Printable version

Drivers & software

** CRITICAL ** Online ROM Flash Component for Windows x64 - HP ProLiant BL660c Gen8 (I32) Servers

By downloading, you agree to the terms and conditions of the Hewlett Packard Enterprise Software License Agreement.
Note:  Some software requires a valid warranty, current Hewlett Packard Enterprise support contract, or a license fee.

Type: BIOS (Entitlement Required) - System ROM
Version: 2018.05.21(25 Jun 2018)
Operating System(s): Microsoft Windows HPC Server 2008 R2
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2008 x64
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016
File name: cp036468.exe (2.4 MB)
This component provides updated system firmware that can be installed directly on supported Operating Systems. Additionally, when used in conjunction with Smart Update Manager (SUM), this Smart Component allows the user to update firmware on remote servers from a central location. This remote deployment capability eliminates the need for the user to be physically present at the server in order to perform a firmware update.

Prerequisites:

The "HPE ProLiant iLO 3/4 Channel Interface Driver” (CHIF) for Windows which is available from Service Pack for ProLiant (SPP).
 


To ensure the integrity of your download, HPE recommends verifying your results with this SHA-256 Checksum value:

54d74e90631865ae038b2f3172ff61d811589f382f0a774bbb5f444da1112509 cp036468.exe

Reboot Requirement:
Reboot is required after installation for updates to take effect and hardware stability to be maintained.


Installation:

To update firmware from Windows operating system on target server: 

1.     Place the Smart Component in a temporary directory.
2.     From the same directory, run the Smart Component by double-clicking it.
3.     When the Smart Component dialog window displays, click the Install button to initiate the firmware upgrade.
4.     Reboot your system if you would like the update to take effect immediately.


Supplemental updates for supported ProLiant servers and options can be done by using HP Smart Update Manager, which is found on the Service Pack for ProLiant ISO.

  • Place the Service Pack for ProLiant on a USB key using the USB Key Creator Utility.
  • Place the desired smart components to be updated in the directory, \hp\swpackages on the USB key.

Update the firmware and software in the usual manner. 

This component can only be executed on Windows x64.


End User License Agreements:
HPE Software License Agreement v1
Hewlett-Packard End User License Agreement


Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important:

Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

For Windows 2008 R2, install all Windows critical update.  Windows 2008 R2 critical update will include security update KB3033395 that will support SHA-2
For Windows 2008 SP2 requires KB4039648 be installed which is not part of the Windows Update 2008 SP2.   Follow this link to download the KB4039648
https://support.microsoft.com/en-us/help/4039648/update-to-add-sha2-code-signing-support-for-windows-server-2008-sp2

Deliverable Name:

HP ProLiant BL660c Gen8 System ROM - I32

Release Version:

05/21/2018

Last Recommended or Critical Revision:

05/21/2018

Previous Revision:

01/22/2018

Firmware Dependencies:

None

Enhancements/New Features:

None

Problems Fixed:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

Known Issues:

None


Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

For Windows 2008 R2, install all Windows critical update.  Windows 2008 R2 critical update will include security update KB3033395 that will support SHA-2
For Windows 2008 SP2 requires KB4039648 be installed which is not part of the Windows Update 2008 SP2.   Follow this link to download the KB4039648
https://support.microsoft.com/en-us/help/4039648/update-to-add-sha2-code-signing-support-for-windows-server-2008-sp2

Firmware Dependencies:

None

Problems Fixed:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

Known Issues:

None

Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

For Windows 2008 R2, install all Windows critical update.  Windows 2008 R2 critical update will include security update KB3033395 that will support SHA-2
For Windows 2008 SP2 requires KB4039648 be installed which is not part of the Windows Update 2008 SP2.   Follow this link to download the KB4039648
https://support.microsoft.com/en-us/help/4039648/update-to-add-sha2-code-signing-support-for-windows-server-2008-sp2

Deliverable Name:

HP ProLiant BL660c Gen8 System ROM - I32

Release Version:

05/21/2018

Last Recommended or Critical Revision:

05/21/2018

Previous Revision:

01/22/2018

Firmware Dependencies:

None

Enhancements/New Features:

None

Problems Fixed:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

Known Issues:

None

Version:2018.05.21 (25 Jun 2018)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

For Windows 2008 R2, install all Windows critical update.  Windows 2008 R2 critical update will include security update KB3033395 that will support SHA-2
For Windows 2008 SP2 requires KB4039648 be installed which is not part of the Windows Update 2008 SP2.   Follow this link to download the KB4039648
https://support.microsoft.com/en-us/help/4039648/update-to-add-sha2-code-signing-support-for-windows-server-2008-sp2

Firmware Dependencies:

None

Problems Fixed:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

Known Issues:

None


Version:2018.01.22 (2 Mar 2018)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for Variant 2 of the Side Channel Analysis vulnerability, also known as Spectre. The revision of the microcode included in this System ROM does NOT have issues with more frequent reboots and unpredictable system behavior which impacted the previous Intel microcode which was part of the Spectre Variant 2 mitigation. Additional information is available from Intel’s Security Exploit Newsroom, https://newsroom.intel.com/press-kits/security-exploits-intel-products/.

