ML1020_079_079 / FW1020.00
07/22/22 |
Impact: NEW
Severity: NEW
GA Level with key features listed below
New Features and Functions
- This server firmware includes the SR-IOV adapter
firmware level xx.32.1010 for the following Feature
Codes and CCINs: #EC2R/EC2S with CCIN 58FA; #EC2T/EC2U
with CCIN 58FB; and #EC66/EC67 with CCIN 2CF3.
- Support for the new eBMC service processor that
replaces the FSP service processor used on other Power
systems.
- Support for VIOS 3.1.3 (based on AIX 7.2 TL5 (AIX 72X)
on POWER10 servers.
- Support was added for a BMC ASMI "
Operations->Resource management -> Lateral cast
out control" option to disable or enable the system
Lateral Cast-Out function (LCO). LCO is enabled by
default and a change to disable it must be done at
service processor standby. POWER processor chips
since POWER7 have a feature called “Lateral Cast-Out”
(LCO), enabled by default, where the contents of data
cast out of one core’s L3 can be written into another
core’s L3. Then if a core has a cache miss on its
own L3, it can often find the needed data block in
another local core’s L3. This has the useful effect of
slightly increasing the length of time that a storage
block gets to stay in a chip’s cache, providing a
performance boost for most applications. However,
for some applications such as SAP HANA, the performance
can be better if LCO is disabled. More information
on how LCO is being configured by SAP HANA can be found
in the SAP HANA on Power Advanced Operation Guide manual
that can be accessed using the following link:
http://ibm.biz/sap-linux-power-library
Follow the "SAP HANA Operation" link on this page to the
"SAP HANA Operation Guides" folder. In this
folder, locate the updated
"SAP_HANA_on_Power_Advanced_Operation_Guide" manual that
has a new topic added of "Manage IBM Power Lateral Cast
Out settings" which provides the additional information.
The default behavior of the system (LCO enabled) will
not change in any way by this new feature. The
customer will need to power off and disable LCO in ASMI
to get the new behavior.
- Support was added for Secure Boot for SUSE Linux
Enterprise Server (SLES) partitions. The SUSE
Linux level must be SLES 15 SP4 or later. Without
this feature, partitions with SLES 15 SP4 or later and
which have the OS Secure Boot partition property set to
"Enabled and Enforced" will fail to boot. A
workaround to this is to change the partition's Secure
Boot setting in the HMC partition configuration to
"Disabled" or "Enabled and Log only".
- HIPER/Pervasive: For systems with Power Linux
partitions, support was added for a new Linux secure
boot key. The support for the new secure boot key
for Linux partitions may cause secure boot for Linux to
fail if the Linux OS for SUSE or RHEL distributions does
not have a secure boot key update.
The affected Linux distributions are as follows that
need the Linux fix level that includes "Key for secure
boot signing grub2 builds ppc64le".
1) SLES 15 SP4 - The GA for this Linux level includes
the secure boot fix.
2) RHEL 8.5- This Linux level has no fix. The user
must update to RHEL: 8.6 or RHEL 9.0.
3) RHEL 8.6
4) RHEL 9.0.
The update to a Linux level that supports the new secure
boot key also addresses the following security issues in
Linux GRUB2 and are the reasons that the change in
secure boot key is needed as documented in the following
six CVEs:
1) CVE-2021-3695
2) CVE-2022-28733
3) CVE-2022-28734
4) CVE-2022-28735
5) CVE-2022-28736
6) CVE-2022-28737
Please note that when this firmware level of FW1020.00
is installed, any Linux OS not updated to a secure boot
fix level will fail to secure boot. And any Linux
OS partition updated to a fix level for secure boot
requires a minimum firmware level of FW1010.30 or later,
or FW1020.00 or later to be able to do a secure
boot. If lesser firmware levels are active but the
Linux fix levels for secure boot are loaded for the
Linux partition, the secure boot failure that occurs
will have BA540010 logged. If secure boot
verification is enabled, but not enforced (log only
mode), then the fixed Linux partition will boot, but a
BA540020 informational error will be logged.
- Support for Active Memory Mirroring (AMM) for the
PowerVM hypervisor. This is an option that mirrors
the main memory used by the firmware. With this option,
an uncorrectable error resulting from failure of main
memory used by system firmware will not cause a
system-wide outage. This option efficiently guards
against system-wide outages due to any such
uncorrectable error associated with firmware. With this
option, uncorrectable errors in data owned by a
partition or application will be handled by the existing
Special Uncorrectable Error Handling methods in the
hardware, firmware, and OS. This is a separately
priced option that is ordered with feature code #EM8G
and is defaulted to off.
- Support for humidity sensor on the operator panel.
- Support has been dropped for Active Memory Sharing
(AMS) on POWER10 servers
- Support has been dropped for the smaller
logical-memory block (LMB) sizes of 16MB, 32MB, and
64MB. 128MB and 256MB are the only LMB sizes that can be
selected in the BMC ASMI
- System fan speed control was enhanced to support the
reading of I/O processor temperatures by the On-Chip
Controller (OCC) and passing it to the BMC for fan
control. Monitoring the IO temperatures in
addition to processor core temperatures allows the
system to increase fan speeds accordingly based on chip
requirements.
