================================================================================ Intel(R) Server Board S2600WT product family, Intel(R) Server System R1000WT product family and Intel(R) Server System R2000WT product family Firmware Update Package for Intel(R) Deployment Assistant, Intel(R) One Boot Flash Update Utility, The embedded EFI Shell, Windows* Preboot Execution Environment ================================================================================ Intel Enterprise Platform & Services Division - Marketing Intel Corporation 2111 N.E. 25th Avenue, Hillsboro, OR 97124 USA ================================================================================ DATE : Jul 28, 2015 TO : Intel(R) Server Board S2600WT product family Intel(R) Server System R1000WT product family Intel(R) Server System R2000WT product family customers SUBJECT : Release Notes for System Firmware Update Package ================================================================================ ABOUT THIS RELEASE ================================================================================ BIOS: 01.01.0009 ME: 03.00.07.168 BMC: 01.28.8586 FRUSDR: 1.08 ================================================================================ Support Platforms and Dependency ================================================================================ Processors supported: Intel(R) Xeon processor E5-2600 v3 series Microcode update versions: Intel(R) Xeon processor E5-2600 V3 series C1 stepping: 0x00000023 CPUID = 0x306f2 Production boards: Product Fab Version S2600WT Fab3 (PBA# -35x) or above The following update process must be followed to ensure a trouble free update. 1. BMC firmware 2. BIOS 3. Manageability Engine (ME) firmware 4. FRUSDR ================================================================================ System Firmware Update Package Usage instructions ================================================================================ To update from Intel(R) Deployment Assistant (IDA) Download the Intel(R) Deployment Assistant from https://downloadcenter.intel.com/download/24412/Intel-Deployment-Assistant-iso-image To use the IDA CD to update the system firmware: - Boot server with IDA CD - Select "Get System Updates" - Choose one of the three options . From http://www.intel.com/support/ Automatically downloads the latest Firmware Update Package from Intel Requires Internet connection Enter your local IP address and proxy configuration Click "Next" to start the download and update process . From my network Download the latest Firmware Update Package from http://downloadcenter.intel.com/ and copy it to a Windows* shared folder Enter your local IP address, the Windows* file server name, and a Windows user name and password Select the firmware package in pop-up window Click "Next" to start the update process . From USB flash drive or Hard Disk Download the latest Firmware Update Package from http://downloadcenter.intel.com/ and copy it to a USB flash drive, then insert the USB flash drive into the server USB port Click "Browse" Select the firmware package in pop-up window Click "Next" to start the update process Note: 1) The Firmware Update Package is in the ZIP file format. Do not unzip before copying to a Windows* shared folder or USB flash drive. 2) The IDA will always update backup bios with this SFUP package even if the IDA backup bios check box is not selected. To update from Windows* and Linux* or operating systems using the Intel(R) One Boot Flash Update Utility (OFU) Intel(R) One boot Flash Update utility can be downloaded from http://downloadcenter.intel.com/ and is part of the "BIOS, Firmware Update & Configuration Utilities" for Windows* and Linux*. Please refer to Intel OFU user guide about the details of installation and usage of OFU. Use OFU to update system firmware by the following steps: - Install OFU on Windows* or Linux* system - Download the latest firmware update package from http://downloadcenter.intel.com/ - Unzip package to a folder - Run the following command in Windows* command line/Linux* terminal window: :\flashupdt -u \flashupdt.cfg To update from Windows* Preboot Execution Environment (WinPE) The System Firmware Update Package can be inserted to Windows* PE customized image for creating a bootable Windows* PE CD. User is able to update system firmware from customized WinPE CD by the following steps: - Boot server with customized WinPE CD - Run script "WinPE_x64_Update.bat" or "WinPE_x86_Update.bat" (name may be varied depends on your own customization) Note: 1. The Intel(R) OFU utility is case sensitive. Therefore, when you transfer the Firmware Update Package using USB flash drive from a Microsoft Windows* system to a Linux environment, you must first extract under the Linux* environment. Otherwise, you will need to mount the USB flash drive manually with 'vfat' option under Linux to avoid conversion from upper case to lower case and vice versa. 2. To make Intel(R) OFU utility run properly under x86 or x64 OS, you have to read OFU release notes on known issues for OFU installation. 