MM1020_079_079 / FW1020.00
07/22/22 |
Impact: NEW
Severity: NEW
GA Level with key features listed below
New Features and Functions
- This server
firmware includes the SR-IOV adapter firmware level
xx.32.1010 for the following Feature Codes and CCINs:
#EC2R/EC2S with CCIN 58FA; #EC2T/EC2U with CCIN 58FB;
and #EC66/EC67 with CCIN 2CF3.
- Support for the new eBMC service processor that
replaces the FSP service processor used on other Power
systems.
- Support for VIOS 3.1.3 (based on AIX 7.2 TL5 (AIX 72X)
on POWER10 servers.
- Support was added for a BMC ASMI "
Operations->Resource management -> Lateral cast
out control" option to disable or enable the system
Lateral Cast-Out function (LCO). LCO is enabled by
default and a change to disable it must be done at
service processor standby. POWER processor chips
since POWER7 have a feature called “Lateral Cast-Out”
(LCO), enabled by default, where the contents of data
cast out of one core’s L3 can be written into another
core’s L3. Then if a core has a cache miss on its
own L3, it can often find the needed data block in
another local core’s L3. This has the useful effect of
slightly increasing the length of time that a storage
block gets to stay in a chip’s cache, providing a
performance boost for most applications. However,
for some applications such as SAP HANA, the performance
can be better if LCO is disabled. More information
on how LCO is being configured by SAP HANA can be found
in the SAP HANA on Power Advanced Operation Guide manual
that can be accessed using the following link:
http://ibm.biz/sap-linux-power-library
Follow the "SAP HANA Operation" link on this page to the
"SAP HANA Operation Guides" folder. In this
folder, locate the updated
"SAP_HANA_on_Power_Advanced_Operation_Guide" manual that
has a new topic added of "Manage IBM Power Lateral Cast
Out settings" which provides the additional information.
The default behavior of the system (LCO enabled) will
not change in any way by this new feature. The
customer will need to power off and disable LCO in ASMI
to get the new behavior.
- Support was added for Secure Boot for SUSE Linux
Enterprise Server (SLES) partitions. The SUSE
Linux level must be SLES 15 SP4 or later. Without
this feature, partitions with SLES 15 SP4 or later and
which have the OS Secure Boot partition property set to
"Enabled and Enforced" will fail to boot. A
workaround to this is to change the partition's Secure
Boot setting in the HMC partition configuration to
"Disabled" or "Enabled and Log only".
- HIPER/Pervasive: For systems with Power Linux
partitions, support was added for a new Linux secure
boot key. The support for the new secure boot key
for Linux partitions may cause secure boot for Linux to
fail if the Linux OS for SUSE or RHEL distributions does
not have a secure boot key update.
The affected Linux distributions are as follows that
need the Linux fix level that includes "Key for secure
boot signing grub2 builds ppc64le".
1) SLES 15 SP4 - The GA for this Linux level includes
the secure boot fix.
2) RHEL 8.5- This Linux level has no fix. The user
must update to RHEL: 8.6 or RHEL 9.0.
3) RHEL 8.6
4) RHEL 9.0.
The update to a Linux level that supports the new secure
boot key also addresses the following security issues in
Linux GRUB2 and are the reasons that the change in
secure boot key is needed as documented in the following
six CVEs:
1) CVE-2021-3695
2) CVE-2022-28733
3) CVE-2022-28734
4) CVE-2022-28735
5) CVE-2022-28736
6) CVE-2022-28737
Please note that when this firmware level of FW1020.00
is installed, any Linux OS not updated to a secure boot
fix level will fail to secure boot. And any Linux
OS partition updated to a fix level for secure boot
requires a minimum firmware level of FW1010.30 or later,
or FW1020.00 or later to be able to do a secure
boot. If lesser firmware levels are active but the
Linux fix levels for secure boot are loaded for the
Linux partition, the secure boot failure that occurs
will have BA540010 logged. If secure boot
verification is enabled, but not enforced (log only
mode), then the fixed Linux partition will boot, but a
BA540020 informational error will be logged.
