================================================================================ Intel(R) Server Board S2600BP and Intel(R) HNS2600BP Product Family Firmware Update Package for Intel(R) One Boot Flash Update Utility and Windows* Preboot Execution Environment ================================================================================ Intel(R) Server Boards and Systems Intel Corporation 2111 N.E. 25th Avenue, Hillsboro, OR 97124 USA ================================================================================ DATE : OCT 19, 2018 TO : Intel(R) Server Board S2600BP Product Family Intel(R) Compute Module HNS2600BP Product Family SUBJECT : Release Notes for System Firmware Update Package ================================================================================ ABOUT THIS RELEASE ================================================================================ BIOS : 00.01.0014 ME : 04.00.04.340 BMC : 1.60.56383bef FRUSDR : 1.37 ================================================================================ Support Platforms and Dependency ================================================================================ Processors supported: Intel(R) Xeon(R) Scalable processors Microcode versions: CPUID Version Status 0x50653 0x01000144 (Xeon Scalable B1) 0x50654 0x0200004d (Xeon Scalable H0) The following update process must be followed to ensure a trouble free update. 1. BMC firmware 2. BIOS 3. Manageability Engine (ME) firmware 4. FD 5. FRUSDR ================================================================================ IMPORTANT NOTE!!! ================================================================================ - This Update package must be installed using Intel(R) One-boot Flash Update (OFU) V14.1 Build 14 or later 1. Package C-State only works well with Xeon Scalable Family H0 parts, for other Xeon Scalable Family stepping, C6 non-retention is hardcode from BIOS side. 2. BIOS R00.01.0001 does not support online downgrade to any Dxxx or Xxxx BIOS. 3. BIOS R00.01.0001 removed Xeon Scalable Family A1 microcode(m1350651_8000002B) and Xeon Scalable Family B0 microcode(m9750652_80000035). 4. Removed 'UpdateNvram' support for iflash32 tool for security reason of SRA bios. 5. Security revision upgrade to v0002 on BIOS R00.01.0002 will prevent BIOS downgrade via normal mode to R00.01.0001, user can use BIOS recovery mode for BIOS downgrade. Although Intel doesn't recommend downgrading firmware 6. One new production key is integrated onto R0004 BIOS, which will correct an OEM string. 7. This release include security revision upgrade to version 0004. This will prevent BIOS downgrade via normal mode to previous version with lower security revision, user can use BIOS recovery mode process for BIOS downgrade. 8. System will prevent downgrading ME from 04.00.04.288 to 04.00.04.235 or older version, if system BIOS version is R0009. This is an expected behavior. 9. Security revision upgrade to 0005 since BIOS R010, it will prevent BIOS downgrade via normal mode to previous version that with lower security revision, user can use BIOS recovery mode for BIOS downgrade. 10. Downgrading BMC below 1.43.660a4315 is not supported due to a security revision change. ================================================================================ System Firmware Update Package Usage instructions ================================================================================ This package can be updated using one of the following methods: - Windows* or Linux* operating system using Intel(R) One-boot Flash Update (OFU) V14.1 Build 14 or later) - Windows* Preboot Execution Environment (WinPE) To update from Windows* and Linux* or operating systems using the Intel(R) One Boot Flash Update Utility (OFU) Intel(R) One boot Flash Update utility can be downloaded from http://downloadcenter.intel.com/ and it is part of the "BIOS, Firmware Update & Configuration Utilities" for Windows* and Linux*. Please refer to Intel(R) OFU user guide about the details of installation and usage of OFU. Use OFU to update system firmware by the following steps: - Install OFU on Windows* or Linux* system - Download the latest