Printable version

Drivers & software

** CRITICAL ** Online ROM Flash Component for Windows x64 - HP ProLiant DL580 Gen8 (P79) Servers

By downloading, you agree to the terms and conditions of the Hewlett Packard Enterprise Software License Agreement.
Note:  Some software requires a valid warranty, current Hewlett Packard Enterprise support contract, or a license fee.

Type: BIOS (Entitlement Required) - System ROM
Version: 2.20_05-21-2018(8 Jun 2018)
Operating System(s): Microsoft Windows HPC Server 2008 R2
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2008 x64
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016
File name: cp036500.exe (4.4 MB)
This component provides updated system firmware that can be installed directly on supported Operating Systems. Additionally, when used in conjunction with HP Smart Update Manager (HPSUM), this Component allows the user to update firmware on remote servers from a central location. This remote deployment capability eliminates the need for the user to be physically present at the server in order to perform a firmware update.

None

Prerequisites:

The "HPE ProLiant iLO 3/4 Channel Interface Driver” (CHIF) for Windows which is available from Service Pack for ProLiant (SPP).


To ensure the integrity of your download, HPE recommends verifying your results with this SHA-256 Checksum value:

8c74bcd82652974fba726771d8a73c0ecf71180d965634305a0b3f6a00b2eed1 cp036500.exe

Reboot Requirement:
Reboot is required after installation for updates to take effect and hardware stability to be maintained.


Installation:

To update firmware from Windows operating system on target server:

1.     Place the Component in a temporary directory.
2.     From the same directory, run the Component by double-clicking it.
3.     When the Component dialog window displays, click the Install button to initiate the firmware upgrade.
4.     Reboot your system if you would like the update to take effect immediately.


Supplemental updates for supported ProLiant servers and options can be done by using HP Smart Update Manager, which is found on the Service Pack for ProLiant ISO.

  • Place the Service Pack for ProLiant on a USB key using the USB Key Creator Utility.
  • Place the desired components to be updated in the directory, \hp\swpackages on the USB key.

Update the firmware and software in the usual manner.

This component can only be executed on Windows x64.

 


End User License Agreements:
OpenSSL License Agreement, Version 0.9.8
UEFI EDK2 License
HPE Software License Agreement v1
Hewlett-Packard End User License Agreement


Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important:

Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX. 

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

For Windows 2008 R2, install all Windows critical update.  Windows 2008 R2 critical update will include security update KB3033395 that will support SHA-2
For Windows 2008 SP2 requires KB4039648 be installed which is not part of the Windows Update 2008 SP2.   Follow this link to download the KB4039648
https://support.microsoft.com/en-us/help/4039648/update-to-add-sha2-code-signing-support-for-windows-server-2008-sp2

Deliverable Name:

HP ProLiant DL580 Gen8 System ROM - P79

Release Date:

2.20_05-21-2018

Last Recommended or Critical Revision:

2.20_05-21-2018

Previous Revision:

2.00_02-2-/2018

Firmware Dependencies:

None

Enhancements/New Features:

None

Problems Fixed:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX. 

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

Known Issues:

None


Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX. 

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

For Windows 2008 R2, install all Windows critical update.  Windows 2008 R2 critical update will include security update KB3033395 that will support SHA-2
For Windows 2008 SP2 requires KB4039648 be installed which is not part of the Windows Update 2008 SP2.   Follow this link to download the KB4039648
https://support.microsoft.com/en-us/help/4039648/update-to-add-sha2-code-signing-support-for-windows-server-2008-sp2

Firmware Dependencies:

None

Problems Fixed:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX. 

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

Known Issues:

None

Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX. 

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

For Windows 2008 R2, install all Windows critical update.  Windows 2008 R2 critical update will include security update KB3033395 that will support SHA-2
For Windows 2008 SP2 requires KB4039648 be installed which is not part of the Windows Update 2008 SP2.   Follow this link to download the KB4039648
https://support.microsoft.com/en-us/help/4039648/update-to-add-sha2-code-signing-support-for-windows-server-2008-sp2

Deliverable Name:

HP ProLiant DL580 Gen8 System ROM - P79

Release Date:

2.20_05-21-2018

Last Recommended or Critical Revision:

2.20_05-21-2018

Previous Revision:

2.00_02-2-/2018

Firmware Dependencies:

None

Enhancements/New Features:

None

Problems Fixed:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX. 

