Filename

Size

Checksum

P8DTU20200610_IBM_7063CR1_sign.pnor

33554560

e6f413004c476917be3ee73dfb920fc6

SMT_P8_320.bin

d091f6cce5addda9af783ddcb33ab33f

pUpdate_220.zip

745f57ea76b2bc641dc8005bf960ecb3

OP825
For Impact, Severity and other Firmware definitions, Please refer to the below 'Glossary of firmware terms' url:
http://www14.software.ibm.com/webapp/set2/sas/f/power5cm/home.html#termdefs

V3.11 with SMC BMC V3.20

(OP825.42)

06/30/2020

Impact: Availability     Severity:  SPE

New features and functions

Support was added for the following grub2 enhancements for petitboot:

1) 'source' command is now supported.

2) UUID and label are now supported in the 'search' command.

System firmware changes that affect all systems

A problem was fixed for RHEL8 boot failures when using GPT Disklabels caused by dependencies on unsupported features in petitboot GRUB2.  Functionality in the GRUB2 parser was extended to allow RHEL8 to boot correctly.

A problem was fixed for an unresponsive system after an unscheduled reset of the BMC causes the FSI bus to become locked.  A restart of the system via BMC or power button is necessary to recover.

A problem with a slow transfer of data using iKVM Virtual Storage was fixed to improve the performance.  The slow down was caused by a change to use a secure tunnel for the data.  With the fix, the default secure channel is providing slightly better performance throughput. If further performance is needed, the secure channel can be temporarily disabled using the "Virtual Media->Secure Encryption" option.

A problem was fixed for security vulnerability CVE-2007-1858. With this vulnerability, the default SSL cipher configuration used certain insecure ciphers, including the anonymous cipher, which could allow remote attackers to obtain sensitive information or have other, unspecified impacts.

A problem was fixed for security vulnerability CVE-2016-2183. With this vulnerability, the DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain clear text data via a birthday attack against a long-duration encrypted session,

A problem was fixed for a BMC gui "Alerts Modify" to not drop the first character of the e-mail address when re-visiting the page.

A problem was fixed for a web security issue against Cross-Site Request Forgery with an enhanced fix over the previous delivery for OP825.41.

A problem was fixed for an unresponsive system after a reset of the BMC by dropping console write data if the BMC becomes unresponsive.  This prevents a deadlock condition.

A problem was fixed for intermittent ipmi aborts caused by the use of invalid pointers that had been freed.

A problem was fixed for truncation of multi-word strings in the petitboot user interface.  When this failure happens, the first word of the string is displayed only, stopping at the first "blank" of the string.   Plugin names and vendor variables have been affected by this.

V3.09 with SMC BMC V3.17

(OP825.41)

01/31/2020

Impact: Function     Severity:  SPE

System firmware changes that affect all systems

A problem was fixed for the system time moving ahead one day following a month or year change and a power off of the system.  Important:: This fix does not update the date and time to correct values if these are wrong in the RTC.  The user must manually reconfigure the BMC date/time under the Configuration menu option prior to starting the operating system.

The following web security problems were addresses for the BMC:

1) Authentication bypass vulnerability that could allow a network attacker to become an admin user.

2)  Persistent (or stored) XSS vulnerability that  can occur when the data provided by the attacker is saved by the server, and then permanently displayed on "normal" pages returned to other users in the course of regular browsing, without proper HTML escaping.

3) Cross-Site Request Forgery

4) HTML injection

5) Authenticated code injection as root via command injection

A problem was fixed for incorrect eSEL index in the error logs.

V3.09 with SMC BMC V3.16

(OP825.40)

12/02/2019

Impact: Security     Severity:  SPE

New features and functions

Improved BMC default password policy.  For the BMC, the ADMIN password must be set on first use for newly manufactured systems and after a factory reset of the system.   This policy change helps to enforce the BMC is not left in a state with a well known password.

The user can change from the default password to a new password using the interfaces below:
1.  Web GUI
2.  ssh (secured shell)
3. In-band IPMI from the host with a user ID that has root privilege.
Examples of using these interfaces for expired password recovery can be found in the section "Recovering from an expired password".