- Support for Active Memory Mirroring (AMM) for the
PowerVM hypervisor. This is an option that mirrors
the main memory used by the firmware. With this option,
an uncorrectable error resulting from failure of main
memory used by system firmware will not cause a
system-wide outage. This option efficiently guards
against system-wide outages due to any such
uncorrectable error associated with firmware. With this
option, uncorrectable errors in data owned by a
partition or application will be handled by the existing
Special Uncorrectable Error Handling methods in the
hardware, firmware, and OS. This is a separately
priced option that is ordered with feature code #EM81
and is defaulted to off.
- Support for humidity sensor on the operator panel.
- Support has been dropped for Active Memory Sharing
(AMS) on POWER10 servers
- Support has been dropped for the smaller
logical-memory block (LMB) sizes of 16MB, 32MB, and
64MB. 128MB and 256MB are the only LMB sizes that can be
selected in the BMC ASMI.
- Support added to prevent mixed 2U and 4U DDIMM memory
configurations, If 2U and 4U are mixed, the
2U DDIMM are removed from the memory configuration and
the system is allowed to IPL with the remaining 4U DDIMM
capacity.
- Support was added for a new service processor command
that can be used to 'lock' the power management mode,
such that the mode can not be changed except by doing a
factory reset.
- Support for firmware update of the physical Trusted
Platform Module (pTPM) from the PowerVM hypervisor.
- Support for PowerVM enablement of Virtual Trusted
Platform Module (vTPM) 2.0.
- Support for Remote restart for vTPM 2.0 enabled
partitions. Remote restart is not supported for
vTPM 1.2 enabled partitions.
- TPM firmware upgraded to Nuvoton 7.2.3.0. This
allows Live Partition Mobility (LPM) migrations from
systems running FW920/FW930 and older service pack
levels of FW940/FW950 to FW1010.10 and later levels, and
FW1020.00 and later.
- Support vNIC and Hybrid Network Virtualization (HNV)
system configurations in Live Partition Mobility (LPM)
migrations to and from FW1020 systems.
- Support for Live Partition Mobility (LPM) to allow LPM
migrations when virtual optical devices are configured
for a source partition. LPM automatically removes
virtual optical devices as part of the LPM
process. Without this enhancement, LPM is blocked
if virtual optical devices are configured.
- Support for Live Partition Mobility (LPM) to select
the fastest network connection for data transfer between
Mover Service Partitions (MSPs). The configured
network capacity of the adapters is used as the metric
to determine what may provide the fastest
connection The MSP is the term used to designate
the Virtual I/O Server that is chosen to transmit the
partition’s memory contents between source and target
servers.
- Support for PowerVM for an AIX Update Access Key (UAK)
for AIX 7.2. Interfaces are provided that validate
the OS image date against the AIX UAK expiration
date. Informational messages are generated when
the release date for the AIX operating system has passed
the expiration date of the AIX UAK during normal
operation. Additionally, the server periodically checks
and informs the administrator about AIX UAKs that are
about to expire, AIX UAKs that have expired, or AIX UAKs
that are missing. It is recommended that you replace the
AIX UAK within 30 days prior to expiration.
For more information, please refer to the Q&A
document for "Management of AIX Update Access Keys" at
https://www.ibm.com/support/pages/node/6480845.
- Support for LPAR Radix PageTable mode in PowerVM.
- Support for PowerVM encrypted NVRAM that enables
encryption of all partition NVRAM data and partition
configuration information.
- Added information to #EXM0 PCIe3 Expansion Drawer
error logs that will be helpful when analyzing problems.
- Support to add OMI Connected Memory Buffer Chip (OCMB
) related information into the HOSTBOOT and HW system
dumps.
- Support for a PCIe4 x16 to CXP Converter card for the
attachment of two active optical cables (AOC) to be used
for external storage and PCIe fan-out attachment to the
PCIe expansion drawers. This cable card has
Feature Code #EJ2A.