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

Known Issues:

None

Version:2.20_05-21-2018 (8 Jun 2018)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX. 

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

For Windows 2008 R2, install all Windows critical update.  Windows 2008 R2 critical update will include security update KB3033395 that will support SHA-2
For Windows 2008 SP2 requires KB4039648 be installed which is not part of the Windows Update 2008 SP2.   Follow this link to download the KB4039648
https://support.microsoft.com/en-us/help/4039648/update-to-add-sha2-code-signing-support-for-windows-server-2008-sp2

Firmware Dependencies:

None

Problems Fixed:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX. 

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

Known Issues:

None

Enhancements

None


Version:2.00_02-22-2018 (2 Mar 2018)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for Variant 2 of the Side Channel Analysis vulnerability, also known as Spectre. The revision of the microcode included in this System ROM does NOT have issues with more frequent reboots and unpredictable system behavior which impacted the previous Intel microcode which was part of the Spectre Variant 2 mitigation. Additional information is available from Intel’s Security Exploit Newsroom, https://newsroom.intel.com/press-kits/security-exploits-intel-products/.

For Windows 2008 R2, install all Windows critical update.  Windows 2008 R2 critical update will include security update KB3033395 that will support SHA-2
For Windows 2008 SP2 requires KB4039648 be installed which is not part of the Windows Update 2008 SP2.   Follow this link to download the KB4039648
https://support.microsoft.com/en-us/help/4039648/update-to-add-sha2-code-signing-support-for-windows-server-2008-sp2

Firmware Dependencies:

None

Problems Fixed:

Updated the Intel processor microcode to the latest version.

Known Issues:

None

Enhancements

None


Version:1.94_02-19-2016 (24 Oct 2016)
Enhancements

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

None

Firmware Dependencies:

None

Enhancements/New Features:

Added a new System Utilities BIOS/Platform Configuration (RBSU) PCIe I/O Allocation menu that allows the user to select how PCIe resources are allocated between PCIe slots. This option should be used when multiple PCIe expansion cards, such as Graphics Adapters, are installed in the system and the default resource allocations are not sufficient.

Added a new System Utilities BIOS/Platform Configuration (RBSU) IPv6 DHCP Unique Identifier menu that allows the user to select how the UEFI BIOS will use the DHCP Unique Identifier (DUID) for IPv6 PXE Boot. By default, the system will use the server's Unique Universal Identifier (UUID). The user can now optionally select to use the DUID-LLT as the unique identifier for PXE Boot. This setting applies when the server is configured to UEFI Boot Mode.
 

Known Issues:

None

Version:1.96_08-18-2016 (B) (21 Oct 2016)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue where a system experiencing a high rate of correctable memory errors may reset unexpectedly and log a fatal error in the Integrated Management Log (IML).

Known Issues:

None
Enhancements

Improved the thermal cooling solution of the server when the Thermal Configuration setting is configured to its default state of Optimal Cooling, which addresses an issue with temperature fluctuations on the embedded HPE Smart Array P830i controller that may result in component failure and unpredictable system behavior.


Version:1.92_10-27-2015 (1 Apr 2016)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

None 

Firmware Dependencies:

None

Problems Fixed:            

Addressed an issue where processor temperatures may not be reported properly when the server was configured with 3 processors. This issue does not affect systems configured with a different amount of processors installed.

Addressed an issue where a message would not be logged to the Integrated Management Log (IML) when a DIMM failed to train and was not available to the Operating System.

Known Issues:

None

Enhancements

Added an option for “Configure for 2 minimum required, 4 required for redundancy” to the Power Supply Requirements Override setting in the ROM-Based Setup Utility (RBSU).  This option can be selected to force the system to use “2+2” power supply redundancy.  This option should only be selected if the HP Power Advisor indicates the system’s configuration allows the server to operate properly with two power supplies installed.  This option was incorrectly not included in RBSU in previous revisions of the System ROM.  It could be configured using CONREP and was honored by the System ROM.  If this option was previously configured with CONREP, updating to this revision of the System ROM will NOT impact the power supply requirements.

Added a Date and Time BIOS/Platform Configuration (RBSU) option to configure the Time Format.  This option controls how the system date and time is stored in the Real Time Clock and presented to the operating system. By default, the time is formatted for Coordinated Universal Time (UTC). The users may optionally change the time format to Local Time which removes the use of the time zone. This option may be used to work around interaction issues between the system and Microsoft Windows operating systems running in legacy boot mode that can result in the time to be incorrect.