For Windows 2008 R2, install all Windows critical update.  Windows 2008 R2 critical update will include security update KB3033395 that will support SHA-2
For Windows 2008 SP2 requires KB4039648 be installed which is not part of the Windows Update 2008 SP2.   Follow this link to download the KB4039648
https://support.microsoft.com/en-us/help/4039648/update-to-add-sha2-code-signing-support-for-windows-server-2008-sp2

Firmware Dependencies:

None

Problems Fixed:

Updated the Intel processor microcode to the latest version.

Known Issues:

None


Version:2015.12.01(B) (21 Oct 2016)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

Ver. 2015.12.01 (B) provides the same system ROM image as ver. 2015.12.01. The new ver. 2015.12.01 (B) adds support to perform the Online ROM Flash with Microsoft Windows Server 2016.  The user does not need to flash the system ROM with ver. 2015.12.01 (B) if the system has been previously flashed with System ROM ver. 2015.12.01.

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue where systems configured with certain 32GB LR-DIMMs could intermittently experience an issue where memory would not train properly and be unavailable to the operating system.

Known Issues:

None


Version:2015.12.01 (21 Mar 2016)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue where systems configured with certain 32GB LR-DIMMs could intermittently experience an issue where memory would not train properly and be unavailable to the operating system.

Known Issues:

None

Version:2014.11.02 (30 Mar 2015)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue where systems configured with Integrated Lights-Out (iLO) Firmware version 2.00 or later may not be able to configure the platform properly through HP Virtual Connect. This issue is not seen with earlier versions of iLO firmware.

Known Issues:

None

Version:2014.08.03 (13 Oct 2014)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed a rare issue where systems configured with Intel Xeon E5 2600 v2 processors and Registered DIMMs (RDIMMs) in a 2 DIMM per Channel or 3 DIMM per Channel configuration may experience a 207 - Memory Initialization error message where certain DIMMs may not be initialized properly. This issue is seen intermittently after a system reboot.

Addressed an issue where the server may become unresponsive during POST when an optional Video card is installed.

Addressed an issue where certain option cards that request very large amounts of non-prefetchable memory will not function properly. This issue only impacts a very small number of non-HP option cards.

Addressed an extremely rare issue where the server may experience an unexpected shutdown, usually seen as a power fault in the iLO Integrated Management Log (IML), when configured with certain Intel Xeon E5-4600 series processors.

Known Issues:

None
Enhancements

Added support for the latest names for PCIe expansion devices to the ROM-Based Setup Utility (RBSU).


Version:2014.02.10 (2 May 2014)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed a processor issue which can result in a Blue Screen of Death (BSOD) in a Windows virtual machine or Linux Kernel Panic in a Linux virtual machine when running on Microsoft Hyper-V or VMware ESX 5.x on Intel Xeon E5-4600 series v2 processors. This issue is not unique to HP ProLiant servers and could impact any system using affected processors operating with the conditions listed. This revision of the System ROM contains an updated version of Intel's microcode that addresses this issue. This issue does NOT affect servers configured with the Intel Xeon E5-4600 series processors.

Addressed an issue where servers using the 11/14/2013 or 12/20/2013 revisions of the System ROM might not be able to boot certain operating system installations that install a Master Boot Record that is not marked as Active. When this issue occurs, the server might experience a Non-System Disk Error or not boot the intended media. This issue does NOT impact any System ROM revisions other than the 11/14/2013 and 12/20/2013 revisions.

Addressed an issue that can result in significant underutilization of processor cores for systems configured with 3 or more processors. This issue impacts servers with the ROM-Based Setup Utility (RBSU) option for Collaborative Power Control enabled (which is the default setting). This issue was originally seen with servers configured with Microsoft Windows Server 2012, but might impact other operating systems.

Addressed an extremely rare issue that can result in a system configured with Intel Xeon E5-4600 v2 series processors becoming unresponsive early in the POST boot process after an uncorrectable memory error occurs. When this issue occurs, the server will indicate an early boot progress of 20% and a "Memory and QPI Link Initialization Start" message will be displayed on the screen output. This issue does not impact servers configured with Intel Xeon E5-4600 series processors.

Addressed an issue where the System ROM does not properly retry booting certain Network Adapters under some conditions including when the user presses F12 to attempt a PXE boot. Instead, the System ROM will only attempt to boot the Network Adapter one time and then will continue trying to boot devices in the order specified by the Standard Boot Order (IPL).

Addressed an issue where systems configured with Intel Xeon E5-4600 v2 series processors and an HP 331FLR FlexLOM or HP NC332T Network Controller might see intermittent issues with the NIC not being detected by the platform. When the issue occurs, the NIC will not PXE boot or be identified or used by the operating system.

Known Issues:

None
Enhancements

Added support for the latest names for PCIe expansion devices to the ROM-Based Setup Utility (RBSU).

Improved the power allocation logic for servers configured with Intel Xeon E5-4600 v2 series processors to more accurately determine the server's maximum power usage. Previous revisions of the System ROM allocated more power for server blades configured with Intel Xeon E5-4600 v2 series processors than was necessary. With this revision of the System ROM, the enclosure may have additional power available to allow additional blades to be powered on with certain power supply configurations. This change does not impact servers configured with Intel Xeon E5-4600 series processors.


Version:2013.11.15 (21 Feb 2014)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue where the system may experience a no boot condition on the reset due to a fatal error. This issue is typically seen as the server hanging at 20% progress in the Early Video Initialization.

Addressed an issue where Memory Address or Command Parity errors are not logged to the Integrated Management Log (IML) if they occur. With previous revisions of the System ROM, these types of errors would cause the server to reset without any notification of the error. A "283-Memory Address/Command Parity Error Detected" error will now be displayed during system boot and logged to the IML.

