================================================================================ Intel(R) Server Board S2600KP Product Family Firmware Update Package for Intel(R) One Boot Flash Update Utility and Windows* Preboot Execution Environment ================================================================================ Intel Enterprise Platform & Services Division - Marketing Intel Corporation 2111 N.E. 25th Avenue, Hillsboro, OR 97124 USA ================================================================================ DATE : July 30, 2017 TO : Intel(R) Server Board S2600KP Product Family customers SUBJECT : Release Notes for System Firmware Update Package ================================================================================ ABOUT THIS RELEASE ================================================================================ System BIOS - R01.01.0022 ME Firmware - 03.01.03.043 BMC Firmware - 01.50.10802 FRUSDR - 1.16 ================================================================================ Support Platforms and Dependency ================================================================================ Processors supported: Intel(R) Xeon processor E5-2600 v3 series Intel(R) Xeon processor E5-2600 v4 series Microcode update versions: CPUID Version Status 0x306f2 0x0000003a Production (E5-2600 v3 C0/C1) 0x406f1 0x0b000020 External (E5-2600 v4 B0) Production boards: Product Fab Version S2600KP Fab3 or above S2600KPF Fab3 or above The following update process must be followed to ensure a trouble free update. 1. Manageability Engine (ME) firmware 2. Flash Descriptor (FD) 2. BMC firmware 3. BIOS 4. FRUSDR ================================================================================ IMPORTANT NOTE!!! ================================================================================ - This Update package must be installed using Intel(R) One-boot Flash Update (OFU) V14.0 Build 15 or later ================================================================================ System Firmware Update Package Usage instructions ================================================================================ This package can be updated using one of the following methods: - Windows* or Linux* operating system Intel(R) One boot Flash Update utility can be downloaded from http://downloadcenter.intel.com/ and it is part of the "BIOS, Firmware Update & Configuration Utilities" for Windows* and Linux*. Please refer to Intel(R) OFU user guide about the details of installation and usage of OFU. Use OFU to update system firmware by the following steps: - Install OFU on Windows* or Linux* system - Download the latest firmware update package from http://downloadcenter.intel.com/ - Unzip package to a folder - Run the following command in Windows* command line/Linux* terminal window: :\flashupdt -u \flashupdt.cfg To update from Windows* Preboot Execution Environment (WinPE) The System Firmware Update Package can be inserted to Windows* PE customized image for creating a bootable Windows* PE CD. User is able to update system firmware from customized WinPE CD by the following steps: - Boot server with customized WinPE CD - Run script "WinPE21_x64_Update.bat" (name may be varied depends on your own customization) Note: 1. The Intel(R) OFU utility is case sensitive. Therefore, when you transfer the Firmware Update Package using USB flash drive from a Microsoft Windows* system to a Linux environment, you must first extract under the Linux* environment. Otherwise, you will need to mount the USB flash drive manually with 'vfat' option under Linux to avoid conversion from upper case to lower case and vice versa. 2. To make Intel(R) OFU utility run properly under x64 OS, you have to read OFU release notes on known issues for OFU installation. 3. In this SFUP package, Intel only provide batch file "WinPE_x64_Update.bat" for WinPE2.1/3.0 64 bit solution as an example. Please refer to white paper "White Paper-Intel Server Utilities Procedure for WinPE.pdf" for details on building your own customized WinPE CD. 4. Windows PE 2.0 - built from Windows Vista SP1 EM64T 5. Windows PE 2.1 - built from Windows Vista SP1 or Windows Server 2008, EM64T 6. Windows PE 3.1 - built from Windows Server 2008 R2, EM64T 7. Microsoft IPMI driver is loaded by default from WinPE CD, if you want to use Intel IPMI driver instead of MS IPMI driver for firmware update, you can un-install Microsoft IPMI driver by: Devicesetup.exe ¨Cv remove *IPI0001 Note: IPI0001 is the device ID for Microsoft IPMI driver. ================================================================================ IMPORTANT NOTICE ================================================================================ 1. BIOS R01.01.0020 will include a security revision upgraded. BIOS downgrade is not allowed from the OS and can only be performed on uEFI shell using the BIOS recovery jumper method. 