Power7 Entry Systems Firmware

4GB Memory DIMM

8GB Memory DIMM

16GB Memory DIMM

Response for Recent Security Vulnerabilities

• In response to recently reported security vulnerabilities, this firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE-2017-5715. In addition, Operating System updates are available to mitigate the CVE-2017-5753 and CVE-2017-5754 security issues.
  

New Features and Functions

• Support for the Advanced System Management Interface (ASMI) was changed to allow the special characters of "I", "O", and "Q" to be entered for the serial number of the I/O Enclosure under the Configure I/O Enclosure option.  These characters have only been found in an IBM serial number rarely, so typing in these characters will normally be an incorrect action.  However, the special character entry is not blocked by ASMI anymore so it is able to support the exception case.  Without the enhancement, the typing of one of the special characters causes message "Invalid serial number" to be displayed.
  

System firmware changes that affect all systems

• A problem was fixed for incorrect error messages from the Advanced System Management Interface (ASMI) functions when the system is powered on but in the  "Incomplete State".  For this condition, ASMI was assuming the system was powered off because it could not communicate to the PowerVM hypervisor.  With the fix, the ASMI error messages will indicate that ASMI functions have failed because of the bad hypervisor connection instead of falsely stating that the system is powered off.
• A problem was fixed for a failed recovery during a AC power loss for the CEC.  Instead of the system going to a powered off state, it ended in a service processor "Halt" aborted state with SRC 100000AC displayed.  The service processor daemon for network configuration multi-setup ("ncfgMultSetup") had failed three times to threshold and aborted the service processor.   The system can be recovered by a manual AC power cycle. With the fix, the system will recover from the AC power loss if the power supplies are in working condition.
• A problem was fixed for a latency time of about 2 seconds being added to a target Live Partition Mobility (LPM) migration system when there is a latency time check failure.  With the fix, in the case of a latency time check failure, a much smaller default latency is used instead of two seconds.  This error would not be noticed if the customer system is using a Network Time Protocol (NTP) server to maintain the time.
• A rare problem was fixed for a system hang that can occur when dynamically moving "uncapped" partitions to a different shared processor pool.  To prevent a system hang, the "uncapped" partitions should be changed to "capped" before doing the move.
• A problem was fixed for an SRC BA090006 serviceable event log occurring whenever an attempt was made to boot from an ALUA  (Asymmetric Logical Unit Access) drive.  These drives are always busy by design and cannot be used for a partition boot, but no service action is required if a user inadvertently tries to do that.  Therefore, the SRC was changed to be an informational log.
• A  problem was fixed for a partition boot fail or hang from a Fibre Channel device having fabric faults.  Some of the fabric errors returned by the VIOS are not interpreted correctly by the Open Firmware VFC drive, causing the hang instead of generating helpful error logs.
• A problem was fixed for Live Partition Mobility (LPM) migrations from FW860.10 or FW860.11 to older levels of firmware.  Subsequent  DLPAR of Virtual Adapters will fail with HMC error message HSCL294C, which contains text similar to the following:  "0931-007 You have specified an invalid drc_name." This issue affects partitions installed with AIX 7.2 TL 1 and later. Not affected by this issue are partitions installed with VIOS, IBM i, or earlier levels of AIX.
  

System firmware changes that affect certain systems

• On systems with IBM i partitions, a problem was fixed for frequent logging of informational B7005120 errors due to communications path closed conditions during messaging from HMCs to IBM i partitions.  In the majority of cases, these errors are due to normal operating conditions and not due to errors that require service or attention.  The logging of informational errors due to this specific communications path closed condition that are the result of normal operating conditions has been removed.
  

New Features and Functions

• Support was added for the Stevens6+ option of the internal tray loading DVD-ROM drive with F/C #EU13.  This is an 8X/24X(max) Slimline SATA DVD-ROM Drive.  The Stevens6+ option is a FRU hardware replacement for the Stevens3+.  MTM 7226-1U3 (Oliver)  FC 5757/5762/5763 attaches to IBM Power Systems and lists Stevens6+ as optional for Stevens3+.  If the Stevens6+  DVD drive is installed on the system without the required firmware support, the boot of an AIX partition will fail when the DVD is used as the load source.  Also, an IBM i partition cannot consistently boot from the DVD drive using D-mode IPL.  A SRC C2004130 may be logged for the load source not found error.
  

