Print this page E-mail this page
POWER7 Compute Nodes
Applies to: POWER7 Compute Nodes 1457-7FL, 7895-22X, 7895-42X, 7895-23X, 7895-43X, 7954-24X, and 7895-23AThis document provides information about the installation of licensed
machine or licensed internal code, which is sometimes referred to generically
as microcode or firmware.
Contents
- 1.0 Systems Affected
- 1.1 Minimum FSM Code Level
- 2.0_Important_Information
- 3.0 Firmware Information and Description
- 4.0 How to Determine Currently Installed Firmware Level
- 5.0 Downloading the Firmware Package
- 6.0 Installing the Firmware
1.0 Systems Affected
This package provides firmware for POWER7 Compute Nodes 1457-7FL, 7895-22X, 7895-42X, 7895-23X, 7895-43X, 7954-24X, 7895-23A only.The firmware level in this package is:
- AF773_058 / FW773.13
1.1 Minimum FSM Code Level
This section is intended to describe the "Minimum FSM Code Level" required
by the system firmware to complete the firmware installation process. When
installing the system firmware, the FSM level must be equal to or higher
than the "Minimum FSM Code Level" before starting the system firmware update.
If the FSM managing the server targeted for the system firmware update
is running a code level lower than the "Minimum FSM Code Level" the firmware
update will not proceed. The Minimum FSM code level for this firmware is: 1.1.0.
For information concerning FSM releases and the latest PTFs, go to the following URL to access Fix Central.
http://www-933.ibm.com/support/fixcentral/
For specific fix level information on key components of IBM POWER7 Compute Nodes running the AIX, IBM i and Linux operating systems, we suggest using the Fix Level Recommendation Tool (FLRT):
http://www14.software.ibm.com/webapp/set2/flrt/home
2.0 Important Information
Using the Update Manager in the FSM to manage firmware installations.IBM strongly recommends using the Update Manager (UM) in the FSM GUI to manage firmware installations. The UM will verify that FSM, CMM, and Compute Node firmware levels are compatible and will download and install additional updates if necessary.
Downgrading firmware from any given release level to an earlier release
level is not recommended.
If you feel that it is necessary
to downgrade the firmware on your system to an earlier release level, please
contact your next level of support.
IPv6 Support and Limitations
IPv6 (Internet Protocol version 6) is supported in the System Management
Services (SMS) in this level of system firmware. There are several limitations
that should be considered.
When configuring a network interface card (NIC) for remote IPL, only the most recently configured protocol (IPv4 or IPv6) is retained. For example, if the network interface card was previously configured with IPv4 information and is now being configured with IPv6 information, the IPv4 configuration information is discarded.
A single network interface card may only be chosen once for the boot device
list. In other words, the interface cannot be configured for the IPv6 protocol
and for the IPv4 protocol at the same time.
Memory Considerations for Firmware Upgrades
Firmware release level upgrades and service pack updates may consume additional system memory.Server firmware requires memory to support the logical partitions on the server. The amount of memory required by the server firmware varies according to several factors.
Factors influencing server firmware memory requirements include the following:
- Number of logical partitions
- Partition environments of the logical partitions
- Number of physical and virtual I/O devices used by the logical partitions
- Maximum memory values given to the logical partitions
Additional information can be found at:
http://publib.boulder.ibm.com/infocenter/powersys/v3r1m5/topic/p7hat/iphatlparmemory.htm
3.0 Firmware Information and Description
Use the following examples as a reference to determine whether your installation will be concurrent or disruptive.Note: The concurrent levels of system firmware may, on occasion, contain fixes that are known as deferred and/or partition-deferred. Deferred fixes can be installed concurrently, but will not be activated until the next IPL. Partition-deferred fixes can be installed concurrently, but will not be activated until a partition reactivate is performed. Deferred and/or partition-deferred fixes, if any, will be identified in the "Firmware Update Descriptions" table of this document. For these types of fixes (deferred and/or partition-deferred) within a service pack, only the fixes in the service pack which cannot be concurrently activated are deferred.
Note: The file names and service pack levels used in the following examples are for clarification only, and are not necessarily levels that have been, or will be released.