- Support was added for a new service processor command
that can be used to 'lock' the power management mode,
such that the mode can not be changed except by doing a
factory reset.
- Support for firmware update of the physical Trusted
Platform Module (pTPM) from the PowerVM hypervisor.
- Support for PowerVM enablement of Virtual Trusted
Platform Module (vTPM) 2.0.
- Support for Remote restart for vTPM 2.0 enabled
partitions. Remote restart is not supported for
vTPM 1.2 enabled partitions.
- TPM firmware upgraded to Nuvoton 7.2.3.0. This
allows Live Partition Mobility (LPM) migrations from
systems running FW920/FW930 and older service pack
levels of FW940/FW950 to FW1010.10 and later levels, and
FW1020.00 and later.
- Support vNIC and Hybrid Network Virtualization (HNV)
system configurations in Live Partition Mobility (LPM)
migrations to and from FW1020 systems.
- Support for Live Partition Mobility (LPM) to allow LPM
migrations when virtual optical devices are configured
for a source partition. LPM automatically removes
virtual optical devices as part of the LPM
process. Without this enhancement, LPM is blocked
if virtual optical devices are configured.
- Support for Live Partition Mobility (LPM) to select
the fastest network connection for data transfer between
Mover Service Partitions (MSPs). The configured
network capacity of the adapters is used as the metric
to determine what may provide the fastest
connection The MSP is the term used to designate
the Virtual I/O Server that is chosen to transmit the
partition’s memory contents between source and target
servers.
- Support for PowerVM for an AIX Update Access Key (UAK)
for AIX 7.2. Interfaces are provided that validate
the OS image date against the AIX UAK expiration
date. Informational messages are generated when
the release date for the AIX operating system has passed
the expiration date of the AIX UAK during normal
operation. Additionally, the server periodically checks
and informs the administrator about AIX UAKs that are
about to expire, AIX UAKs that have expired, or AIX UAKs
that are missing. It is recommended that you replace the
AIX UAK within 30 days prior to expiration.
For more information, please refer to the Q&A
document for "Management of AIX Update Access Keys" at
https://www.ibm.com/support/pages/node/6480845.
- Support for LPAR Radix PageTable mode in PowerVM.
- Support for PowerVM encrypted NVRAM that enables
encryption of all partition NVRAM data and partition
configuration information.
- Added information to #EXM0 PCIe3 Expansion Drawer
error logs that will be helpful when analyzing problems.
- Support to add OMI Connected Memory Buffer Chip (OCMB
) related information into the HOSTBOOT and HW system
dumps.
- Support for a PCIe4 x16 to CXP Converter card for the
attachment of two active optical cables (AOC) to be used
for external storage and PCIe fan-out attachment to the
PCIe expansion drawers. This cable card has
Feature Code #EJ24 with CCIN 6B53 and Feature code
#EJ2A.
#EJ24 pertains only to models S1022 (9105-22A) , S1022S
(9105-22B), and L1022 (9786-22H).
#EJ2A pertains only to models S1014(9105-41B),
S1024(9105-42A), and L1024(9786-42H).
- Support for the IBM 4769 PCIe3 Cryptographic
Coprocessor hardware security module (HSM). This
HSM has Feature Code #EJ37 with CCIN C0AF. Its
predecessors are the IBM 4768, IBM 4767, and IBM 4765
- Support for booting IBM i from a PCIe4 LP 32Gb 2-port
Optical Fibre Channel Adapter with Feature Code
#EN1K. This pertains only to models S1022
(9105-22A), S1022S (9105-22B), and L1022
(9786-22H).
- Support for new PCIe 4.0 x8 dual-port 32 Gb optical
Fibre Channel (FC) short form adapter based on the
Marvell QLE2772 PCIe host bus adapter (6.6 inches x
2.731 inches). The adapter provides two ports of 32 Gb
FC capability using SR optics. Each port can provide up
to 6,400 MBps bandwidth. This adapter has feature codes
#EN1J/#EN1K with CCIN 579C.
- Support for new PCIe 3.0 16 Gb quad-port optical Fibre
Channel (FC)l x8 short form adapter based on the Marvell
QLE2694L PCIe host bus adapter (6.6 inches x 2.371
inches). The adapter provides four ports of 16 Gb FC
capability using SR optics. Each port can provide up to
3,200 MBps bandwidth. This adapter has feature codes
#EN1E/#EN1F with CCIN 579A.
- Support for the 800 GB SSD PCIe4 NVMe U.2 module for
IBM i with feature code #ES3A and CCIN 5B53.
Feature #ES3A indicates usage by IBM i in which the SSD
is formatted in 4160 byte sectors and only pertains to
models S1014(9105-41B), S1024(9105-42A), and
L1024(9786-42H).
