Printable version

Drivers & software

** CRITICAL ** Online ROM Flash Component for Windows x64 - HPE ProLiant ML350 Gen10 (U41) Servers

By downloading, you agree to the terms and conditions of the Hewlett Packard Enterprise Software License Agreement.
Note:  Some software requires a valid warranty, current Hewlett Packard Enterprise support contract, or a license fee.

Type: BIOS (Entitlement Required) - System ROM
Version: 1.42_06-20-2018(4 Jul 2018)
Operating System(s): Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016
Multi-part download
File name: cp036828.compsig (2.0 KB)
File name: cp036828.exe (10 MB)
This component provides updated system firmware that can be installed directly on supported Operating Systems. Additionally, when used in conjunction with Smart Update Manager (SUM), this Component allows the user to update firmware on remote servers from a central location. This remote deployment capability eliminates the need for the user to be physically present at the server in order to perform a firmware update.

Prerequisites:

The "iLO 5 Channel Interface Driver” (CHIF) for Windows which is available from Service Pack for ProLiant (SPP).


To ensure the integrity of your download, HPE recommends verifying your results with the following SHA-256 Checksum values:

dd91b9fbc37cad3e734eadb89b1ecb2577a9874dcca15404441c21ec292e897a cp036828.compsig
a3fb39e1380d61963d6b49cb5ba149a0e6b5f7c6b1a4fba064b6e6b7af1c530f cp036828.exe

Reboot Requirement:
Reboot is required after installation for updates to take effect and hardware stability to be maintained.


Installation:

To update firmware from Windows operating system on target server:

1.     Place the Component in a temporary directory.
2.     From the same directory, run the Component by double-clicking it.
3.     When the Component dialog window displays, click the Install button to initiate the firmware upgrade.
4.     Reboot your system if you would like the update to take effect immediately.


 Supplemental updates for supported ProLiant servers and options can be done by using Smart Update Manager, which is found on the Service Pack for ProLiant ISO.

  • Place the Service Pack for ProLiant on a USB key using the USB Key Creator Utility.
  • Place the desired components to be updated in the directory, \packages on the USB key.

Update the firmware and software in the usual manner. 
 

This component can only be executed on Windows x64.


End User License Agreements:
The MIT License Agreement
OpenSSL License Agreement, Version 0.9.8
PNG Graphics File Format Software End User License Agreement
UEFI EDK2 License
zlib End User License Agreement
HPE Software License Agreement v1
Hewlett-Packard End User License Agreement


Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important:

Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

Deliverable Name:

HPE ProLiant ML350 Gen10 System ROM - U41

Release Version:

1.42_06-20-2018

Last Recommended or Critical Revision:

1.42_06-20-2018

Previous Revision:

1.40_06-15-2018

Firmware Dependencies:

None

Enhancements/New Features:

None

Problems Fixed:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This firmware version includes additional fixes (since version 1.40) for an issue where systems may experience a 389-Unexpected Shutdown and Restart, logged in the iLO Integrated Management Log (IML). This issue is not unique to HPE servers.

Addressed an issue where systems may log an erroneous Bank 4 Machine Check to the iLO Integrated Management Log (IML) on a system reset event. In most cases, this error can safely be ignored. This issue is not unique to HPE servers.

Known Issues:

None


Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

Firmware Dependencies:

None

Problems Fixed:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This firmware version includes additional fixes (since version 1.40) for an issue where systems may experience a 389-Unexpected Shutdown and Restart, logged in the iLO Integrated Management Log (IML). This issue is not unique to HPE servers.

Addressed an issue where systems may log an erroneous Bank 4 Machine Check to the iLO Integrated Management Log (IML) on a system reset event. In most cases, this error can safely be ignored. This issue is not unique to HPE servers.

Known Issues:

None

Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

Deliverable Name:

HPE ProLiant ML350 Gen10 System ROM - U41

Release Version:

1.42_06-20-2018

Last Recommended or Critical Revision:

1.42_06-20-2018

Previous Revision:

1.40_06-15-2018

Firmware Dependencies:

None

Enhancements/New Features:

None

Problems Fixed:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This firmware version includes additional fixes (since version 1.40) for an issue where systems may experience a 389-Unexpected Shutdown and Restart, logged in the iLO Integrated Management Log (IML). This issue is not unique to HPE servers.