System firmware file naming convention:
01AFXXX_YYY_ZZZ
- XXX is the release level
- YYY is the service pack level
- ZZZ is the last disruptive service pack level
An installation is disruptive if:
- The release levels (XXX) are different.
- The service pack level (YYY) and the last disruptive service pack level (ZZZ) are the same.
- The service pack level (YYY) currently installed on the system is lower than the last disruptive service pack level (ZZZ) of the service pack to be installed.
An installation is concurrent if:
- The release level (XXX) is the same, and
- The service pack level (YYY) currently installed on the system is the same or higher than the last disruptive service pack level (ZZZ) of the service pack to be installed.
Filename | Size | Checksum |
01AF773_058_033.rpm | 40121720 |
08636 |
AF773 For Impact, Severity and other Firmware definitions, Please refer to the below 'Glossary of firmware terms' url: http://www14.software.ibm.com/webapp/set2/sas/f/power5cm/home.html#termdefs |
|
AF773_058 / FW773.13
07/02/2014 |
Impact: HIPER/Pervasive System firmware changes that affect all systems - HIPER /Pervasive A security problem was fixed in the OpenSSL (Secure Socket Layer) protocol that allowed clients and servers, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between the management console and the service processor. The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-0224. - HIPER /Pervasive A security problem was fixed in OpenSSL for a buffer overflow in the Datagram Transport Layer Security (DTLS) when handling invalid DTLS packet fragments. This could be used to execute arbitrary code on the service processor. The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-0195. - HIPER /Pervasive Multiple security problems were fixed in the way that OpenSSL handled read and write buffers when the SSL_MODE_RELEASE_BUFFERS mode was enabled to prevent denial of service. These could cause the service processor to reset or unexpectedly drop connections to the management console when processing certain SSL commands. The Common Vulnerabilities and Exposures issue numbers for these problems are CVE-2010-5298 and CVE-2014-0198. - HIPER /Pervasive A security problem was fixed in OpenSSL to prevent a denial of service when handling certain Datagram Transport Layer Security (DTLS) ServerHello requests. A specially crafted DTLS handshake packet could cause the service processor to reset. The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-0221. - HIPER /Pervasive A security problem was fixed in OpenSSL to prevent a denial of service by using an exploit of a null pointer de-reference during anonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially crafted handshake packet could cause the service processor to reset. The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-3470. |
AF773_056 / FW773.12
06/05/2014 |
Impact: HIPER/Pervasive New features and functions - Support was added for higher speed processors of 4.1 GHz in the IBM Flex System p460 compute node (7895-43X). System firmware changes that affect all systems - HIPER/Pervasive A firmware code update problem was fixed that caused the Flex System Manager (FSM) to go to "Incomplete State" for the system with SRC E302F880 when assignment of a partition universal unique identifier (UUID) failed for a partition that was already running. This problem happens for disruptive code updates from AF773 firmware levels to AF783 or later levels. |
AF773_054 / FW773.11
04/23/2014 |
Impact: HIPER/Pervasive Republished for metadata changes ONLY on 05/09/2014. There are NO CHANGES to the package binaries. System firmware changes that affect all systems - A security problem was fixed for the Lighttpd web server that allowed arbitrary SQL commands to be run on the service processor of the compute node. The Common Vulnerabilities and Exposures issue number is CVE-2014-2323. - A security problem was fixed for the Lighttpd web server where improperly-structured URLs could be used to view arbitrary files on the service processor of the compute node. The Common Vulnerabilities and Exposures issue number is CVE-2014-2324. - HIPER /Pervasive A security problem was fixed in the OpenSSL Montgomery ladder implementation for the ECDSA (Elliptic Curve Digital Signature Algorithm) to protect sensitive information from being obtained with a flush and reload cache side-channel attack to recover ECDSA nonces from the service processor. The Common Vulnerabilities and Exposures issue number is CVE-2014-0076. The stolen ECDSA nonces could be used to decrypt the SSL sessions and compromise the Flex System Manager (FSM) access password to the service processor. Therefore, the FSM access password for the compute node should be changed after applying this fix. - HIPER /Pervasive A security problem was fixed in the OpenSSL Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) to not allow Heartbeat Extension packets to trigger a buffer over-read to steal private keys for the encrypted sessions on the service processor. The Common Vulnerabilities and Exposures issue number is CVE-2014-0160 and it is also known as the heartbleed vulnerability. The stolen private keys could be used to decrypt the SSL sessions and and compromise the Flex System Manager (FSM) access password to the service processor. Therefore, the FSM access password for the compute node should be changed after applying this fix. |
