Filename

Size

Checksum

8348_820.1923.20190613n_update.hpm

67109473

75704609345561e15dd8ed856e139929

OP820
For Impact, Severity and other Firmware definitions, Please refer to the below 'Glossary of firmware terms' url:
http://www14.software.ibm.com/webapp/set2/sas/f/power5cm/home.html#termdefs

OP8_v1.12_2.96 / OP820.30

07/01/2019

Impact:  Security Severity: SPE

New features and functions for MTM 8348-21C

In response to recently reported security vulnerabilities, this firmware update is being released to address Common Vulnerabilities and Exposures issue numbers CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754. Operating System updates are required in conjunction with this firmware level for CVE-2017-5753 and CVE-2017-5754. This replaces an earlier firmware update for the same problem which was found to not be effective.

Support was added for a Self-Boot Engine (SBE) validation during the IPL to verify that the firmware images are the shipped versions.

Added BMC support to be able to detect Self Boot Engine (SBE) SEEPROM corruption

Support has been removed from XIVE interrupt controller for the store EOI operation.  Hardware has limitations which would require a sync after each store EOI to make sure the MMIO operations that change the ESB state are ordered. This would be performance prohibitive and the PCI Host Bridges (PHBs) do not support the synchronization.

Support was added to recognize a port parameter in the URL path for the Preboot eXecution Environment (PXE) in the ethernet adapters.  Without the fix, there could be PXE discovery failures if a port was specified in the URL for the PXE.  

Support was added for HTTP(S) proxies when down-loading resources during the Petitboot.  For example, this allows the user to set HTTP(S) proxies for use when loading configuration or boot files.

Support for expanded time out options for the BMC web gui/KVM sessions. The old time out range (300 - 1800 seconds) has been changed as follows:

1. Increased the maximum timeout from 1800 seconds to 1296000 seconds, i.e., basically increased the maximum timeout to15 days.

2. Decreased the minimum timeout from 300 seconds to 0. If the timeout value is 0, then it is considered an infinite timeout. KVM will not timeout and that in-turn will also keep the BMC web gui running too.

Support for the  Red Hat Enterprise Linux 7.3 OS as a OPAL bare-metal install.   For more information on the features delivered with RHEL7.3, see the Red Hat information portal:  https://access.redhat.com/documentation/en/red-hat-enterprise-linux/.

Support for a OPAL raw console to receive output from the PowerPC boot EPAPR (Embedded Power Architecture Platform Requirements) wrapper.  This allows decompression failures inside the wrapper caused by data corruption to be reported to the user.

Support for the CAPI Compression Accelerator Adapter with Feature Codes #EJ1A and #EJ1B and CCIN 2CF0.  This CAPI FPGA (Field Programmable Gate Array) adapter acts as a co-processor for the POWER8 processor chip handling specialized, repetitive function extremely efficiently. The adapter is preloaded with a GZIP application and is intended to run as a gzip accelerator.  The GZIP application maximum bandwidth is the PCIe3 interface bandwidth.  Use of the #EJ1A or #EJ1B adapter requires one  #EC2A CAPI activation feature per system.   This CAPI gzip feature does not run under PowerKVM but as a bare-metal install only for the following minimum Little Endian (LE) Linux distributions levels:

1) Red Hat Enterprise Linux 7.2

2) Ubuntu 14.04.5

3) Ubuntu 16.04.1

Support was added for detecting and logging a SEL for power supply fan faults and turning on the system attention LED.

Support was enhanced in the BMC LDAP configuration:

1) Added support for allowing the hostname in any of LDAP fields that currently only allow IP addresses.

2) Added support for BIND names greater than 64 characters.

Support was enhanced for the configuration of the System and Audit Log settings:

1) Log settings were enhanced to support  "local Logs" and "remote Logs" at the same time.

2) The "Server Address" field was enhanced to have a custom port number in addition to the default 514 port.

3) The Syslog System log was enhanced to support a TCP configuration in addition to the UDP configuration that was already supported.