Addressed an issue where systems may log an erroneous Bank 4 Machine Check to the iLO Integrated Management Log (IML) on a system reset event. In most cases, this error can safely be ignored. This issue is not unique to HPE servers.

Known Issues:

None

Version:2.04_04-18-2019 (2 May 2019)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and/or hypervisor updates, provides mitigation for a new group of side channel vulnerabilities known as Microarchitectural Data Sampling (MDS).  This includes support for mitigating the following vulnerabilities:  CVE-2018-12126 – Microarchitectural Store Buffer Data Sampling, CVE-2018-12130 – Microarchitectural Fill Buffer Data Sampling, CVE-2018-12127 – Microarchitectural Load Port Data Sampling, and CVE-2019-11091 – Microarchitectural Data Sampling Uncacheable Memory.  These issues are not unique to HPE servers.  Note that MDS is addressed in hardware for systems utilizing the Intel Second Generation Intel Xeon Scalable Processors.

Firmware Dependencies:

None

Problems Fixed:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and/or hypervisor updates, provides mitigation for a new group of side channel vulnerabilities known as Microarchitectural Data Sampling (MDS).  This includes support for mitigating the following vulnerabilities:  CVE-2018-12126 – Microarchitectural Store Buffer Data Sampling, CVE-2018-12130 – Microarchitectural Fill Buffer Data Sampling, CVE-2018-12127 – Microarchitectural Load Port Data Sampling, and CVE-2019-11091 – Microarchitectural Data Sampling Uncacheable Memory.  These issues are not unique to HPE servers.  Note that MDS is addressed in hardware for systems utilizing the Intel Second Generation Intel Xeon Scalable Processors.

This revision of the System ROM includes the latest revision of the Intel Reference code support that provides mitigations for a variety of security vulnerabilities.  The following vulnerabilities have been addressed in this System ROM release: CVE-2019-0119 and  CVE-and CVE-2019-0126.  These security vulnerabilities are not unique to HPE servers.

Addressed an issue where the system may experience a higher rate of boot time Memory training issues with Intel Xeon Scalable Performance Bronze, Silver and Gold 5x00 processors. This issue was first introduced with System ROM version 2.00. HPE recommends that any customer experiencing a memory issue immediately update to this version of the system ROM before replacing any components. This issue is not unique to HPE servers.

Addressed an issue where the HPE RESTful Firmware update manager may fail to update a component or experience a boot time Red Screen (RSOD) after the HPE 369i Integrated NIC firmware was updated to the latest revision.

Known Issues:

None


Version:2.02_03-19-2019 (28 Mar 2019)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for an Intel sighting where under complex microarchitectural conditions, software using Intel TSX (Transactional Synchronizations Extensions) may result in unpredictable system behavior. Intel has only seen this under synthetic testing conditions and is not aware of any commercially available software exhibiting this behavior. This issue is not unique to HPE servers.

Firmware Dependencies:

None

Problems Fixed:

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for an Intel sighting where under complex microarchitectural conditions, software using Intel TSX (Transactional Synchronizations Extensions) may result in unpredictable system behavior. Intel has only seen this under synthetic testing conditions and is not aware of any commercially available software exhibiting this behavior. This issue is not unique to HPE servers.

This system ROM contains the latest Intel microcode that addresses an issue where the system may experience an Uncorrected Machine Check Exception in Bank 0 with Status containing 000F0150. This update may not address all Bank 0 machine check events with a Status containing 000F0150 but should be used before any other further service actions for issues resulting in this Integrated Management Log (IML) entry. This issue is not unique to HPE servers.

This revision of the System ROM includes the latest revision of the UEFI EDK2 support that provides mitigations for a variety of security vulnerabilities.  The following vulnerabilities have been addressed in this System ROM release: CVE-2018-3613 CVE-2017-5731, CVE-2017-5732, CVE-2017-5733, CVE-2017-5734, CVE-2017-5735, CVE-2018-3630, CVE-2018-12178, CVE-2018-12179, CVE-2018-12180, CVE-2018-12181, CVE-2018-12182, CVE-2018-12183, CVE-2018-12201, CVE-2018-12202, CVE-2018-12203, CVE-2018-12204 and CVE-2018-12205. For additional information please refer to the security bulletin at https://support.hpe.com/hpsc/doc/public/display?docId=hpesbhf03912en_us.  These security vulnerabilities are not unique to HPE servers.