firmware update package from http://downloadcenter.intel.com/ - Unzip package to a folder - Run the following command in Windows* command line/Linux* terminal window: :\flashupdt -u \flashupdt.cfg To update from Windows* Preboot Execution Environment (WinPE) The System Firmware Update Package can be inserted to Windows* PE customized image for creating a bootable Windows* PE CD. User is able to update system firmware from customized WinPE CD by the following steps: - Boot server with customized WinPE CD - Run script "WinPE_x64_Update.bat" (name may be varied depends on your own customization) Note: 1. The Intel(R) OFU utility is case sensitive. Therefore, when you transfer the Firmware Update Package using USB flash drive from a Microsoft Windows* system to a Linux environment, you must first extract under the Linux* environment. Otherwise, you will need to mount the USB flash drive manually with 'vfat' option under Linux to avoid conversion from upper case to lower case and vice versa. 2. To make Intel(R) OFU utility run properly under x64 OS, you have to read OFU release notes on known issues for OFU installation. 3. In this SFUP package, Intel only provide batch file "WinPE_x64_Update.bat" for WinPE2.1/3.0 64 bit solution as an example. Please refer to white paper "White Paper-Intel Server Utilities Procedure for WinPE.pdf" for details on building your own customized WinPE CD. 4. Windows PE 2.0 - built from Windows Vista SP1 EM64T 5. Windows PE 2.1 - built from Windows Vista SP1 or Windows Server 2008, EM64T 6. Windows PE 3.1 - built from Windows Server 2008 R2, EM64T 7. Microsoft IPMI driver is loaded by default from WinPE CD, if you want to use Intel IPMI driver instead of MS IPMI driver for firmware update, you can un-install Microsoft IPMI driver by: Devicesetup.exe ¨Cv remove *IPI0001 Note: IPI0001 is the device ID for Microsoft IPMI driver. ================================================================================ BIOS R00.01.0014(This release) ================================================================================ Rename BIOS ID from X0149 to R0014 Update Microcode 0x4d for Xeon Scalable H0 and 0x144 for Xeon Scalable B1 Update OPA UEFI driver to v1.6.0.0.0 Update ME SPS version to 340 Update RSTE Drivers to v5.4.0.1039 HSD-ES:1605354891, TPM Update fail on STP and WFP HSD-ES:1506124820, Q2'18 #CCB2334 [Purley PSIRT Factory BMC & BIOS] enabling one-time software update to any version HSD-ES:2103621945, [BNP] Windows2016 cannot be installed with SATA port5+port7 RSTe RAID0 HSD-ES:1506125508, Other PCI device's SsidSvid is 0xFFFFFFFF and is different from NIC Controller on SFP+ BNP board HSD-ES:1506122324, Higher security ID from 1.05 to 1.06 because HECI PRT and Backup BIOS PRT patch HSD-ES:1504762466, BIOS Change for #CCB 2083[Syscfg tool]Add option to configure fan pwm offset in syscfg on Purley HSD-ES:2202640819, System will not boot to IPV4 PXE if UEFI Network Stack disabled for IPV6 PXE in BIOS HSD-ES:1504784817, Q2'18 #CCB2267[Purley BMC+BIOS]Need mechanism for BMC to return MAC addresses for add-in card on demand HSD-ES:1505083118, Q2'18 #CCB2398 [Purley BIOS] Allow all SMBIOS extensions as defined by RSD extensions to be supported by default HSD-ES:2103622021, Toshiba THNSN5128GPU7 M.2 PCIe SSD can't detect successful under Win2016 OS. HSD-ES:1504707008, Q1'18 #CCB2222 [Purley BIOS] Add Infineon FW update capability support in BIOS and UEFI application HSD-ES:2007351694, BSOD after warm reboot if HT is enabled with Windows Server 2016 version 17663 and 17666 SKLX HSD-ES:2103621261, [WFP]SMBIOS Type 8 NIC number is not match motherboard number HSD-ES:1504713715, [CCB#2284][WFP&BNP]Fix system will hang with POST code 0x94 when one riser slot of HOST connects two WRG JBOD nodes with 32 RSSDs HSD-ES:1406736015, BIOS does not return Type 199 records HSD-ES:2103621061, [STP] BIOS copyright information 2006-2017 should be changed to 2006-2018 HSD-ES:1504707003, Q1'18 #CCB1822 [ Purley BIOS-Post Launch]Support Relax Ordering and No Snoop in BIOS setup and ITK HSD-ES:1504749247, [WFP]bios_wp protection has not been enabled HSD-ES:1504749852, Q2'18 #CCB2249 Q2'18 Add