- Support for the IBM 4769 PCIe3 Cryptographic
Coprocessor hardware security module (HSM). This
HSM has Feature Code #EJ37 with CCIN C0AF. Its
predecessors are the IBM 4768, IBM 4767, and IBM 4765
- Support for new PCIe 4.0 x8 dual-port 32 Gb optical
Fibre Channel (FC) short form adapter based on the
Marvell QLE2772 PCIe host bus adapter (6.6 inches x
2.731 inches). The adapter provides two ports of 32 Gb
FC capability using SR optics. Each port can provide up
to 6,400 MBps bandwidth. This adapter has feature codes
#EN1J/#EN1K with CCIN 579C.
- Support for new PCIe 3.0 16 Gb quad-port optical Fibre
Channel (FC)l x8 short form adapter based on the Marvell
QLE2694L PCIe host bus adapter (6.6 inches x 2.371
inches). The adapter provides four ports of 16 Gb FC
capability using SR optics. Each port can provide up to
3,200 MBps bandwidth. This adapter has feature codes
#EN1E/#EN1F with CCIN 579A.
- Support for the 1.6 TB SSD PCIe4 NVMe U.2 module for
AIX/Linux with feature code #ES3B and CCIN
5B52. Feature #ES3B indicates usage by
AIX, Linux or VIOS in which the SSD is formatted in 4096
byte sectors.
- Support for the 3.2 TB SSD PCIe4 NVMe U.2 module for
AIX/Linux with feature code #ES3D and CCIN
5B51. Feature #ES3D indicates usage by
AIX, Linux or VIOS in which the SSD is formatted in 4096
byte sectors.
- Support for the 6.4 TB SSD PCIe4 NVMe U.2 module for
AIX/Linux with feature code #ES3F and CCIN
5B50. Feature #ES3F indicates usage by
AIX, Linux or VIOS in which the SSD is formatted in 4096
byte sectors.
- Support for the 931GB SAS 4k 2.5 inch SFF-2 SSD for
AIX/Linux with feature code #ESMB and CCIN 5B29.
Feature #ESMB indicates usage by AIX, Linux, or VIOS.
- Support for the 1.86 TB SAS 4k 2.5 inch SFF-2 SSD for
AIX/Linux with feature code #ESMF and CCIN 5B21.
Feature #ESMF indicates usage by AIX, Linux, or VIOS.
- Support for the 3.72 TB SAS 4k 2.5 inch SFF-2 SSD for
AIX/Linux with feature code #ESMK and CCIN 5B2D.
Feature #ESMK indicates usage by AIX, Linux, or VIOS.
- Support for the 7.44 TB SAS 4k 2.5 inch SFF-2 SSD for
AIX/Linux with feature code #ESMV and CCIN 5B2F.
Feature #ESMV indicates usage by AIX, Linux, or VIOS.
- Support for the 387GB SAS SFF-2 SSD formatted with 5xx
(528) byte sectors for AIX/Linux with feature code #ETK1
and CCIN 5B16. Feature #ETK1 indicates usage by
AIX, Linux, or VIOS.
- Support for the 775GB SAS SFF-2 SSD formatted with 5xx
(528) byte sectors for AIX/Linux with feature code #ETK3
and CCIN 5B17. Feature #ETK3 indicates usage by
AIX, Linux, or VIOS.
- Support for the 387GB SAS SFF-2 SSD formatted with 4k
(4224) byte sectors for for AIX/Linux with feature code
#ETK8 and CCIN 5B10. Feature #ETK8 indicates
usage by AIX, Linux, or VIOS.
- Support for the 775GB SAS SFF-2 SSD formatted with 4k
(4224) byte sectors for AIX/Linux with feature code
#ETKC and CCIN 5B11. Feature #ETKC
indicates usage by AIX, Linux, or VIOS.
- Support for the 1.55TB SAS SFF-2 SSD formatted with 4k
(4224) byte sectors for AIX/Linux with feature code
#ETKG and CCIN 5B12. Feature #ETKG indicates
usage by AIX, Linux, or VIOS.
- Support for a mainstream 800GB NVME U.2 15 mm SSD
(Solid State Drive) PCIe4 drive for AIX/Linux with
Feature Code #EC7T and CCIN 59B7. Feature
#EC7T indicates usage by AIX, Linux, or VIOS in which
the SSD is formatted in 4096 byte sectors.
|