Addressed an issue in which the system may not properly boot to the HPE 8GB Dual microSD Flash USB Drive when an SD card is installed on the internal SD slot when the system is configured for Legacy Boot Mode. This issue does not impact systems in UEFI Boot Mode.

Addressed an issue where certain 3rd party USB drive keys may not function properly after a system reset when the system is configured in UEFI Boot Mode.

Addressed an issue where the HPE CN1000E-T adapter may not boot properly in Legacy Boot Mode.  This issue does not impact systems configured in UEFI Boot Mode.

Addressed an issue where firmware updates staged through the HPE RESTful API may fail to properly execute on a subsequent boot and be marked with an exception in the iLO firmware installation queue.

Addressed an issue where iLO virtual media may not boot properly after setting the Boot on Next Reset option in the iLO Remote Console and Media - Virtual Media settings.

Addressed an issue where the AHS Download application from the System Utilities Embedded Applications or UEFI Shell may fail to work properly with iLO firmware 1.30 or later.

Addressed an issue where the UEFI Shell sysconfig command may fail to set an option or become unresponsive.

Addressed an issue where an optional SATA DVD drive may not unlock and allow media to be ejected after an operating system reboot.

Addressed an issue where the system may become unresponsive during boot and experience a Red Screen (RSOD) when booting in Legacy Boot mode with a SATA M.2 drive installed. This issue does not impact systems in UEFI Boot Mode.

Addressed an issue where a USB KVM, such as the HP AF611A KVM,  may not function properly after a system reboot.

Known Issues:

This revision of the System ROM may result in a VMware PSOD (crash) when a system is configured with Intel Trusted eXecution Technology (TXT) enabled and the Trusted Platform Module (TPM) in TPM 1.2 Mode. This issue is only seen in certain memory configurations. Please consult the following HPE Customer Advisory for more details on this issue. https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00065453en_us
 

Enhancements

Added support for Intel Xeon Scalable Performance 3200, 4200, 5200, 6200 and 8200 series processors.

Added support for HPE One button secure erase. This option can be launched from the HPE Intelligent Provisioning application or through the HPE RESTful API to securely restore the system back to a default configuration.  This option also requires iLO firmware 1.40 or later, and Intelligent Provisioning 3.30 or later.

Added Secure Configuration Lock feature.  This feature can be enabled to detect system hardware, security configuration, or firmware revision changes to protect against malicious or unintended modifications to the server.  This protection can be enabled for systems in transit from the factory to the customer site, in transit from one customer site to another, or can be left enabled on a deployed server.  A new BIOS/Platform Configuration (RBSU) Server Configuration Lock menu in the Server Security Options is available to enable and configure this functionality.

Added a new BIOS/Platform Configuration (RBSU) Backup and Restore Settings menu to System Default Options. This option can be used to backup (save off) the current BIOS configurations settings to a USB storage device for migration to another server.

Added a new BIOS/Platform Configuration (RBSU) Opportunistic Self Refresh menu to Memory Options. This option can be enabled to reduce idle system power usage, but the system may incur additional memory latency.

Added a new BIOS/Platform Configuration (RBSU) Memory Controller Interleaving menu to Memory Options.  This option can be used to disable memory controller interleaving which may provide more balanced memory performance when a system is configured in an unbalanced memory configuration.

Added a new BIOS/Platform Configuration (RBSU) for dual bifurcation (quadfurcation) of PCIe Adapters to the Advanced PCIe Configuration Options. This option will allow a x16 PCIe device to be bifurcated into four x4 devices.  This option would only be used for PCIe Adapters that support this level of bifurcation.

Updated the system thermal logic to support the latest GPU adapters.

Updated the language translations (non-English modes) for System Utilities.

Updated the RESTful API HPE BIOS Attribute Registry resources to match the latest BIOS/Platform Configuration options.