Version:1.90_07-20-2015 (10 Aug 2015)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue in which an Interphase audio streaming PCI-express expansion card may not achieve optimal performance resulting in dropped packets when streaming data.  A similar issue could be seen with other PCI-express expansion cards implemented with a PCI device behind a PLX PCIe-to-PCI bridge.  This type of PCI-express card implementation is more common with older PCI-express expansion cards.

Addressed an issue where the server may become unresponsive during boot when configured with a very large number of disks such as fibre adapters.

Known Issues:

None
Enhancements

Added a new System Utilities BIOS/Platform Configuration (RBSU) Fibre Channel/FCoE Scan Policy menu that allows the user to select how the UEFI BIOS will scan for valid Fibre Channel (or boot from SAN) boot targets. By default, the system will now only scan for Fibre Channel boot targets that are configured in each adapter. In the past, the system would scan for all Fibre Channel or FCoE available targets, potentially resulting in long boot times and large number of entries in the UEFI Boot Order list. The boot targets for adapters can be configured using the adapter specific menu in the System Utilities, System Configuration menu, or using management software such as HP Virtual Connect or HP OneView. This setting is applicable only in UEFI Boot Mode. A firmware update of the fibre channel controller might also be required to take full advantage of this feature.

Enhanced the thermal solution to provide better acoustics from the system fans.


Version:1.80_05-06-2015 (15 Jun 2015)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue where optional PCIe graphics controllers could not be used in pass-through mode to a virtual machine under a hypervisor based operating system.

Addressed an issue where an optional PCIe graphics controller may not be detected if it is installed on any PCIe slot except slot 9. If installed in slot 9, this issue will not occur.
                          

Known Issues:

None

Version:1.60_11-26-2014 (30 Mar 2015)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue where the HP FlexibleLOM port numbers would not be reported accurately under certain operating systems such as Red Hat Linux.

Addressed an issue where the server might become unresponsive during POST when a failed LRDIMM was installed in the system. Instead, the system will now properly map out the failed DIMM and log the event to the Integrated Management Log (IML).

Addressed an issue where HP StoreFabric CN1100R Dual Port Converged Network Adapter (P/N: QW990A) would not properly report status in the System Utilities Device Health Status page.

Addressed an issue where the HP Scripting Toolkit may fail to run properly and prompt for an Administrator Password even when no password is currently configured on the server.

Addressed an extremely rare issue where the server would fail to boot Intelligent Provisioning when pressing F10 during system boot.

Known Issues:

None
Enhancements

Enhanced the cooling solution for the server when the Thermal Configuration is set for Increased Cooling.

Added support for Memory Mirroring. This option can now be enabled through the System Utilities BIOS/Platform Configuration (RBSU) Advanced Memory Protection option. Please consult documentation for supported configurations.


Version:1.40_08-01-2014 (B) (19 Sep 2014)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue where the system would not boot into certain versions of Linux operating systems when the Processor x2APIC Support option is configured as enabled. This option is set to disabled by default.

Addressed an issue where the server’s boot order could not be configured using the “sysconfig” command in the Embedded UEFI Shell.

Addressed an issue where pressing the F12 key during system boot to initiate a Network Boot attempt may cause all other “hot keys” (function key prompts) to disappear from the screen. This issue was only seen when the Boot Mode is configured for Legacy BIOS Mode. This issue only exists with revision 1.03 (06/27/2014) of the System ROM.

Known Issues:

None
Enhancements

Enhanced memory performance slightly for servers using 32 GB or 64 GB LRDIMMs.


Version:1.03_06-27-2014 (6 Aug 2014)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue where the server may identify failed or degraded DIMMs incorrectly when a memory error occurs when the Advanced Memory Protection (AMP) mode is configured for Lockstep Mode with DDDC Support.

Addressed a rare and intermittent issue where the server may fail to boot from an iLO Virtual Media device.

Addressed an issue where optional Graphics Cards (GPUs) may be reported as Unknown Devices in the System Configuration Utility.

Addressed an issue where the server may not log memory failure events to the Integrated Memory Log when non-HP SmartMemory DIMMs are present in the system.

Addressed an issue where the Power Settings page in the iLO 4 GUI will display "Power Capabilities are UNKNOWN" and the user will not be able to configure a Dynamic Power Cap for limiting the server's maximum power usage.

