hot add/repair maintenance (CHARM) firmware fixes
  • On systems running multiple IBM i partitions that are configured to communicate with each other via virtual Opticonnect, concurrent hot add/repair maintenance operations may time-out.  When this problem occurs, a platform reboot may be required to recover.
EM350_143_038

01/09/13

Impact:  Function      Severity:  ATT

System firmware changes that affect all systems
  • A problem was fixed that caused the hypervisor to be left in an inconsistent state after a partition create operation failed.
  • A problem was fixed that caused the hypervisor to become unresponsive and the managed system to go the incomplete state on the management console.
  • A problem was fixed that caused the service processor to fail to boot after a concurrent firmware update; this causes a system crash.
System firmware changes that affect certain systems
  • A problem was fixed that prevented the HMC command "lshwres" from showing any I/O adapters if any adapter name contained the ampersand character in the VPD.
  • The Power Hypervisor was enhanced to insure better synchronization of vSCSI and NPIV I/O interrupts to partitions.
  • On systems running AIX or Linux, a problem was fixed that caused a partition to fail to boot with SRC CA260203.  This problem also can cause concurrent firmware updates to fail.
Concurrent hot add/repair maintenance (CHARM) firmware fixes
  • A problem was fixed that caused the Hypervisor to become unresponsive during a concurrent maintenance operation.
EM350_132_038

07/27/12

Impact:  Availability      Severity:  SPE

New Features and Functions
  • Support for live partition mobility between systems running Ex350 system firmware, and 8246-L2S systems.
System firmware changes that affect all systems
  • The firmware was enhanced to improve the isolation of the failing component when SRC 110016x1 (VRM failure) is logged.
System firmware changes that affect certain systems
  • On systems booting from an NPIV (N-port ID virtualization) device, a problem was fixed that caused the boot to intermittently terminate with the message "PReP-BOOT: unable to load full PReP image.".  This problem occurs more frequently on the IBM V7000 Storage System running the SAN Volume Controller (SVC), but not on every boot.
  • On systems on which Internet Explorer (IE) is used to access the Advanced System Management Interface (ASMI) on the Hardware Management Console (HMC), a problem was fixed that caused IE to hang for about 10 minutes after saving changes to network parameters on the ASMI.
  • On systems running the AIX operating system, a problem was fixed that caused the hypervisor to crash with SRC B7000103, after an HEA (Host Ethernet Adapter) error was logged, when there is a lot of AIX activity on the HEAs.
EM350_126_038

05/02/12

Impact:  Availability      Severity:  HIPER - High Impact/PERvasive, Should be installed as soon as possible.

System firmware changes that affect all systems
  • The firmware was enhanced to log SRCs BA180030 and BA180031 as informational instead of predictive.
  • The firmware was enhanced to increase the threshold of soft NVRAM errors on the service processor to 32 before SRC B15xF109 is logged.  (Replacement of the service processor is recommended if more than one B15xF109 is logged per week.)
System firmware changes that affect certain systems
  • The firmware resolves undetected N-mode stability problems and improves error reporting on the feature code (F/C) 5802 and 5877 I/O drawer power subsystem.
  • HIPER/Pervasive: On systems with PCI adapters in a feature code (F/C) F/C 5802 or 5877 I/O drawer assigned to a Virtual I/O Server (VIOS), and on systems with the I/O adapters in a CEC drawer assigned to a VIOS, a problem was fixed that caused the system to crash with SRC B700F103.
  • A problem was fixed that caused the hypervisor to hang during a concurrent operation on a F/C 5802, 5803, 5873 or 5877 I/O drawer.  Recovering from the hypervisor hang required a platform reboot.
  • On system performing Live Partition Mobility (LPM), a problem was fixed that caused a partition to crash if the following sequence of operations is performed:

    1.  The partition is configured with, and is using, more than 1 dedicated processor.
    2.  The partition is migrated using LPM from a POWER6 to a POWER7 platform.
    3.  At any time following the migration from POWER6 to POWER7, one or more of the dedicated processors is removed from the partition using a Dynamic Logical Partitioning (DLPAR) operation.

     Once these 3 steps operations have been done, a partition crash is likely if either:
      - The partition is subsequently migrated to any other platform (POWER6 or POWER7) using LPM,  or
      - The partition is resumed from hibernation.

  • A problem was fixed that caused the output of the AIX command "uname -m" to be incorrect on the POWER7 system after a successful Live Partition Migration (LPM) operation from a POWER6 to a POWER7 system.
  • A problem was fixed that prevented the operating system from being notified that a F/C 5802 or 5877 I/O drawer had recovered from an input power fault (SRC 10001512 or 10001522).
  • The firmware was enhanced to improve soft error recovery and error reporting on feature code (F/C) 5802 and 5877 I/O drawers.
  • A problem was fixed that caused booting from a virtual fibre channel tape device to fail with SRC B2008105.
Concurrent hot add/repair maintenance (CHARM) firmware fixes
  • A problem was fixed that caused the hypervisor's memory usage to grow during a concurrent maintenance node evacuation operation.  When this problem occurred, the amount of reserved memory (the memory the hypervisor is using) increases, and the amount of available memory decreases, as viewed on the Hardware Management Console (HMC) or System Director Management Console (SDMC).
EM350_118_038

10/27/11

Impact:  Availability      Severity:  HIPER - High Impact/PERvasive, Should be installed as soon as possible.