AF773_051 / FW773.10
12/06/2013 |
Impact: Available New features and functions in system firmware AF773_051 - Support was added to upgrade the service processor to openssl version 1.0.1 and for compliance to National Institute of Standards and Technologies (NIST) Special Publications 800-131a. SP800-131a compliance required the use of stronger cryptographic keys and more robust cryptographic algorithms. - Support was added to the Advanced System Management Interface (ASMI) to provide a menu for "Memory Low Power State Control" to enable or disable the custom memory buffer low power mode. If set to disabled, it disables low power mode (a power-saving feature) to speed memory and improve performance for some workloads. - IBM Flex System Chassis Management Module (CMM) provisioning support was enhanced to provide Transport Layer Security (TLS) version 1.2 mode to the service processor on the compute node. System firmware changes that affect all systems - A problem was fixed that caused the IBM Flex System Chassis Management Module (CMM) to display the wrong firmware level after a service processor side switch from permanent to temporary (or temporary to permanent). The CMM showed the firmware level of the previous side instead of the new side using the "info -T blade[x]" command. - A problem was fixed that caused the IBM Flex System Chassis Management Module (CMM) to issue an event log with message "Node xx VPD was changed" every time the service processor was reset even though there was no VPD change for the compute node. - A problem was fixed that occurred when the IBM Flex System Chassis Management Module (CMM) throttled the power on the compute node and caused the service processor to reset with a SRC B181D50E logged. The power throttle process on the service processor was leaking memory and eventually caused the reset on an out of memory condition. - A problem was fixed that occurred when the IBM Flex System Chassis Management Module (CMM) failed over from the primary CMM to standby CMM or when the FSP IP is changed. This caused the service processor to reset and SRC B181D50E to be logged. The Small-Footprint CIM Broker Daemon (SFCBD) process on the service processor was leaking memory and eventually caused the reset on an out of memory condition. - A problem was fixed that caused an SRC B1818611 error log entry and a CIMPSRV core dump. A proper lockout mechanism was not being used when two process threads both accessed the network configuration (NCFG) object at the same time. - For the sequence of a reboot of a system partition followed immediately by a power off of the partition, a problem was fixed where the hypervisor virtual service processor (VSP) incorrectly retained locks for the powered off partition, causing the power compute node to go into recovery state during the next power on attempt. - A problem was fixed that caused a SRC B7006A72 calling out the adapter and the I/O Planar. - A problem during a dynamic logical partitioning (DLPAR) memory operation was fixed that caused BA250020 SRCs to be logged unnecessarily for the AIX partition. There were no memory errors for the partition. - A problem was fixed that prevented a HMC-managed system from being converted to manufacturing default configuration (MDC) mode when the management console command "lpcfgop -m - A problem was fixed that caused the slot index to be missing for virtual slot number 0 for the dynamic reconfiguration connector (DRC) name for virtual devices. This error was visible from the management console when using commands such as "lshwres -r virtualio --rsubtype slot -m machine" to show the hardware resources for virtual devices.
- A problem was fixed that prevented the IBM Flex System Chassis Management Module (CMM) compute node error state from being cleared when the System Information Indicator was turned off by using the Advanced System Management Interface (ASMI) on the service processor for the compute node, the CMM, or the IBM Flex System Manager (FSM).
- A problem was fixed during resource dump processing that caused a read of an invalid system memory address and a SRC B181C141. The invalid memory reference resulted from the service processor incorrectly referencing memory that had been relocated by the hypervisor.
- A problem was fixed that prevented the Flex System Manager (FSM) management console from turning on a compute node fault indicator LED when a fault occurred. The fault LED was reported correctly by the Advanced System Management Interface (ASMI) and the IBM Flex System Chassis Management Module (CMM).