Support was added to the SMASH shell of ssh to allow changing  of the ADMIN user ID password using the SMASH CLP command of "set password" while in the /map1/account002 directory.

Support was added to BMC to have a minimum password strength configured for all interfaces such that it must be at least 8 characters long and must include at least one upper case letter, one lower case letter, and one numeric digit.

System firmware changes that affect all systems

A problem was fixed for a Qualys security scan on the BMC reporting security threat QID 11827 “HTTP Security Header Not Detected” on port 443. The following HTTP security header was not detected in the HTTP response:  

Strict-Transport-Security (HSTS): This response header is a security feature that lets a web site tell browsers that it should only be communicated with using HTTPS instead of HTTP protocol.

A problem was fixed for SMCIPMITool being unable to mount virtual media (problem was introduced in BMC V2.08 with a security fix for media vulnerabilities).   This problem affected customers that use SMCIPMITool to reimage nodes, as one example of problem impact.  Along with the BMC V3.16 level, the SMCIPMITool version 2.22.1 build 109023 or later is needed to fix the issue.  The new versions of the SMCIPMITool are backward compatible with the previous versions of the tool.

A problem was fixed for an intermittent disable of the field for the IPv6 address in the BMC web gui.

A problem was fixed for fast-reboot inadvertently always being enabled when it should have been disabled for the Power8 systems.  This caused intermittent host reboot failures. A re-IPL of the system can be done to fix the reboot error if it happens.  With the fix, the fast-reboot setting is disabled, and the reboots of the host OS no longer have the intermittent failures.

V3.08 with SMC BMC V3.13

(OP825.31)

09/25/2019

Impact: Security     Severity:  SPE

New features and functions

In response to recently reported security vulnerabilities, this firmware update is being released to address Common Vulnerabilities and Exposures issue numbers CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754.  Operating System updates are required in conjunction with this FW level for CVE-2017-5753 and CVE-2017-5754.  This replaces an earlier firmware update for the same problem which was found to not be effective.

The BMC web gui was enhanced so that the LDAP port can be set regardless of the SSL settings.

The BMC web gui  for the Event Log page was enhanced to show event severity and acknowledgement status.

System firmware changes that affect all systems

A problem was fixed for an incorrect interpretation for an OEM SEL.

A problem was fixed in the BMC web gui for an incorrect VLAN ID ranges in the network configuration.

A problem was fixed for SSH security vulnerabilities that were found running the Qualys tool.

A problem was fixed for a failure that can occur when setting time with hwclock.  This failure is triggered by a small  time drift that can occur if NTP is active.

A problem was fixed in the BMC web gui for incorrect wording on the AD and LDAP pages.

A problem was fixed for not being able to access the BMC web gui using HTTPS and IPv6.  The fix requires an user step to enable it.  After putting on the fix, reset the Lighttpd configuration on the BMC.  This reset can be done using ipmitool with the following two commands:

1)  ipmitool ... raw 0x30 0x70 0xB7

2)  ipmitool ... mc reset cold

A security problem was fixed for a password being stored in clear text on the BMC.

A security problem was fixed for the NTP service running on the BMC allowing queries of the internal NTP variables. This problem was reported with Qualsys QID#38293.

A security problem was fixed for multiple Virtual Media vulnerabilities reported by Eclypsium.

A problem was fixed for cleaning up cache memory when a GPU is in reset to make more cache available for the reset of the system.

A problem was fixed for opal-prd messages being truncated and causing the following error message:  "opal-prd: FW: error reading from firmware: alloc 32 rc -1: Invalid argument".  This intermittent problem is caused by the allocated buffer for the opal-prd message being too small.

A problem was fixed for possible OPAL partition cosmetic damage when using the "opal-gard clear" command.  With the problem, the guarded FRUs are cleared correctly but the adjoining partition will also have some bytes cleared at the beginning of the partition.  The inadvertently cleared bytes in the partition have not caused an issue for the system.