Version:1.50_12-29-2018 (30 Jan 2019)
Enhancements

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


Important Notes:

This revision of the System ROM contains enhancements to the HPE memory support to improve memory resiliency. Please consult the following Customer Advisory for additional details: https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00064444en_us

Firmware Dependencies:

None

Enhancements/New Features:

Improved the memory resiliency of the server with enhanced support for HPE Fast Fault Tolerant Memory (ADDDC) capabilities. This System ROM will now configure the Advanced Memory Protection mode of the server to HPE Fast Fault Tolerant (ADDDC) memory mode for all Workload Profiles except Low Latency and Custom if the feature is supported by the server's DIMM configuration. Note that if the Advanced Memory Protection mode had previously been configured for Mirroring or Online Spare, the setting will NOT be automatically changed to HPE Fast Fault Tolerant Memory (ADDDC) mode. Also, if the DIMM configuration does not support HPE Fast Fault Tolerant Memory (ADDDC) mode, then the Advanced Memory Protection Mode will remain Advanced ECC Mode. Note that if the current BIOS configuration settings are queried via Redfish or the RESTful API, the setting for the Advanced Memory Protection Mode will indicate this change.

Known Issues:

None

Version:1.46_10-02-2018 (27 Nov 2018)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue where early server video output, on a locally attached monitor, may not show correctly when the monitor is attached to the server through a KVM. This issue does not impact systems that are not using a KVM or video output through the iLO Remote Console application.

Addressed an issue where firmware flashing through the RESTful API could periodically fail and the task being marked with an exception in the iLO firmware page. This issue could impact flashing firmware such as the HPE Innovation Engine, Intel SPS Firmware or the optional HPE Trusted Platform Module (TPM).

Addressed an issue where a PCIe card would not properly train to its maximum speed when the PCIe Bifurcation option was enabled. This issue does not impact PCIe cards that do not require bifurcation.

Addressed an extremely rare issue where a system configured with an optional SATA DVD drive and an HPE SmartArray controller may become unresponsive during boot, usually with a Red Screen (RSOD), when in legacy boot mode. This issue does not impact systems in UEFI Boot Mode.

Addressed an issue where an optional PCIe card's legacy option ROM may not properly display its legacy setup menu prompt during boot when in legacy boot mode. This issue does not impact systems in UEFI Boot Mode.

Known Issues:

None
Enhancements

Added support for flashing the firmware of the optional HPE Trusted Platform Module (TPM). This is the minimum revision of the System ROM that should be used if updating the firmware on the optional HPE TPM module.

Added a new PCIe Peer-to-Peer Serialization option to the Advanced Performance Options menu in the BIOS/Platform Configuration (RBSU). This option can be used to improve peer-to-peer performance between two PCIe devices installed on the same processor. This option may improve performance in certain GP-GPU configurations.

Updated the RESTful API HPE BIOS Attribute Registry resources to match the latest BIOS/Platform Configuration options.


Version:1.42_06-20-2018 (4 Jul 2018)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

Firmware Dependencies:

None

Problems Fixed:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This firmware version includes additional fixes (since version 1.40) for an issue where systems may experience a 389-Unexpected Shutdown and Restart, logged in the iLO Integrated Management Log (IML). This issue is not unique to HPE servers.

Addressed an issue where systems may log an erroneous Bank 4 Machine Check to the iLO Integrated Management Log (IML) on a system reset event. In most cases, this error can safely be ignored. This issue is not unique to HPE servers.

Known Issues:

None


Version:1.40_06-15-2018 (2 Jul 2018)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue where systems may experience an 389-Unexpected Shutdown and Restart, logged in the iLO Integrated Management Log (IML). This issue is not unique to HPE servers.

Addressed an issue where the Embedded Diagnostics may not launch properly when the UEFI POST Discovery Mode option is set to Force Fast Discovery.

Addressed an issue where the Integrated Management Log (IML) Viewer in the System Utilities menu may become unresponsive when launched.

Addressed an issue where the HPE Dual SD Card USB Module may not boot properly when the UEFI POST Discovery Mode option is set to Force Fast Discovery.

Addressed an issue where the Trusted Platform Module (TPM) Firmware update may not complete properly when the TPM is configured for TPM 2.0 Mode. This issue does not impact systems configured with a TPM operating in TPM 1.2 mode.

Addressed an issue where the system may not be able to boot to Intelligent Provisioning when a third party USB Key was installed in one of the server USB Ports. This issue was seen with a specific USB Key and has not been seen with other devices.

Addressed an issue where Integrated Lights-Out (iLO) Virtual Media may not boot properly when the UEFI POST Discovery Mode option is set to Force Full Discovery.

Addressed an issue where the system may become unresponsive during POST or experience a Red Screen on the next boot following an I/O Machine Check Failure at runtime.