- DEFERRED A problem was fixed that caused a system checkstop with SRC B113E504 for a recoverable hardware fault. This deferred fix addresses a problem that has a very low probability of occurrence. As such customers may wait for the next planned service window to activate the deferred fix via a system reboot.
System firmware changes that affect certain systems
- On systems involved in a series of consecutive logical partition migration (LPM) operations, a memory leak problem was fixed in the run time abstraction service (RTAS) that caused a partition run time AIX crash with SRC 0c20. Other possible symptoms include error logs with SRC BA330002 (RTAS memory allocation failure).
- On Power7+ compute nodes, a problem was fixed that caused the L3 cache size to display as 4MB instead of 10MB on the IBM Flex System Chassis Management Module (CMM).
|
AF773_035 / FW773.01
05/09/2014 |
Impact: HIPER/Pervasive (AF773_035/FW773.01 was shipped after FW773.11 for those customers that needed the following critical fixes, but were unable to move up to FW773.11. This content is listed here for consistency.) System firmware changes that affect all systems - A security problem was fixed for the Lighttpd web server that allowed arbitrary SQL commands to be run on the service processor of the compute node. The Common Vulnerabilities and Exposures issue number is CVE-2014-2323. - A security problem was fixed for the Lighttpd web server where improperly-structured URLs could be used to view arbitrary files on the service processor of the compute node. The Common Vulnerabilities and Exposures issue number is CVE-2014-2324. - HIPER /Pervasive A security problem was fixed in the OpenSSL Montgomery ladder implementation for the ECDSA (Elliptic Curve Digital Signature Algorithm) to protect sensitive information from being obtained with a flush and reload cache side-channel attack to recover ECDSA nonces from the service processor. The Common Vulnerabilities and Exposures issue number is CVE-2014-0076. The stolen ECDSA nonces could be used to decrypt the SSL sessions and compromise the Flex System Manager (FSM) access password to the service processor. Therefore, the FSM access password for the compute node should be changed after applying this fix. - HIPER /Pervasive A security problem was fixed in the OpenSSL Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) to not allow Heartbeat Extension packets to trigger a buffer over-read to steal private keys for the encrypted sessions on the service processor. The Common Vulnerabilities and Exposures issue number is CVE-2014-0160 and it is also known as the heartbleed vulnerability. The stolen private keys could be used to decrypt the SSL sessions and and compromise the Flex System Manager (FSM) access password to the service processor. Therefore, the FSM access password for the compute node should be changed after applying this fix. |
AF773_033 / FW773.00
09/10/2013 10/15/2013 - re-released for readme updates ONLY - no change to binaries |
Impact: New New features and functions in system firmware AF773_033 - Support for the P7+ Flex System p270 compute node (DCM 2-socket compute node) with MTM 7954-24X. - Support for the P7+ Flex System p260 compute node (SCM 2-socket compute node) with MTM 7895-23A for IBMi only. - Support for the P7+ Flex System p460 compute node (SCM 4-socket compute node) with MTM 7895-43X. - Support for the IBM Flex System CN4058 8-port 10Gb converged network adapter (CNA) mezzanine expansion card with feature code (F/C) EC24 for Power System compute nodes that support 10 Gb ethernet and Fibre Channel over Ethernet (FCoE). - Support for the IBM Flex System FC5054 4-port 16Gb fibre channel adapter with feature code (F/C) EC2E. This adapter features a dual-ASIC (FC5054) controller using the Emulex XE201 design, which allows for logical partitioning on Flex Power Systems compute nodes. - Support for the IBM Flex System Dual VIOS adapter for the p270 compute node (7954-24X) with feature code (F/C) EC2F. This adapter provides a second integrated SAS controller enabling dual VIOS support with two internal disks. - Support for the IBM Flex System FC5052 2-port 16Gb fibre channel adapter with feature code (F/C) EC23. This adapter features a 2-port 16 Gb Fibre Channel adapter with a single-ASIC controller using the Emulex XE201 design. - Support for the IBM Flex System compute nodes by the Hardware Management Console (HMC). Note that the HMC does not provide any Flex System chassis management capabilities. - Support for the IBM Flex System compute nodes by the Integrated Virtualization Manager (IVM). This provides an option for very basic system partition management for customers who do not want to purchase a Flexible System Management (FSM) or Hardware Management Console (HMC) appliance for system management. - Support for network enhancements between the IBM Flex System and the service processor.