Addressed an issue where the server would prompt twice for the Power-On Password when the server has a Power-On Password configured.

Known Issues:

None
Enhancements

Added support for 64GB LRDIMMs. Previous revisions of the System ROM should NOT be used with any DIMM configurations containing 64 GB LRDIMMs.

Added support for SDDC+1 and DDDC+1. SDDC+1 provides protection against single bit failures even after a DRAM device has failed within a DIMM rank. DDDC+1 provides protection against single bit failures even after two DRAM devices within a DIMM rank have failed. This functionality works automatically.

Added support for nVidia GPUs. This revision of the System ROM has support to allow monitoring the temperature of the option card for improved thermals.

Increased the DIMM speed for several 3 DIMM Per Channel (DPC) configurations when the Advanced Memory Protection mode is configured for Advanced ECC Support when using RDIMMs.

Increased the DIMM speed for numerous configurations when the Advanced Memory Protection mode is configured for Lockstep Mode with DDDC Support when using RDIMMs.


Version:1.02_04-01-2014 (2 May 2014)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed a processor issue which can result in a Blue Screen of Death (BSOD) in a Windows virtual machine or Linux Kernel Panic in a Linux virtual machine when running on VMware ESX 5.x or Microsoft Hyper-V on Intel Xeon E7-4800 series v2 processors. This issue is not unique to HP ProLiant servers and could impact any system utilizing affected processors operating with the conditions listed. This revision of the System ROM contains an updated version of Intel's microcode that addresses this issue.

Known Issues:

None

Version:1.01_03-19-2014 (B) (2 May 2014)
Fixes

Upgrade Requirement:
Recommended - HP recommends users update to this version at their earliest convenience.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue where the server might not be able to achieve optimal performance under certain conditions. One symptom of this issue is the processors not entering Turbo Mode frequencies as often as expected.

Addressed an issue where the system might become unresponsive during system boot (POST) after an unrecoverable error event that results in a system reset. This issue applies to certain models of Intel E7-8800/4800 v2 series processor that have core counts of 8 or less. Note that this issue does not result in the unrecoverable error event and system reset, but results in the system becoming unresponsive during system boot.

Addressed an issue where the BIOS Serial Console redirection support might stop functioning when the server enters the Embedded UEFI Shell.

Addressed various issues with the configuration of Trusted Platform Module (TPM) options in the BIOS/Platform Configuration (RBSU).

Addressed an issue where servers configured for Legacy Boot Mode might not be able to boot certain operating system installations that install a Master Boot Record, which is not marked as Active. When this issue occurs, the server might experience a Non-System Disk Error or not boot the intended media. This issue does not impact systems configured in UEFI Boot Mode.

Known Issues:

None
Enhancements

Added support for Online Spare Advanced Memory Protection Mode. This feature can be enabled from the BIOS/Platform Configuration (RBSU) Advanced Memory Protection menu under System Options. See the HP ProLiant DL580 Gen8 User Guide for the proper memory installation requirements to support this mode.

Added support for Double Device Data Correction (DDDC) Memory Protection Mode. This feature provides additional protection against uncorrectable memory errors while still allowing all installed memory to be available to the operating system. This mode of operation requires specific DIMM population requirements and reduces memory bandwidth performance. This feature can be enabled from the BIOS/Platform Configuration (RBSU) Advanced Memory Protection menu under System Options. See the HP ProLiant DL580 Gen8 User Guide for the proper memory installation requirements to support this mode.

Added a BIOS/Platform Configuration (RBSU) option to allow configuring the time zone. Note that not all operating systems use this setting for the time zone. See the OS documentation to determine whether the installed operating system uses the time zone configured by the BIOS.

Added updated language translations (for non-English modes) in the BIOS/Platform Configuration (RBSU).

Added support for systems configured in Legacy Boot Mode to auto detect new mass storage bootable devices, such as storage controllers, and add them to the Standard Boot Order (IPL) list without requiring a reboot. This allows devices in the BIOS/Platform Configuration (RBSU) to be configured without having to boot once prior to entering RBSU. This functionality was already supported in UEFI Boot Mode.


Version:1.00_01-24-2014 (18 Feb 2014)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue where VMware ESXi 5.5 may have not be able to determine the date and time. This may result in the date and time being reported as 1/1/2001:00:00:00 and a license expiration issue when adding the server to vCenter.