System firmware changes that affect all systems

• A problem was fixed for a Hardware Management Console (HMC) Incomplete state that occurred rarely during partition related operations such as partition creations.  The problem was more likely to occur if there were multiple errors being logged on the service processor at the same time as a partition operation was trying to update and close the HMC save area file.  To recover from the HMC Incomplete state, a soft reset of the service processor can be done from the Advanced System Mangement Interface (ASMI).  If the HMC Incomplete state persists after the soft reset, the managed system should be rebuilt from the HMC.  For more information on HMC recovery steps, refer to this IBM Knowledge Center link: https://www.ibm.com/support/knowledgecenter/en/POWER7/p7eav/aremanagedsystemstate_incomplete.htm.
• A problem was fixed for the Advanced System Management Interface (ASMI) "Network Services/Network Configuration" "Reset Network Configuration" button that was not resetting the static routes to the default factory setting.  The manufacturing default is to have no static routes defined so the fix clears any static routes that had been added.  A circumvention to the problem is to use the ASMI "Network Services/Network Configuration/Static Route Configuration" "Delete" button before resetting the network configuration.
• A problem was fixed for PCI adapters locking up when powered on.  The problem is rare but frequency varies with the specific adapter models.  A system power down and power up is required to get the adapter out of the locked state.
• A problem was fixed for a Network boot/install failure using bootp in a network with switches using the Spanning Tree Protocol (STP).  A Network boot/install using lpar_netboot on the management console was enhanced to allow the number of retries to be increased.  If the user is not using lpar_netboot, the number of bootp retries can be increased using the SMS menus.  If the SMS menus are not an option, the STP in the switch can be set up to allow packets to pass through while the switch is learning the network configuration.
• A security problem was fixed in the lighttpd server on the service processor OpenSSL where a remote attacker, while attempting authentication, could insert strings into the lighttpd server log file.  Under normal operations on the service processor, this does not impact anything because the log is disabled by default.  The Common Vulnerabilities and Exposures issue number is CVE-2015-3200.
• A security problem was fixed in OpenSSL for a possible service processor reset on a null pointer de-reference during RSA PPS signature verification. The Common Vulnerabilities and Exposures issue number is CVE-2015-3194.
• A problem was fixed for a Live Partition Mobility migration that resulted in the source managed system going to the Hardware Management Console (HMC) Incomplete state after the migration to the target system was completed.  This problem is very rare and has only been detected once.. The problem trigger is that the source partition does not halt execution after the migration to the target system.   The HMC went to the Incomplete state for the source managed system when it failed to delete the source partition because the partition would not stop running.  When this problem occurred, the customer network was running very slowly and this may have contributed to the failure.  The recovery action is to re-IPL the source system but that will need to be done without the assistance of the HMC.  For each partition that has a OS running on the source system, shut down each partition from the OS.  Then from the Advanced System Management Interface (ASMI),  power off the managed system.  Alternatively, the system power button may also be used to do the power off.  If the HMC Incomplete state persists after the power off, the managed system should be rebuilt from the HMC.  For more information on HMC recovery steps, refer to this IBM Knowledge Center link: https://www.ibm.com/support/knowledgecenter/en/POWER7/p7eav/aremanagedsystemstate_incomplete.htm
• A problem was fixed for a sequence of two or more Live Partition Mobility migrations that caused a partition to crash with a SRC BA330000 logged (Memory allocation error in partition firmware).  The sequence of LPM migrations that can trigger the partition crash are as follows:
  The original source partition level can be any FW760.xx, FW763.xx, FW770.xx, FW773.xx, FW780.xx, or FW783.xx P7 level or any FW810.xx, FW820.xx, FW830.xx, or FW840.xx P8 level.  It is migrated first to a system running one of the following levels:
  1) FW730.70 or later 730 firmware or
  2) FW740.60 or later 740 firmware
  And then a second migration is needed to a system running one of the following levels:
  1) FW760.00 - FW760.20 or
  2) FW770.00 - FW770.10
  The twice-migrated system partition is now susceptible to the BA330000 partition crash during normal operations until the partition is rebooted.  If an additional LPM migration is done to any firmware level, the thrice-migrated partition is also susceptible to the partition crash until it is rebooted.
  With the fix applied, the susceptible partitions may still log multiple BA330000 errors but there will be no partition crash.  A reboot of the partition will stop the logging of the BA330000 SRC.
  

System firmware changes that affect certain systems

• For systems with an invalid P-side or T-side in the firmware, a problem was fixed in the partition firmware Real-Time Abstraction System (RTAS) so that system Vital Product Data (VPD) is returned at least from the valid side instead of returning no VPD data.   This allows AIX host commands such as lsmcode, lsvpd, and lsattr that rely on the VPD data to work to some extent even if there is one bad code side.  Without the fix,  all the VPD data is blocked from the OS until the invalid code side is recovered by either rejecting the firmware update or attempting to update the system firmware again
• For non-HMC managed systems in Manufacturing Default Configuration (MDC) mode with a single host partition, a problem was fixed for missing dumps of type SYSDUMP. FSPDUMP. LOGDUMP, and RSCDUMP that were not off-loaded to the host OS.  This is an infrequent error caused by a timing error that causes the dump notification signal to the host OS to be lost.  The missing/pending dumps can be retrieved by rebooting the host OS partition.  The rebooted host OS will receive new notifications of the dumps that have to be off-loaded.
• On systems with a PowerVM Active Memory Sharing (AMS) partition with AIX  Level 7.2.0.0 or later with Firmware Assisted Dump enabled, a problem was fixed for a Restart Dump operation failing into KDB mode.  If "q" is entered to exit from KDB mode, the partition fails to start.  The AIX partition must be powered off and back on to recover.  The problem can be circumvented by disabling Firmware Assisted Dump (default is enabled in AIX 7.2).
• On systems with dedicated processor partitions, a problem was fixed for the dedicated processor partition becoming intermittently unresponsive. The problem can be circumvented by changing the partition to use shared processors.
  

New Features and Functions

• Support was added to the Advanced System Management Interface (ASMI) to be able to add a IPv4 static route definition for each ethernet interface on the service processor.  Using a static route definition,  a Hardware Management Console (HMC) configured on a private subnet that is different from the service processor subnet is now able to connect to the service processor and manage the CEC.  A static route persists until it is deleted or until the service processor settings are restored to manufacturing defaults.  The static route is managed with the ASMI panel "Network Services/Network Configuration/Static Route Configuration" IPv4 radio button.  The "Add" button is used to add a static route (only one is allowed for each ethernet interface) and the "Delete" button is used to delete the static route.
  