- Support for Flex System LDAP configuration authentication-only mode (AOM) on the service processor. - Support for Flexible System Manager (FSM) increase in capacity to handle eight Flex system chassis for up to 112 compute nodes. - Support for Flexible System Manager (FSM) increase in capacity to handle up to 4096 managed system partitions running on the Flex System compute nodes. System firmware changes that affect all systems - Support was dropped for Secured Socket Layer (SSL) Version 2 and SSL weak and medium cipher suites in the service processor web server (Ligthttpd). Unsupported web browser connections to the Advanced System Management Interface (ASMI) secured port 443 (using https://) will now be rejected if those browsers do not support SSL version 3. Supported web browsers for Power7 ASMI are Netscape (version 9.0.0.4), Microsoft Internet Explorer (version 7.0), Mozilla Firefox (version 2.0.0.11), and Opera (version 9.24). - A problem was fixed that prevented the Advanced Management Module (AMM) and Chassis Management Module (CMM) from displaying the blade's gateway IP address when DHCP is enabled. - A problem was fixed that caused the hypervisor to fail to read the backplane VPD. When this problem occurs, the compute node will not boot. - A problem was fixed that caused SRC B1813221, which indicates a failure of the battery on the compute node, to be erroneously logged after a service processor reset or power cycle. - A problem was fixed that caused a service processor dump to be generated with SRC B18187DA "NETC_RECV_ER" logged. - A problem was fixed that caused a L2 cache error to not guard out the faulty processor, allowing the system to checkstop again on an error to the same faulty processor. - A problem was fixed that caused a HMC code update failure for the FSP on the accept operation with SRC B1811402 or FSP is unable to boot on the updated side. - A problem was fixed that caused the system information LED to be lit without a corresponding SRC and error log for the event. This problem typically occurs when an operating system on a partition terminates abnormally. - A problem was fixed that may cause inaccurate processor utilization reporting. - A problem was fixed that caused a migrated partition to reboot during transfer to a VIOS 2.2.2.0, and later, target system. A manual reboot would be required if transferred to a target system running an earlier VIOS release. Migration recovery may also be necessary. - A problem was fixed that caused an error log generated by the partition firmware to show conflicting firmware levels. This problem occurs after a firmware update or a logical partition migration (LPM) operation on the system. System firmware changes that affect certain systems - A problem was fixed that was caused by an attempt to modify a virtual adapter from the management console command line when the command specifies it is an Ethernet adapter, but the virtual ID specified is for an adapter type other than Ethernet. The managed system has to be rebooted to restore communications with the management console when this problem occurs; SRC B7000602 is also logged. - On a P7 system, a problem was fixed that caused a system checkstop during hypervisor time keeping services. This deferred fix addresses a problem that has a very low probability of occurrence. As such customers may wait for the next planned service window to activate the deferred fix via a system reboot. - A problem was fixed in the run-time abstraction services (RTAS) extended error handling (EEH) for fundamental reset that caused partitions to crash during adapter updates. The fundamental reset of adapters now returns a valid return code. The adapter drivers using fundamental reset affected by this fix are the following-- QLogic PCIe Fibre Channel adapters (combo card), IBM PCIe Obsidian, Emulex BE3-based ethernet adapters, Broadcom-based PCIe2 4-port 1Gb ethernet, Broadcom-based FlexSystem EN2024 4-port 1Gb ethernet for compute nodes - On a compute node, a problem was fixed that caused a Flexible Service Processor (FSP) dump with SRC B1818A0F when the Dynamic Host Control Protocol (DHCP) server failed to respond with a valid IPV4 address. For this scenario, the FSP network configuration will now issue an informational error log for DHCP and continue with the previously known IP address if possible. - On a compute node, a problem was fixed that caused SRCs B1818601, B1818611, and B181F12C to be logged with the chassis fans speeding up to the maximum fan speed. A race condition was found in the Common Information Model (CIM) process when it was changing IP