Support was changed for the BMC SMTP configuration to remove the "machine name" field since a SMTP relay server cannot be configured.

Support was enhanced for the BMC SMTP configuration to allow the "Server Address" field to have a symbolic host name with a domain name or an IP address as was supported.

Support was enhanced for the BMC DNS configuration to allow host names to have a "." included in the name and to allow the host names to be greater than 15 characters.

System firmware changes that affect all systems

A security problem was fixed to prevent host programs from being able to corrupt the BMC using the internal software bridges between the host and BMC.  The Common Vulnerabilities and Exposures issue number is CVE-2019-6260.

A security problem was fixed to detect and prevent Self Boot Engine (SBE) SEEPROM corruption.   The Common Vulnerabilities and Exposures issue number is CVE-2018-8931.

A problem was fixed for system hangs for early fails that occur in Hostboot.  With the fix, the early fails are handled and recovery attempted to allow the IPL to succeed.

A problem was fixed for the power capping range allowed for the user.  OCC provides two limits for minimum powercap. One being hard powercap minimum which is guaranteed by OCC and the other one is a soft powercap minimum which is lesser than hard-min and may or may not be asserted due to various power-thermal reasons. So to allow the users to access the entire powercap range, this fix exports soft powercap minimum as the “powercap-min” DT property. And it also adds a new DT property called “powercap-hard-min” to export the hard-min powercap limit.

A problem was fixed for lost output on the console when the OS is stopping or rebooting.  With the fix, the console output is always flushed before stopping the system.

A problem was fixed for the AST VGA device which could sometimes fail to initialize when the vendor ID for the device was parsed incorrectly.  

A problem was fixed for a system hang that could occur while printing with system debug options and having a active user on the console.

A problem was fixed for an intermittent opal-prd crash that can happen on the host OS.  This is the fault signature:  " opal-prd[2864]: unhandled signal 11 at 0000000000029320 nip 00000 00102012830 lr 0000000102016890 code 1"

A problem was fixed for diagnostic code trying to read sensor values for PCI Host Bridge (PHB) entries that are unused, which causes debug output to have incorrect values for the unused entries.  With the fix, only the used entries are processed by the diagnostic code.

A problem was fixed for Petitboot exiting to the shell with xCAT genesis in the menu when trying to do a network boot.  Petitboot was timing out when trying to access the ftpserver but it was not doing the network re-queries necessary for a proper retry.  If this error happens on a system, it can be made to boot with the following two steps:

1) Type the word "exit" and press enter key.  This brings it back to petitboot menu.

2) Press the enter key again to start the boot of the xCAT image.

A problem has been fixed for a slow start up of a process that can occur when the system had been previously in an idle state.

A problem has been fixed for a TOD error that can cause a soft lockup of the kernel.  A 'soft lockup' is defined as a bug that causes the kernel to loop in kernel mode for more than 20 seconds, without giving other tasks a chance to run. The current stack trace is displayed upon detection and, by default, the system will stay locked up.

A problem has been fixed to add part and serial numbers to the processors when accessed through the device tree.

A problem has been fixed to make the OS aware of the DARN random number generator at 0x00200000 PPC_FEATURE2_DARN) and the SCV syscall at 0x00100000 (PPC_FEATURE2_SCV).  Without this fix, these service constants are not defined in the OS userspace.

A problem was fixed for Coherent Accelerator Processor Proxy (CAPP) mode for the PCI Host Bridge (PHB) to improve DMA write performance by enabling channel tag streaming for the PHB.  With this enabled, the DMA write does not have to wait for a response before sending a new write command on the bus.

A problem was fixed for the Open-Power Flash tool "pflash" failing with a blocklevel_smart_erase error during a pflash.  This problem is infrequent and is triggered if pflash detects a smart erase fits entirely within one erase block.

A problem was fixed in the Petitboot user interface to handle cursor mode arrow keys for the VT100 'application' cursor to prevent mis-interpreting an arrow key as an escape key in some situations.  For more information on the VT100 cursor keys, see http://www.tldp.org/HOWTO/Keyboard-and-Console-HOWTO-21.html.