System firmware changes that affect all systems

• A problem was fixed that prevented a second management console from being added to the CEC.  In some cases, network outages caused defunct management console connection entries to remain in the service processor connection table,  making connection slots unavailable for new management consoles  A reset of the service processor could be used to remove the defunct entries.
• A problem was fixed in the Advanced System Management Interface (ASMI) to reword a confusing message for systems with no deconfigured resources.  The "System Service Aids/Deconfiguration Records" message text for this situation was changed from "Deconfiguration data is currently not available." to "No deconfigured resources found in the system.
• A problem was fixed with the fspremote service tool to make it support TLSv1.2 connections to the service processor to be compatible with systems that had been fixed for the OpenSSL Padding Oracle On Dowgraded Legacy Encryption (POODLE) vulnerabilities.  After the POODLE fix is installed, by default the system only allows secured connections from clients using the TLSv1.2 protocol.
• A problem was fixed for a partition deletion error on the management console with error code 0x4000E002 and message "...insufficient memory for PHYP".  The partition delete operation has been adjusted to accommodate the temporary increase in memory usage caused by memory fragmentation, allowing the delete operation to be successful.
• A security problem was fixed in OpenSSL where the service processor would, under certain conditions, accept Diffie-Hellman client certificates without the use of a private key, allowing a user to falsely authenticate .  The Common Vulnerabilities and Exposures issue number is CVE-2015-0205.
• A security problem was fixed in OpenSSL for it's BigNumber Squaring implementation to prevent a failure of cryptographic protection mechanisms.  The Common Vulnerabilities and Exposures issue number is CVE-2014-3570.
• A security problem was fixed in OpenSSL to fix multiple flaws in the parsing of X.509 certificates.  These flaws could be used to modify an X.509 certificate to produce a certificate with a different fingerprint without invalidating its signature, and possibly bypass fingerprint-based blacklisting.  The Common Vulnerabilities and Exposures issue number is CVE-2014-8275.
• A security problem was fixed in OpenSSL where a remote attacker could crash the service processor with a specially crafted X.509 certificate that causes an invalid pointer or an out-of-bounds write.  The Common Vulnerabilities and Exposures issue numbers are CVE-2015-0286 and CVE-2015-0287.
• A security problem was fixed for an OpenSSL specially crafted X.509 certificate that could cause the service processor to reset in a denial-of-service (DOS) attack.  The Common Vulnerabilities and Exposures issue number is CVE-2015-1789.
• A problem was fixed for some service processor error logs not getting reported to the OS partitions as needed.  The service processor was not checking for a successful completion code on the error log message send, so it was not doing retries of the send to the OS when that was needed to ensure that the OS received the message.
  
• A problem was fixed for service processor core dumps with B181843C during a Live Partition Mobility (LPM) operation that had failed abruptly.  The fix allows the service processor to report the LPM status correctly to the Management Console for the LPM error.
• A security problem was fixed in OpenSSL to prevent weaker than expected security. The client accepts a handshake using an ephemeral ECDH ciphersuite with the server key exchange message omitted.  An attacker could exploit this vulnerability to launch further attacks on the system.  The Common Vulnerabilities and Exposures issue number is CVE-2014-3572.

New Features and Functions

• Support was added for using the Mellanox ConnectX-3 Pro 10/40/56 GbE (Gigabit Ethernet) adapter as a network install device.
• An enhancement was made for the Global Interrupt Queue (GIQ) so that interrupts are presented in a round-robin fashion in partitions that have idle processors instead of GIQ directed interrupts favoring lower numbered processors.
  

