Power7 High-End System Firmware

Applies to: 9125-F2C

This document provides information about the installation of Licensed Machine or Licensed Internal Code, which is sometimes referred to generically as microcode or firmware.

1.0 Systems Affected
1.1 Minimum HMC Code Level
2.0 Important Information
3.0 Firmware Information and Description
4.0 How to Determine Currently Installed Firmware Level
5.0 Downloading the Firmware Package
6.0 Installing the Firmware
7.0 Firmware History

1.0 Systems Affected

This package provides firmware for Power 775 (9125-F2C) Servers only.

The firmware level in this package is:

AS730_182 / FW731.82

1.1 Minimum HMC Code Level

This section is intended to describe the "Minimum HMC Code Level" required by the System Firmware to complete the firmware installation process. When installing the System Firmware, the HMC level must be equal to or higher than the "Minimum HMC Code Level" before starting the system firmware update. If the HMC managing the server targeted for the System Firmware update is lower than the "Minimum HMC Code Level" the firmware update will not proceed.

The Minimum HMC Code level for this firmware is: HMC V7 R7.3.0 Service Pack 7 (PTF MH01456).

Although the Minimum HMC Code level for this firmware is listed above, HMC V7 R7.3.0 Service Pack 7 (PTF MH01456) with fix (PTF MH01658), or higher is recommended.

Note: Updating the HMC to V7 R7.3.0 Service Pack 7 is required prior to installing this firmware. Details on this requirement can be found in the firmware information description table.

For information concerning HMC releases and the latest PTFs, go to the following URL to access Fix Central.
http://www-933.ibm.com/support/fixcentral/

For specific fix level information on key components of IBM Power Systems running the AIX, IBM i and Linux operating systems, we suggest using the Fix Level Recommendation Tool (FLRT):
http://www14.software.ibm.com/webapp/set2/flrt/home

NOTE: You must be logged in as hscroot in order for the firmware installation to complete correctly.

2.0 Important Information

Additional Details About Installing This Service Pack

The new level of optical link firmware is installed automatically during a node boot after this service pack is installed; it is done prior to the optical init executing. This happens in parallel with the hypervisor starting, and it prevents usage of the hub HFIs. After the update is complete, and optical init is complete, the optical interconnects will be fully functional. Allow for an additional 1 to 1.25 hours of boot time per node on the next reboot after installing this service pack for this operation.

This new optical module firmware fixes several issues, among them:

Invalid thermal alarms
Unexpected resets because of watchdog timer time-outs.
Laser faults not re-asserting

IPv6 Support and Limitations

IPv6 (Internet Protocol version 6) is supported in the System Management Services (SMS) in this level of system firmware. There are several limitations that should be considered.

When configuring a network interface card (NIC) for remote IPL, only the most recently configured protocol (IPv4 or IPv6) is retained. For example, if the network interface card was previously configured with IPv4 information and is now being configured with IPv6 information, the IPv4 configuration information is discarded.

A single network interface card may only be chosen once for the boot device list. In other words, the interface cannot be configured for the IPv6 protocol and for the IPv4 protocol at the same time.

Memory Considerations for Firmware Upgrades

Firmware Release Level upgrades and Service Pack updates may consume additional system memory.
Server firmware requires memory to support the logical partitions on the server. The amount of memory required by the server firmware varies according to several factors.
Factors influencing server firmware memory requirements include the following:

Number of logical partitions
Partition environments of the logical partitions
Number of physical and virtual I/O devices used by the logical partitions
Maximum memory values given to the logical partitions

Generally, you can estimate the amount of memory required by server firmware to be approximately 8% of the system installed memory. The actual amount required will generally be less than 8%. However, there are some server models that require an absolute minimum amount of memory for server firmware, regardless of the previously mentioned considerations.

Additional information can be found at:
http://www.ibm.com/support/knowledgecenter/9125-F2C/p7hat/iphatlparmemory.htm

Downgrading firmware from any given release level to an earlier release level is not recommended.
If you feel that it is necessary to downgrade the firmware on your system to an earlier release level, please contact your next level of support.