Known Issues:

None

Type: BIOS (Entitlement Required) - System ROM
Version: 2.20_05-21-2018(8 Jun 2018)
Operating System(s):
Microsoft Windows HPC Server 2008 R2
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2008 x64
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016

Description

This component provides updated system firmware that can be installed directly on supported Operating Systems. Additionally, when used in conjunction with HP Smart Update Manager (HPSUM), this Component allows the user to update firmware on remote servers from a central location. This remote deployment capability eliminates the need for the user to be physically present at the server in order to perform a firmware update.

Enhancements

None

Installation Instructions

Prerequisites:

The "HPE ProLiant iLO 3/4 Channel Interface Driver” (CHIF) for Windows which is available from Service Pack for ProLiant (SPP).


To ensure the integrity of your download, HPE recommends verifying your results with this SHA-256 Checksum value:

8c74bcd82652974fba726771d8a73c0ecf71180d965634305a0b3f6a00b2eed1 cp036500.exe

Reboot Requirement:
Reboot is required after installation for updates to take effect and hardware stability to be maintained.


Installation:

To update firmware from Windows operating system on target server:

1.     Place the Component in a temporary directory.
2.     From the same directory, run the Component by double-clicking it.
3.     When the Component dialog window displays, click the Install button to initiate the firmware upgrade.
4.     Reboot your system if you would like the update to take effect immediately.


Supplemental updates for supported ProLiant servers and options can be done by using HP Smart Update Manager, which is found on the Service Pack for ProLiant ISO.

  • Place the Service Pack for ProLiant on a USB key using the USB Key Creator Utility.
  • Place the desired components to be updated in the directory, \hp\swpackages on the USB key.

Update the firmware and software in the usual manner.

This component can only be executed on Windows x64.

 


Release Notes

End User License Agreements:
OpenSSL License Agreement, Version 0.9.8
UEFI EDK2 License
HPE Software License Agreement v1
Hewlett-Packard End User License Agreement


Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important:

Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX. 

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

For Windows 2008 R2, install all Windows critical update.  Windows 2008 R2 critical update will include security update KB3033395 that will support SHA-2
For Windows 2008 SP2 requires KB4039648 be installed which is not part of the Windows Update 2008 SP2.   Follow this link to download the KB4039648
https://support.microsoft.com/en-us/help/4039648/update-to-add-sha2-code-signing-support-for-windows-server-2008-sp2

Deliverable Name:

HP ProLiant DL580 Gen8 System ROM - P79

Release Date:

2.20_05-21-2018

Last Recommended or Critical Revision:

2.20_05-21-2018

Previous Revision:

2.00_02-2-/2018

Firmware Dependencies:

None

Enhancements/New Features:

None

Problems Fixed:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX. 

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

Known Issues:

None


Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX. 

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

For Windows 2008 R2, install all Windows critical update.  Windows 2008 R2 critical update will include security update KB3033395 that will support SHA-2
For Windows 2008 SP2 requires KB4039648 be installed which is not part of the Windows Update 2008 SP2.   Follow this link to download the KB4039648
https://support.microsoft.com/en-us/help/4039648/update-to-add-sha2-code-signing-support-for-windows-server-2008-sp2

Firmware Dependencies:

None

Problems Fixed:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX. 

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

Known Issues:

None

Important

Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX. 

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

For Windows 2008 R2, install all Windows critical update.  Windows 2008 R2 critical update will include security update KB3033395 that will support SHA-2
For Windows 2008 SP2 requires KB4039648 be installed which is not part of the Windows Update 2008 SP2.   Follow this link to download the KB4039648
https://support.microsoft.com/en-us/help/4039648/update-to-add-sha2-code-signing-support-for-windows-server-2008-sp2

Deliverable Name:

HP ProLiant DL580 Gen8 System ROM - P79

Release Date:

2.20_05-21-2018

Last Recommended or Critical Revision:

2.20_05-21-2018

Previous Revision:

2.00_02-2-/2018

Firmware Dependencies:

None

Enhancements/New Features:

None

Problems Fixed:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX. 

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

Known Issues:

None

Revision History

Version:2.20_05-21-2018 (8 Jun 2018)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX. 