SMBIOS OEM String modification capability in ITK HSD-ES:1504771459, After clear CMOS, EWS doesn’t display about CMOS log when boot to BIOS setup HSD-ES:2103620812, MMIO size set to Auto/1G can't boot to BIOS with NIC Card-XL710 in Legacy modeQ2'18 HSD-ES:1504762466, BIOS Change for #CCB 2083 [Syscfg tool]Add option to configure fan pwm offset in syscfg on Purley HSD-ES:2103616363, Inject Memory Address Parity error and no error event occurred in SEL accordingly HSD-ES:1504630755, Change "CPU Power and Performance Policy" from "Balanced Performance" to "Performance" on the custom BIOS capsule by ITK tool, related items "C1E" can’t be changed automatically. HSD-ES:1504788000, [PC Production] Sync Skylake Production code to PC Production --CL 541242 5386244: BaseTraceHubInitLibNull references non-existing SkylakeSiPkg HSD-ES:1504788000, [PC Production] Sync Skylake Production code to PC Production --CL547293 5386319: CLONE SKX Sighting: [CLX Enabling] 2933 mc transient error HSD-ES:1504788000, [PC Production] Sync Skylake Production code to PC Production --CL556508 5386005: [SKX] Purley BIOS NTB PPD Option Setup is Reversed HSD-ES:1504788000, [PC Production] Sync Skylake Production code to PC Production -- CL558559 5386307:Some validated DIMMs have not been included in the DimmWT4 table HSD-ES:1504788000, [PC Production] Sync Skylake Production code to PC Production -- CL558628 5385969: Advanced Memory Test failed at MT_CPGC_READ_WRITE HSD-ES:1504788000, [PC Production] Sync Skylake Production code to PC Production --CL570837 5386628: HECI_MBAR can be reallocated by ring-0 anywhere in the address map (BIOS vulnerability) HSD-ES:1504788000, [PC Production] Sync Skylake Production code to PC Production -- CL569535 5386412: 2SKT DEBUG build ASSERTs with a Security Violation HSD-ES:1504683593, [Purley]Clone from HSD - Security VT - PCH UEFI FW shall delay PCI Bus Master Enable(PCICMD.BME) until end of POST to prevent DMA attacks on UEFI FW in RAM HSD-ES:1504788000, [PC Production] Sync Skylake Production code to PC Production -- CL566239 5386475: System hangs after error injection during DIMM Address Translation HSD-ES:1504788000, [PC Production] Sync Skylake Production code to PC Production -- CL571328 5386488: 2006702382: NVDIMM not in memory map when NUMA is disabled HSD-ES:1504788000, [PC Production] Sync Skylake Production code to PC Production -- CL576560 5386813: Enable MSR_VIRTUAL_MSR_LLC_PREFETCH reconfiguration on Skylake B-step HSD-ES:1504788000, [PC Production] Sync Skylake Production code to PC Production -- CL579507 5386817: Add device IDs for QS/PRQ S LBG SKU HSD-ES:2202565747, BIOS POST messaging shows no errors when in fact a DIMM is mapped out HSD-ES:1504788000, [PC Production] Sync Skylake Production code to PC Production -- CL575833 5386751: Function RemovePsfAccess () is not called with SPS FW binary HSD-ES:1504788000, [PC Production] Sync Skylake Production code to PC Production -- CL582692 5386573: IioEarlyInit.c:IioPciePortEWL() swaps link_width and link_speed in EWL HSD-ES:1504788000, [PC Production] Sync Skylake Production code to PC Production -- CL558927 5386052: [220586227] Early SEC RC is not properly programming the HPET due to coding bug, causing rogue write to memory [IPS 220586227] HSD-ES:1504788000, [PC Production] Sync Skylake Production code to PC Production --CL 553223 + CL556549 5386074: ACPI table will miss some core with some specific bit mask processor HSD-ES:1504790255, Clone from 5386949 FW-UEFI-Vuln-2018-008 - "PSIRT-BIOS-2018-008 Additional protection for DCI enable" HSD-ES:2103617388, When hotplug NVMe HDDs the RSTe GUI location couldn't match actual HDDs location HSD-ES:1505084878, Sprint: XL710 show the same boot order name in Boot management HSD-ES:1505083003, CCB 2161 [Purley BIOS]Support more memory vendor DIMMs on Purley -- Apacer,ATP,Hyundai,Innodisk,intelimem,V Color HSD-ES:1505083055, Q2'18 #CCB2401[Purley BIOS] BIOS support for WFC, WFD, WFS cluster systems HSD-ES:2103619811, [BNP] Boot manager still show pcie device if disable it on PCIe Port Oprom Control. -->Fix CL552580 side effect HSD-ES:2103620496, NIC Port Mapping between Chassis and