3.0 Firmware Information and Description

Use the following examples as a reference to determine whether your installation will be concurrent or disruptive.

Note: The concurrent levels of system firmware may, on occasion, contain fixes that are known as deferred. These deferred fixes can be installed concurrently, but will not be activated until the next IPL. Deferred fixes, if any, will be identified in the "Firmware Update Descriptions" table of this document. For deferred fixes within a service pack, only the fixes in the service pack which cannot be concurrently activated are deferred.

Note: The file names and service pack levels used in the following examples are for clarification only, and are not necessarily levels that have been, or will be released.

System firmware file naming convention:

01ASXXX_YYY_ZZZ

XXX is the release level
YYY is the service pack level
ZZZ is the last disruptive service pack level

NOTE: Values of service pack and last disruptive service pack level (YYY and ZZZ) are only unique within a release level (XXX). For example, 01AS330_067_045 and 01AS340_067_053 are different service packs.

An installation is disruptive if:

The release levels (XXX) are different.

Example: Currently installed release is AS330, new release is AS340

The service pack level (YYY) and the last disruptive service pack level (ZZZ) are the same.

Example: AS330_120_120 is disruptive, no matter what level of AS330 is currently
installed on the system

The service pack level (YYY) currently installed on the system is lower than the last disruptive service pack level (ZZZ) of the service pack to be installed.

Example: Currently installed service pack is AS330_120_120 and new service pack is AS330_152_130

An installation is concurrent if:

The release level (XXX) is the same, and
The service pack level (YYY) currently installed on the system is the same or higher than the last disruptive service pack level (ZZZ) of the service pack to be installed.

Example: Currently installed service pack is AS330_126_120, new service pack is AS330_143_120.


*Filename*	*Size*	*Checksum*	md5sum
01AS730_182_182.rpm	38598296	61183	ff9715874bb817364bea5e4932884445