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

For Windows 2008 R2, install all Windows critical update.  Windows 2008 R2 critical update will include security update KB3033395 that will support SHA-2
For Windows 2008 SP2 requires KB4039648 be installed which is not part of the Windows Update 2008 SP2.   Follow this link to download the KB4039648
https://support.microsoft.com/en-us/help/4039648/update-to-add-sha2-code-signing-support-for-windows-server-2008-sp2

Firmware Dependencies:

None

Problems Fixed:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX. 

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

Known Issues:

None

Enhancements

None


Version:2.00_02-22-2018 (2 Mar 2018)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for Variant 2 of the Side Channel Analysis vulnerability, also known as Spectre. The revision of the microcode included in this System ROM does NOT have issues with more frequent reboots and unpredictable system behavior which impacted the previous Intel microcode which was part of the Spectre Variant 2 mitigation. Additional information is available from Intel’s Security Exploit Newsroom, https://newsroom.intel.com/press-kits/security-exploits-intel-products/.

For Windows 2008 R2, install all Windows critical update.  Windows 2008 R2 critical update will include security update KB3033395 that will support SHA-2
For Windows 2008 SP2 requires KB4039648 be installed which is not part of the Windows Update 2008 SP2.   Follow this link to download the KB4039648
https://support.microsoft.com/en-us/help/4039648/update-to-add-sha2-code-signing-support-for-windows-server-2008-sp2

Firmware Dependencies:

None

Problems Fixed:

Updated the Intel processor microcode to the latest version.

Known Issues:

None

Enhancements

None


Version:1.94_02-19-2016 (24 Oct 2016)
Enhancements

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

None

Firmware Dependencies:

None

Enhancements/New Features:

Added a new System Utilities BIOS/Platform Configuration (RBSU) PCIe I/O Allocation menu that allows the user to select how PCIe resources are allocated between PCIe slots. This option should be used when multiple PCIe expansion cards, such as Graphics Adapters, are installed in the system and the default resource allocations are not sufficient.

Added a new System Utilities BIOS/Platform Configuration (RBSU) IPv6 DHCP Unique Identifier menu that allows the user to select how the UEFI BIOS will use the DHCP Unique Identifier (DUID) for IPv6 PXE Boot. By default, the system will use the server's Unique Universal Identifier (UUID). The user can now optionally select to use the DUID-LLT as the unique identifier for PXE Boot. This setting applies when the server is configured to UEFI Boot Mode.
 

Known Issues:

None

Version:1.96_08-18-2016 (B) (21 Oct 2016)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue where a system experiencing a high rate of correctable memory errors may reset unexpectedly and log a fatal error in the Integrated Management Log (IML).

Known Issues:

None
Enhancements

Improved the thermal cooling solution of the server when the Thermal Configuration setting is configured to its default state of Optimal Cooling, which addresses an issue with temperature fluctuations on the embedded HPE Smart Array P830i controller that may result in component failure and unpredictable system behavior.


Version:1.92_10-27-2015 (1 Apr 2016)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

None 

Firmware Dependencies:

None

Problems Fixed:            

Addressed an issue where processor temperatures may not be reported properly when the server was configured with 3 processors. This issue does not affect systems configured with a different amount of processors installed.

Addressed an issue where a message would not be logged to the Integrated Management Log (IML) when a DIMM failed to train and was not available to the Operating System.

Known Issues:

None

Enhancements

Added an option for “Configure for 2 minimum required, 4 required for redundancy” to the Power Supply Requirements Override setting in the ROM-Based Setup Utility (RBSU).  This option can be selected to force the system to use “2+2” power supply redundancy.  This option should only be selected if the HP Power Advisor indicates the system’s configuration allows the server to operate properly with two power supplies installed.  This option was incorrectly not included in RBSU in previous revisions of the System ROM.  It could be configured using CONREP and was honored by the System ROM.  If this option was previously configured with CONREP, updating to this revision of the System ROM will NOT impact the power supply requirements.

Added a Date and Time BIOS/Platform Configuration (RBSU) option to configure the Time Format.  This option controls how the system date and time is stored in the Real Time Clock and presented to the operating system. By default, the time is formatted for Coordinated Universal Time (UTC). The users may optionally change the time format to Local Time which removes the use of the time zone. This option may be used to work around interaction issues between the system and Microsoft Windows operating systems running in legacy boot mode that can result in the time to be incorrect.