2. BIOS R01.01.0018 will include a security revision upgraded. BIOS downgrade is not allowed from the OS and can only be performed on uEFI shell using the BIOS recovery jumper method. 3. Suggest to press 'F9' to load default if using the 'IOU Non-posted prefetch control' setup options in the first time 4. Use I/O Quick Data(also known as CBDMA) feature to access PCIe MMIO space, such as NTB or PCIe bridge, user may observe I/O performance drop during stress test. The reason is under debug, the workaround is to disable Relax Ordering feature. NOTE: Using an old revision of the Intel OFU utility might lead to a system hang. Latest revision is v14B15 ================================================================================ BIOS UEFI SECURE BOOT IMPACT AND MITIGATION METHOD ================================================================================= 1. Customer Setting Loss Issue and Mitigation Method When user upgrades BIOS with secure boot feature, the NVRAM will be automatically formatted as authenticated variable physical storage. However, all previous customer settings storage in NVRAM will be lost even if user does not enable UEFI secure boot feature. Users can take the follow recipe to save and restore their settings based on the actual NVRAM usage if they wish to upgrade or downgrade between BIOS with or without secure boot feature. Supposing customer requires to save & restore their specific NVRAM named 'var': Steps: 1. Prepare FAT partition USB key (or HDD). 2. Boot to EFI shell. 3. Check the file system mapping (e.g. fs0:) of the USB key with 'map -r' command. 4. Use 'dmpstore var -s fs0:\var.bin' to save the variable to the physical file. 5. Perform BIOS update and reboot system. 6. Boot to EFI shell. 7. Use 'dmpstore var -l fs0:\var.bin' to restore the variable. 8. Reboot the system if the customer setting requires reboot to take effect. Notes: 1. Immediate reboot after BIOS update is mandatory. Or the restore operation will not take effect. 2. Customers can repeat step 4 and step 7 for several times if they need to save & restore multiple NVRAM variables. 3. Most of BIOS customer settings by SysCfg can also be restored in this way. Customers can follow previous step1~8 by substituting 'Setup' for 'var' in the sample. 4. For BIOS downgrade case, step7 cannot be used to restore authenticate variables (e.g. PK, KEK, DB, DBX) to non-authenticated NVRAM storage 2. Recovery Mode Failure There is known bug that it cannot POST successfully with authenticated NVRAM storage. This will cause platform recovery failure and permanent deny of service (PDOS) if the primary BIOS region gets corrupted for some reason. It is required to update backup BIOS region when upgrade BIOS capsule with secure boot feature. Notes: For downgrade case, user is not required to update backup BIOS region as new BIOS with secure boot feature can handle NVRAM with old storage format: it will format it to new authenticated variable storage automatically. However, care must be taken when downgrading BIOS in recovery mode: After flashing BIOS without secure boot feature, user should restore recovery HW jumper immediately before platform reset.If platforms reset occurs before restoring recovery HW jumper, the backup BIOS will once again format NVRAM to new storage format, which will cause newly flashed BIOS (without secure boot feature) POST failure after user restores recovery HW jumper. ================================================================================ BIOS 01.01.0022 ================================================================================ CCB#1885: [S2600TP] Command line mechanism enable/disable clock CCB#1842: Add support for Unigen and Wintec DIMMs in BIOS release candidates CCB#1848: ITK options to tune PCIe TxEq adjustment features to support 3rd party add-in card or riser card [HSD-ES][1209605550]: System fails to throttle the CPU during temperature testing of dual 1100W Power Supplies [HSD-ES][2103616038]: [E5-2600V4] The Dedicated Management LAN Configuration field can be edited when set IPv6 Source of this field is set to Auto. [HSD-ES][2103616035]: [E5-2600V4] The BMC User name can set to unmatched EPS. [HSD-ES][1504474611]: [E5-2600V4] No DIMM Disabled error log for the DIMM slot in which the SPD-failed DIMM is installed CCB#1919: To add [Onboard VGA Always On] BIOS ITK/Setup option to support