=============================================================================== Intel(R) Server Platform Integrated BMC Firmware Release Notes =============================================================================== INTEL(R) Server Boards and Systems Intel Corporation 2111 N.E. 25th Avenue, Hillsboro, OR 97124 USA =============================================================================== DATE: 7 September 2019 TO: Intel(R) Server Board S9200WK SUBJECT: Integrated BMC(R) firmware 2.21 release notes =============================================================================== LEGAL INFORMATION =============================================================================== Information in this document is provided in connection with Intel products. No license, express or implied, by estoppel or otherwise, to any intellectual property rights is granted by this document. Except as provided in Intel's Terms and Conditions of Sale for such products, Intel assumes no liability whatsoever, and Intel disclaims any express or implied warranty, relating to sale and/or use of Intel products including liability or warranties relating to fitness for a particular purpose, merchantability, or infringement of any patent, copyright or other intellectual property right. Intel Corporation may have patents or pending patent applications, trademarks, copyrights, or other intellectual property rights that relate to the presented subject matter. The furnishing of documents and other materials and information does not provide any license, express or implied, by estoppel or otherwise, to any such patents, trademarks, copyrights, or other intellectual property rights. Intel products are not intended for use in medical, life saving, or life sustaining applications. Intel may make changes to specifications and product descriptions at any time, without notice. Intel is a registered trademark of Intel Corporation. *Other names and brands are the property of their respective owners. Copyright (c) 2019 Intel Corporation. A portion of this firmware is open source code. The OSS source code that the customer is entitled to per OSS license has been posted on the Intel support website at the following link: http://downloadcenter.intel.com/Detail_Desc.aspx?agr=Y&DwnldID=21081 This open source code falls under the GPL 2.0 license, please see the license at the following link: http://www.opensource.org/licenses/gpl-2.0.php =============================================================================== ABOUT THIS RELEASE PACKAGE =============================================================================== Source file: Purley_2.21.3b847efd.bin Built from git revision: 3b847efd87342a045f2d1a7282e14375a16f104d REVISION INFORMATION RETURNED BY GET DEVICE ID COMMAND: Operational mode: 2.21.3b847efd Device ID: 0x22 Manufacturer ID: 0x000157 SHA1 checksum: Purley_2.21.3b847efd.bin: ffad0a9e4479afac34bfd2401d65398ed4bce099 JAVA Certificate: from: Sat Feb 09 06:35:18 CST 2019 UTC/GMT+08:00 until: Mon Feb 08 06:35:18 CST 2021 UTC/GMT+08:00 Embedded firmware files for the following components: Power Supplies PSSF162202A 00: 75.9.0 PSSF162202A 01: 75.9.0 PSSF162202A 02: 75.9.0 PSSF162202A 03: 75.9.0 PSSF162202A 04: 75.9.0 PSSF162202A 05: 75.9.0 PSSF162202A 06: 75.9.0 PSSF162202A 07: 75.9.0 PSSF162202A 08: 75.9.0 PSSF162202A S3: 55.9.0 PSSF162205A 00: 16.4.0 PSSF162205A S3: 16.4.0 PSSF212201A S3: 12.3.0 PSSF222201A 01: 24.0.0 PSSF222201A S1: 9.0.0 PSSF222201A S2: 17.0.0 PSSF222201A S3: 20.0.0 PSSF222201A S4: 33.0.0 Hot Swap Backplane V2 HSBP: 2.08 Firmware Update Tools: FWPIAUPD_v14_1_Build16 * NOTE The PSSF222201A 00A or newer identifies itself as a PSSF222201A S4 internally. Please use that firmware version when referencing that PSU. *** IMPORTANT *** Cipher Suite 3 is disabled by default and only keep Cipher Suite 17 opened by default. Due to this the extra parameter "-C 17" is required for ipmitool to work via LAN. The Cipher Suite 17 was first introduced in ipmitool 1.8.18 on Oct 8th 2016, Cipher Suite 3 is disabled by default since BMC firmware 1.90 and only keep Cipher Suite 17 opened by default. Due to this the extra parameter "-C 17" is required for ipmitool to work via LAN. The Cipher Suite 17 was first introduced in ipmitool 1.8.18 on Oct 8th 2016, you have to update ipmitool to this version or newer one, earlier versions of ipmitool don’t have Cipher 17 support ipmitool is not working well when running in high load network. We recommend to add extra timeout by using "-N 5". Default is 1 second for RMCP+, which is not enough. –N 5 will set 5 second as timeout. So the command will look like: ipmitool -I lanplus -H ip -U user -P password -C 17 -N 5 command Please refer to the included "TA-1143_Extra_parameters_needed_for_ipmitool.pdf" for more information. ------------------------------------------------------------------------------- =============================================================================== IMPORTANT INSTALLATION NOTES =============================================================================== The following update process must be followed to ensure a trouble free updating of your baseboard. The order is important to minimize any issues for status checking as different components are initialized. 1. BMC firmware 2. BIOS/Manageability Engine (ME) firmware (as directed in BIOS Release Notes) 3. FRU/SDR package specific to the baseboard. 