Version:1.90_07-20-2015 (10 Aug 2015)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue in which an Interphase audio streaming PCI-express expansion card may not achieve optimal performance resulting in dropped packets when streaming data.  A similar issue could be seen with other PCI-express expansion cards implemented with a PCI device behind a PLX PCIe-to-PCI bridge.  This type of PCI-express card implementation is more common with older PCI-express expansion cards.

Addressed an issue where the server may become unresponsive during boot when configured with a very large number of disks such as fibre adapters.

Known Issues:

None
Enhancements

Added a new System Utilities BIOS/Platform Configuration (RBSU) Fibre Channel/FCoE Scan Policy menu that allows the user to select how the UEFI BIOS will scan for valid Fibre Channel (or boot from SAN) boot targets. By default, the system will now only scan for Fibre Channel boot targets that are configured in each adapter. In the past, the system would scan for all Fibre Channel or FCoE available targets, potentially resulting in long boot times and large number of entries in the UEFI Boot Order list. The boot targets for adapters can be configured using the adapter specific menu in the System Utilities, System Configuration menu, or using management software such as HP Virtual Connect or HP OneView. This setting is applicable only in UEFI Boot Mode. A firmware update of the fibre channel controller might also be required to take full advantage of this feature.

Enhanced the thermal solution to provide better acoustics from the system fans.


Version:1.80_05-06-2015 (15 Jun 2015)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue where optional PCIe graphics controllers could not be used in pass-through mode to a virtual machine under a hypervisor based operating system.

Addressed an issue where an optional PCIe graphics controller may not be detected if it is installed on any PCIe slot except slot 9. If installed in slot 9, this issue will not occur.
                          

Known Issues:

None

Version:1.60_11-26-2014 (30 Mar 2015)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue where the HP FlexibleLOM port numbers would not be reported accurately under certain operating systems such as Red Hat Linux.

Addressed an issue where the server might become unresponsive during POST when a failed LRDIMM was installed in the system. Instead, the system will now properly map out the failed DIMM and log the event to the Integrated Management Log (IML).

Addressed an issue where HP StoreFabric CN1100R Dual Port Converged Network Adapter (P/N: QW990A) would not properly report status in the System Utilities Device Health Status page.

Addressed an issue where the HP Scripting Toolkit may fail to run properly and prompt for an Administrator Password even when no password is currently configured on the server.

Addressed an extremely rare issue where the server would fail to boot Intelligent Provisioning when pressing F10 during system boot.

Known Issues:

None
Enhancements

Enhanced the cooling solution for the server when the Thermal Configuration is set for Increased Cooling.

Added support for Memory Mirroring. This option can now be enabled through the System Utilities BIOS/Platform Configuration (RBSU) Advanced Memory Protection option. Please consult documentation for supported configurations.


Version:1.40_08-01-2014 (B) (19 Sep 2014)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue where the system would not boot into certain versions of Linux operating systems when the Processor x2APIC Support option is configured as enabled. This option is set to disabled by default.

Addressed an issue where the server’s boot order could not be configured using the “sysconfig” command in the Embedded UEFI Shell.

Addressed an issue where pressing the F12 key during system boot to initiate a Network Boot attempt may cause all other “hot keys” (function key prompts) to disappear from the screen. This issue was only seen when the Boot Mode is configured for Legacy BIOS Mode. This issue only exists with revision 1.03 (06/27/2014) of the System ROM.

Known Issues:

None
Enhancements

Enhanced memory performance slightly for servers using 32 GB or 64 GB LRDIMMs.


Version:1.03_06-27-2014 (6 Aug 2014)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue where the server may identify failed or degraded DIMMs incorrectly when a memory error occurs when the Advanced Memory Protection (AMP) mode is configured for Lockstep Mode with DDDC Support.

Addressed a rare and intermittent issue where the server may fail to boot from an iLO Virtual Media device.

Addressed an issue where optional Graphics Cards (GPUs) may be reported as Unknown Devices in the System Configuration Utility.

Addressed an issue where the server may not log memory failure events to the Integrated Memory Log when non-HP SmartMemory DIMMs are present in the system.

Addressed an issue where the Power Settings page in the iLO 4 GUI will display "Power Capabilities are UNKNOWN" and the user will not be able to configure a Dynamic Power Cap for limiting the server's maximum power usage.

Addressed an issue where the server would prompt twice for the Power-On Password when the server has a Power-On Password configured.

Known Issues:

None
Enhancements

Added support for 64GB LRDIMMs. Previous revisions of the System ROM should NOT be used with any DIMM configurations containing 64 GB LRDIMMs.