3. In this SFUP package, Intel only provide batch file "WinPE_x86_Update.bat" for WinPE2.0 32 bit solution "WinPE_x64_Update.bat" for WinPE2.1/3.0 64 bit solution as an example. Please refer to white paper "White Paper-Intel Server Utilities Procedure for WinPE.pdf" for details on building your own customized WinPE CD. 4. Windows PE 2.0 - built from Windows Vista SP1 32bit or EM64T 5. Windows PE 2.1 - built from Windows Vista SP1 or Windows Server 2008, EM64T 6. Windows PE 3.1 - built from Windows Server 2008R2, EM64T 7. Microsoft IPMI driver is loaded by default from WinPE CD, if you want to use Intel IPMI driver instead of MS IPMI driver for firmware update, you can uninstall Microsoft IPMI driver by: Devicesetup.exe -v remove *IPI0001 Note: IPI0001 is the device ID for Microsoft IPMI driver. 8. If to update backup BIOS region or NVRAM, you need to customize the OFU update scripts (eg.flashupdt.cfg) and add "UpdateBackupBios" or "UpdateNvram" parameter. ================================================================================ IMPORTANT NOTICE ================================================================================ 1. The BIOS R01.01.0002 auto scripts will force to update both normal and backup BIOS region since security revision was updated, Once user upgrade BIOS to R01.01.0002, it will prevent BIOS downgrade to previous version that with low security revision, user can use BIOS recovery mode for BIOS downgrade 2. The BIOS R01.01.0003 included security fix and security revision upgrade, refer to item #1. 3. If doing online BIOS update to R01.01.0003, user must use the auto scripts enabled in the release package which will force update BIOS NVRAM and backup region. 4. BIOS R01.01.0004 requires update of NVRAM and backup region. 5. BIOS R01.01.0009 will enable UEFI Secure Boot and include below limitations: - Please read "BIOS UEFI SECURE BOOT IMPACT AND MITIGATION METHOD" section in this BIOS release notes - All customer settings saved in BIOS NVRAM will be lost after new BIOS upgrade. - BIOS downgrade is not allowed if user has enabled BIOS secure boot. All customer setting will be lost also if downgrade to previous BIOS release. - Backup BIOS region is also required to be updated to prevent recovery failure please use release package to update BIOS. - There is downgrade hang risk if you don't follow above rules. - Further BIOS release will not suffer from these side effects as the NVRAM region is formatted as authenticated variable storage ================================================================================ BIOS UEFI SECURE BOOT IMPACT AND MITIGATION METHOD ================================================================================= 1. Customer Setting Loss Issue and Mitigation Method When user upgrades BIOS with secure boot feature, the NVRAM will be automatically formatted as authenticated variable physical storage. However, all previous customer settings storage in NVRAM will be lost even if user does not enable UEFI secure boot feature. Users can take the follow recipe to save and restore their settings based on the actual NVRAM usage if they wish to upgrade or downgrade between BIOS with or without secure boot feature. Supposing customer requires to save & restore their specific NVRAM named 'var': Steps: 1. Prepare FAT partition USB key (or HDD). 2. Boot to EFI shell. 3. Check the file system mapping (e.g. fs0:) of the USB key with 'map -r' command. 4. Use 'dmpstore var -s fs0:\var.bin' to save the variable to the physical file. 5. Perform BIOS update and reboot system. 6. Boot to EFI shell. 7. Use 'dmpstore var -l fs0:\var.bin' to restore the variable. 8. Reboot the system if the customer setting requires reboot to take effect. Notes: 1. Immediate reboot after BIOS update is mandatory. Or the restore operation will not take effect. 2. Customers can repeat step 4 and step 7 for several times if they need to save & restore multiple NVRAM variables. 3. Most of BIOS customer settings by SysCfg can also be restored in this way. Customers can follow previous step1~8 by substituting 'Setup' for 'var' in the sample. 4. For BIOS downgrade case, step7 cannot be used to restore authenticate variables (e.g. PK, KEK, DB, DBX) to non-authenticated NVRAM storage 2. Recovery Mode Failure There is known bug that it cannot POST successfully with authenticated NVRAM storage. This will cause platform recovery failure and permanent deny of service (PDOS) if the primary BIOS region gets corrupted for some reason. It is required to update backup BIOS region when upgrade BIOS capsule with secure boot feature. Notes: For downgrade case, user is not required to update backup BIOS region as new BIOS with secure boot feature can handle NVRAM with old storage format: it will format it to new authenticated variable storage automatically. However, care must be taken when downgrading BIOS in recovery mode: After flashing BIOS without secure boot feature, user should restore recovery HW jumper immediately before platform reset.If platforms reset occurs before restoring