4. NIC EEPROM =============================================================================== INSTALLATION PROCEDURE =============================================================================== There are two supported ways to update the BMC firmware. You may opt to use the Web GUI or the legacy UEFI method. Web GUI update 1. Unzip the package onto your system 2. Log into the BMC web GUI 3. Navigate to Configuration, then Firmware Update 4. Click browse, and direct the browser to the location of Purley_2.21.3b847efd.bin 5. Click upload. Progress and status will be shown as the update progresses UEFI update 1. Unzip package and load onto a flash drive 2. Boot to UEFI shell, and navigate to the folder where this package lives 3. Run fwUpdateBMC.nsh and follow the prompts =============================================================================== FIRMWARE UPGRADE/DOWNGRADE PROCEDURES =============================================================================== Upgrade of BMC FW from version 2.21 to later versions will be documented in the release notes for those versions. Reverting to a lower version of firmware may have unexpected side effects, including but not limited to user settings reset to defaults, and will always result in the loss of functionality which was present in the higher version but was not implemented in the lower version. We do not guarantee that any downgrade will operate without side-effects. Always observe caution when downgrading firmware. =============================================================================== KNOWN ISSUES/WORKAROUNDS/REQUIREMENTS =============================================================================== WARNING: This release disables RMCP authentication by default. ipmitool uses RMCP by default, so it will fail to authenticate. Add the '-I lanplus' parameter to all ipmitool commands to use RMCP+ instead. WARNING: This release disables the BMC PCIe bridge. This will cause a majority of operating systems to fail to boot as they stall during video driver init. More information can be found in the defect below: 1209995146 - Host OS fails to boot when AST2500 P2A bridge is disabled. WARNING: When using IPMI to establish a SOL session using KONSOLE: A. The "Delete" input cannot be captured when pressing "Backspace" Workaround: Modify the "Backspace" key to "0x08" in the KONSOLE profile keyboard settings B. Resizing a KONSOLE window with an active SOL session can cause the content to overlap Workaround: None. Recommend using the Java SOL Viewer instead of KONSOLE Steps to recover a failing OS: Linux variants (one of the below): A. Ensure that the nomodeset parameter is set in your boot loader (grub) config. B. Ensure that you are using a kernel version of 4.10 or above Windows variants: Boot to safe mode, and load aspeed video driver v1.03 or greater and reboot Redfish API: Redfish API POST requests using a browser extension or plugin will fail if the extension manipulates the HTTP(S) Origin header. This affects REST clients which are implemented as browser (chrome, Firefox) plugins or extensions such as the older versions of Postman. It is recommended to use Postman version 6.0 or later. For security purposes, the BMC Redfish API requires that if a HTTP Origin header is present, the host portion of the Origin header must match the HTTP Host header. Some browser based REST clients alter the Origin header preventing their use with the BMC. WARNING: Start from BMC v2.21, When KCS control mode is put in restricted and deny all mode, BMC EWS CPU and DIMM page displays blank or last DC on configuration information. =============================================================================== CHANGES =============================================================================== =============================================================================== v2.12.4e7980fc - (Release version) =============================================================================== CCB2546: Add additional eventing to Redfish support CCB2645: Support virtual media CCB2570: Complex BMC Password CCB2538: Customer required i2c write access for management of their proprietary or 3rd party PCIe hardware ============================================================================== v2.02. - (Release version) =============================================================================== Initial Release =============================================================================== DEFECTS RESOLVED =============================================================================== =============================================================================== v2.21.3b847efd - (Release version) =============================================================================== 2103628329 - EWS: It can not send the SNMP alert packages to destination IP 1507357494 - Unable to change property "BootSourceOverrideEnabled" from "Continuous" to "Disabled" 1607346326 - Username or password length is abnormal when create or modify. 