Addressed an issue where a system configured with the internal SD Card disabled from BIOS/Platform Configuration (RBSU) and an HPE Dual SD card installed would not boot from the HPE Dual SD card USB Module when configured in Legacy Boot Mode. This issue does not impact systems configured in UEFI Boot Mode.

Addressed an issue where a system configured with an optional HPE CN1200E-T adapter would not boot properly when configured in Legacy Boot Mode. This issue does not impact systems configured in UEFI Boot Mode.

Addressed an issue where systems configured with HPE s100i Software RAID may experience a failed RAID volume on a system reset.

Known Issues:

None
Enhancements

Added support for the latest VMware vSphere Secure Boot Certificate.

Added support to decode certain Machine Check Exceptions to a specific failing PCIe device. Previous versions of the System ROM would log a generic Machine Check event to the Integrated Management Log (IML) for these error events.

Added a new BIOS/Platform Configuration (RBSU) Memory Controller Interleaving menu. This option allows disabling memory controller interleaving which may improve memory performance for systems configured with an unbalanced memory configuration.

Added a new BIOS/Platform Configuration (RBSU) Processor Jitter Control Optimization menu for Jitter Smoothing Support. This new optimization setting allows customers to choose between optimizing Auto-tuned mode for maximum throughput performance, low latency, or the default - zero latency.

Updated the RESTful API HPE BIOS Attribute Registry resources to match the latest BIOS/Platform Configuration options.

Updated the language translations (non-English modes) for System Utilities.


Version:1.36_02-14-2018 (28 Feb 2018)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue where the UEFI Boot Order would not get reset to a default value when loading a default configuration. This issue does not impact systems configured in Legacy Boot Mode.

Addressed an issue where the High Performance Event Timer (HPET) may not function properly under an Operating System. This was typically seen under a Windows Operating System where the HPET was reported as not functioning properly in Windows Device Manager.

Addressed an issue where the Embedded Serial Port option could not be properly configured through the RESTful Interface.

Addressed an issue where the PCI Express I/O Proximity values were not properly allocated in the ACPI System Locality Information Table (SLIT). This change may help provide a performance benefit in applications and configurations that are sensitive to PCIe Device I/O NUMA awareness.

Addressed a rare issue where the system may become unresponsive when a SAS drive was inserted with the HPE Smart Array S100i SR Gen10 SW RAID enabled. This issue does not impact systems configured in AHCI mode.

Addressed an issue where the system may experience an erroneous boot-time message and Integrated Management Log (IML) entry stating that Core Boost Technology is disabled due to a lack of an iLO Advanced License (531 - Core Boost Technology missing required iLO License) when using the Version 1.20 System ROM. This issue does NOT occur with the Version 1.00 or Version 1.22 System ROM. Note that this IML entry is only valid for servers using the Intel Xeon Scalable 6143 processor. If the message and IML entry are received with any other processor model installed, the message is erroneous and can be ignored without any negative impact to the system.

Known Issues:

None
Enhancements

Added new Storage Information page to the System Information section of System Utilities.

Added a new BIOS/Platform Configuration (RBSU) Advanced PCIe Configuration option for PCIe Bifurcation of PCI Express Slots. When enabled, this option will bifurcate a PCIe slot into two equal width slots. This option is used for certain PCIe option cards that support/require bifurcation.

Added a new BIOS/Platform Configuration (RBSU) Power and Performance option for Direct to UPI. When Enabled, this option can provide a performance benefit in multi-processor configured systems that are reliant on the UPI bus for remote memory or I/O accesses.

Added a new BIOS/Platform Configuration (RBSU) Thermal Configuration option for Enhanced CPU Cooling. When running certain processor intensive workloads, this option can provide additional cooling to the processors which can result in improved performance.

Added a new System Utilities option for Embedded Diagnostics. To take advantage of this feature, the user must also update Intelligent Provisioning to version 3.10 or later.

Added support for the Integrated Lights-Out (iLO) virtual wheel mouse functionality in the BIOS System Utilities application. This feature also requires iLO firmware version 1.20 or later for proper support.

Added RESTful API configuration support for the HPE Smart Array S100i SR Gen10 SW RAID controller.

Improved performance with applications and configurations that are sensitive to PCIe Device I/O NUMA awareness. This change optimally allocates the PCI Express I/O Proximity values in the ACPI System Locality Information Table (SLIT).