System firmware changes that affect all systems

• A  security problem was fixed for the Lighttpd web server that allowed arbitrary SQL commands to be run on the service processor.  The Common Vulnerabilities and Exposures issue number is CVE-2014-2323.
• A security problem was fixed for the Lighttpd web server where improperly-structured URLs could be used to view arbitrary files on the service processor.  The Common Vulnerabilities and Exposures issue number is CVE-2014-2324.
• A security problem was fixed for the Network Time Protocol (NTP) client that allowed remote attackers to execute arbitrary code via a crafted packet containing an extension field.  The Common Vulnerabilities and Exposures issue number is CVE-2009-1252.
• A security problem was fixed for the Network Time Protocol (NTP) client for a buffer overflow that allowed remote NTP servers to execute arbitrary code via a crafted response.  The Common Vulnerabilities and Exposures issue number is CVE-2009-0159.
• A  security problem was fixed in the service processor TCP/IP stack to discard illegal TCP/IP packets that have the SYN and FIN flags set at the same time.  An explicit packet discard was needed to prevent further processing of the packet that could result in an bypass of the iptables firewall rules.
• A security problem was fixed in the OpenSSL (Secure Socket Layer) protocol that allowed a man-in -the middle attacker, via a specially crafted fragmented handshake packet, to force a TLS/SSL server to use TLS 1.0, even if both the client and server supported newer protocol versions. The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-3511.
• A security problem was fixed in OpenSSL for formatting fields of security certificates without null-terminating the output strings.  This could be used to disclose portions of the program memory on the service processor.  The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-3508.
• Multiple security problems were fixed in the way that OpenSSL handled Datagram Transport Layer Security (DLTS) packets.  A specially crafted DTLS handshake packet could cause the service processor to reset.  The Common Vulnerabilities and Exposures issue numbers for these problems are CVE-2014-3505, CVE-2014-3506 and CVE-2014-3507.
• A security problem was fixed in OpenSSL to prevent a denial of service when handling certain Datagram Transport Layer Security (DTLS) ServerHello requests.  A specially crafted DTLS handshake packet with an included Supported EC Point Format extension could cause the service processor to reset.  The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-3509.
• A security problem was fixed in OpenSSL to prevent a denial of service by using an exploit of a null pointer de-reference during anonymous Diffie Hellman (DH) key exchange.  A specially crafted handshake packet could cause the service processor to reset.  The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-3510.
• A security problem was fixed in OpenSSL for memory leaks that allowed remote attackers to cause a denial of service (out of memory on the service processor). The Common Vulnerabilities and Exposures issue numbers are CVE-2014-3513 and CVE-2014-3567.
• A security problem was fixed in the Advanced System Management Interface (ASMI) to block click-jacking attempts. This prevents framing of the original ASMI page with a top layer on it with dummy buttons that could trick the user into clicking on a link.
• A problem was fixed that caused a "code accept" during a concurrent firmware installation from the management console to fail with SRC E302F85C.
• A security problem was fixed in OpenSSL for padding-oracle attacks known as Padding Oracle On Dowgraded Legacy Encryption (POODLE).  This attack allows a man-in-the-middle attacker to obtain a plain text version of the encrypted session data. The Common Vulnerabilities and Exposures issue number is CVE-2014-3566.  The service processor POODLE fix is based on a selective disablement of SSLv3 using the Advanced System Management Interface (ASMI) "System Configuration/Security Configuration" menu options.  The Security Configuration options of "Disabled", "Default", and "Enabled" for SSLv3 determines the level of protection from POODLE.  The management console also requires a POODLE fix for APAR MB03867(Fix for CVE-2014-3566 for HMC V7 R7.9.0 SP1 with PTF MH01484) to eliminate all vulnerability to POODLE and allow use of option 1 "Disabled" as shown below:
  -1) Disabled:  This highest level of security protection does not allow service processor clients to connect using SSLv3, thereby eliminating any possibility of a POODLE attack.  All clients must be capable of using TLS to make the secured connections to the service processor to use this option.  This requires the management console be at a recommended minimum level of HMC V7 R7.9.0 SP1 with POODLE PTF MH01484.
  -2) Default:  This medium level of security protection disables SSLv3 for the web browser sessions to ASMI and for the CIM clients and assures them of POODLE-free connections.  But the legacy management consoles are allowed to use SSLv3 to connect to the service processor.  This is intended to allow non-POODLE compliant HMC levels to be able to connect to the CEC servers until they can be planned and upgraded to the POODLE compliant HMC levels.  Running a non-POODLE compliant HMC to a service processor in  "Default" mode will prevent the ASMI-proxy sessions from the HMC from connecting as these proxy sessions require SSLv3 support in ASMI.
  -3) Enabled:  This basic level of security protection enables SSLv3 for all service processor client connection.  It relies on all clients being at POODLE fix compliant levels to provide full POODLE protection using the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV) to prevent fallback to vulnerable SSLv3 connections.  This option is intended for customer sites on protected internal networks that have a large investment in legacy hardware that need SSLv3 to make browser and HMC connection to the service processor.  The level of POODLE protection actually achieved in "Enabled" mode is determined by the percentage of clients that are at the POODLE fix compliant levels.
• A problem was fixed for a Live Partition Mobility (LPM) suspend and transfer of a partition that caused the time of day to skip ahead to an incorrect value on the target system.  The problem only occurred when a suspended partition was migrated to a target CEC that had a hypervisor time that was later than the source CEC.
• A problem was fixed that could result in latency or timeout issues with I/O devices.
• A problem was fixed for I/O adapters so that BA400002 errors were changed to informational for memory boundary adjustments made to the size of DMA map-in requests.  These DMA size adjustments were marked as UE previously for a condition that is normal.
• A problem was fixed for the Advanced System Manager Interface (ASMI) that allowed possible cross-site request forgery (CSRF) exploitation of the ASMI user session to do unwanted tasks on the service processor.
• A problem was fixed for intermittent B181EF88 SRCs and netsSlp core dumps during network configurations on the service processor.  This error caused call home activity for the SRC and dumps but otherwise had no impact to the CEC functionality.
  

• A problem was fixed for DASD backplane 5V or 1.2V regulator pgood power faults (SRC 11002634 and SRC 1100262F) so that the call out specified the location code for the part as Un-P3 instead of Un-P2.  This fix pertains only to Power 710 Express 8231-E2B and Power 730 Express 8231-E2B systems.
• On systems with a F/C 5802 or 5877 I/O drawer installed, a problem was fixed for a hypervisor hang at progress code C7004091 during the IPL or hangs during serviceability tasks to the I/O drawer.
• On systems that have Active Memory Sharing (AMS) partitions, a problem was fixed for Dynamic Logical Partitioning (DLPAR) for a memory remove that leaves a logical memory block (LMB) in an unusable state until partition reboot.
• On systems using the Virtual I/O Server (VIOS) to share physical I/O resources among client logical partitions, a problem was fixed for memory relocation errors during page migrations for the virtual control blocks.  These errors caused a CEC termination with SRC B700F103.  The memory relocation could be part of the processing for the Dynamic Platform Optimizer (DPO), Active Memory Sharing (AMS) between partitions, mirrored memory defragmentation, or a concurrent FRU repair.
• A problem was fixed that could result in unpredictable behavior if a memory UE is encountered while relocating the contents of a logical memory block during one of these operations:
  - Using concurrent maintenance to perform a hot repair of a node.
  - Reducing the size of an Active Memory Sharing (AMS) pool.
  - On systems using mirrored memory, using the memory mirroring optimization tool.
• A problem was fixed for systems in networks using the Juniper 1GBe and 10GBe switches (F/Cs #1108, #1145, and #1151) to prevent network ping errors and boot from network (bootp) failures.  The Address Resolution Protocol (ARP) table information on the Juniper aggregated switches is not being shared between the switches and that causes problems for address resolution in certain network configurations.  Therefore, the CEC network stack code has been enhanced to add three gratuitous ARPs (ARP replies sent without a request received) before each ping and bootp request to ensure that all the network switches have the latest network information for the system.
• On systems in IPv6 networks, a  problem was fixed for a network boot/install failing with SRC B2004158 and IP address resolution failing using neighbor solicitation to the partition firmware client.
• For systems with a IBM i load source disk attached to an Emulex-based fibre channel adapter such as F/C #5735, a problem was fixed that caused an IBM i load source boot to fail with SRC B2006110 logged and a message to the boot console of  "SPLIT-MEM Out of Room".  This problem occurred for load source disks that needed extra disk scans to be found, such as those attached to a port other than the first port of a fibre channel adapter (first port requires fewest disk scans).
• On systems with a partition that has a 256MB Real Memory Offset (RMO) region size that has been migrated from a Power8 system to  Power7 or Power6 using Live Partition Mobility (LPM), a problem was fixed that caused a failure on the next boot of the partition with a BA210000 log with a CA000091 checkpoint just prior to the BA210000.  The fix dynamically adjusts the memory footprint of the partition to fit on the earlier Power systems.
  