V3.07 with SMC BMC V3.08

(OP825.30)

06/13/2019

Impact:  Security     Severity:  SPE

New features and functions

Support was added for a Self-Boot Engine (SBE) validation during the IPL to verify that the firmware images are the shipped versions.

Added BMC support to be able to detect Self Boot Engine (SBE) SEEPROM corruption

Added BMC support for new PNOR version partition that has a 4k signed header.

Security was enhanced for stunnel by allowing SSL Medium Strength and Anonymous Cipher Suites to be disabled.  A reset of the stunnel configuration is required to do the disable using the following ipmitool commands one time:

1)  ipmitool ... raw 0x30 0x70 0xB9

2)  ipmitool ... mc reset cold

Added support in the SNMP client to allow connections to V2 and V3  servers to be running at the same.

Support was added for the BMC web gui to be able to enable and disable IPMI over LAN.

Added support for Active Directory to allow the BMC to make connections to LDAP\AD servers.

The BMC web gui was enhanced to display the IP address of the BMC.

For the IPMI DCMI configuration, the DCMI Discovery Configuratiuon (Option 12) is now enabled by default.

Sensor polling was enhanced to continue to work even after On-Chip Controller (OCC) goes into an error state.

Support for VUART/MBOX/FSI was enabled.

The BMC web gui was enhanced to be able to change the community string for the SNMP PET trap.

Support was added for a new BMC gui page to control the power capping of the system.

The BMC web gui was enhanced to show the PNOR version and build date.  If the PNOR version is not found, only the PNOR build date is shown.

Support for tftp was added for BMC brick recovery (the old method of recovery has been deprecated).

Support has been removed from XIVE interrupt controller for the store EOI operation.  Hardware has limitations which would require a sync after each store EOI to make sure the MMIO operations that change the ESB state are ordered. This would be performance prohibitive and the PCI Host Bridges (PHBs) do not support the synchronization.

Support was added to recognize a port parameter in the URL path for the Preboot eXecution Environment (PXE) in the ethernet adapters.  Without the fix, there could be PXE discovery failures if a port was specified in the URL for the PXE.  

System firmware changes that affect all systems

A security problem was fixed to prevent host programs from being able to corrupt the BMC using the internal software bridges between the host and BMC.  The Common Vulnerabilities and Exposures issue number is CVE-2019-6260.

A security problem was fixed to detect and prevent Self Boot Engine (SBE) SEEPROM corruption.   The Common Vulnerabilities and Exposures issue number is CVE-2018-8931.

A security problem was fixed to prevent a firmware update causing an unsigned image to be activated.  The Common Vulnerabilities and Exposures issue number is CVE-2018-13787.

A security problem was fixed for the BMC ethernet Network Interface Card (NIC) device driver.   The ethernet packet frames were not being padded with null bytes, which can allow remote attackers to obtain information from previous packets or kernel memory by using malformed packets,  This fix protects against  the Common Vulnerabilities and Exposures issue number CVE-2003-0001.

A problem was fixed for system hangs for early fails that occur in Hostboot.  With the fix, the early fails are handled and recovery attempted to allow the IPL to succeed.

A problem was fixed for CGI aborts when uploading configurations using HTTP.

A problem was fixed for SSL certificate checks that were incorrectly failing on the check of the private key.

A problem was fixed for BMC remote console not conforming to security standards by not being digitally signed.   The function has been updated to be cryptographically signed.

A problem was fixed for the host console losing data.

A problem was fixed for slow SOL console response for long-running commands.

A problem was fixed for an intermittent failure to IPL.

A problem was fixed for an intermittent system hang during IPL with "Power Status Error" in the SEL.

A problem was fixed for the BMC not showing all the sensor readings (except for OCC Active sensors which are always present) after an IPL.

A problem was fixed for an incorrect power cap setting when BMC sometimes incorrectly did not use the power cap setting from the host On-Chip Controller (OCC).

A problem was fixed for a failed SBE side not triggering a retry boot from the other SBE side.

A problem was fixed for an overrun of serial data from the host side to the BMC that caused loss of output character on the IPMI SOL console.