Known Issues:

None
Enhancements

Added support for Intel Xeon E5-4600 v2 Series processors. Any system configured with Intel Xeon E5-4600 v2 Series processors MUST utilize this revision of the System ROM or later. Utilizing an earlier revision of the System ROM with Intel Xeon E5-4600 v2 Series processors will result in the system being unable to boot.

Added additional options to the ROM Based Setup Utility (RBSU) Power-On Delay Option for delay times of 15, 30, 40 and 60 seconds (in addition to the previous options of No Delay and Random Delay). For these new selections to function, the system must be using Integrated Lights-Out (iLO) Firmware version 1.20 or later. If the system is configured to one of the new options without having iLO Firmware version 1.20 or later, the Power-On Delay Option will function as if the No Delay option were chosen.

Enhanced the System ROM's detection of valid boot devices such as USB Drive Keys or Hard Drives. Previously, the System ROM may have attempted to boot certain bootable media with invalid boot records resulting in a Non-System Disk error. In some cases, the System ROM will now be able to detect the invalid boot record and skip attempting to boot the device. This allows the System ROM to attempt to boot the next device in the boot order.

Added the latest product names of optional expansion cards and updated language translations (for non-English modes) in the ROM-Based Setup Utility (RBSU).


Version:2013.12.20 (29 Jan 2014)
Fixes

Upgrade Requirement:
Recommended - HP recommends users update to this version at their earliest convenience.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue where Memory Address or Command Parity errors may occur on servers configured with Intel Xeon E5-4600 series v2 processors and memory configurations where the memory speed is running at 1600 MHz or 1866 MHz. These errors may have resulted in the server resetting without notification of the error or the system resetting and displaying a "283-Memory Address/Command Parity Error Detected Error" and logging the event to the Integrated Management Log (IML). HP strongly recommends that all servers utilizing Intel E5-4600 v2 processors with impacted memory speeds update to this revision of the System ROM or later. This issue does NOT affect servers configured with the Intel Xeon E5-4600 series processor.

Known Issues:

None

Version:2013.06.30 (14 Aug 2013)
Fixes

Upgrade Requirement:
Critical - HP requires users update to this version immediately.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed a processor issue under which a rare and complex sequence of internal processor microarchitecture events that occur in specific operating environments could cause a server system to experience unexpected page faults, general protection faults, or machine check exceptions or other unpredictable system behavior. While all processors supported by this server have this issue, to be affected by this issue the server must be operating in a virtualized environment, have Intel Hyperthreading enabled, have a hypervisor that enables Intel VT FlexPriority and Extended Page Tables, and have a guest OS utilizing 32-bit PAE Paging Mode. This issue is not unique to HP ProLiant servers and could impact any system utilizing affected processors operating with the conditions listed above. This revision of the System ROM contains an updated version of Intel's microcode that addresses this issue. Due to the potential severity of the issue addressed in this revision of the System ROM, this System ROM upgrade is considered a critical fix.

Addressed an issue where the system experienced unexpected system behavior or report ACPI issues through the OS boot logs (such as Linux DMESG) when IOMMU was enabled in a virtualized operating system environment.

Addressed an issue where Online Spare memory Mode would not function properly when 32GB LR-DIMMs were installed in the server platform. This issue was typically exhibited as the system becoming unresponsive during system boot when Online Spare was enabled with these DIMMs installed.

Addressed an issue where Linux Operating Systems reported the following message: ERST: Failed to get Error Log Address Range, in the Linux DMESG log.

Removed support for configuring the platform with the Memory Channel Mode configured for Combined Channel Memory Mode (Lockstep) and the Advanced Memory Protection mode configured for Online Spare with Advanced ECC. This combination is currently not supported by this server generation of platform. Platforms Servers that were previously configured with this option combination will have Online Spare Mode enabled but the Memory Channel Mode will be configured for Independent Channel Mode after updating to this revision of the System ROM.

Addressed an extremely rare issue where a system may become unresponsive or experience a system reset when booting a Microsoft Windows Operating System. When this event happens, a Bank 5 Machine Check Exception was logged in the Integrated Management Log (IML).

Addressed an issue where the server's Legacy USB support would not properly report the drive capacity of a USB Drive Key that was larger than 8GB resulting in an inability to boot USB Drive Keys larger than 8 GB.

Addressed an issue where the system may not be able to properly execute the HP SmartStart Scripting Toolkit (SSSTK) under Linux based Operating Systems. In some cases, executing the HP SSSTK would result in a segfault error message being reported by the Linux kernel.

Known Issues:

None
Enhancements

Added the latest product names of optional expansion cards and updated language translations (for non-English modes) in the ROM-Based Setup Utility (RBSU).

Added support for the Intel Performance Counter Monitor Utility (iPCM). This feature can be enabled in the ROM Based Setup Utility (RBSU) Advanced Performance Tuning Options menu. This option is disabled by default and must be enabled to utilize the Intel PCM.

Added support to allow industry standard utilities to display the operating voltage of installed DIMMs as well as the minimum and maximum voltage supported by installed DIMMs. This System ROM revision supports newly defined industry standard fields in the industry standard SMBIOS tables. Utilities to display this information may not yet be available.