System firmware changes that affect all systems

• HIPER/Pervasive:  A security problem was fixed in the OpenSSL (Secure Socket Layer) protocol that allowed clients and servers, via a specially crafted handshake packet, to use weak keying material for communication.  A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between the management console and the service processor.  The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-0224.
• HIPER/Pervasive:  A security problem was fixed in OpenSSL for a buffer overflow in the Datagram Transport Layer Security (DTLS) when handling invalid DTLS packet fragments.  This could be used to execute arbitrary code on the service processor.  The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-0195.
• HIPER/Pervasive:  Multiple security problems were fixed in the way that OpenSSL handled read and write buffers when the SSL_MODE_RELEASE_BUFFERS mode was enabled to prevent denial of service.  These could cause the service processor to reset or unexpectedly drop connections to the management console when processing certain SSL commands.  The Common Vulnerabilities and Exposures issue numbers for these problems are CVE-2010-5298 and CVE-2014-0198.
• HIPER/Pervasive:  A security problem was fixed in OpenSSL to prevent a denial of service when handling certain Datagram Transport Layer Security (DTLS) ServerHello requests. A specially crafted DTLS handshake packet could cause the service processor to reset.  The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-0221.
• HIPER/Pervasive:  A security problem was fixed in OpenSSL to prevent a denial of service by using an exploit of a null pointer de-reference during anonymous Elliptic Curve Diffie Hellman (ECDH) key exchange.  A specially crafted handshake packet could cause the service processor to reset.  The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-3470.

System firmware changes that affect all systems

• A problem was fixed that caused a built-in self test (BIST) for GX slots to create corrupt error log values that core dumped the service processor with a B18187DA.  The corruption was caused by a failure to initialize the BIST array to 0 before starting the tests.
• Help text for the Advanced System Management Interface (ASMI) "System Configuration/Hardware Deconfiguration/Clear All Deconfiguration Errors" menu option was enhanced to clarify that when selecting "Hardware Resources" value of "All hardware resources", the service processor deconfiguration data is not cleared.   The "Service processor" must be explicitly selected for that to be cleared.
• A problem was fixed that prevented guard error logs from being reported for FRUs that were guarded during the system power on.  This could happen if the same FRU had been previously reported as guarded on a different power on of the system.  The requirement is now met that guarded FRUs are logged on every power on of the system.
• DEFERRED: A problem was fixed that caused a system checkstop with SRC B113E504 for a recoverable hardware fault.  This deferred fix addresses a problem that has a very low probability of occurrence.  As such customers may wait for the next planned service window to activate the deferred fix via a system reboot.
  

System firmware changes that affect certain systems

• On systems with a F/C 5802 or 5877 I/O drawer installed, a problem was fixed that where an Offline Converter Assembly (OCA) fault would appear to persist after an OCA micro-reset or OCA replacement.  The fault bit reported to the OS may not be cleared, indicating a fault still exists in the I/O drawer after it has been repaired.
• On systems with a F/C 5802 or 5877 I/O drawer installed, a problem was fixed that occurred during Offline Converter Assembly (OCA) replacement operations. The fix prevents a false  Voltage Regulator Module (VRM) fault and the logging of SRCs 10001511 or 10001521 from occurring.    This resulted in the OCA LED getting stuck in an on or "fault" state and the OCA not powering on.
• On systems involved in a series of consecutive Live Partition Mobility (LPM) operations, a memory leak problem was fixed in the run time abstraction service (RTAS) that caused a partition run time AIX crash with SRC 0c20.  Other possible symptoms include error logs with SRC BA330002 (RTAS memory allocation failure).
• On a system with partitions with redundant Virtual Asynchronous Services Interface (VASI) streams,  a problem was fixed that caused the system to terminate with SRC B170E540.  The affected partitions include Active Memory Sharing (AMS), encapsulated state partitions, and hibernation-capable partitions.  The problem is triggered when the management console attempts to change the active VASI stream in a redundant configuration.  This may occur due to a stream reconfiguration caused by Live Partition Mobility (LPM); reconfiguring from a redundant Paging Service Partition (PSP) to a single-PSP configuration; or conversion of a partition from AMS to dedicated memory.
• On a system with a disk device with multiple boot partitions, a problem was fixed that caused System Management Services (SMS) to list only one boot partition.  Even though only one boot partition was listed in SMS, the AIX bootlist command could still be used to boot from any boot partition.
• On a system with a partition with a AIX and Linux boot source to support dual booting, a problem was fixed that caused the Host Ethernet Adapter (HEA) to be disabled when rebooting from Linux to AIX.  Linux had disabled interrupts for the HEA on power down, causing an error for AIX when it tried to use the HEA to access the network.
  