A problem was fixed for a "mc reset cold" being allowed during a IPL, causing a reboot of the BMC and an IPL failure.  With the fix, the BMC cold reset is not allowed during the system IPL.

A problem was fixed for the BMC gui not being able to show all the System Event Log entries . "BMC gui -> Maintenance -> System Event Log " failed to display entire log with no scroll bar present to see new log entries.

A problem was fixed for pUpdate having troubles recovering from retry attempts and not be able to complete the firmware updates in a timely manner.

A problem was fixed for a IPv4 address change not persisting after a BMC reboot .  This error can occur if the last octet of the IP address is reduced in characters by the IP address change.  For the case where this was observed, the IP address was changed fro 50.6.36.100 to 50.6.36.1.  But after the BMC reboot, the IP address again had two trailing zeros on IP as the IP address had reverted to 50.6.36.100.

A problem was fixed for an abnormal Java SOL display in Petitboot.

A problem was fixed for a missing failed operation description in the Session Audit SEL.

A problem was fixed in the BMC weg gui for logical volume color status.

A problem was fixed in the BMC web gui for not being able to mount an iso volume.

A problem was fixed for a BMC web  gui freeze condition when an error event occurs on the backplane.

A problem was fixed for a "LanDrvinit fails to initial" message that was logging during the boot.  There was no error in the boot as a wrong status value was returned to cause the message.

A problem was fixed for the power capping range allowed for the user.  OCC provides two limits for minimum powercap. One being hard powercap minimum which is guaranteed by OCC and the other one is a soft powercap minimum which is lesser than hard-min and may or may not be asserted due to various power-thermal reasons. So to allow the users to access the entire powercap range, this fix exports soft powercap minimum as the “powercap-min” DT property. And it also adds a new DT property called “powercap-hard-min” to export the hard-min powercap limit.

A problem was fixed for lost output on the console when the OS is stopping or rebooting.  With the fix, the console output is always flushed before stopping the system.

A problem was fixed for the AST VGA device which could sometimes fail to initialize when the vendor ID for the device was parsed incorrectly.  

A problem was fixed for a system hang that could occur while printing with system debug options and having a active user on the console.

A problem was fixed for an intermittent opal-prd crash that can happen on the host OS.  This is the fault signature:  " opal-prd[2864]: unhandled signal 11 at 0000000000029320 nip 00000 00102012830 lr 0000000102016890 code 1"

A problem was fixed for diagnostic code trying to read sensor values for PCI Host Bridge (PHB) entries that are unused, which causes debug output to have incorrect values for the unused entries.  With the fix, only the used entries are processed by the diagnostic code.

A problem was fixed for Petitboot exiting to the shell with xCAT genesis in the menu when trying to do a network boot.  Petitboot was timing out when trying to access the ftpserver but it was not doing the network re-queries necessary for a proper retry.  If this error happens on a system, it can be made to boot with the following two steps:

1) Type the word "exit" and press enter key.  This brings it back to petitboot menu.

2) Press the enter key again to start the boot of the xCAT image.

A problem has been fixed for a slow start up of a process that can occur when the system had been previously in an idle state.

A problem has been fixed for a TOD error that can cause a soft lockup of the kernel.  A 'soft lockup' is defined as a bug that causes the kernel to loop in kernel mode for more than 20 seconds, without giving other tasks a chance to run. The current stack trace is displayed upon detection and, by default, the system will stay locked up.

A problem has been fixed to add part and serial numbers to the processors when accessed through the device tree.

A problem has been fixed to make the OS aware of the DARN random number generator at 0x00200000 PPC_FEATURE2_DARN) and the SCV syscall at 0x00100000 (PPC_FEATURE2_SCV).  Without this fix, these service constants are not defined in the OS userspace.

A problem was fixed for Coherent Accelerator Processor Proxy (CAPP) mode for the PCI Host Bridge (PHB) to improve DMA write performance by enabling channel tag streaming for the PHB.  With this enabled, the DMA write does not have to wait for a response before sending a new write command on the bus.