Added support to allow industry standard utilities to display the HP DIMM Part Number for HP SmartMemory DIMMs. This information will also be displayed in the HP iLO GUI interface when using an updated revision of iLO Firmware.


Version:2013.03.01 (26 Mar 2013)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Resolved an issue where servers utilizing LRDIMMs may experience an extremely long boot process (~40 minutes).  This issue is not intermittent.  If the issue occurs, it will occur on every boot.  This issue has NO impact on platforms without LRDIMMs installed.

Known Issues:

None


Version:2012.12.14 (19 Dec 2012)
Fixes

Upgrade Requirement:
Recommended - HP recommends users update to this version at their earliest convenience.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Resolved an issue that could result in a server reset or the inability to boot. Servers should be updated to this revision of the system ROM to minimize the potential for a system reset or the inability to boot.

Resolved an issue where the system may experience a performance issue, usually seen in a degradation of network throughput, after updating to the 08/20/2012 revision of the System ROM.  This issue only exists with the 08/20/2012 revision of the System ROM.

Resolved an issue where no message was displayed and no Integrated Management Log (IML) entry is logged for certain memory errors that result in DIMMs not being usable.  This issue would look like the operating system having access to less memory than is actually installed without any error indicated.

Removed the Advanced ROM-Based Setup Utility (RBSU) option to disable Data Direct I/O (DDIO). It is no longer recommended that users disable this option due to the negative impacts on system performance.  For systems that had previously disabled Data Direct I/O, the option will remain disabled.   Defaults must be restored on the system to re-enable this functionality for this situation.

Resolved a rare issue where the system may experience a temporary loss of video, such as a blank screen on the local monitor and iLO Remote Console, if a key is pressed during POST during Option ROM Execution.

Resolved an issue where the order in which processors are presented to the Operating System may change across multiple system boots.

Known Issues:

None
Enhancements

Optimized the memory settings to improve the reliability of the memory system.

Added a ROM-Based Setup Utility (RBSU) option for HP Option ROM Prompting.  This option is enabled by default.  Disabling this option prevents HP Smart Array controllers and iLO from prompting to enter their setup tools during system boot.  This allows for faster boot times.  This option requires updated revisions of Smart Array Controller firmware and iLO Firmware to function.  If this option is disabled, the HP Smart Array and iLO will continue to prompt to enter their setup tools if an updated revision of these firmware deliverables are not installed.

Added the latest product names of optional expansion cards and updated language translations (for non-English modes) in the ROM-Based Setup Utility (RBSU).


Version:2012.08.20 (26 Oct 2012)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue where the Integrated Management Log (IML) may contain erroneous log entries for Uncorrectable Machine Check Errors after a normal platform power cycle. Users who are experiencing these erroneous messages should update to this version of the system ROM before replacing any hardware components.

Addressed an issue where the ROM Based Setup Utility Command Line Interface (CLI) Mode may not function properly.  Previous versions of the system ROM may have experienced an issue where certain commands in CLI mode would not function properly.

Addressed a rare issue where USB Support in a pre-boot environment, such as in DOS or the ROM Based Setup Utility (RBSU), may not function properly. This issue could have resulted in the system not booting properly from USB media or the USB Keyboard may becoming unresponsive.

Addressed an issue where the platform may experience a virtualization fault (which may result in an NMI or Machine Check Exception) when IOMMU is enabled under a Hypervisor based Operating System. In some instances, Linux kernel messaging (DMESG) would reflect an inability to enable IOMMO on the platform.

Addressed an issue where the platform may experience decreased I/O performance when any Minimum Processor Idle Power Core States (C-states) are enabled.  Reduced I/O performance has been seen in dual-processor configurations where I/O devices that are attached to the PCI-express lanes from one processor are accessing resources on the other processor when the other processor is in a low power state.

Known Issues:

None
Enhancements

Added support for Single Root I/O Virtualization (SR-IOV). SR-IOV can provide performance benefits in virtualized environments if the Operating System/hypervisor and installed I/O card support SR-IOV. This functionality is enabled via a ROM-Based Setup Utility (RBSU) Advanced System ROM Option. It is disabled by default. When enabled, the System ROM will configure devices that support SR-IOV for use under a supported Operating System. Please consult the proper Operating System and Network Adapter documentation for a list of supported configurations.

Added a new ROM Based Setup Utility (RBSU) Advanced Performance Option menu that allows the user to enable Intel NIC DMA Channels (IOAT). This option is disabled by default. When enabled, certain networking devices may see an improvement in performance by utilizing Intel's DMA engine to offload network activity. Please consult documentation from the network adapter to determine if this feature is supported.

Added a new ROM Based Setup Utility (RBSU) Advanced Power Savings Option menu that allows the user to disable Memory Power Management functionality. This option is enabled by default. When disabled, certain memory power savings modes are disabled which can result in lower latency responses from memory transactions at the cost of memory power savings.

Added a new ROM Based Setup Utility (RBSU) Advanced System ROM Option menu that allows the user to disable the default System ROM functionality that continually searches for bootable devices when a boot device cannot be found (non-system disk condition). By default, the System ROM will indefinitely keep searching for bootable devices from all available media types until a bootable device is detected.

Increased memory speeds for certain DIMM configurations using HP SmartMemory.


Version:2012.05.30 (4 Sep 2012)
Enhancements

Upgrade Requirement:
Recommended - HP recommends users update to this version at their earliest convenience.


Important Notes:

None

Firmware Dependencies:

None

Enhancements/New Features:

This is the initial version of the firmware.