System firmware changes that affect all systems
  • A problem was fixed that caused the system to terminate when rebooting after the power was removed, then reapplied.
  • A problem was fixed that caused the message "IPL: 500 - Internal Server Error" to be displayed when the Hardware Management Console option was selected (which is under the System Information option) on the Advanced System Management Interface (ASMI).
  • On systems running more than 100 logical partitions, a problem was fixed that caused a concurrent firmware installation to fail.
  • A problem was fixed that caused a system's partition dates to revert back to 1969 after the service processor or its battery was replaced.  This occurred regardless of whether or not the service processor's time-of-day (TOD) clock was correctly set during the service action. 
  • A problem was fixed that caused a partition migration operation to abort when the partition has more than 4096 virtual slots.
  • A problem was fixed that caused the message "500 - Internal Server Error." to be displayed when a setting was changed on the Advanced System Management Interface's (ASMI's) power on/off menu, when the change was attempted when the system was powering down.
  • A problem was fixed that caused booting or installing a partition or system from a USB device to fail with error code BA210012.  This usually occurs when an operating system (OS) other than the OS that is already on the partition or system is being booted or installed.
  • On the System Management Services (SMS) remote IPL (RIPL) menus, a problem was fixed that caused the SMS menu to continue to show that an Ethernet device is configured for iSCSI, even though the user has changed it to BOOTP.
  • A problem was fixed that caused a firmware installation from the HMC with the "do not auto accept" option selected to fail.
System firmware changes that affect certain systems
  • On systems running IBM i partitions, a problem was fixed that caused changing the processor weight on an IBM i partition to 255 to have no effect.
  • On system using the utility capacity on demand (COD) feature, a problem was fixed that prevented the hypervisor from correctly crediting the time used when the sequence number of the activation code reached certain values.
  • HIPER/Non-Pervasive:  On systems running Active Memory Sharing (AMS) with a feature code (F/C) 5802 or 5877 I/O drawer attached, a problem was fixed that caused the system to crash with SRC B170E540 after a warm boot or platform dump IPL.
  • On systems with an iSCSI network, a problem was fixed that caused the system to hang when booting from an iSCSI device in the system management services (SMS) menus.
  • On systems with an iSCSI network, when booting a logical partition using that iSCSI network, a problem was fixed that caused the iSCSI gateway parameter displayed on the screen to be incorrect.  It did not impact iSCSI boot functionality.
  • On systems using fibre channel adapters, the firmware was enhanced by the addition of a new option in the system management services (SMS) Mutliboot menu that facilitates zoning of physical and virtual fibre channel adapters.
  • On systems with external I/O drawers, the firmware was enhanced such that SRCs 10001B02 and 1000911C place a call home.
  • On systems with external InfiniBand or PCI-E drawers or towers, a problem was fixed that caused the system to crash with SRC B7000103 if the I/O hub adapter crashed at the same time an external drawer or tower was being initialized.
Concurrent hot add/repair maintenance (CHARM) firmware fixes
  • On partitions running Red Hat Linux 6.1, a problem was fixed that caused a node evacuation operation to fail.
  • HIPER/Non-Pervasive: On systems with a F/C 5802 or 5877 I/O drawer attached, a problem was fixed that caused the system to crash with SRC B170E540 after a warm boot or platform dump IPL.
  • A problem was fixed that caused the host Ethernet adapters (HEA) to be in a non-functional state after a hot node add.

4.0 How to Determine Currently Installed Firmware Level

For HMC managed systems:  From the HMC, select Updates in the navigation (left-hand) pane, then view the current levels of the desired server(s).

For SDMC managed systems:  From the SDMC Welcome page, select the desired server(s), then select Release Management, then select Power System Firmware Management. Click Gather Target Information, then view the current levels of the desired server(s). 
NOTE:  If Inventory has not previously been collected, a message will be displayed indicating to "View and Collect Inventory" to proceed.

Alternately, you can view the server's current firmware level on the Advanced System Management Interface (ASMI) Welcome pane. It appears in the top right corner. Example: EM350_038.


5.0 Downloading the Firmware Package

Follow the instructions on Fix Central. You must read and agree to the license agreement to obtain the firmware packages.

Note: If your HMC or SDMC is not internet-connected you will need to download the new firmware level to a CD-ROM or ftp server.


6.0 Installing the Firmware

The method used to install new firmware will depend on the release level of firmware which is currently installed on your server. The release level can be determined by the prefix of the new firmware's filename.

Example: EMXXX_YYY_ZZZ

Where XXX = release level


Instructions for installing firmware updates and upgrades can be found at
http://www.ibm.com/support/knowledgecenter/POWER6/ipha1/updupdates.htm

IBM i Systems

Refer to "IBM i Support: Recommended Fixes":
http://www-912.ibm.com/s_dir/slkbase.nsf/recommendedfixes

When ordering firmware for IBM i Operating System managed systems from Fix Central, choose "Select product", under Product Group specify "System i", under Product specify "IBM i", then Continue and specify the desired firmware PTF accordingly.

7.0 Firmware History

The complete Firmware Fix History for this Release level can be reviewed at the following url:
http://download.boulder.ibm.com/ibmdl/pub/software/server/firmware/EM-Firmware-Hist.html