2208243530 - BMC Session ID hijacking flaw 1507373053 - The latest BMC has no event log on EWS 1607346326 - Username or password length is abnormal when create or modify 1507343404 - Cannot change BMC KCS mode in BMC force-update mode. =============================================================================== v2.12.4e7980fc - (Release version) =============================================================================== 1507285372 - Upgrade Glib from V2.56.1 to V2.60.4 2103626700 - The BIOS configurations page of EWS display abnormal on firefox 1407979768 - Host KCS interface allows OS Admin level access without authentication 1507224371 - Alert setting can't display by ipmitool lan alert print 1507285344 - Upgrade libxml2 from v2.9.8 to v2.9.9 1507283206 - Vulnerability for SSH-SOL 1507285225 - Upgrade Linux Kernel from V4.9.135 to V4.9.184 1607346326 - [Redfish] Username or password length is abnormal when create or modify 1507265084 - [Redfish] MinPasswordLength is hardcoded to 1 in the Redfish, where it is supposed to be 6 or 8. 2103626776 - Fix Lan failover for IPv6 1507219383 - It can mount only one ISO image via Web ISO 1507219322 - It doesn't popup any message to confirm if the configuration saved successfully or not when click save button in EWS Web ISO page. 2103626964 - [S2600ST] close button is not work in help link for Web ISO page 1507015133 - Some parameters in response of Get watchdog timer are not to be same as set with Set watchdog timer command 1507050725 - System doesn't reset when set watchdog timeout action "Reset" 1507075801 - Set timer use expiration flag clear byte is ineffective via set watchdog timer command 1507219252 - The default page display of Virtual Media is different with others default page in EWS 1507219278 - Spell error in Web ISO page of EWS 1507219452 - it can mount an image with size more than 4.7G via Web ISO , which mismatch the help info . 1607070983 - SEL is not logged for power button Press. 1607101924 - "Powering On" option is not displayed as the power state when "Chassis/Intel_Front_Panel" is queried immediately after DC ON the system. 1607139289 - After BMC reboot, chassis power state returns a value opposite to the actual power state of the SUT with latest build - VERSION="v2.3-1870", VERSION_ID="v2.3-1870-g58f1b4b-007ad6b", 1507207960 - Integrated BMC Web Console "DIMM Information" shown no DIMMs when the S2600WF is fully populated with 24*4GB DIMMs 1507175016 - get the wrong restart cause after resetting the host via pressing "ctrl + alt + delete" 2103626441 - [S2600ST] it will pop error message when using IPMI command to enable SOL session with Null user 1507140808 - Vulnberabilities CVE-2019-6260 as BMC didn't disable superIO 1507206817 - [Redfish] There is an abnormal response after delete user. 1507200975 - GID is wrong for bad user password in the BMC debug log from EWS 1607100186 - The speed Installing OS under HTML5 is much slower than KVM. 1209207666 - BMC KCS interfaces not available after cold boot, if board has 2 CPUs installed 2103626093 - When removed the CPU 1 and then AC on the SUT, the BMC does not generate the related log until by pressing the power button 2103626277 - [S2600ST] The Web ISO page show abnormally information in BMC web 2103626301 - [S2600ST] There are missing Web ISO instructions in help link in Web ISO page 2103626244 - Repeatly execute the "echo c > /proc/sysrq-trigger" to let the BMC enter "Safe Mode", there is no "Watchdog Event" in the EWS logs 1507168076 - [Redfish] Can not update ME with /redfish/v1/UpdateService/SoftwareInventory/ME/Actions/Oem/Intel.Oem.UpdateME 2103625497 - Some BIOS configuration pages of the EWS do not require a password 2103625492 - iKVM over HTML5 will disconnect after modified System Date or Time in BIOS Setup. 1507143397 - [Redfish] The destination of "Event Subscriptions" can not receive any connecting request from BMC after submit a test event. 1607078240 - SOL could be launched after disabling SOL payload access for a particular user using Set User payload access command. 1507136949 - No JAVA certificate time in the BMC firmware release notes 1507131761 - BMC SEL log show wrong GID for ME event 1606933616 - Partial add sel entry command is executed by the user with user privilege. 2103625000 - RSD: Use "MDR Region Read" command to read 230 bytes from "ACPI", "iSCSI" or "Nv-Me" region, it always returns 0xC7 response data 2103625452 - BMC can't stuck in Safe mode after execute 4 times BMC watchdog 2206474881 - Hidden NM configurations can be added that are not visible from WebUI list 2206487277 - Potential Man in the middle attack in the redfish http out connection 2103625324 - SEL will record two "PEF Action " after trigger "Upper Non-recoverable" event of Front plane temp. 2103625455 - There is a colon on the EWS -> Configuration -> Security Settings Help page. 2103625440 - SUT can't power on after AC resume when "Resume on AC Power Loss" set to "Power on" in BIOS setup. 2103625481 - No display message in debug console when login MTM2 mode 2103625484 - Syslog does not send message to syslog server when login or out EWS 1507066447 - It is very slow to get HSBackplane by curl 2103625315 - [S2600ST] All buttons of KVM Number are invalid in Current Users when login EWS via firefox or google browser 1507042267 - 3rd Riser PBA G94347-271 FRU can't be read 2103625239 - No displayed messages for "not have sufficient privilege" when login EWS by operator/user privilege. =============================================================================== v2.02. - (Release version) =============================================================================== Initial Release =============================================================================== REFERENCE MATERIAL =============================================================================== Common (integrated) BMC Firmware EAS (integrated) BMC Firmware Common Core EPS