Note: The Checksum can be found by running the AIX sum command against the rpm file (only the first 5 digits are listed).
ie: sum 01AS730_182_182.rpm
AS730 For Impact, Severity and other Firmware definitions, Please refer to the below 'Glossary of firmware terms' url: http://www14.software.ibm.com/webapp/set2/sas/f/power5cm/home.html#termdefs The following Fix description table will only contain the N (current) and N-1 (previous) levels. The complete Firmware Fix History (including HIPER descriptions) for this Release Level can be reviewed at the following url: http://download.boulder.ibm.com/ibmdl/pub/software/server/firmware/AS-Firmware-Hist.html
AS730_182_182 / FW731.82 05/29/18	Impact: Security Severity: SPE Response for Recent Security Vulnerabilities DISRUPTIVE: In response to recently reported security vulnerabilities, this firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE-2018-3639. In addition, Operating System updates are required in conjunction with this FW level for CVE-2018-3639.
AS730_181_093 / FW731.81 02/19/18	Impact: Security Severity: SPE Response for Recent Security Vulnerabilities In response to recently reported security vulnerabilities, this firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE-2017-5715. In addition, Operating System updates are available to mitigate the CVE-2017-5753 and CVE-2017-5754 security issues.
AS730_180_093 / FW731.80 08/29/17	Impact: Availability Severity: ATT New features and functions DEFERRED: Support for concurrent replacement of the DCCA on a dual DCCA system. Support was added to increase the power capacity limit of the system by 30%, up to 25,000 watts, to handle workloads for drawers with high processor and memory utilization. Highly-active workloads were driving the power capacity to the limit, resulting in system throttling that reduced performance. These heavier workloads can now run at normal performance levels. Support was added to the Advanced System Management Interface (ASMI) to be able to add an IPv4 static route definition for each ethernet interface on the service processor. Using a static route definition, a Hardware Management Console (HMC) configured on a private subnet that is different from the service processor subnet is now able to connect to the service processor and manage the CEC. A static route persists until it is deleted or until the service processor settings are restored to manufacturing defaults. The static route is managed with the ASMI panel "Network Services/Network Configuration/Static Route Configuration" IPv4 radio button. The "Add" button is used to add a static route (only one is allowed for each ethernet interface) and the "Delete" button is used to delete the static route. Support was added for a concurrent replacement of a DCCA that restores full redundancy of the service processor for the affected drawer. The DCCA replacement is done concurrently, with the affected drawer powered up and running. System firmware changes that affect all systems DEFERRED: A problem was fixed for filtering Local Network Manager Controller (LNMC) errors for a Host Fabric Interface (HFI) that has failed and gone to a "not ready" state. Without the fix, the failed HFI continues to log errors (such as "Multicast HW Internal error") and can flood the Central Network Manager (CNM) error log file. The HFI error conditions that can cause the extra message logging are a rare occurrence. A problem was fixed for PCI adapters locking up when powered on. The problem is rare but frequency varies with the specific adapter models. A system power down and power up is required to get the adapter out of the locked state. A problem was fixed for a Network boot/install failure using bootp in a network with switches using the Spanning Tree Protocol (STP). A Network boot/install using lpar_netboot on the management console was enhanced to allow the number of retries to be increased. If the user is not using lpar_netboot, the number of bootp retries can be increased using the SMS menus. If the SMS menus are not an option, the STP in the switch can be set up to allow packets to pass through while the switch is learning the network configuration. A problem was fixed that prevented a second management console from being added to the CEC. In some cases, network outages caused defunct management console connection entries to remain in the service processor connection table, making connection slots unavailable for new management consoles A reset of the service processor could be used to remove the defunct entries. A problem was fixed for NIM installs using the Host Fabric Interface (HFI) that failed or other times appear to hang but could complete after many hours of delay. When the NIM install operation fails, recover by doing a retry of the operation. This infrequent problem is triggered by hardware instructions in the HFI Fcode not executing in the required order because of missing synchronization instructions. A problem was fixed for a Host Fabric Interface (HFI) FCode driver error that caused Red Hat Enterprise 7.3 boot failures using the HFI interface. The problem has been seen with certain diskless boot images. The problem is not very frequent, but once encountered, cannot be remedied without a rebuild of the Linux boot image. The image is gzipped so simply rebuilding the image can cause gzip to compress the image differently due to the new timestamp. This can be done several times and that may correct the issue. A problem was fixed for the DCCA replacement procedure in the HMC R&V (Repair and Verify) to prevent a firmware synchronization error during the DCCA replacement. The error would also have a connection lost between the HMC and the service processor as the service processor is reset. The fix involved a change to the error recovery of the ncfgMultSetup application on the service processor to support the DCCA replacement process. Without the fix, the connection between the HMC and the service processor can be lost during the R&V DCCA replacement procedure, resulting in a failure of the firmware synchronization step. With the fix, the recovery policy of the ncfgMultSetup daemon was changed so that it would restart itself to handle the setup timing windows for the new DCCA configuration instead of forcing a reset of the service processor, allowing the DCCA replacement process to complete successfully. The error only occurred infrequently during DCCA replacements on some systems. A problem was fixed for incorrect error messages from the Advanced System Management Interface (ASMI) functions when the system is powered on but in the "Incomplete State". For this condition, ASMI was assuming the system was powered off because it could not communicate to the PowerVM hypervisor. With the fix, the ASMI error messages will indicate that ASMI functions have failed because of the bad hypervisor connection instead of falsely stating that the system is powered off. System firmware changes that affect certain systems On systems in IPv6 networks, a problem was fixed for a network boot/install failing with SRC B2004158 and IP address resolution failing using neighbor solicitation to the partition firmware client. For systems with an invalid P-side or T-side in the firmware, a problem was fixed in the partition firmware Real-Time Abstraction System (RTAS) so that system Vital Product Data (VPD) is returned at least from the valid side instead of returning no VPD data. This