A problem was fixed in the Petitboot user interface to cancel the autoboot if the user has exited the Petitboot user interface.  This prevents the user dropping to the shell and then having the machine boot on them instead of waiting until the user is ready for the boot.

A problem was fixed in the Petitboot parsing of manually-specified configuration files that caused the parser to create file paths relative to the downloaded file's path, not the original remote path.

A problem was fixed for a flood of OPAL error messages that can occur for a processor fault.  The message "CPU ATTEMPT TO RE-ENTER FIRMWARE" appears as a large group of messages and precede the relevant error messages for the processor fault.  A reboot of the system is needed to recover from this error.

A problem was fixed for a skiboot hang that could occur rarely for a i2C request if the i2c  bus is in error or locked by the On-Chip Controller (OCC).

A problem was fixed for an OS reboot after a shutdown that intermittently fails after the shutdown.  This can happen if the BMC is not ready to receive commands.  With the fix, the messages to the BMC are validated and retried as needed.  To recover from this error, the system can be rebooted from the BMC interface.

A problem was fixed for a kernel hard lock up that could occur if IPMI synchronous messages were sent from the OS to BMC while the BMC was rebooting.  For these type of messages, a processor thread remains waiting in OPAL until a response is returned from the BMC.

A problem was fixed for systems losing performance and going into Safe mode (a power mode with reduced processor frequencies intended to protect the system from over-heating and excessive power consumption).   This happened  because of an On-Chip Controller (OCC) internal queue overflow. The problem has only been observed for systems running heavy workloads with maximum memory configurations (where every DIMM slot is populated - size of DIMM does not matter), but this may not be required to encounter the problem.  Recovery from Safe mode back to normal performance can be done with a re-IPL of the system.

A problem was fixed on the BMC for java applet failures when using the BMC JViewer.  To resolve the problem, the BMC JDK was updated.  The applet failures had the following message: "Error:  Unsigned application requesting unrestricted access to system.  The following resource is signed with a weak signature algorithm MD5withRSA and is treated as unsigned:  http://lc-pls1605c-con.wellsfargo.com:80/Java/release/JViewer.jar"

A problem was fixed for error handling in complete resets for the PCI Host Bridge (PHB).  During a complete reset, there can be a timeout waiting for a pending transaction, resulting in the PHB being marked as broken and the reset is not completed, leaving the adapters in an error state.  With the fix, the PHB is fenced and the Linux kernel can retry the complete reset

A problem was fixed for a missing device discovery message and overly verbose output messages during the boot.  It is now less verbose during the boot - only error-level messages are printed during Petitboot bootloader initialization.  This means that there will be fewer messages printed as the system boots. Additionally, the Petitboot user interface is started earlier in the boot process. This means that the user will be presented with the user interface sooner, but it may still take time, potentially up to 30 seconds, for the user interface to be populated with boot options as storage and network hardware is being initialized.  During this time, Petitboot will show the status message "Info: Waiting for device discovery".  When Petitboot device discovery is completed, the following status message will be shown "Info: Connected to pb-discover!".

A problem was fixed for Java error messages being displayed when logging into the BMC web gui.   The Remote Console Preview window is no longer displayed on the dashboard which was causing all the extra Java error messages.

A problem has been fixed for the system MAC address being cleared with zeroes on an AC power cycle.

A problem was fixed for "Preserve All Configuration" not working for the BMC web gui HPM firmware update.

A problem was fixed for not being able to change the IP address settings via Petitboot.  Fixed a timing issue with the BCM5421 Controller. Without this fix, the timing issue would lead to BMC not getting any network even though all the network parameters/configuration are proper.

A problem was fixed for a system unrecoverable error that could occur if a CAPI adapter has an error exception signal and hangs when processing it.  This is a rare problem that requires multiple error exceptions to the adapter in a short period of time, causing a deadlock in the adapter.