recovery HW jumper, the backup BIOS will once again format NVRAM to new storage format, which will cause newly flashed BIOS (without secure boot feature) POST failure after user restores recovery HW jumper. ================================================================================ FEATURES ADDED/REMOVED ================================================================================ ================================================================================ ================================================================================ R01.01.0003 (Production Release) ================================================================================ ================================================================================ R01.01.0004 (D633) ================================================================================ EPSD100026893 i350(Powerville) IOM OpROM doesn't load during post EPSD100244275 Cannot enable TXT and receive BIOS POST Code 0xA100 EPSD100244186 Power Restore Delay Value minimum not long enough for BMC boot time EPSD100244174 Security vulnerability on SMI GetVariable interface was captured by SeCOE ================================================================================ R01.01.0004 ================================================================================ EPSD100026935 The Default Value Of SOL And Console Redirection EPSD100244254 Pre-Release 40G IOmodule fails the link margin test with concurrent traffic on slot2 IOM riser+carrier. EPSD100244186 Power Restore Delay Value minimum not long enough for BMC boot time EPSD100026931 Show error message when disabled boot devices EPSD100244439 [X] Customized riser card on riser slot 2 can't detect InfiniBand* card EPSD100244388 "Resume AC power loss" status in the file which is save by cmd "syscfg /s A.ini /f /b" won’t be changed once change its status with syscfg. EPSD100243547 Pre-release 40G IOmodule fails the link margin test with concurrent traffic on slot2 IOM riser+carrier. EPSD100244367 Add 19.3 NIC package EFI driver and FCOE ROM EPSD100244376 Syscfg /bldfs does not work same as BIOS F9 function to load default BIOS setting "Resume AC power loss" and "Shutdown Policy" EPSD100244377 Syscfg /bldfs does not work same as BIOS F9 function to load default BIOS setting "Resume AC power loss" EPSD100244374 Syscfg /bldfs does not work same as BIOS F9 function to load default BIOS setting "Resume AC power loss" and "Shutdown Policy" EPSD100244379 Syscfg /bldfs does not work same as BIOS F9 function to load default BIOS setting "Resume AC power loss" EPSD100244371 "Shutdown policy" and "Resume AC power loss" status in the file which is save by cmd "syscfg /s A.ini /f /b" won’t be changed once change their status with syscfg. EPSD100244380 "Shutdown policy" and "Resume AC power loss" status in the file which is save by cmd "syscfg /s A.ini /f /b" won’t be changed once change their status with syscfg. EPSD100244387 "Shutdown policy" and "Resume AC power loss" status in the file which is save by cmd "syscfg /s A.ini /f /b" won’t be changed once change its status with syscfg. EPSD100244394 uEFI iSCSI Boot attempts can be saved without filling in the target name ================================================================================ R01.01.0005 ================================================================================ EPSD100244208 SEL intermittently reports therm trip ================================================================================ R01.01.0006 ================================================================================ EPSD100245152 SMBIOS problem cause the latest IDA7.17.RC6 boot failure with the 12G SAS RS3LC bridge EPSD100243827 The boot devices will increase if system reboot from RHEL7 aware UEFI and then the system will hang at high proportion EPSD100026915 The Hdds couldn't be found on the RHEL7.0 when storage card 81605Z inserted in the test riser4_slot4_PCIex16. EPSD100244480 The boot devices will increase if system reboot from RHEL7 aware UEFI and then the system will hang at high proportion EPSD100243758 Display L2/L3 cache error detected on the RAID controller during post . EPSD100026786 SUT can't boot to RHEL 6.5 x64 when enable "VT for Directed I/O" in BIOS setting. ================================================================================ R01.01.0007 ================================================================================ EPSD100245440 LAN1 link down when doing DC cycle test with ITAS ================================================================================ Issues fixed in ME 03.00.07.168 release ================================================================================ Permanent Node Busy completion code received when trying to ColdReset ME after setting new value of SlopeComp and Offset coefficients. After increasing scanning period of DC Power sensor, min correction time for policies in secondary power domain (DC power) will not be updated. SpsInfox86 crashes when executed with 64-bit addressing enabled. Node Manager cannot