================================================================================ Intel(R) Server Board S1200SP Product Family Firmware Update Package for Intel(R) One Boot Flash Update Utility and Windows* Preboot Execution Environment ================================================================================ INTEL(R) Server Boards and Systems Intel Corporation 2111 N.E. 25th Avenue, Hillsboro, OR 97124 USA ================================================================================ DATE : February 19, 2019 TO : Intel(R) Server Board S1200SP Product Family customers SUBJECT : Release Notes for System Firmware Update Package ================================================================================ ABOUT THIS RELEASE ================================================================================ BIOS: 03.01.0042 ME: 04.01.04.054 BMC: 01.16.11302 FRUSDR: V0.27 ================================================================================ IMPORTANT: PLEASE READ ================================================================================ Due to additional integrated BIOS features, the Intel(r) Server Board S1200SP BIOS binary regions have surpassed their original design sizes. Install bridge BIOS version 03.01.2032 to redefine the binary regions before attempting to update the BIOS firmware to version 03.01.0038 or later. Prior to update your system to BIOS version 03.01.0038 or later, is required to update the system to bridge BIOS version 03.01.2032. If you update BIOS version from 03.01.0038 over to 03.01.0042, the bridge BIOS version is not required. System will fail to update the BIOS FW to version 03.01.0042 if the currently BIOS FW installed on the system is not 03.01.2032 or 03.01.0038. We apologize for the inconvenience. ================================================================================ Support Platforms and Dependency ================================================================================ Processors supported: Intel(R) Xeon(R) processor E3-1200 v5 series Intel(R) Xeon(R) processor E3-1200 v6 series Microcode update versions: CPUID Version Status 0x506E3 000000C6 (E3-1200v5 UP R0/S0) (Intel(R) Xeon(R) processor E3-1200 v5 series B0) 0x906E9 0000008E (E3-1200v6 B0) (Intel(R) Xeon(R) processor E3-1200 v6 series B0) The following update process must be followed to ensure a trouble free update. 1. BMC firmware 2. BIOS 3. Manageability Engine (ME) firmware 4. FRUSDR ================================================================================ Supported Operating Systems ================================================================================ Windows* Server 2012 R2 EM64T Windows* Server 2016 Standard/Datacenter Windows* 10 EM64T RHEL* 6.x and 7.x EM64T CentOS* 7.x EM64T SuSE* 11.x and 12.x EM64T ================================================================================ IMPORTANT NOTICE ================================================================================ - This Update package must be installed using Intel(R) One-boot Flash Update (OFU) V14.0 Build 15 - This BIOS has included CCB108 implementation(Aperture size), suggesting to press F9 to load default if BIOS is updated via online method. - BIOS downgrade from this release only can be done by using the BIOS recovery mode - Please press F9 to make SGX enabled by default when BIOS is online upgraded from Intel(R) Xeon(R) processor E3-1200 v5 series based SGX BIOS(01.01.xxxx) to Intel(R) Xeon(R) processor E3-1200 v5 series based SGX BIOS(03.01.xxxx), due to limitation on Intel(R) Xeon(R) processor E3-1200 v5 series based SGX BIOS. - This BIOS has updated Security Revision to 2.0 following SPRD requirement, causing BIOS can't be downgraded to previous version with Security Revision 01.00 under normal mode. No impact under Recovery Mode. The same limitation when downgrade BIOS to non-SGX BIOS and downgrade BIOS to SGX BIOS with lower security revision. - This BIOS has SMM communication buffer fix with Security Revision updated to 01.01 following SPRD requirement. Two impacts should be noted: >> 1. Security Revision upgrade: causing BIOS can't be downgraded to previous version with Security Revision 01.00 under normal mode. No impact under Recovery Mode. >> 2. SMM communication buffer fix: causing older version of utilities are not functional, only version equal or newer than below ones can be used together with this new BIOS. Sysinfo V14.0 Build 18, Selviewer V14.0 Build 17, Syscfg V14.0 Build 15, iFlash32 v14.0 Build10, FWPIAUPD v14.0 Build 8, FRUSDR v14.0 Build 8, OFU v14.0 Build 15 ================================================================================ System Firmware Update Package Usage instructions ================================================================================ This package can be updated using one of the following methods: - Windows* or Linux* operating system using Intel(R) One-boot Flash Update (OFU) V14.0 Build 15 - Windows* Preboot Execution Environment (WinPE) To update from Windows* and Linux* or operating systems using the Intel(R) One Boot Flash Update Utility (OFU) Intel(R) One boot Flash Update utility can be downloaded from http://downloadcenter.intel.com/ and it is part of the "BIOS, Firmware Update & Configuration Utilities" for Windows* and Linux*. Please refer to Intel(R) OFU user guide about the details of installation and usage of OFU. Use OFU to update system firmware by the following steps: - Install OFU on Windows* or Linux* system - Download the latest firmware update package from http://downloadcenter.intel.com/ - Unzip package to a folder - Run the following command in Windows* command line/Linux* terminal window: :\flashupdt -u \flashupdt.cfg To update from Windows* Preboot Execution Environment (WinPE) The System Firmware Update Package can be inserted to Windows* PE customized image for creating a bootable Windows* PE CD. User is able to update system firmware from customized WinPE CD by the following steps: - Boot server with customized WinPE CD - Run script "WinPE21_x64_Update.bat" or "WinPE20_x86_Update.bat" (name may be varied depends on your own customization) Note: 1. The Intel(R) OFU utility is case sensitive. Therefore, when you transfer the Firmware Update Package using USB flash drive from a Microsoft Windows* system to a Linux environment, you must first extract under the Linux* environment. Otherwise, you will need to mount the USB flash drive manually with 'vfat' option under Linux to avoid conversion from upper case to lower case and vice versa. 