A problem was fixed for CAPI adapter errors that caused a system processor to be called out and guarded instead of the CAPI adapter unit.  The errors that cause this problem are the rare fatal adapter errors, so the problem should be infrequently seen.  With the fix, the failing CAPI adapter is guarded after the checkstop instead of the system processor.

A problem was fixed for looping error processing for some hardware failures where OPAL-PRD becomes unresponsive.  The loop has been fixed to prevent repeated error messages and system slow-down.  The error message "0xdeadbeefdeadbeef" was added so it is known when the error handling in OPAL-PRD has failed.

An error message was changed for a problem where the SLW (Sleep Winkle) timer gets stuck and the firmware falls back to OPAL pollers.  The previous error message was "Stuck with odd generation !".  The new message to the SOL console is "SLW : timer stuck, falling back to OPAL pollers.  You will likely have slower I2C and may have experienced increased jitter."  These messages can be safely ignored at this time until a future firmware release resolves the issue of the stuck timer.  The error only occurs when running test procedures that stress the hardware.

A problem was fixed for ipmitool "mc reset cold" failing to reset the the BMC service processor.  The ipmitool "mc reset cold" will stop working after the user issues power on when system is already on or after user tries to do power off when system is already powered off.  The problem circumvention is to run the ipmitool "mc reset warm" command to the BMC which will restart the service processor IPMI process and clear internal flags that are preventing "mc reset cold" from working.

A problem was fixed for slow IPMI Serial Over LAN (SOL) console connection to the server on the BMC.  The problem was triggered by an incorrect handling of the definition bits for VGA and serial console output.

A problem was fixed for the IPMI Serial Over LAN (SOL) console to the Petitboot user interface for the left and right arrow movements.  When editing the command line for the kernel, the user could not go to the start of the line and then go forward one character at a time.

A problem was fixed for the BMC integrated ethernet adapter BCM5421 connection speed being downgraded to 100 Mb/s instead of running at the expected 1000 Mb/s for the petitboot and the Linux OS.  After the fix is applied, an A/C power cycle of the system is needed to activate the fix.

A problem was fixed for a kexec-hardboot reboot of the system that caused USB devices to be lost.  A system power cycle is needed to recover the USB devices when this error occurs.

A problem was fixed for the shutdown of PCI devices that was causing spurious reboots of the system for a power off.  The  logical PCI devices are now removed during the shutdown.

A problem was fixed for failures that happen when multiple Hypervisor Virtual Console (HVC) are active at the same time.  On machines with more than one HVC console, any console after the first failed to register an interrupt handler since all consoles shared the same IRQ number.

A problem was fixed for fundamental PCI resets at boot time causing the PCI adapters to not be usable in the Linux OS.  No errors occur in the skiboot but the adapters are configurable once the OS is reached.  

A problem was fixed for time-out errors during the power off of PCI slots with  " Timeout powering off slot ... FIRENZE-PCI: Wrong state 00000000 on slot"

error message during a power off of the system.

A problem was fixed for the system remaining in "safe" mode after an On-Chip Controller (OCC) reset.  In "safe" mode, the system is running at reduced processor frequencies, affecting system performance.  The OCC reset is an error recovery command that can be requested by the BMC or OPAL for certain OCC errors.

A problem has been fixed for Fault LEDs returning to the off state after an AC cycle when a FRU had failed and was guarded.  With the fix, after an AC power cycle and next power on, the Fault LED will turn on again if the FRUs are guarded.

A problem has been fixed for a BMC cold reset that was not moving the BIOS from the golden side to the primary side.

A problem has been fixed for systems losing performance and going into safe mode because of On-Chip Controller (OCC) timeouts collecting Analog Power Subsystem Sweep (APSS) data.  This data is used by OCC to tune the processor frequency.  This problem occurs more frequently on systems with large configurations that are running heavy workloads.

A problem was fixed for a security issue on the BMC login.

Date

Description

07/01/2019

New for LC server OP820.30 release