A problem was fixed for the Open-Power Flash tool "pflash" failing with a blocklevel_smart_erase error during a pflash.  This problem is infrequent and is triggered if pflash detects a smart erase fits entirely within one erase block.

A problem was fixed in the Petitboot user interface to handle cursor mode arrow keys for the VT100 'application' cursor to prevent mis-interpreting an arrow key as an escape key in some situations.  For more information on the VT100 cursor keys, see http://www.tldp.org/HOWTO/Keyboard-and-Console-HOWTO-21.html.

A problem was fixed in the Petitboot user interface to cancel the autoboot if the user has exited the Petitboot user interface.  This prevents the user dropping to the shell and then having the machine boot on them instead of waiting until the user is ready for the boot.

A problem was fixed in the Petitboot parsing of manually-specified configuration files that caused the parser to create file paths relative to the downloaded file's path, not the original remote path.

A problem was fixed for a flood of OPAL error messages that can occur for a processor fault.  The message "CPU ATTEMPT TO RE-ENTER FIRMWARE" appears as a large group of messages and precede the relevant error messages for the processor fault.  A reboot of the system is needed to recover from this error.

A problem was fixed for a skiboot hang that could occur rarely for a i2C request if the i2c  bus is in error or locked by the On-Chip Controller (OCC).

A problem was fixed for an OS reboot after a shutdown that intermittently fails after the shutdown.  This can happen if the BMC is not ready to receive commands.  With the fix, the messages to the BMC are validated and retried as needed.  To recover from this error, the system can be rebooted from the BMC interface.

A problem was fixed for a kernel hard lock up that could occur if IPMI synchronous messages were sent from the OS to BMC while the BMC was rebooting.  For these type of messages, a processor thread remains waiting in OPAL until a response is returned from the BMC.

V2.30

(OP825.21)

03/12/2018

Impact:  Security     Severity:  SPE

Response for Recent Security Vulnerabilities

In response to recently reported security vulnerabilities, this firmware update is being released to address Common Vulnerabilities and Exposures issue numbers CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754.  

New features and functions

Support was added for the user to be able to create a BMC group name via LDAP.  This provides a BMC login privilege by group name.

Support was added for a new alert message that occurs on the BMC web gui when a disk, power supply, or a fan is unplugged.   When an event is logged against one of the associated sensors, the alert message is sent.

Support for a 2 MB IPMI SOL console data capture and download.

Support for "Product Extra Information" for FRU reading on the BMC GUI web.

System firmware changes that affect all systems

A problem was fixed for RHEL7.3 GUI mode having a large square cursor via the BMC iKVM console.  This oversized cursor can interfere with normal operations on the screen by blocking the view of task options on pull-down menus.

A problem was fixed for a duplicate sensor id for occ_active and boot_count which shared a device id of "0x09".  This caused one of the sensors to be absent from the sensor device tree and also caused an OPAL error log:  "[   84.176082494,3] DT: dt_attach_root failed, duplicate sensor@9".  There was no other adverse impact for this problem other than the missing sensor information.  With the fix, the boot count sensor has a new device code of "0x0A".

A problem was fixed for an IPMI SOL Console drop during a PNOR firmware update.  There is a log  message "SOL session closed by BMC", but there is no impact on the system.

A problem was fixed for an IPMI DCMI "Get Power Reading" command  average reading being inaccurate.

A problem was fixed for the FRU information for MfgDatetime which was not displayed correctly.

A problem was fixed for "SENSOR_ID" not being consistent with the sensor name in email alerts.

A problem was fixed for opening the Java iKVM program on a Mac OS X client system.

A problem was fixed in the BMC NTP support to protect against a possible denial-of-service attack in the NTP processing of a query.  This is for protection against the Common Vulnerabilities and Exposures (CVE) number CVE-2016-7434.

A problem was fixed for an erroneous voltage reading at an empty CPU socket.

A problem was fixed for iKVM not showing the Hostboot and OPAL boot progress.

A problem was fixed for the BMC not requesting an OCC reset if the OCC is in Safe mode but the "OCC Active" sensor is still enabled.  With the fix, after sixty seconds of the OCC being in Safe mode, the OCC reset will be requested regardless of the state of the "OCC Active" sensor.