allows AIX host commands such as lsmcode, lsvpd, and lsattr that rely on the VPD data to work to some extent even if there is one bad code side. Without the fix, all the VPD data is blocked from the OS until the invalid code side is recovered by either rejecting the firmware update or attempting to update the system firmware again. For systems with a IBM i load source disk attached to an Emulex-based fibre channel adapter such as F/C #5735, a problem was fixed that caused an IBM i load source boot to fail with SRC B2006110 logged and a message to the boot console of "SPLIT-MEM Out of Room". This problem occurred for load source disks that needed extra disk scans to be found, such as those attached to a port other than the first port of a fibre channel adapter (first port requires fewest disk scans). A problem was fixed for systems in networks using the Juniper 1GBe and 10GBe switches (F/Cs #1108, #1145, and #1151) to prevent network ping errors and boot from network (bootp) failures. The Address Resolution Protocol (ARP) table information on the Juniper aggregated switches is not being shared between the switches and that causes problems for address resolution in certain network configurations. Therefore, the CEC network stack code has been enhanced to add three gratuitous ARPs (ARP replies sent without a request received) before each ping and bootp request to ensure that all the network switches have the latest network information for the system. On systems with a PowerVM Active Memory Sharing (AMS) partition with AIX Level 7.2.0.0 or later with Firmware Assisted Dump enabled, a problem was fixed for a Restart Dump operation failing into KDB mode. If "q" is entered to exit from KDB mode, the partition fails to start. The AIX partition must be powered off and back on to recover. The problem can be circumvented by disabling Firmware Assisted Dump (default is enabled in AIX 7.2). On systems with dedicated processor partitions, a problem was fixed for the dedicated processor partition becoming intermittently unresponsive. The problem can be circumvented by changing the partition to use shared processors.
AS730_165_093 / FW731.78 07/27/17	Impact: Availability Severity: ATT Changes: No system firmware changes. Refreshing code only to coincide with the BPC update.
AS730_163_093 / FW731.77 04/01/16	Impact: Security Severity: ATT
AS730_158_093 / FW731.76 10/25/15	Impact: Security Severity: SPE
AS730_155_093 / FW731.75 09/15/15	Impact: Availability Severity: SPE
AS730_153_093 / FW731.74 06/26/15	Impact: Security Severity: SPE
AS730_142_093 / FW731.73 10/17/14	Impact: Availability Severity: ATT
AS730_141_093 / FW731.72 09/08/14	Impact: Security Severity: SPE
AS730_140_093 / FW731.71 08/21/14	Only HIPER fix descriptions are displayed for this service pack. The complete Firmware Fix History for this Release Level can be reviewed at the following url: http://download.boulder.ibm.com/ibmdl/pub/software/server/firmware/AS-Firmware-Hist.html Impact: Security Severity: HIPER System firmware changes that affect all systems HIPER/Pervasive: A security problem was fixed in the OpenSSL (Secure Socket Layer) protocol that allowed clients and servers, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between the management console and the service processor. The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-0224. HIPER/Pervasive: A security problem was fixed in OpenSSL for a buffer overflow in the Datagram Transport Layer Security (DTLS) when handling invalid DTLS packet fragments. This could be used to execute arbitrary code on the service processor. The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-0195. HIPER/Pervasive: Multiple security problems were fixed in the way that OpenSSL handled read and write buffers when the SSL_MODE_RELEASE_BUFFERS mode was enabled to prevent denial of service. These could cause the service processor to reset or unexpectedly drop connections to the management console when processing certain SSL commands. The Common Vulnerabilities and Exposures issue numbers for these problems are CVE-2010-5298 and CVE-2014-0198. HIPER/Pervasive: A security problem was fixed in OpenSSL to prevent a denial of service when handling certain Datagram Transport Layer Security (DTLS) ServerHello requests. A specially crafted DTLS handshake packet could cause the service processor to reset. The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-0221. HIPER/Pervasive: A security problem was fixed in OpenSSL to prevent a denial of service by using an exploit of a null pointer de-reference during anonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially crafted handshake packet could cause the service processor to reset. The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-3470.
AS730_138_093 / FW731.70 05/09/14	Only Deferred fix descriptions are displayed for this service pack. The complete Firmware Fix History for this Release Level can be reviewed at the following url: http://download.boulder.ibm.com/ibmdl/pub/software/server/firmware/AS-Firmware-Hist.html Impact: Availability Severity: SPE System firmware changes that affect all systems DEFERRED: A problem was fixed that caused a system checkstop during hypervisor time keeping services. This deferred fix addresses a problem that has a very low probability of occurrence. As such customers may wait for the next planned service window to activate the deferred fix via a system reboot. DEFERRED: A problem was fixed that caused a system checkstop with SRC B113E504 for a recoverable hardware fault. This deferred fix addresses a problem that has a very low probability of occurrence. As such customers may wait for the next planned service window to activate the deferred fix via a system reboot.
AS730_130_093 / FW731.61 10/25/13	Impact: Availability Severity: SPE
AS730_125_093 03/11/13	Impact: Availability Severity: SPE
AS730_118_093 11/02/12	Only Deferred fix descriptions are displayed for this service pack. The complete Firmware Fix History for this Release Level can be reviewed at the following url: http://download.boulder.ibm.com/ibmdl/pub/software/server/firmware/AS-Firmware-Hist.html Impact: Function Severity: SPE System firmware changes that affect all systems DEFERRED: A problem was fixed that could cause a live lock on the power bus resulting in a system crash.
AS730_103_093 06/27/12	Impact: Availability Severity: SPE
AS730_093_093 06/13/12	Only Deferred fix descriptions are displayed for this service pack. The complete Firmware Fix History for this Release Level can be reviewed at the following url: http://download.boulder.ibm.com/ibmdl/pub/software/server/firmware/AS-Firmware-Hist.html Impact: Serviceability Severity: SPE System firmware changes that affect all systems DEFERRED: The firmware was enhanced to fix a potential performance degradation on systems utilizing the stride-N stream prefetch instructions dcbt (with TH=1011) or dcbtst (with TH=1011). Typical applications executing these algorithms include High Performance Computing, data intensive applications exploiting streaming instruction prefetchs, and applications utilizing the Engineering and Scientific Subroutine Library (ESSL) 5.1.
AS730_084_084 04/12/12	Impact: Function Severity: SPE
	The complete Firmware Fix History (including HIPER descriptions) for this Release Level can be reviewed at the following url: http://download.boulder.ibm.com/ibmdl/pub/software/server/firmware/AS-Firmware-Hist.html