New Features and Functions

• Support was added in Advanced System Management Interface (ASMI) for saving and restoring network settings using a USB flash drive.
• Support was dropped for Secured Socket Layer (SSL) Version 2 and SSL weak and medium cipher suites in the service processor web server (Lighttpd).  Unsupported web browser connections to the Advanced System Management Interface (ASMI) secured port 443 (using https://) will now be rejected if those browsers do not support SSL version 3.  Supported web browsers for Power7 ASMI are Netscape (version 9.0.0.4), Microsoft Internet Explorer (version 7.0), Mozilla Firefox (version 2.0.0.11), and Opera (version 9.24).

System firmware changes that affect all systems

• On systems with utility processors,  an accounting problem with utility processor minutes was fixed.
•  A problem was fixed that caused a migrated partition to reboot during transfer to a VIOS 2.2.2.0, and later, target system. A manual reboot would be required if transferred to a target system running an earlier VIOS release.  Migration recovery may also be necessary.
• A problem was fixed that caused a service processor dump to be generated with SRC B18187DA "NETC_RECV_ER" logged.
• A problem was fixed that caused a L2 cache error to not guard out the faulty processor, allowing the system to checkstop again on an error to the same faulty processor.
• A problem was fixed that caused a HMC code update failure for the FSP on the accept operation with SRC B1811402 or FSP is unable to boot on the updated side.
• A problem was fixed that caused a 1000911E platform event log (PEL) to be marked as not call home.  The PEL is now a call home to allow for correction.  This PEL is logged when the hypervisor has changed the Machine Type Model Serial Number (MTMS) of an external enclosure to UTMP.xxx.xxxx because it cannot read the vital product data (VPD), or the VPD has invalid characters, or if the MTMS is a duplicate to another enclosure.
• A problem was fixed that caused the state of the Host Ethernet Adapter (HEA) port to be reported as down when the physical port is actually up.
• A problem was fixed that caused the system attention LED to be lit without a corresponding SRC and error log for the event.  This problem typically occurs when an operating system on a partition terminates abnormally.
• DEFERRED: A problem was fixed that caused a system checkstop during hypervisor time keeping services. This deferred fix addresses a problem that has a very low probability of occurrence.  As such customers may wait for the next planned service window to activate the deferred fix via a system reboot.
  

• On systems with a F/C 5802 or 5877 I/O drawer installed, the firmware was enhanced to guarantee that an SRC will be generated when there is a power supply voltage fault.  If no SRC is generated, a loss of power redundancy may not be detected, which can lead to a drawer crash if the other power supply goes down.  This also fixes a problem that causes an 8 GB Fiber channel adapter in the drawer to fail if the 12V level fails in one Offline Converter Assembly (OCA).
  
• On systems managed by an HMC with a F/C 5802 or 5877 I/O drawer installed, a problem was fixed that caused the hardware topology on the management console for the managed system to show "null" instead of "operational" for the affected I/O drawers.
• For 8233-E8B and 8236-E8C systems, a problem was fixed that prevented the clear of the file on the service processor that contains partition data when the Advanced Management System Interface (ASMI) was used to "Reset Server Firmware Settings" from the Factory Configuration menu.  This problem caused the HMC managed system to go into the recovery state.
• On systems running AIX or Linux, a problem was fixed that caused the operating system to halt when an InfiniBand Host Channel Adapter (HCA) adapter fails or malfunctions.
• A problem was fixed in the run-time abstraction services (RTAS) extended error handling (EEH) for fundamental reset that caused partitions to crash during adapter updates.  The fundamental reset of adapters now returns a valid return code.  The adapter drivers using fundamental reset affected by this fix are the following:
  
  • QLogic PCIe Fibre Channel adapters (combo card)
  •  IBM PCIe Obsidian
  • Emulex BE3-based ethernet adapters
  • Broadcom-based PCIe2 4-port 1Gb ethernet
  • Broadcom-based FlexSystem EN2024 4-port 1Gb ethernet for compute nodes

System firmware changes that affect all systems

• A problem was fixed that caused a card (and its children) that was removed after the system was booted to continue to be listed in the guard menus in the Advanced System Management Interface (ASMI).
• A problem was fixed that caused SRC B1813221, which indicates a failure of the battery on the service processor, to be erroneously logged after a service processor reset or power cycle.
• A problem was fixed that caused various SRCs to be erroneously logged at boot time including B181E6C7 and B1818A14.
• A problem was fixed that caused a code update operation to fail with a time-out error, creating a call-home with SRC B1818A0F .  This problem is more likely to occur on HMC-managed systems experiencing a high level of management activity during a code update.
• A problem was fixed that caused the service processor (or system controller) to crash when it boots from the new level during a concurrent firmware installation.
• A problem was fixed that caused SRC B7006A72 to be erroneously logged.
• The Power Hypervisor was enhanced to insure better synchronization of vSCSI and NPIV I/O interrupts to partitions.
• A problem was fixed that was caused by an attempt to modify a virtual adapter from the management console command line when the command specifies it is an Ethernet adapter, but the virtual ID specified is for an adapter type other than Ethernet.  The managed system has to be rebooted to restore communications with the management console when this problem occurs; SRC B7000602 is also logged.