maintain power limit after PSU power loss in Redundant PSU Configuration. When "PIA Platform PSU Efficiency" sensor is disabled in xml Node Manager uses incorrect power reading for power limiting. The sensor 0x18 SEL for HW protection policy correction time exceeded. Get NM Parameter cmd (FAh) responds with incorrect readings when the sensor scanning is disabled. Potential race condition in NM component handling SMART/CLST functionality. =============================================================================== Issues fixed in BMC 01.28.7601 =============================================================================== 01.28.8586 -EPSD100248398: Spelling error in SEL log. -EPSD100248427: After SUT power off, there is "Front panel temp sensor has failed and may not be providing a valid reading - assert" logged for BMC FW health sensor -EPSD100248399: Change Bad Passwordk Threshold parameter string in EWS to be same with spec. -EPSD100248480: Chassis intrusion is always enabled on MTM2 exit. 01.25.8108 -N/A: Update CWP FCT/Shipping SDR to version 1.09. -N/A: Update KNP/TLP FCT/Shipping SDR to version 1.09. -N/A: Update WCP FCT/Shipping SDR to version 1.04. -N/A: GetHomeAgent emits an irritating number of messages when only one CPU is installed. 01.24.8063 -EPSD100246940: Slow response when get RMM4 lite present via IPMI command. -EPSD100247083: fan sensor reading is always 0 with BMC 1.18 on CWP Kontron SKU. -EPSD100246496: Configuration Error SELOG issue. -EPSD100027622: DIMM Thermal margin event is triggered if installed QFSS or QGSL CPU with A1 and C1 DIMM populated. -EPSD100247637: Launching BMC KVM with Java Version 6 generates error message. -N/A: Change LSI3008 VR Temperature Sensor Number to 0x93. -N/A: Show NVMe Bridge Board Presence. The Bug will happen if there is PCIE Slot 4 on SMBUS2. 01.23.8033 -EPSD100247768: [SLV]Post hang up with PCISSD P3600 or P3700 for 24HDD. TLP not show correct status on NVMe Bridge Board. 01.22.7928 -EPSD100245947: Copyrigth time is not correct in EWS and KVM legal notices. -EPSD100246765: WCP - SEL events for SAS Mod Presence take place when the system is powered off and on. -EPSD100246529: [X] All sensor readings are 'N/A' in EWS -> Server Health -> Power Statistics. -EPSD100027156: [MIC-FW]There is no event logged for sensor "Voltage Fault". -EPSD100245020: DFT violation 1578, BMC don't provide a programmatic method to control LCP displays. -EPSD100246021: [x] After removing "AutoCfg Status" from SDR file, the sensor will still be asserted. -EPSD100246992: [X] "AutoCfg Status" sensor asserted when the server board is installed in a 3rd party chassis. -EPSD100247180: [X] "AutoCfg Status" sensor asserted when the server board is installed in a 3rd party chassis. -N/A: Update CWP FCT/Shipping SDR to version 1.08. -N/A: Update 750W DC power to 3.3.25. -N/A: Updated SMBIOS fields to version 2.8.0. 01.20.7736 -none: Fix the issue that BMC cannot update NVMe Bridge Board FRU online. 01.19.7639 -none: Support 24HDD HSBP on KennedyPass and TaylorPass -none: Implement a new OEM command for BIOS to discover NVMe Bridge Board. ================================================================================ FEATURES ADDED FRUSDR 1.08 ================================================================================ S2600WT_108: - Cut in FRUSDR.efi and ipmi.efi utility 13.1 build 6 to support secure boot. S2600WT_107: - Add session audit SDR for Bad User PWD. ============================================================================= LEGAL INFORMATION ============================================================================= Information in this document is provided in connection with Intel products. No license, express or implied, by estoppel or otherwise, to any intellectual property rights is granted by this document. Except as provided in Intel's Terms and Conditions of Sale for such products, Intel assumes no liability whatsoever, and Intel disclaims any express or implied warranty, relating to sale and/or use of Intel products including liability or warranties relating to fitness for a particular purpose, merchantability, or infringement of any patent, copyright or other intellectual property right. Intel Corporation may have patents or pending patent applications, trademarks, copyrights, or other intellectual property rights that relate to the presented subject matter. The furnishing of documents and other materials and information does not provide any license, express or implied, by estoppel or otherwise, to any such patents, trademarks, copyrights, or other intellectual property rights. Intel products are not intended for use in medical, life saving, or life sustaining applications. Intel may make changes to specifications and product descriptions at any time, without notice. Intel is a registered trademark of Intel Corporation. *Other names and brands are the property of their respective owners. Copyright (c) 2015 Intel Corporation. A portion of this firmware is open source code, which falls under the GPL 2.0 license. [END OF RELEASE NOTES]