Windows Server OS are inverted on S2600BP SFP+, RJ45 and S2600WFT HSD-ES:2103621959, EWS and SEL viewer shown incorrect ME version when online update ME version HSD-ES:1504784817, Q2'18 #CCB2267 [Purley BMC+BIOS]Need mechanism for BMC to return MAC addresses for add-in card on demand HSD-ES:1505330637, Purley: add two APIs in fast video ppi and protocol HSD-ES:2103620418, [WFP] After downgrade FD and ME, SUT will halt with beep code 1-5-1-2 when reboot =============================================================================== BMC v1.60.56383bef - (Release Version) =============================================================================== 1505567118 - [BMP]SSL/TLS use of weak RC4 cipher 1505573379 - [BMP]Birthday attacks against TLS ciphers with 64bit block size vulnerability (Sweet32) 1506114971 - [STP] Chinese characters are not displayed properly in Event Log page while login Web in Chinese 1506118999 - Q2'18 #CCB2434 [Purley BMC]Implement 0xD5 return code when user requests power on and system is already on 1506119149 - Completion code for OEM get sensor reading(platform power consumption) isn't right when no ADM chipset is available. 1506123447 - BMC User and Network setting will change to default after online update BMC to 1.59&AC cycle 2103620859 - [BMP] Media will be unmounted after boot into OS 2103621752 - [WFP] Media will be unmounted after boot into OS 2103622022 - [BMP] Event log page can't be read via IE browser 2103622102 - [WFP] The Event Log shown abnormally on EWS after pressed NMI Button. 2103622115 - EWS: Use firefox browser to check the system event log, all the information is unreadable code unless clearing the browser cache 2103622127 - EWS: There is a unreadable character in the system event log 2103622137 - EWS: When set the language to Chinese, the event log information show unreadable characters 2103622142 - EWS: It could not establish the session to EWS after setting the https port to customized value 2103622186 - [BMP] BMC can't stuck in Safe mode after execute 4 times BMC watchdog 2103622241 - [BMP] HTTPS Port can't login from other values after HTTPS Port modify 8443 2203123584 - Remote ipmitool chassis power off returns error when chassis is already off. 2203745825 - [KVM/VM] Virtual Media redirection fails installing OS and console spews SSL errors 1504766995 - [BNP LCR]Sensors are not correctly display in one cycle when run AC/DC cycle test 2103622260 - [BMP] Enable Remote Debug function commnad response incorrect via BMC Shared LAN IP 1506118927 - Q2'18 #CCB2427 [Purley BMC]Increase KVM timeout to 1+ minutes 2103614048 - EWS Uesr Enable is blank 2103621847 - [BMP] EWS some information will be abnormal via IE browser 2103621983 - [STP] There is no display information for DIMM and FRU in system information while login Web by using IE 2103622082 - [WFP] Event log page can't be read via IE browser 2103622113 - IE: After updating the BMC_1.58, it could not show the system event log in EWS 2202696827 - BMC EWS GUI SEL Fails to Finish Loading 2203669681 - BMC Web console fails to show FRU and Memory information after update to SUP x0135 1506077858 - [BNP LCR]Event log “Sensor failure—HSBP temp -- Asserted” during AC/DC/linpack test 1504651008 - Sometimes system will generate an abnormal event log about “Sensor failure—HSBP temp -- Asserted” and status LED show green blinking 220857900 - [BNP] 17 of 3456 nodes ( 9 of 864 system) failed EST for intermittent BMC FW Health unable to read HSBP Temp sensor 2103620331 - [BMP]profile can't be shifted by the riser number 1505815184 - RKVM can't launch if we have setup port forward from external IP address to internal address 2103622022 - [BMP] Event log page can't be read via IE browser 2103621764 - [BMP] Network configuration will be abnormal on EWS after stress VLAN ID test 2103621770 - [WFP] Network configuration page can't worked on EWS after stress VLAN ID test 2202676945 - Get Security Version Information returns 00 00, hence no way to know the security revision of the firmware. 