System firmware changes that affect certain systems

• On systems with an I/O tower attached, a problem was fixed that caused SRCs 10009135 and 10009139 to be erroneously logged.
• A problem was fixed that caused the Field Core Override (FCO) value in the Advanced System Management Interface (ASMI) menus to be displayed incorrectly the first time the ASMI menus were accessed.
• On systems with an I/O tower attached, a problem was fixed that caused multiple service processor reset/reloads if the tower was continuously sending invalid System Power Control Network (SPCN) status data.
• A problem was fixed that caused the HMC to display incorrect data for a virtual Ethernet adapter's transactions statistics.
• A problem was fixed that caused a hibernation resume operation to hang if the connection to the paging space is lost near the end of the resume processing.  This is more likely on a partition that supports remote restart.
• A problem was fixed that caused the system to terminate with a bad address checkstop during mirroring defragmentation.
  
• A problem was fixed that prevented the HMC command "lshwres" from showing any I/O adapters if any adapter name contained the ampersand character in the VPD.
• On a system running a Live Partition Mobility (LPM) operation, a problem was fixed that caused the partition to successfully appear on the target system, but hang with a 2005 SRC.
  
• On a partition with a large number of potentially bootable devices, a problem was fixed that caused the partition to fail to boot with a default catch, and SRC BA210000 may also be logged.
• On systems running Active Memory Sharing (AMS) partitions, a problem was fixed that may arise due to the incorrect handling of a return code in an error path during the Live Partition Mobility (LPM) of an AMS partition.
• On systems running Active Memory Sharing (AMS) partitions, a timing problem was fixed that may occur if the system is undergoing AMS pool size changes.
  

System firmware changes that affect all systems

• HIPER/Non-Pervasive: DEFERRED:  A problem was fixed that caused a system crash with SRC B170E540.
• HIPER/Non-Pervasive:  A related problem was also fixed that could cause a live lock on the power bus resulting in a system crash.
• To address poor placement of partitions following a reboot of a server with unlicensed cores, the firmware was enhanced to run the affinity manager when the initialize configuration operation is done from the HMC.  A problem was also fixed that caused the hypervisor to be left in an inconsistent state after a partition create operation failed.
  

New Features and Functions

• Support for booting the IBM i operating system from a USB tape drive.
  

System firmware changes that affect all systems

• A problem was fixed that caused a partition with dedicated processors to hang with SRC  BA33xxxx when rebooted, after it was migrated using a Live Partition Mobility (LPM) operation from a system running Ax730 to a system running Ax740, or vice versa.
• The firmware was enhanced to call out the correct field replaceable units (FRUs) when SRC B124E504 with description "Chnl init TO due to SN stuck in recovery" was logged.
• A problem was fixed that caused SRC B1818A10 to be erroneously logged after a system firmware installation.
• A problem was fixed that caused booting from a virtual fibre channel tape device to fail with SRC B2008105.
• The firmware was enhanced to log SRCs BA180030 and BA180031 as informational instead of predictive.
• A problem was fixed that caused a "code accept" during a concurrent firmware installation from the HMC to fail with SRC E302F85C.  This is most likely to occur on model FHB systems.
• On systems running the AIX operating system, a problem was fixed that caused the hypervisor to crash with SRC B7000103, after an HEA (Host Ethernet Adapter) error was logged, when there is a lot of AIX activity on the HEAs.
• A problem was fixed that caused the suspension of a partition to fail if a large amount of data has to be stored to resume the partition.
• A problem was fixed that caused a system crash with unrecoverable SRC B7000103 with "ErFlightRecorder" in the failing stack.
• On systems booting from an NPIV (N-port ID virtualization) device, a problem was fixed that caused the boot to intermittently terminate with the message "PReP-BOOT: unable to load full PReP image.".  This problem occurs more frequently on the IBM V7000 Storage System running the SAN Volume Controller (SVC), but not on every boot.
• A problem was fixed that caused SRC B181E6F1 with the description "RMGR_PERSISTENT_EVENT_TIMEOUT" to be erroneously logged.
• A problem was fixed that prevented a change to the system operating mode ("M" or "N") made in the Advanced System Management Interface (ASMI) menu from being displayed in the physical control (operator) panel.
  
• A problem was fixed that caused a memory leak in the service processor firmware.
• A problem was fixed that caused SRC B155A491 to be erroneously logged during multiple system IPLs.  This SRC may cause the system to terminate.
• A problem was fixed that caused the default value for Field Core Override to be incorrect in the ASMI menus the first time the system is booted.
  
• The ASMI menus were enhanced to more clearly indicate which processor cores were deconfigured by the Field Core Override (FCO) option (F/C 2319).
• On 8202-E4B and 8205-E6B systems, the firmware was enhanced to call out a failing VRM, instead of the memory card on which the VRM is plugged, if the VRM fails when the system is booting.
• On 8231-E2B systems, the firmware was enhanced to improve the service actions for SRC 11002691.

