Print | Rate this content

Advisory: ProLiant Gen8 and Gen9 Series Servers - CUSTOMER ACTION REQUIRED: Some System ROMs That Addressed the Side Channel Analysis Vulnerability Have Been Removed from the HPE Download Site

SUPPORT COMMUNICATION - CUSTOMER ADVISORY

Document ID: a00039784en_us

Version: 7

Advisory: (Revision) ProLiant Gen8, Gen9 and Gen10 Series Servers - CUSTOMER ACTION REQUIRED: Some System ROMs That Addressed the Side Channel Analysis Vulnerability Have Been Removed from the HPE Download Site
NOTICE: The information in this document, including products and software versions, is current as of the Release Date. This document is subject to change without notice.

Release Date: 2018-03-07

Last Updated: 2018-03-07


DESCRIPTION

Document Version
Release Date
Details
7
03/07/2018
Updated document with finalized information on the System ROMs that address this issue and that all fixes have been implemented and there is no longer a need to revert to any previous ROM version; System ROMs for all platforms that were pulled from the HPE Support Site now have newer, updated System ROMs available.
6
03/04/2018
Updated document with additional information on this issue, added additional ProLiant Gen8 series systems that now have a System ROM fix, and specifics on ProLiant G7 and G6 platforms that will have a future System ROM fix.
5
02/28/2018
Updated document to include System ROMs that correct this issue for Gen9 and certain Gen8 series platforms.
4
02/20/2018
Updated document to include System ROMs that correct this issue for Gen10 series platforms
3
01/31/2018
Updated Description with detailed issue timeline
2
01/22/2018
Updated advisory with additional information on Gen10 platform System ROMs that have also been removed from the HPE Download Site and recommendation to revert to a previous version of the System ROM
1
01/13/2018
Original document release

On January 3, 2018, an industry-wide vulnerability was publicly disclosed that involves modern microprocessor architectures. Based on new security research, there are software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed. Often referred to as the Side-Channel Analysis Method, or Spectre/Meltdown, this vulnerability impacts microprocessor architectures from both Intel and AMD used on HPE ProLiant and Synergy servers. Mitigation of these issues requires both an Operating System update, provided by the OS vendor, and a System ROM update from HPE.

Additional information from Intel is available at the following links:

https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html Non-HPE site .

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr Non-HPE site

https://newsroom.intel.com/press-kits/security-exploits-intel-products/ Non-HPE site

Within days of the public announcement of the Side Channel Analysis Vulnerability, HPE released System ROMs for Intel-based platforms utilizing updated microcodes that are required for full mitigation of the vulnerability. Specifically, these microcodes are required for Variant 2 (Spectre) of the vulnerability. Starting on January 11, Intel reported issues with the microcodes they had released as part of the mitigation of this issue. On January 22, Intel indicated that these microcodes could result in “unpredictable system behavior.” Due to the potential severity of the issue, HPE removed System ROMs including impacted microcodes from the HPE support site. See the scope section of this document for System ROMs which were removed from the HPE Support Site.

Refer to the following links for more information regarding Intel’s public statements on the issues seen with the initial versions of their microcodes:

On January 11, 2018, Intel announced issues with an increased frequency of reboots when using the microcodes they released to address Variant 2 of the Spectre Vulnerability for Broadwell and Haswell processors:

https://newsroom.intel.com/news/intel-security-issue-update-addressing-reboot-issues/ Non-HPE site

On January 17, 2018, Intel announced issues with an increased frequency of reboots when using the microcodes they released to address Variant 2 of the Spectre Vulnerability for numerous processors including Skylake, Kaby Lake, Ivybridge, and Sandybridge processors:

https://newsroom.intel.com/news/firmware-updates-and-initial-performance-data-for-data-center-systems/ Non-HPE site

On January 22, 2018, Intel announced a recommendation to stop using the versions of the System ROMs that included the impacted microcode and to revert to a previous version of the System ROM, as detailed below:

https://newsroom.intel.com/news/root-cause-of-reboot-issue-identified-updated-guidance-for-customers-and-partners/ Non-HPE site

HPE has partnered with Intel to validate updated microcodes that support mitigation of the Side Channel Analysis vulnerability while addressing the “unpredictable system behavior” issues seen with the initial microcodes. HPE has now released updated System ROMs (indicated in the Resolution section of this document) for all servers for which the System ROMs had been removed from the HPE support site.

For more information on the Side Channel Analysis Vulnerability, also known as Spectre and Meltdown, see HPEs Customer Bulletin .