2202770366 - ReadSelfTest command response not as expected and the command missing in EPS 2202843495 - [KVM/VM] Java pegs the CPUs on Linux when kvm/virtual media loses connection to the BMC 2203284099 - [KVM] - The TLS ciphers used by KVM (port 5902) and USB (port 627) allow weak encryption algorithms and ciphers ================================================================================ FRUSDR 1.37 ================================================================================ -2103622131 When retrieve the "P1/P2 Temperature" threshold by command or EWS, it shows "00" or "NA" -2203243919 [S2600BP] 1 of 2000 nodes failed for intermittent +1.05V_PCH_Aux SEL event, crossing upper non-critical threshold -Rename QPI sensor name from QPI to UPI ================================================================================ ================================================================================ SYSTEM HARDWARE & SOFTWARE REQUIREMENTS/REVISIONS ================================================================================ - S2600BPB, S2600BPQ, S2600BPS baseboards only. System BIOS - 00.01.0013 or later ME Firmware - 04.00.04.294 or later BMC Firmware - 1.43.91f76955 or later FRUSDR - 1.30 or later - Front Panel, Hot-swap backplane, and Baseboard FRU data must be available for chassis auto-detection to succeed. =============================================================================== KNOWN ISSUES/WORKAROUNDS/REQUIREMENTS =============================================================================== HSD-ES 2103620418: After downgrade FD and ME, SUT will halt with beep code 1-5-1-2 when reboot. Please use the following WA when online downgrading SW stacks from R010 SUP to previous SUP version: Online downgrade process: flash BIOS -> flash FD -> reset SUT -> flash ME -> flash BMC -> flash FRUSDR -> AC cycle SUT -> SUT can boot up normally. WARNING: This release has the BMC PCIe bridge disabled. This will cause the majority of operating systems to fail at boot as they stall during video driver initialization Steps to recover a failing operating system: Linux variants (one of the below): A. Ensure the "modprobe.blacklist=ast" parameter is set in your boot loader (grub) B. Ensure you are using a kernel version v4.10 or newer For Red Hat* Enterprise Linux* v7.3, please refer to the included "RHEL73_InstallationGuide_Rev1.00.pdf" For SUSE* Linux* Enterprise Server v12 SP1 or SP2, please refer to the included "SLES12_InstallationGuide_Rev1.00.pdf" Windows variants: Boot to safe mode, and load aspeed video driver v1.03 or greater and reboot For Windows* Server 2016, please refer to the included "WinSrv16_InstallationGuide_Rev1.00.pdf" ============================================================================= LEGAL INFORMATION ============================================================================= Information in this document is provided in connection with Intel products. No license, express or implied, by estoppel or otherwise, to any intellectual property rights is granted by this document. Except as provided in Intel's Terms and Conditions of Sale for such products, Intel assumes no liability whatsoever, and Intel disclaims any express or implied warranty, relating to sale and/or use of Intel products including liability or warranties relating to fitness for a particular purpose, merchantability, or infringement of any patent, copyright or other intellectual property right. Intel Corporation may have patents or pending patent applications, trademarks, copyrights, or other intellectual property rights that relate to the presented subject matter. The furnishing of documents and other materials and information does not provide any license, express or implied, by estoppel or otherwise, to any such patents, trademarks, copyrights, or other intellectual property rights. Intel products are not intended for use in medical, life saving, or life sustaining applications. Intel may make changes to specifications and product descriptions at any time, without notice. Intel is a registered trademark of Intel Corporation. *Other names and brands are the property of their respective owners. Copyright (c) 2018 Intel Corporation. A portion of this firmware is open source code, which falls under the GPL 2.0 license.