addresses on the compute node that caused CIM pointer corruption and the associated errors. - On a compute node, a problem was fixed that caused a virtual session (Vtty) to fail to a partition with the message 'Unable to open virtual serial connection - lock failed". - On a compute node, a problem was fixed that caused the compute node to log SRC B1768BBF when resetting the network adapters to factory configuration using the Advanced System Manager Interface (ASMI). - On a compute node, a problem was fixed to stop frequent Secure Socket Layer (SSL) certificate provisioning from the Flex System Chassis Management Module (CMM) in the case of a DHCP server not responding. If the DHCP server is unresponsive, the previously received DHCP IP address is used by the compute node without further certificate provisioning. - On a compute node, a problem was fixed where the Flexible Service Manager (FSM) could not establish communications to the Flexible Service Processor (FSP) due to a FSP process deadlock condition. The deadlock error also caused dumps on the FSP anytime the FSM tried to connect to the FSP. - On a compute node, a problem was fixed for Flex System Chassis Management Module (CMM) failovers causing the Flexible Service Processor (FSP) to log SRC B181D50E for an out of memory condition for threads. - On a compute node, a problem was fixed where "VPD has changed" messages were not sent to the Flex System Chassis Management Module (CMM) for mezzanine I/O card updates, resulting in old firmware levels being displayed on the CMM for the cards. - On Power7+ systems, a problem was fixed that caused a system checkstop during hypervisor time keeping services. - On a compute node, a problem was fixed that caused the Common Information Model (CIM) server to core dump and have a long restart time when loading new Secure Socket Layer (SSL) certificates provided by the Flex System Chassis Management Module (CMM). This fix allows faster changes in the network configuration of the compute node and facilitates faster node discovery by the Flexible System Manager (FSM). - A problem was fixed that can cause Anchor (VPD) card corruption and A70047xx SRCs to be logged. Note-- If a serviceable event with SRC A7004715 is present or was logged previously, damage to the VPD card may have occurred. After the fix is applied, replacement of the Anchor VPD card is recommended in order to restored full redundancy. |
AF763_052 / FW763.10
05/01/2013 |
Impact: Available. System firmware changes that affect all systems
System firmware changes that affect certain systems
|
AF763_043 / FW763.01
12/05/2012 |
Impact: Available. System firmware changes that affect all systems - A problem was fixed that can cause fans in the server to run at maximum speed and generate a serviceable event during system boot (B130B8AF, a predictive error with hardware callout), as a result of an incorrect calibration of a particular thermal sensor. |
AF763_042 / FW763.00
12/04/2012 |
Impact: New. New Features and Functions in AF763_042: - Support for 7895-23X and 1457-7F2 - 16GB Fibre Channel mezzanine card, feature code EC23 - 2-port 10GB RDMA - RoCE adapter, feature code EC26 - 32GB DIMM, feature code EEMA |
4.0 How to Determine Currently Installed Firmware Level
You can view the server's current firmware level on the Advanced System Management Interface (ASMI) Welcome pane. It appears in the top right corner.Example: AF773_058
5.0 Downloading the Firmware Package
Follow the instructions on Fix Central. You must read and agree to the license agreement to obtain the firmware packages.Note: If your FSM is not internet-connected you will need to download
the new firmware level to a CD-ROM or ftp server.
6.0 Installing the Firmware
The method used to install new firmware will depend on the release level of firmware which is currently installed on your server. The release level can be determined by the prefix of the new firmware's filename.Example: AFXXX_YYY_ZZZ
Where XXX = release level
- If the release level will stay the same (Example: Level AF743_075_075 is currently installed and you are attempting to install level AF743_081_075) this is considered an update.
- If the release level will change (Example: Level AF743_081_075 is currently installed and you are attempting to install level AF743_096_096) this is considered an upgrade.
http://publib.boulder.ibm.com/infocenter/flexsys/information/index.jsp?topic=%2Fcom.ibm.acc.8731.doc%2Fupdating_firmware_and_software.html
See also:
http://publib.boulder.ibm.com/infocenter/flexsys/information/index.jsp?topic=%2Fcom.ibm.acc.7895.doc%2Fupdating_firmware.html