- Support for the 1.6 TB SSD PCIe4 NVMe U.2 module for
AIX/Linux and IBM i with feature codes #ES3B/#ES3C and
CCIN 5B52. Feature #ES3B indicates
usage by AIX, Linux or VIOS in which the SSD is
formatted in 4096 byte sectors. Feature #ES3C indicates
usage by IBM i in which the SSD is formatted in 4160
byte sectors and only pertains to models
S1014(9105-41B), S1024(9105-42A), and L1024(9786-42H).
- Support for the 3.2 TB SSD PCIe4 NVMe U.2 module for
AIX/Linux and IBM i with feature codes #ES3D/#ES3E and
CCIN 5B51. Feature #ES3D indicates
usage by AIX, Linux or VIOS in which the SSD is
formatted in 4096 byte sectors. Feature #ES3E indicates
usage by IBM i in which the SSD is formatted in 4160
byte sectors and only pertains to models
S1014(9105-41B), S1024(9105-42A), and L1024(9786-42H).
- Support for the 6.4 TB SSD PCIe4 NVMe U.2 module for
AIX/Linux and IBM i with feature codes #ES3F/#ES3G and
CCIN 5B50. Feature #ES3F indicates
usage by AIX, Linux or VIOS in which the SSD is
formatted in 4096 byte sectors. Feature #ES3G indicates
usage by IBM i in which the SSD is formatted in 4160
byte sectors and only pertains to models
S1014(9105-41B), S1024(9105-42A), and L1024(9786-42H).
- Support for the 931GB SAS 4k 2.5 inch SFF-2 SSD for
AIX/Linux and IBM i with feature codes #ESMB/#ESMD and
CCIN 5B29. Feature #ESMB indicates
usage by AIX, Linux, or VIOS. Feature #ESMD
indicates usage by IBM i and only pertains to models
S1014(9105-41B), S1024(9105-42A), and L1024(9786-42H).
- Support for the 1.86 TB SAS 4k 2.5 inch SFF-2 SSD for
AIX/Linux and IBM i with feature codes #ESMF/#ESMH and
CCIN 5B21. Feature #ESMB indicates
usage by AIX, Linux, or VIOS. Feature #ESMH
indicates usage by IBM i and only pertains to models
S1014(9105-41B), S1024(9105-42A), and L1024(9786-42H).
- Support for the 3.72 TB SAS 4k 2.5 inch SFF-2 SSD for
AIX/Linux and IBM i with feature codes #ESMK/#ESMS and
CCIN 5B2D. Feature #ESMK indicates
usage by AIX, Linux, or VIOS. Feature #ESMS
indicates usage by IBM i and only pertains to models
S1014(9105-41B), S1024(9105-42A), and L1024(9786-42H).
- Support for the 7.44 TB SAS 4k 2.5 inch SFF-2 SSD for
AIX/Linux and IBM i with feature codes #ESMV/#ESMX and
CCIN 5B2F. Feature #ESMV indicates
usage by AIX, Linux, or VIOS. Feature #ESMX
indicates usage by IBM i and only pertains to models
S1014(9105-41B), S1024(9105-42A), and L1024(9786-42H).
- Support for the 387GB SAS SFF-2 SSD formatted with 5xx
(528) byte sectors for AIX/Linux with feature code #ETK1
and CCIN 5B16. Feature #ETK1 indicates usage by
AIX, Linux, or VIOS.
- Support for the 775GB SAS SFF-2 SSD formatted with 5xx
(528) byte sectors for AIX/Linux with feature code #ETK3
and CCIN 5B17. Feature #ETK3 indicates usage by
AIX, Linux, or VIOS.
- Support for the 387GB SAS SFF-2 SSD formatted with 4k
(4224) byte sectors for AIX/Linux and IBM i with feature
codes #ETK8/#ETK9 and CCIN 5B10.
Feature #ETK8 indicates usage by AIX, Linux, or
VIOS. Feature #ETK9 indicates usage by IBM i and
only pertains to models S1014(9105-41B),
S1024(9105-42A), and L1024(9786-42H).
- Support for the 775GB SAS SFF-2 SSD formatted with 4k
(4224) byte sectors for AIX/Linux and IBM i with feature
codes #ETKC/#ETKD and CCIN 5B11.
Feature #ETKC indicates usage by AIX, Linux, or
VIOS. Feature #ETKD indicates usage by IBM i
and only pertains to models S1014(9105-41B),
S1024(9105-42A), and L1024(9786-42H).
- Support for the 1.55TB SAS SFF-2 SSD formatted
with 4k (4224) byte sectors for AIX/Linux and IBM i with
feature codes #ETKG/#ETKH and CCIN
5B12. Feature #ETKG indicates usage by
AIX, Linux, or VIOS. Feature #ETK9H
indicates usage by IBM i and only pertains to models
S1014(9105-41B), S1024(9105-42A), and L1024(9786-42H).
- Support for a mainstream 800GB NVME U.2 15 mm SSD
(Solid State Drive) PCIe4 drive for AIX/Linux with
Feature Code #EC7T and CCIN 59B7. Feature
#EC7T indicates usage by AIX, Linux, or VIOS in which
the SSD is formatted in 4096 byte sectors.
|