Known Issues:

None

Type: BIOS (Entitlement Required) - System ROM
Version: 2018.05.21(25 Jun 2018)
Operating System(s):
Microsoft Windows HPC Server 2008 R2
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2008 x64
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016

Description

This component provides updated system firmware that can be installed directly on supported Operating Systems. Additionally, when used in conjunction with Smart Update Manager (SUM), this Smart Component allows the user to update firmware on remote servers from a central location. This remote deployment capability eliminates the need for the user to be physically present at the server in order to perform a firmware update.

Installation Instructions

Prerequisites:

The "HPE ProLiant iLO 3/4 Channel Interface Driver” (CHIF) for Windows which is available from Service Pack for ProLiant (SPP).
 


To ensure the integrity of your download, HPE recommends verifying your results with this SHA-256 Checksum value:

54d74e90631865ae038b2f3172ff61d811589f382f0a774bbb5f444da1112509 cp036468.exe

Reboot Requirement:
Reboot is required after installation for updates to take effect and hardware stability to be maintained.


Installation:

To update firmware from Windows operating system on target server: 

1.     Place the Smart Component in a temporary directory.
2.     From the same directory, run the Smart Component by double-clicking it.
3.     When the Smart Component dialog window displays, click the Install button to initiate the firmware upgrade.
4.     Reboot your system if you would like the update to take effect immediately.


Supplemental updates for supported ProLiant servers and options can be done by using HP Smart Update Manager, which is found on the Service Pack for ProLiant ISO.

  • Place the Service Pack for ProLiant on a USB key using the USB Key Creator Utility.
  • Place the desired smart components to be updated in the directory, \hp\swpackages on the USB key.

Update the firmware and software in the usual manner. 

This component can only be executed on Windows x64.


Release Notes

End User License Agreements:
HPE Software License Agreement v1
Hewlett-Packard End User License Agreement


Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important:

Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

For Windows 2008 R2, install all Windows critical update.  Windows 2008 R2 critical update will include security update KB3033395 that will support SHA-2
For Windows 2008 SP2 requires KB4039648 be installed which is not part of the Windows Update 2008 SP2.   Follow this link to download the KB4039648
https://support.microsoft.com/en-us/help/4039648/update-to-add-sha2-code-signing-support-for-windows-server-2008-sp2

Deliverable Name:

HP ProLiant BL660c Gen8 System ROM - I32

Release Version:

05/21/2018

Last Recommended or Critical Revision:

05/21/2018

Previous Revision:

01/22/2018

Firmware Dependencies:

None

Enhancements/New Features:

None

Problems Fixed:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

Known Issues:

None


Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

For Windows 2008 R2, install all Windows critical update.  Windows 2008 R2 critical update will include security update KB3033395 that will support SHA-2
For Windows 2008 SP2 requires KB4039648 be installed which is not part of the Windows Update 2008 SP2.   Follow this link to download the KB4039648
https://support.microsoft.com/en-us/help/4039648/update-to-add-sha2-code-signing-support-for-windows-server-2008-sp2

Firmware Dependencies:

None

Problems Fixed:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

Known Issues:

None

Important

Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

For Windows 2008 R2, install all Windows critical update.  Windows 2008 R2 critical update will include security update KB3033395 that will support SHA-2
For Windows 2008 SP2 requires KB4039648 be installed which is not part of the Windows Update 2008 SP2.   Follow this link to download the KB4039648
https://support.microsoft.com/en-us/help/4039648/update-to-add-sha2-code-signing-support-for-windows-server-2008-sp2

Deliverable Name:

HP ProLiant BL660c Gen8 System ROM - I32

Release Version:

05/21/2018

Last Recommended or Critical Revision:

05/21/2018

Previous Revision:

01/22/2018

Firmware Dependencies:

None

Enhancements/New Features:

None

Problems Fixed:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

Known Issues:

None

Revision History

Version:2018.05.21 (25 Jun 2018)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

For Windows 2008 R2, install all Windows critical update.  Windows 2008 R2 critical update will include security update KB3033395 that will support SHA-2
For Windows 2008 SP2 requires KB4039648 be installed which is not part of the Windows Update 2008 SP2.   Follow this link to download the KB4039648
https://support.microsoft.com/en-us/help/4039648/update-to-add-sha2-code-signing-support-for-windows-server-2008-sp2

Firmware Dependencies:

None

Problems Fixed:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

Known Issues:

None


Version:2018.01.22 (2 Mar 2018)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for Variant 2 of the Side Channel Analysis vulnerability, also known as Spectre. The revision of the microcode included in this System ROM does NOT have issues with more frequent reboots and unpredictable system behavior which impacted the previous Intel microcode which was part of the Spectre Variant 2 mitigation. Additional information is available from Intel’s Security Exploit Newsroom, https://newsroom.intel.com/press-kits/security-exploits-intel-products/.

For Windows 2008 R2, install all Windows critical update.  Windows 2008 R2 critical update will include security update KB3033395 that will support SHA-2
For Windows 2008 SP2 requires KB4039648 be installed which is not part of the Windows Update 2008 SP2.   Follow this link to download the KB4039648
https://support.microsoft.com/en-us/help/4039648/update-to-add-sha2-code-signing-support-for-windows-server-2008-sp2

Firmware Dependencies:

None

Problems Fixed:

Updated the Intel processor microcode to the latest version.