SCOPE

The following System ROMs were previously available but have since been removed from the HPE Support Site due to the issues Intel reported with the microcode updates included in them:

ROM Family
ROM Version
Servers
U30
v1.28 (12/11/2017)
ProLiant DL380 Gen10
U31
v1.28 (12/11/2017)
ProLiant DL160 Gen10, ProLiant DL180 Gen10
U32
v1.28 (12/11/2017)
ProLiant DL360 Gen10
U33
v1.28 (12/11/2017)
ProLiant ML110 Gen10
U34
v1.28 (12/11/2017)
ProLiant DL560 Gen10, ProLiant DL580 Gen10
U36
v1.28 (12/11/2017)
ProLiant DL120 Gen10
U37
v1.28 (12/11/2017)
ProLiant XL230k Gen10
U38
v1.28 (12/11/2017)
ProLiant XL170r Gen10, ProLiant XL190r Gen10
U40
v1.28 (12/11/2017)
ProLiant XL450 Gen10
U41
v1.28 (12/11/2017)
ProLiant ML350 Gen10
I41
v1.28 (12/11/2017)
ProLiant BL460c Gen10
I42
v1.28 (12/11/2017)
SY480 Gen10
I43
v1.28 (12/11/2017)
SY660 Gen10
U22
v2.52 (12/12/2017)
ProLiant DL20 Gen9
U23
v2.52 (12/12/2017)
ProLiant ML30 Gen9
H07
v1.60 (12/12/2017
ProLiant m710x Server Cartridge

U13
v2.54 (12/07/2017)
ProLiant XL230a Gen9, ProLiant XL250a Gen9
U14
v2.54 (12/07/2017)
ProLiant XL170r Gen9, ProLiant XL190r Gen9
U15
v2.54 (12/07/2017)
ProLiant DL60 Gen9, ProLiant DL80 Gen9
U18
v2.54 (12/07/2017)
ProLiant XL730f Gen9, ProLiant XL740f Gen9, ProLiant XL750f Gen9
U19
v2.54 (12/07/2017)
HPE Apollo 4200 Gen9
U20
v2.54 (12/07/2017)
ProLiant DL160 Gen9, ProLiant DL180 Gen9
U21
v2.54 (12/07/2017)
ProLiant XL450 Gen9
U25
v2.54 (12/07/2017)
ProLiant XL270d Accelerator Tray
P85
v2.54 (12/07/2017)
ProLiant DL560 Gen9
P86
v2.54 (12/07/2017)
ProLiant DL120 Gen9
P89
v2.54 (12/07/2017)
ProLiant DL380 Gen9, ProLiant DL360 Gen9
P92
v2.54 (12/07/2017)
ProLiant ML350 Gen9
P95
v2.54 (12/07/2017)
ProLiant ML150 Gen9
P99
v2.54 (12/07/2017)
ProLiant ML110 Gen9
I36
v2.54 (12/07/2017)
ProLiant BL460c Gen9, ProLiant WS460c Gen9
I37
v2.54 (12/07/2017)
SY480 Gen9
I38
v2.54 (12/07/2017)
ProLiant BL660c Gen9
I39
v2.54 (12/07/2017)
HPE Synergy 660 Gen9 Compute Module
U17
v2.54 (12/07/2017)
ProLiant DL580 Gen9
I40
v2.54 (12/07/2017)
HPE Synergy 620 Gen9 Compute Module, HPE Synergy 680 Gen9 Compute Module
H06
12/12/2017
ProLiant m710p Server Cartridge
P78
12/12/2017
ProLiant ML310e Gen8 v2
P80
12/12/2017
ProLiant DL320e Gen8 v2
J10
12/12/2017
ProLiant ML10 v2
H03
12/12/2017
ProLiant m710 Server Cartridge

RESOLUTION

HPE has released updated System ROMs including updated microcodes from Intel for all ProLiant and Synergy servers for which the System ROMs had been previously removed from the HPE Support Site.