A problem was fixed for  the On-Chip Controller (OCC) dropping to Safe mode during BMC communication failures when an OCC reset was requested.

A problem was fixed for the OpenPOWER logo being pixelated  (a very low-resolution image) in the Java iKVM viewer.

A problem was fixed for a SMASH console hang from the BMC SSH login:  Start the SMASH console by typing "start /system1/sol1".  Note that the command is unresponsive, and does not show a login prompt.  With the fix,  this sequence is responsive and shows the same console as the IPMI SOL console.

V2.20

10/13/2017

Impact: New     Severity: New

System firmware changes that affect all systems

A problem was fixed for an unattended boot hang that can occur during an HMC upgrade. This problem may be circumvented by the user intervening and selecting ‘Rescan Device’, then both menu entries will be shown correctly and the boot can continue.

A problem was fixed for intermittent warm reboot failures because of invalid memory references. The problem may be circumvented by attempting the reboot again or power cycling and booting again.

V2.10

09/18/2017

Impact: New     Severity: New

New features and functions for 7063-CR1:

GA Level

Support for IBM 7063 Model CR1 HMC appliance that has a HMC minimum release requirement of V8R870.0.

Support the HMC appliance with 4x8GB memory configuration by allowing system to IPL with partial failure of memory DIMMs.

Support for resonant clocking was enabled to reduce power consumption of the processors for an approximate 10W per processor socket savings.

The Preboot Execution Environment (PXE) installation process was enhanced to provide more status log information and to show percentage-based download progress information.

Support was added for an On-Chip Controller (OCC) Soft  User Power Cap.   Previously,  if the User Power Cap was being exceeded and could not be maintained, the OCC placed the system into Safe mode (a power mode with reduced processor frequencies)..  With the Soft User Power Cap feature,  the Safe mode is not used when the User Power Cap is exceeded.   Instead, the OCC will log an error and continue to try to maintain the User Power Cap.

System firmware changes that affect all systems

A problem was fixed for a missing device discovery message and overly verbose output messages during the boot.  It is now less verbose during the boot-only error-level messages are printed during Petitboot bootloader initialization.  This means that there will be fewer messages printed as the system boots. Additionally, the Petitboot user interface is started earlier in the boot process. This means that the user will be presented with the user interface sooner, but it may still take time, potentially up to 30 seconds, for the user interface to be populated with boot options as storage and network hardware is being initialized.  During this time, Petitboot will show the status message "Info: Waiting for device discovery".  When Petitboot device discovery is completed, the following status message will be shown "Info: Connected to pb-discover!".

System firmware changes that affect certain systems

On systems with maximum memory configurations (where every DIMM slot is populated; size of DIMM does not matter), a problem has been fixed for systems losing performance and going into Safe mode (a power mode with reduced processor frequencies intended to protect the system from over-heating and excessive power consumption).  This happened  because of On-Chip Controller (OCC) time out errors when collecting Analog Power Subsystem Sweep (APSS) data, used by the OCC to tune the processor frequency.  This problem occurs more frequently on systems that are running heavy workloads.  Recovery from Safe mode back to normal performance can be done with a reboot of the system.

Date

Description

09/18/2017

New for HMC model 7063-CR1 for V2.10 release

10/13/2017

Service pack 1 release, version V2.20

03/12/2018

Service pack release, version V2.30 (OP825.21)

06/13/2019

Service pack release, version V3.07 (OP825.30)

07/08/2019

Update sections 4.0/4.1 with newer minimum required HMC level requirements (there are no updates to the delivered binaries)

09/25/2019

Service pack release, version V3.08 (OP825.31)

10/23/2019

Update section on BMC gui update of firmware

12/02/2019

Service pack release, version V3.09 (OP825.40)

01/31/2020

Service pack release, V3.09_V3.17  (OP825.41)

06/30/2020

Service pack release V3.11 with BMC V3.20 (OP825.42) with pUpdate zip package

07/29/2020

Republish for readme updates ONLY