Known Issues:

None


Version:2015.12.01(B) (21 Oct 2016)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

Ver. 2015.12.01 (B) provides the same system ROM image as ver. 2015.12.01. The new ver. 2015.12.01 (B) adds support to perform the Online ROM Flash with Microsoft Windows Server 2016.  The user does not need to flash the system ROM with ver. 2015.12.01 (B) if the system has been previously flashed with System ROM ver. 2015.12.01.

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue where systems configured with certain 32GB LR-DIMMs could intermittently experience an issue where memory would not train properly and be unavailable to the operating system.

Known Issues:

None


Version:2015.12.01 (21 Mar 2016)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue where systems configured with certain 32GB LR-DIMMs could intermittently experience an issue where memory would not train properly and be unavailable to the operating system.

Known Issues:

None

Version:2014.11.02 (30 Mar 2015)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue where systems configured with Integrated Lights-Out (iLO) Firmware version 2.00 or later may not be able to configure the platform properly through HP Virtual Connect. This issue is not seen with earlier versions of iLO firmware.

Known Issues:

None

Version:2014.08.03 (13 Oct 2014)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed a rare issue where systems configured with Intel Xeon E5 2600 v2 processors and Registered DIMMs (RDIMMs) in a 2 DIMM per Channel or 3 DIMM per Channel configuration may experience a 207 - Memory Initialization error message where certain DIMMs may not be initialized properly. This issue is seen intermittently after a system reboot.

Addressed an issue where the server may become unresponsive during POST when an optional Video card is installed.

Addressed an issue where certain option cards that request very large amounts of non-prefetchable memory will not function properly. This issue only impacts a very small number of non-HP option cards.

Addressed an extremely rare issue where the server may experience an unexpected shutdown, usually seen as a power fault in the iLO Integrated Management Log (IML), when configured with certain Intel Xeon E5-4600 series processors.

Known Issues:

None
Enhancements

Added support for the latest names for PCIe expansion devices to the ROM-Based Setup Utility (RBSU).


Version:2014.02.10 (2 May 2014)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed a processor issue which can result in a Blue Screen of Death (BSOD) in a Windows virtual machine or Linux Kernel Panic in a Linux virtual machine when running on Microsoft Hyper-V or VMware ESX 5.x on Intel Xeon E5-4600 series v2 processors. This issue is not unique to HP ProLiant servers and could impact any system using affected processors operating with the conditions listed. This revision of the System ROM contains an updated version of Intel's microcode that addresses this issue. This issue does NOT affect servers configured with the Intel Xeon E5-4600 series processors.

Addressed an issue where servers using the 11/14/2013 or 12/20/2013 revisions of the System ROM might not be able to boot certain operating system installations that install a Master Boot Record that is not marked as Active. When this issue occurs, the server might experience a Non-System Disk Error or not boot the intended media. This issue does NOT impact any System ROM revisions other than the 11/14/2013 and 12/20/2013 revisions.

Addressed an issue that can result in significant underutilization of processor cores for systems configured with 3 or more processors. This issue impacts servers with the ROM-Based Setup Utility (RBSU) option for Collaborative Power Control enabled (which is the default setting). This issue was originally seen with servers configured with Microsoft Windows Server 2012, but might impact other operating systems.

Addressed an extremely rare issue that can result in a system configured with Intel Xeon E5-4600 v2 series processors becoming unresponsive early in the POST boot process after an uncorrectable memory error occurs. When this issue occurs, the server will indicate an early boot progress of 20% and a "Memory and QPI Link Initialization Start" message will be displayed on the screen output. This issue does not impact servers configured with Intel Xeon E5-4600 series processors.

Addressed an issue where the System ROM does not properly retry booting certain Network Adapters under some conditions including when the user presses F12 to attempt a PXE boot. Instead, the System ROM will only attempt to boot the Network Adapter one time and then will continue trying to boot devices in the order specified by the Standard Boot Order (IPL).

Addressed an issue where systems configured with Intel Xeon E5-4600 v2 series processors and an HP 331FLR FlexLOM or HP NC332T Network Controller might see intermittent issues with the NIC not being detected by the platform. When the issue occurs, the NIC will not PXE boot or be identified or used by the operating system.

Known Issues:

None
Enhancements

Added support for the latest names for PCIe expansion devices to the ROM-Based Setup Utility (RBSU).

Improved the power allocation logic for servers configured with Intel Xeon E5-4600 v2 series processors to more accurately determine the server's maximum power usage. Previous revisions of the System ROM allocated more power for server blades configured with Intel Xeon E5-4600 v2 series processors than was necessary. With this revision of the System ROM, the enclosure may have additional power available to allow additional blades to be powered on with certain power supply configurations. This change does not impact servers configured with Intel Xeon E5-4600 series processors.


Version:2013.11.15 (21 Feb 2014)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue where the system may experience a no boot condition on the reset due to a fatal error. This issue is typically seen as the server hanging at 20% progress in the Early Video Initialization.

Addressed an issue where Memory Address or Command Parity errors are not logged to the Integrated Management Log (IML) if they occur. With previous revisions of the System ROM, these types of errors would cause the server to reset without any notification of the error. A "283-Memory Address/Command Parity Error Detected" error will now be displayed during system boot and logged to the IML.