Added support for SDDC+1 and DDDC+1. SDDC+1 provides protection against single bit failures even after a DRAM device has failed within a DIMM rank. DDDC+1 provides protection against single bit failures even after two DRAM devices within a DIMM rank have failed. This functionality works automatically.

Added support for nVidia GPUs. This revision of the System ROM has support to allow monitoring the temperature of the option card for improved thermals.

Increased the DIMM speed for several 3 DIMM Per Channel (DPC) configurations when the Advanced Memory Protection mode is configured for Advanced ECC Support when using RDIMMs.

Increased the DIMM speed for numerous configurations when the Advanced Memory Protection mode is configured for Lockstep Mode with DDDC Support when using RDIMMs.


Version:1.02_04-01-2014 (2 May 2014)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed a processor issue which can result in a Blue Screen of Death (BSOD) in a Windows virtual machine or Linux Kernel Panic in a Linux virtual machine when running on VMware ESX 5.x or Microsoft Hyper-V on Intel Xeon E7-4800 series v2 processors. This issue is not unique to HP ProLiant servers and could impact any system utilizing affected processors operating with the conditions listed. This revision of the System ROM contains an updated version of Intel's microcode that addresses this issue.

Known Issues:

None

Version:1.01_03-19-2014 (B) (2 May 2014)
Fixes

Upgrade Requirement:
Recommended - HP recommends users update to this version at their earliest convenience.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue where the server might not be able to achieve optimal performance under certain conditions. One symptom of this issue is the processors not entering Turbo Mode frequencies as often as expected.

Addressed an issue where the system might become unresponsive during system boot (POST) after an unrecoverable error event that results in a system reset. This issue applies to certain models of Intel E7-8800/4800 v2 series processor that have core counts of 8 or less. Note that this issue does not result in the unrecoverable error event and system reset, but results in the system becoming unresponsive during system boot.

Addressed an issue where the BIOS Serial Console redirection support might stop functioning when the server enters the Embedded UEFI Shell.

Addressed various issues with the configuration of Trusted Platform Module (TPM) options in the BIOS/Platform Configuration (RBSU).

Addressed an issue where servers configured for Legacy Boot Mode might not be able to boot certain operating system installations that install a Master Boot Record, which is not marked as Active. When this issue occurs, the server might experience a Non-System Disk Error or not boot the intended media. This issue does not impact systems configured in UEFI Boot Mode.

Known Issues:

None
Enhancements

Added support for Online Spare Advanced Memory Protection Mode. This feature can be enabled from the BIOS/Platform Configuration (RBSU) Advanced Memory Protection menu under System Options. See the HP ProLiant DL580 Gen8 User Guide for the proper memory installation requirements to support this mode.

Added support for Double Device Data Correction (DDDC) Memory Protection Mode. This feature provides additional protection against uncorrectable memory errors while still allowing all installed memory to be available to the operating system. This mode of operation requires specific DIMM population requirements and reduces memory bandwidth performance. This feature can be enabled from the BIOS/Platform Configuration (RBSU) Advanced Memory Protection menu under System Options. See the HP ProLiant DL580 Gen8 User Guide for the proper memory installation requirements to support this mode.

Added a BIOS/Platform Configuration (RBSU) option to allow configuring the time zone. Note that not all operating systems use this setting for the time zone. See the OS documentation to determine whether the installed operating system uses the time zone configured by the BIOS.

Added updated language translations (for non-English modes) in the BIOS/Platform Configuration (RBSU).

Added support for systems configured in Legacy Boot Mode to auto detect new mass storage bootable devices, such as storage controllers, and add them to the Standard Boot Order (IPL) list without requiring a reboot. This allows devices in the BIOS/Platform Configuration (RBSU) to be configured without having to boot once prior to entering RBSU. This functionality was already supported in UEFI Boot Mode.


Version:1.00_01-24-2014 (18 Feb 2014)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue where VMware ESXi 5.5 may have not be able to determine the date and time. This may result in the date and time being reported as 1/1/2001:00:00:00 and a license expiration issue when adding the server to vCenter.

Known Issues:

None

Legal Disclaimer: Products sold prior to the November 1, 2015 separation of Hewlett-Packard Company into Hewlett Packard Enterprise Company and HP Inc. may have older product names and model numbers that differ from current models.