2. To make Intel(R) OFU utility run properly under x86 or x64 OS, you have to read OFU release notes on known issues for OFU installation. 3. In this SFUP package, Intel only provide batch file "WinPE_x86_Update.bat" for WinPE2.0 32 bit solution "WinPE_x64_Update.bat" for WinPE2.1/3.0 64 bit solution as an example. Please refer to white paper "White Paper-Intel Server Utilities Procedure for WinPE.pdf" for details on building your own customized WinPE CD. 4. Windows PE 2.0 - built from Windows Vista SP1 32bit or EM64T 5. Windows PE 2.1 - built from Windows Vista SP1 or Windows Server 2008, EM64T 6. Windows PE 3.1 - built from Windows Server 2008R2, EM64T 7. Microsoft IPMI driver is loaded by default from WinPE CD, if you want to use Intel IPMI driver instead of MS IPMI driver for firmware update, you can un-install Microsoft IPMI driver by: Devicesetup.exe ¨Cv remove *IPI0001 Note: IPI0001 is the device ID for Microsoft IPMI driver. 8. If to update backup BIOS region or NVRAM, you need to customize the OFU update scripts (eg.flashupdt.cfg) and add "UpdateBackupBios" or "UpdateNvram" parameter. ================================================================================ BIOS 03.01.R0042 ================================================================================ Production Sign [HSD-ES][1507017816]PSIRT - FW-UEFI-Vuln-2018-038 BIOS does not set TCO_BASE_LOCK [HSD-ES][1507017816]PSIRT - FW-UEFI-Vuln-2018-038 BIOS does not set TCO_BASE_LOCK [HSD-ES][2103624154]Boot into ESXi6.7u1 after enable "VT for Directed I/O", system would hang with purple srcreen. [HSD-ES][1506299498]Lack of ACPI IPMC HID IPI0001 Device causes standard IPMI driver can't be automatically loaded in OS [HSD-ES][1506741607]FW-UEFI-Vuln-2018-031 - Dynamic loops accessing one element beyond boundary due to <= operator Update Security version to 7 ================================================================================ ME 04.01.04.054 ================================================================================ Please follow the below procedure to update ME using UEFI iFlash32 14.0 Build 11 1. Boot the system to EFI Shell 2. Download ME release package 3. Unzip the ME release package to HD or USB Flash Drive 3. Map the respective storage device in system with the command Shell> map -r 4. Change the Shell to mapped device file system Example: Shell> fs0: (or fs1:) 5. Run the IFlash32 utility on the prompt. Use ME_xx_xx_xx_xxx.cap file when ME operational Image update is required. Use MEComplete_xx_xx_xx_xxx.cap file when Only whole ME Image update is required. fs0:\> IFlash32 [File Name] /u /ni 6. Reboot system after the update is completed. =============================================================================== BMC 01.16.11302 =============================================================================== - This BMC FW update package is to be used only on Intel server baseboards and does NOT support customer reference boards (CRB) or silicon reference platforms (SRP) - The BMC FW image file in this package is to be used only with the provided FWPIAUPD update utility. Using the FW image file with a SPI flash device programmer will result in a non-functional system. 1.16.11302 Add two security fix which is similar with purley platform: -#2205553951 Unauthenticated user can get system GUID of the BMC -#2205553948 Low-privileged user can retrieve hash containing password of other users, including administrators ================================================================================ FRUSDR 0.27 FEATURES ADDED ================================================================================ S1200SP_027: S1200SP_026: 2103618193 Display version 0.24 in flash interface when flash Frusdr version 0.25. ============================================================================= LEGAL INFORMATION ============================================================================= Information in this document is provided in connection with Intel products. No license, express or implied, by estoppel or otherwise, to any intellectual property rights is granted by this document. Except as provided in Intel's Terms and Conditions of Sale for such products, Intel assumes no liability whatsoever, and Intel disclaims any express or implied warranty, relating to sale and/or use of Intel products including liability or warranties relating to fitness for a particular purpose, merchantability, or infringement of any patent, copyright or other intellectual property right. Intel Corporation may have patents or pending patent applications, trademarks, copyrights, or other intellectual property rights that relate to the presented subject matter. The furnishing of documents and other materials and information does not provide any license, express or implied, by estoppel or otherwise, to any such patents, trademarks, copyrights, or other intellectual property rights. Intel products are not intended for use in medical, life saving, or life sustaining applications. Intel may make changes to specifications and product descriptions at any time, without notice. Intel is a registered trademark of Intel Corporation. *Other names and brands are the property of their respective owners. Copyright (c) 2019 Intel Corporation. A portion of this firmware is open source code, which falls under the GPL 2.0 license. For BMC the OSS source code that the customer is entitled to per OSS license has been posted on the Intel support website at the following link: http://downloadcenter.intel.com/Detail_Desc.aspx?agr=Y&DwnldID=21081 This open source code falls under the GPL 2.0 license, please see the license at the following link: http://www.opensource.org/licenses/gpl-2.0.php