The following table indicates the updated revisions of System ROMs which replace those which were removed from the HPE Support Site (replace those indicated in the Scope section of this document):

ROM Family
Updated System ROM Version
Servers
U30
v1.32 (02/01/2018)
ProLiant DL380 Gen10
U31
v1.32 (02/01/2018)
ProLiant DL160 Gen10, ProLiant DL180 Gen10
U32
v1.32 (02/01/2018)
ProLiant DL360 Gen10
U33
v1.32 (02/01/2018)
ProLiant ML110 Gen10
U34
v1.32 (02/01/2018)
ProLiant DL560 Gen10, ProLiant DL580 Gen10
U36
v1.32 (02/01/2018)
ProLiant DL120 Gen10
U37
v1.32 (02/01/2018)
ProLiant XL230k Gen10
U38
v1.32 (02/01/2018)
ProLiant XL170r Gen10, ProLiant XL190r Gen10
U40
v1.32 (02/01/2018)
ProLiant XL450 Gen10
U41
v1.32 (02/01/2018)
ProLiant ML350 Gen10
I41
v1.32 (02/01/2018)
ProLiant BL460c Gen10
I42
v1.32 (02/01/2018)
SY480 Gen10
I43
v1.32 (02/01/2018)
SY660 Gen10
U22
v2.56 (01/22/2018)
ProLiant DL20 Gen9
U23
v2.56 (01/22/2018)
ProLiant ML30 Gen9
H07
v1.64 (01/22/2018)
ProLiant m710x Server Cartridge

U13
v2.56 (01/22/2018)
ProLiant XL230a Gen9, ProLiant XL250a Gen9
U14
v2.56 (01/22/2018)
ProLiant XL170r Gen9, ProLiant XL190r Gen9
U15
v2.56 (01/22/2018)
ProLiant DL60 Gen9, ProLiant DL80 Gen9
U18
v2.56 (01/22/2018)
ProLiant XL730f Gen9, ProLiant XL740f Gen9, ProLiant XL750f Gen9
U19
v2.56 (01/22/2018)
HPE Apollo 4200 Gen9
U20
v2.56 (01/22/2018)
ProLiant DL160 Gen9, ProLiant DL180 Gen9
U21
v2.56 (01/22/2018)
ProLiant XL450 Gen9
U25
v2.56 (01/22/2018)
ProLiant XL270d Accelerator Tray
P85
v2.56 (01/22/2018)
ProLiant DL560 Gen9
P86
v2.56 (01/22/2018)
ProLiant DL120 Gen9
P89
v2.56 (01/22/2018)
ProLiant DL380 Gen9, ProLiant DL360 Gen9
P92
v2.56 (01/22/2018)
ProLiant ML350 Gen9
P95
v2.56 (01/22/2018)
ProLiant ML150 Gen9
P99
v2.56 (01/22/2018)
ProLiant ML110 Gen9
I36
v2.56 (01/22/2018)
ProLiant BL460c Gen9, ProLiant WS460c Gen9
I37
v2.56 (01/22/2018)
SY480 Gen9
I38
v2.56 (01/22/2018)
ProLiant BL660c Gen9
I39
v2.56 (01/22/2018)
HPE Synergy 660 Gen9 Compute Module
U17
v2.56 (01/22/2018)
ProLiant DL580 Gen9
I40
v2.56 (01/22/2018)
HPE Synergy 620 Gen9 Compute Module, HPE Synergy 680 Gen9 Compute Module
H06
01/22/2018
ProLiant m710p Server Cartridge
P78
01/22/2018
ProLiant ML310e Gen8 v2
P80
01/22/2018
ProLiant DL320e Gen8 v2
J10
01/22/2018
ProLiant ML10 v2
H03
01/22/2018
ProLiant m710 Server Cartridge

RECEIVE PROACTIVE UPDATES : Receive support alerts (such as Customer Advisories), as well as updates on drivers, software, firmware, and customer replaceable components, proactively via e-mail through HPE Subscriber's Choice. Sign up for Subscriber's Choice at the following URL: Proactive Updates Subscription Form.

NAVIGATION TIP : For hints on navigating HPE.com to locate the latest drivers, patches, and other support software downloads for ProLiant servers and Options, refer to the Navigation Tips document .

SEARCH TIP : For hints on locating similar documents on HPE.com, refer to the Search Tips Document .