Updated the RESTful API HPE BIOS Attribute Registry resources to match the latest BIOS/Platform Configuration options.

Updated the language translations (non-English modes) for System Utilities.


Version:1.32_02-01-2018 (16 Feb 2018)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for Variant 2 of the Side Channel Analysis vulnerability, also known as Spectre. The revision of the microcode included in this System ROM addresses issues with more frequent reboots and unpredictable system behavior which impacted the previous Intel microcode which was part of the Spectre Variant 2 mitigation.  Additional information is available from Intel’s Security Exploit Newsroom, https://newsroom.intel.com/press-kits/security-exploits-intel-products/.

Firmware Dependencies:

None

Problems Fixed:

Updated the Intel processor microcode to the latest version.

Known Issues:

None


Version:1.28_12-11-2017 (3 Jan 2018)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important Notes:

“On January 11, Intel announced issues with an increased frequency of reboots when using the microcodes they released to address Variant 2 of the Spectre Vulnerability for numerous processors including Broadwell, Haswell, Skylake, Kaby Lake, Ivybridge, and Sandybridge processors. Mitigations for Variant 1 (Spectre) and Variant 3 (Meltdown) vulnerabilities require only OS updates and are not impacted.

Due to the severity of the potential issues that may occur when using these microcodes addressing Variant 2, Intel now recommends that customers discontinue their use.  Additional information is available from Intel’s Security Exploit Newsroom, https://newsroom.intel.com/press-kits/security-exploits-intel-products/.  HPE is in alignment with Intel in our recommendation that customers discontinue use of System ROMs including impacted microcodes and revert to earlier System ROM versions. Earlier versions of the System ROMs display on the ‘Revision History’ tab. Clicking the ‘Obtain software’ link opens the HPE Customer Advisory on this topic where the recommended version of an earlier System ROM for each affected platform is provided along with additional information about this critical issue. “

Firmware Dependencies:

None

Problems Fixed:

Updated the Intel processor microcode to the latest version.

Addressed an issue where the system may experience an erroneous boot-time message and Integrated Management Log (IML) entry stating that Core Boost Technology is disabled due to a lack of an iLO Advanced License (531 - Core Boost Technology missing required iLO License) when using the Version 1.20 System ROM. This issue does NOT occur with the Version 1.00 or Version 1.22 System ROM. Note that this IML entry is only valid for servers using the Intel Xeon Scalable 6143 processor. If the message and IML entry are received with any other processor model installed, the message is erroneous and can be ignored without any negative impact to the system.

Known Issues:

None


Version:1.26_11-14-2017 (16 Nov 2017)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


Important Notes:

This revision of the System ROM enables flash support for Innovation Engine (IE) Firmware revision 0.1.4.4 and later. It must be installed prior to updating to IE FW 0.1.4.4. Attempting to update to IE FW 0.1.4.4 or later without this revision of the System ROM or later will result in the flash operation not occurring. This revision of the BIOS, along with IE FW 0.1.4.4 and SPS FW 04.00.04.288, provide a solution to mitigate security vulnerability CVE-2017-5706 (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5706) and CVE-2017-5709 (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5709) with Intel’s SPS FW. It is anticipated that details regarding these security vulnerabilities will be published to these links on November 20,2017. These security vulnerabilities are not unique to HPE servers. Note that IE FW 0.1.4.4 must be installed prior to updating to SPS FW 04.00.04.288.

Firmware Dependencies:

None

Problems Fixed:

This revision of the System ROM enables flash support for Innovation Engine (IE) Firmware revision 0.1.4.4 and later. It must be installed prior to updating to IE FW 0.1.4.4. Attempting to update to IE FW 0.1.4.4 or later without this revision of the System ROM or later will result in the flash operation not occurring. This revision of the BIOS, along with IE FW 0.1.4.4 and SPS FW 04.00.04.288, provide a solution to mitigate security vulnerability CVE-2017-5706 (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5706) and CVE-2017-5709 (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5709) with Intel’s SPS FW. It is anticipated that details regarding these security vulnerabilities will be published to these links on November 20,2017. These security vulnerabilities are not unique to HPE servers. Note that IE FW 0.1.4.4 must be installed prior to updating to SPS FW 04.00.04.288.

Known Issues:

None

Version:1.22_09-29-2017 (23 Oct 2017)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue where the system would not achieve maximum performance results when the BIOS/Platform Configuration (RBSU) Sub-NUMA Clustering option is enabled. This option is not enabled by default.