• The firmware was enhanced to fix a potential performance degradation on systems utilizing the stride-N stream prefetch instructions dcbt (with TH=1011) or dcbtst (with TH=1011).  Typical applications executing these algorithms include High Performance Computing, data intensive applications exploiting streaming instruction prefetchs, and applications utilizing the Engineering and Scientific Subroutine Library (ESSL) 5.1.
• On systems on which Internet Explorer (IE) is used to access the Advanced System Management Interface (ASMI) on the Hardware Management Console (HMC), a problem was fixed that caused IE to hang for about 10 minutes after saving changes to network parameters on the ASMI.
• A problem was fixed that caused informational SRC A70047FF, which may indicate that the Anchor (VPD) card should be replaced, to be erroneously logged again after the Anchor card was replaced.
• A problem was fixed that caused a network installation of IBM i to fail when the client was on the same subnet as the server.
• On systems with a 5796 or 5797 I/O drawer attached, a problem was fixed that could cause a system hang.
• On system managed by an HMC, a problem was fixed that caused the lsstat command on the HMC to display an erroneously high number of packets transmitted and received on a vlan interface.
  
• On systems with a 7311 I/O drawer attached, a problem was fixed that caused a system boot to hang with C700406E.
  
• On system managed by an HMC, a problem was fixed that caused the lsstat command on the HMC to display an erroneously high number of packets transmitted and received on a vlan interface.
• On 8202-E4B and 8205-E6B systems with the feature code (F/C) 5610 or F/C 5685 PCI expansion riser installed, a multi-port communications adapter installed in a slot on the expansion riser, and that are managed by an HMC, a problem was fixed that prevented hardware discovery by the HMC of the communication adapter from completing.  This problem could also cause making a system plan to fail with SRC BA350000.
  

New Features and Functions

• Support for IBM i Live Partition Mobility (LPM)
  

System firmware changes that affect all systems

• A problem was fixed that prevented the user from changing the boot mode or keylock setting after a remote restart-capable partition is created, even after the partition's paging device is on-line.

• The firmware resolves undetected N-mode stability problems and improves error reporting on the feature code (F/C) 5802 and 5877 I/O drawer power subsystem.
  

System firmware changes that affect all systems

• The firmware was enhanced to properly display a memory controller that has been guarded out manually on the "Deconfiguration Records" menu option (under "System Service Aids") on the Advanced System Management Interface (ASMI).
  
• A problem was fixed that caused multiple service processor dumps to be unnecessarily taken during a concurrent firmware update.  SRC B181EF9A, which indicates that the dump space on the service processor is full, was logged as a result.
• The firmware was enhanced to increase the threshold for recoverable SRC B113E504 so that the processor core reporting the SRC is not guarded out.  This prevents unnecessary performance loss and the unnecessary replacement of processor modules.
• A problem was fixed that caused SRC B7000602 to be erroneously logged at power on.
• The firmware was enhanced to recognize new USB-attached devices so that they will be listed as boot devices in the System Management Services (SMS) menus.
• A problem was fixed that caused booting or installing a partition or system from a USB device to fail with error code BA210012.  This usually occurs when an operating system (OS) other than the OS that is already on the partition or system is booted or installed.
• On the System Management Services (SMS) remote IPL (RIPL) menus, a problem was fixed that caused the SMS menu to continue to show that an Ethernet device is configured for iSCSI, even though the user has changed it to BOOTP.
  
• The firmware was enhanced to log SRCs BA180030 and BA180031 as informational instead of predictive.
• The firmware was enhanced to increase the threshold of soft NVRAM errors on the service processor to 32 before SRC B15xF109 is logged.  (Replacement of the service processor is recommended if more than one B15xF109 is logged per week.)
  
• A problem was fixed that caused the internal PCI slot fault LEDs to erroneously turn on after AC power was removed, then reapplied.

• HIPER/Non-pervasive:  On systems managed by a Hardware Management Console (HMC), and on which a concurrent system firmware update was done, a problem was fixed that caused the number of processors available on the managed system shown on the management console to be smaller than it should have been.
• A problem was fixed that caused the hypervisor to hang during a concurrent operation on a F/C 5802, 5803, 5873 or 5877 I/O drawer.  Recovering from the hypervisor hang required a platform reboot.
  
• A problem was fixed that impacted performance if profiling was enabled in one or more partitions.  Performance profiling is enabled:
   - In an AIX or VIOS partition using the tprof (-a, -b, -B, -E option) command or pmctl (-a, -E option) command.
   - In an IBM i partition when the PEX *TRACE profile (TPROF) collections or PEX *PROFILE collections are active.
   - In a Linux partition using the perf command, which is available in RHEL6 and SLES11; profiling with oprofile does not cause the problem.
• A problem was fixed that prevented the operating system from being notified that a F/C 5802 or 5877 I/O drawer had recovered from an input power fault (SRC 10001512 or 10001522).
  
• On a system that is being upgraded from Ax720 system firmware to Ax730 system firmware, the firmware was enhanced to log B1818A0F as informational instead of predictive if it occurs during the firmware upgrade.
• On systems running Active Memory Sharing (AMS), the allocation of the memory was enhanced to improve performance.
• A problem was fixed that caused the suspension of a logical partition running Active Memory Sharing (AMS) to fail because the disk headers had not been erased.
• On systems with an iSCSI network, when booting a logical partition using that iSCSI network, a problem was fixed that caused the iSCSI gateway parameter displayed on the screen to be incorrect.  It did not impact iSCSI boot functionality.
• On systems running Active Memory Sharing (AMS) and Active Memory Mirrorring (AMM), a problem was fixed that caused memory allocation to fail.  This in turn caused a partition to fail to boot with SRC A2009030.
• On systems using the Advanced Energy Manager (AEM) to run in Dynamic Power Save (DPS) mode, and with deconfigured processor cores, a problem was fixed that caused the processor voltages to be set incorrectly, which in turn caused the system to use more power than it should have been using.
• On systems managed by an HMC and using affinity groups, a problem was fixed that prevented one of the partitions from being placed correctly.
  

System firmware changes that affect certain systems