Hardware Platforms Affected: HPE ProLiant ML30 Gen9 Server, HPE ProLiant DL20 Gen9 Server, HPE Synergy 480 Gen9 Compute Module, HPE Synergy 620 Gen9 Compute Module, HPE Synergy 680 Gen9 Compute Module, HPE ProLiant XL270d Gen9 Server, HPE ProLiant m710x Server Cartridge, HPE ProLiant DL360 Gen10 Server, HPE ProLiant BL460c Gen10 Server Blade, HPE Synergy 660 Gen10 Compute Module, HPE Synergy 480 Gen10 Compute Module, HPE ProLiant DL380 Gen10 Server, HPE ProLiant DL560 Gen10 Server, HPE ProLiant XL230k Gen10 Server, HPE ProLiant XL170r Gen10 Server, HPE ProLiant XL190r Gen10 Server, HPE ProLiant DL120 Gen10 Server, HPE ProLiant DL160 Gen10 Server, HPE ProLiant DL180 Gen10 Server, HPE ProLiant DL580 Gen10 Server, HPE ProLiant ML110 Gen10 Server, HPE ProLiant ML350 Gen10 Server, HPE ProLiant XL450 Gen10 Server, HPE ProLiant SL230s Gen8 Server, HPE ProLiant SL250s Gen8 Server, HPE ProLiant SL270s Gen8 Server, HPE ProLiant BL460c Gen8 Server Blade, HPE ProLiant DL360p Gen8 Server, HPE ProLiant DL380p Gen8 Server, HPE ProLiant ML350p Gen8 Server, HPE ProLiant BL465c Gen8 Server Blade, HPE ProLiant DL160 Gen8 Server, HPE ProLiant BL420c Gen8 Server Blade, HPE ProLiant DL320e Gen8 Server, HPE ProLiant DL360e Gen8 Server, HPE ProLiant ML310e Gen8 Server, HPE ProLiant ML350e Gen8 Server, HPE ProLiant DL380e Gen8 Server, HPE ProLiant BL660c Gen8 Server Blade, HPE ProLiant DL560 Gen8 Server, HPE ProLiant SL4540 Gen8 3 Node Server, HPE ProLiant DL320e Gen8 v2 Server, HPE ProLiant ML310e Gen8 v2 Server, HPE ProLiant MicroServer Gen8, HPE ProLiant ML10 Server, HPE ProLiant SL210t Gen8 Server, HPE ProLiant ML350e Gen8 v2 Server, HPE ProLiant DL580 Gen8 Server, HPE ProLiant XL730f Gen9 Server, HPE ProLiant DL180 Gen9 Server, HPE ProLiant DL360 Gen9 Server, HPE ProLiant BL460c Gen9 Server Blade, HPE ProLiant DL380 Gen9 Server, HPE ProLiant ML350 Gen9 Server, HPE ProLiant XL230a Gen9 Server, HPE ProLiant XL250a Gen9 Server, HPE ProLiant XL740f Gen9 Server, HPE ProLiant XL750f Gen9 Server, HPE ProLiant m710 Server Cartridge, HPE ProLiant DL120 Gen9 Server, HPE ProLiant ML150 Gen9 Server, HPE ProLiant DL60 Gen9 Server, HPE ProLiant DL80 Gen9 Server, HPE ProLiant SL4540 Gen8 2 Node Server, HPE ProLiant SL4540 Gen8 1 Node Server, HPE ProLiant ML10 v2 Server, HPE ProLiant ML110 Gen9 Server, HPE ProLiant XL170r Gen9 Server, HPE ProLiant XL190r Gen9 Server, HPE ProLiant WS460c Gen9 Graphics Server Blade, HPE ProLiant DL580 Gen9 Server, HPE ProLiant BL660c Gen9 Server Blade, HPE ProLiant DL560 Gen9 Server, HPE Apollo 4200 Gen9 Server, HPE ProLiant XL450 Gen9 Server, HPE ProLiant m710p Server Cartridge
Operating Systems Affected: Not Applicable
Software Affected: Not Applicable
Support Communication Cross Reference ID: SIK2933
©Copyright 2018 Hewlett Packard Enterprise Development LP
Hewlett Packard Enterprise Development shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HPE nor its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise Development and the names of Hewlett Packard Enterprise Development products referenced herein are trademarks of Hewlett Packard Enterprise Development in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

Legal Disclaimer: Products sold prior to the November 1, 2015 separation of Hewlett-Packard Company into Hewlett Packard Enterprise Company and HP Inc. may have older product names and model numbers that differ from current models.

Provide feedback

Please rate the information on this page to help us improve our content. Thank you!
Document title: Advisory: ProLiant Gen8 and Gen9 Series Servers - CUSTOMER ACTION REQUIRED: Some System ROMs That Addressed the Side Channel Analysis Vulnerability Have Been Removed from the HPE Download Site
Document ID: emr_na-a00039784en_us-12
How helpful was this document?
How can we improve this document?
Note: Only English language comments can be accepted at this time.
Please wait while we process your request.