new GPGPU usage model [HSD-ES][1504488116]: [BDW] The disabled boot device will be changed to available when system retries non-EFI-based boot options [HSD-ES][1504483658]: CPU configuration lock bit is not set with default Setup setting [HSD-ES][1504437958]: [SDLS4]REACT-2017-1-OpenSSL upgrade for security vulnerability ================================================================================ ME 03.01.03.043 ================================================================================ Flash from Grantley FW to Grantley-R FW could cause SPS reset. System unexpected shutdown with SPS FW exception error. ME FW changes P state value when no policy is active imapcting performance. C8h command power readings for CPU domain are invalid. ================================================================================ BMC 01.50.10802 ================================================================================ -1504486292: [Grantley] Fake PS1 Power In event in SEL caused by miscommunication between BMC and PSU -1209210658: [Grantley] 1100W PSU Predictive failure message has been detected -none: [Grantley] PSU downgrade issue happened in factory -none: upgrade PSU FW 1100w to v51 using 1100ADU00201_S3_1_1_51.bin ================================================================================ FRUSDR 1.16 ================================================================================ - Modified the cfg file to add EBCP SKU. - Update SDR as per Kennedy Pass FSC Config Sheet Rev 2.2.xlsm ================================================================================ KNOWN ISSUES/WORKAROUNDS/REQUIREMENTS ================================================================================ - This BMC FW update package is to be used only on PCSD server baseboards and does NOT support customer reference boards (CRB) or silicon reference platforms (SRP). Contact your Intel Representative to determine where to download the BMC FW for these products. - The BMC FW image file in this package is to be used only with the provided FWPIAUPD update utility. Using the FW image file with a SPI flash device programmer will result in a non-functional system. - Some open source ipmi utilities may automatically retry multiple times during access BMC using bad password and supporting IPMI specification 1.5 in Linux OS. CCB310 will log more bad password login SEL. - Reverting to a lower version of firmware may have unexpected side effects, including but not limited to user settings reset to defaults, and will always result in the loss of functionality which was present in the higher version but was not implemented in the lower version. We do not guarantee that any downgrade will operate without side-effects. ============================================================================= SYSTEM HARDWARE & SOFTWARE REQUIREMENTS/REVISIONS ============================================================================= - BMC firmware rev 1.44.10574 or later - BIOS R01.01.0021 or later - MB Ver 03.01.03.032 or later ============================================================================= LEGAL INFORMATION ============================================================================= Information in this document is provided in connection with Intel products. No license, express or implied, by estoppel or otherwise, to any intellectual property rights is granted by this document. Except as provided in Intel's Terms and Conditions of Sale for such products, Intel assumes no liability whatsoever, and Intel disclaims any express or implied warranty, relating to sale and/or use of Intel products including liability or warranties relating to fitness for a particular purpose, merchantability, or infringement of any patent, copyright or other intellectual property right. Intel Corporation may have patents or pending patent applications, trademarks, copyrights, or other intellectual property rights that relate to the presented subject matter. The furnishing of documents and other materials and information does not provide any license, express or implied, by estoppel or otherwise, to any such patents, trademarks, copyrights, or other intellectual property rights. Intel products are not intended for use in medical, life saving, or life sustaining applications. Intel may make changes to specifications and product descriptions at any time, without notice. Intel is a registered trademark of Intel Corporation. *Other names and brands are the property of their respective owners. Copyright (c) 2017 Intel Corporation. A portion of this firmware is open source code, which falls under the GPL 2.0 license.