Known Issues:

None
Enhancements

Added support for Intel Xeon E5-4600 v2 Series processors. Any system configured with Intel Xeon E5-4600 v2 Series processors MUST utilize this revision of the System ROM or later. Utilizing an earlier revision of the System ROM with Intel Xeon E5-4600 v2 Series processors will result in the system being unable to boot.

Added additional options to the ROM Based Setup Utility (RBSU) Power-On Delay Option for delay times of 15, 30, 40 and 60 seconds (in addition to the previous options of No Delay and Random Delay). For these new selections to function, the system must be using Integrated Lights-Out (iLO) Firmware version 1.20 or later. If the system is configured to one of the new options without having iLO Firmware version 1.20 or later, the Power-On Delay Option will function as if the No Delay option were chosen.

Enhanced the System ROM's detection of valid boot devices such as USB Drive Keys or Hard Drives. Previously, the System ROM may have attempted to boot certain bootable media with invalid boot records resulting in a Non-System Disk error. In some cases, the System ROM will now be able to detect the invalid boot record and skip attempting to boot the device. This allows the System ROM to attempt to boot the next device in the boot order.

Added the latest product names of optional expansion cards and updated language translations (for non-English modes) in the ROM-Based Setup Utility (RBSU).


Version:2013.12.20 (29 Jan 2014)
Fixes

Upgrade Requirement:
Recommended - HP recommends users update to this version at their earliest convenience.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue where Memory Address or Command Parity errors may occur on servers configured with Intel Xeon E5-4600 series v2 processors and memory configurations where the memory speed is running at 1600 MHz or 1866 MHz. These errors may have resulted in the server resetting without notification of the error or the system resetting and displaying a "283-Memory Address/Command Parity Error Detected Error" and logging the event to the Integrated Management Log (IML). HP strongly recommends that all servers utilizing Intel E5-4600 v2 processors with impacted memory speeds update to this revision of the System ROM or later. This issue does NOT affect servers configured with the Intel Xeon E5-4600 series processor.

Known Issues:

None

Version:2013.06.30 (14 Aug 2013)
Fixes

Upgrade Requirement:
Critical - HP requires users update to this version immediately.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed a processor issue under which a rare and complex sequence of internal processor microarchitecture events that occur in specific operating environments could cause a server system to experience unexpected page faults, general protection faults, or machine check exceptions or other unpredictable system behavior. While all processors supported by this server have this issue, to be affected by this issue the server must be operating in a virtualized environment, have Intel Hyperthreading enabled, have a hypervisor that enables Intel VT FlexPriority and Extended Page Tables, and have a guest OS utilizing 32-bit PAE Paging Mode. This issue is not unique to HP ProLiant servers and could impact any system utilizing affected processors operating with the conditions listed above. This revision of the System ROM contains an updated version of Intel's microcode that addresses this issue. Due to the potential severity of the issue addressed in this revision of the System ROM, this System ROM upgrade is considered a critical fix.

Addressed an issue where the system experienced unexpected system behavior or report ACPI issues through the OS boot logs (such as Linux DMESG) when IOMMU was enabled in a virtualized operating system environment.

Addressed an issue where Online Spare memory Mode would not function properly when 32GB LR-DIMMs were installed in the server platform. This issue was typically exhibited as the system becoming unresponsive during system boot when Online Spare was enabled with these DIMMs installed.

Addressed an issue where Linux Operating Systems reported the following message: ERST: Failed to get Error Log Address Range, in the Linux DMESG log.

Removed support for configuring the platform with the Memory Channel Mode configured for Combined Channel Memory Mode (Lockstep) and the Advanced Memory Protection mode configured for Online Spare with Advanced ECC. This combination is currently not supported by this server generation of platform. Platforms Servers that were previously configured with this option combination will have Online Spare Mode enabled but the Memory Channel Mode will be configured for Independent Channel Mode after updating to this revision of the System ROM.

Addressed an extremely rare issue where a system may become unresponsive or experience a system reset when booting a Microsoft Windows Operating System. When this event happens, a Bank 5 Machine Check Exception was logged in the Integrated Management Log (IML).

Addressed an issue where the server's Legacy USB support would not properly report the drive capacity of a USB Drive Key that was larger than 8GB resulting in an inability to boot USB Drive Keys larger than 8 GB.

Addressed an issue where the system may not be able to properly execute the HP SmartStart Scripting Toolkit (SSSTK) under Linux based Operating Systems. In some cases, executing the HP SSSTK would result in a segfault error message being reported by the Linux kernel.

Known Issues:

None
Enhancements

Added the latest product names of optional expansion cards and updated language translations (for non-English modes) in the ROM-Based Setup Utility (RBSU).

Added support for the Intel Performance Counter Monitor Utility (iPCM). This feature can be enabled in the ROM Based Setup Utility (RBSU) Advanced Performance Tuning Options menu. This option is disabled by default and must be enabled to utilize the Intel PCM.

Added support to allow industry standard utilities to display the operating voltage of installed DIMMs as well as the minimum and maximum voltage supported by installed DIMMs. This System ROM revision supports newly defined industry standard fields in the industry standard SMBIOS tables. Utilities to display this information may not yet be available.

Added support to allow industry standard utilities to display the HP DIMM Part Number for HP SmartMemory DIMMs. This information will also be displayed in the HP iLO GUI interface when using an updated revision of iLO Firmware.


Version:2013.03.01 (26 Mar 2013)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Resolved an issue where servers utilizing LRDIMMs may experience an extremely long boot process (~40 minutes).  This issue is not intermittent.  If the issue occurs, it will occur on every boot.  This issue has NO impact on platforms without LRDIMMs installed.