4.0 How to Determine Currently Installed Firmware Level

You can view the server's current firmware level on the Advanced System Management Interface (ASMI) Welcome pane. It appears in the top right corner. Example: AS730_123.

5.0 Downloading the Firmware Package

Follow the instructions on the web page. You must read and agree to the license agreement to obtain the firmware packages.

Note: If your HMC is not internet-connected you will need to download the new firmware level to a CD-ROM or ftp server.

6.0 Installing the Firmware

The method used to install new firmware will depend on the release level of firmware which is currently installed on your server. The release level can be determined by the prefix of the new firmware's filename.

Example: ASXXX_YYY_ZZZ

Where XXX = release level

If the release level will stay the same (Example: Level AS330_075_075 is currently installed and you are attempting to install level AS330_081_075) this is considered an update.
If the release level will change (Example: Level AS330_081_075 is currently installed and you are attempting to install level AS340_096_096) this is considered an upgrade.

Instructions for installing firmware updates and upgrades can be found at http://www.ibm.com/support/knowledgecenter/9125-F2C/p7ha1/updupdates.htm

7.0 Firmware History

The complete Firmware Fix History (including HIPER descriptions) for this Release level can be reviewed at the following url:
http://download.boulder.ibm.com/ibmdl/pub/software/server/firmware/AS-Firmware-Hist.html