Known Issues:

None


Version:2012.12.14 (19 Dec 2012)
Fixes

Upgrade Requirement:
Recommended - HP recommends users update to this version at their earliest convenience.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Resolved an issue that could result in a server reset or the inability to boot. Servers should be updated to this revision of the system ROM to minimize the potential for a system reset or the inability to boot.

Resolved an issue where the system may experience a performance issue, usually seen in a degradation of network throughput, after updating to the 08/20/2012 revision of the System ROM.  This issue only exists with the 08/20/2012 revision of the System ROM.

Resolved an issue where no message was displayed and no Integrated Management Log (IML) entry is logged for certain memory errors that result in DIMMs not being usable.  This issue would look like the operating system having access to less memory than is actually installed without any error indicated.

Removed the Advanced ROM-Based Setup Utility (RBSU) option to disable Data Direct I/O (DDIO). It is no longer recommended that users disable this option due to the negative impacts on system performance.  For systems that had previously disabled Data Direct I/O, the option will remain disabled.   Defaults must be restored on the system to re-enable this functionality for this situation.

Resolved a rare issue where the system may experience a temporary loss of video, such as a blank screen on the local monitor and iLO Remote Console, if a key is pressed during POST during Option ROM Execution.

Resolved an issue where the order in which processors are presented to the Operating System may change across multiple system boots.

Known Issues:

None
Enhancements

Optimized the memory settings to improve the reliability of the memory system.

Added a ROM-Based Setup Utility (RBSU) option for HP Option ROM Prompting.  This option is enabled by default.  Disabling this option prevents HP Smart Array controllers and iLO from prompting to enter their setup tools during system boot.  This allows for faster boot times.  This option requires updated revisions of Smart Array Controller firmware and iLO Firmware to function.  If this option is disabled, the HP Smart Array and iLO will continue to prompt to enter their setup tools if an updated revision of these firmware deliverables are not installed.

Added the latest product names of optional expansion cards and updated language translations (for non-English modes) in the ROM-Based Setup Utility (RBSU).


Version:2012.08.20 (26 Oct 2012)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue where the Integrated Management Log (IML) may contain erroneous log entries for Uncorrectable Machine Check Errors after a normal platform power cycle. Users who are experiencing these erroneous messages should update to this version of the system ROM before replacing any hardware components.

Addressed an issue where the ROM Based Setup Utility Command Line Interface (CLI) Mode may not function properly.  Previous versions of the system ROM may have experienced an issue where certain commands in CLI mode would not function properly.

Addressed a rare issue where USB Support in a pre-boot environment, such as in DOS or the ROM Based Setup Utility (RBSU), may not function properly. This issue could have resulted in the system not booting properly from USB media or the USB Keyboard may becoming unresponsive.

Addressed an issue where the platform may experience a virtualization fault (which may result in an NMI or Machine Check Exception) when IOMMU is enabled under a Hypervisor based Operating System. In some instances, Linux kernel messaging (DMESG) would reflect an inability to enable IOMMO on the platform.

Addressed an issue where the platform may experience decreased I/O performance when any Minimum Processor Idle Power Core States (C-states) are enabled.  Reduced I/O performance has been seen in dual-processor configurations where I/O devices that are attached to the PCI-express lanes from one processor are accessing resources on the other processor when the other processor is in a low power state.

Known Issues:

None
Enhancements

Added support for Single Root I/O Virtualization (SR-IOV). SR-IOV can provide performance benefits in virtualized environments if the Operating System/hypervisor and installed I/O card support SR-IOV. This functionality is enabled via a ROM-Based Setup Utility (RBSU) Advanced System ROM Option. It is disabled by default. When enabled, the System ROM will configure devices that support SR-IOV for use under a supported Operating System. Please consult the proper Operating System and Network Adapter documentation for a list of supported configurations.

Added a new ROM Based Setup Utility (RBSU) Advanced Performance Option menu that allows the user to enable Intel NIC DMA Channels (IOAT). This option is disabled by default. When enabled, certain networking devices may see an improvement in performance by utilizing Intel's DMA engine to offload network activity. Please consult documentation from the network adapter to determine if this feature is supported.

Added a new ROM Based Setup Utility (RBSU) Advanced Power Savings Option menu that allows the user to disable Memory Power Management functionality. This option is enabled by default. When disabled, certain memory power savings modes are disabled which can result in lower latency responses from memory transactions at the cost of memory power savings.

Added a new ROM Based Setup Utility (RBSU) Advanced System ROM Option menu that allows the user to disable the default System ROM functionality that continually searches for bootable devices when a boot device cannot be found (non-system disk condition). By default, the System ROM will indefinitely keep searching for bootable devices from all available media types until a bootable device is detected.

Increased memory speeds for certain DIMM configurations using HP SmartMemory.


Version:2012.05.30 (4 Sep 2012)
Enhancements

Upgrade Requirement:
Recommended - HP recommends users update to this version at their earliest convenience.


Important Notes:

None

Firmware Dependencies:

None

Enhancements/New Features:

This is the initial version of the firmware.

Known Issues:

None

Legal Disclaimer: Products sold prior to the November 1, 2015 separation of Hewlett-Packard Company into Hewlett Packard Enterprise Company and HP Inc. may have older product names and model numbers that differ from current models.