Addressed an issue where the system may have the system time incorrectly "shifted" to the incorrect time after the operating system has been running for an extended period of time. This issue was typically seen under Microsoft Windows when the Set Time Automatically option was enabled from the Windows Date and Time Settings configuration page.

Addressed an issue where the system may report an inaccurate error message in the Integrated Management Log (IML) when a memory training failure occurred. It is recommended that customers update to this version of the system ROM before replacing any DIMMs due to a training issue.

Addressed an issue where the system may experience an erroneous boot-time message and Integrated Management Log (IML) entry stating that Core Boost Technology is disabled due to a lack of an iLO Advanced License (531 - Core Boost Technology missing required iLO License) when using the Version 1.20 System ROM. This issue does NOT occur with the Version 1.00 System ROM. Note that this IML entry is only valid for servers using the Intel Xeon Scalable 6143 processor. If the message and IML entry are received with any other processor model installed, the message is erroneous and can be ignored without any negative impact to the system.

Known Issues:

None

Version:1.20_08-18-2017 (27 Sep 2017)
Enhancements

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


Important Notes:

None

Firmware Dependencies:

None

Enhancements/New Features:

This is the initial version of the firmware.

Known Issues:

None

Type: BIOS (Entitlement Required) - System ROM
Version: 1.42_06-20-2018(4 Jul 2018)
Operating System(s):
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016

Description

This component provides updated system firmware that can be installed directly on supported Operating Systems. Additionally, when used in conjunction with Smart Update Manager (SUM), this Component allows the user to update firmware on remote servers from a central location. This remote deployment capability eliminates the need for the user to be physically present at the server in order to perform a firmware update.

Installation Instructions

Prerequisites:

The "iLO 5 Channel Interface Driver” (CHIF) for Windows which is available from Service Pack for ProLiant (SPP).


To ensure the integrity of your download, HPE recommends verifying your results with the following SHA-256 Checksum values:

dd91b9fbc37cad3e734eadb89b1ecb2577a9874dcca15404441c21ec292e897a cp036828.compsig
a3fb39e1380d61963d6b49cb5ba149a0e6b5f7c6b1a4fba064b6e6b7af1c530f cp036828.exe

Reboot Requirement:
Reboot is required after installation for updates to take effect and hardware stability to be maintained.


Installation:

To update firmware from Windows operating system on target server:

1.     Place the Component in a temporary directory.
2.     From the same directory, run the Component by double-clicking it.
3.     When the Component dialog window displays, click the Install button to initiate the firmware upgrade.
4.     Reboot your system if you would like the update to take effect immediately.


 Supplemental updates for supported ProLiant servers and options can be done by using Smart Update Manager, which is found on the Service Pack for ProLiant ISO.

  • Place the Service Pack for ProLiant on a USB key using the USB Key Creator Utility.
  • Place the desired components to be updated in the directory, \packages on the USB key.

Update the firmware and software in the usual manner. 
 

This component can only be executed on Windows x64.


Release Notes

End User License Agreements:
The MIT License Agreement
OpenSSL License Agreement, Version 0.9.8
PNG Graphics File Format Software End User License Agreement
UEFI EDK2 License
zlib End User License Agreement
HPE Software License Agreement v1
Hewlett-Packard End User License Agreement


Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important:

Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

Deliverable Name:

HPE ProLiant ML350 Gen10 System ROM - U41

Release Version:

1.42_06-20-2018

Last Recommended or Critical Revision:

1.42_06-20-2018

Previous Revision:

1.40_06-15-2018

Firmware Dependencies:

None

Enhancements/New Features:

None

Problems Fixed:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This firmware version includes additional fixes (since version 1.40) for an issue where systems may experience a 389-Unexpected Shutdown and Restart, logged in the iLO Integrated Management Log (IML). This issue is not unique to HPE servers.

Addressed an issue where systems may log an erroneous Bank 4 Machine Check to the iLO Integrated Management Log (IML) on a system reset event. In most cases, this error can safely be ignored. This issue is not unique to HPE servers.

Known Issues:

None


Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

Firmware Dependencies:

None

Problems Fixed:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This firmware version includes additional fixes (since version 1.40) for an issue where systems may experience a 389-Unexpected Shutdown and Restart, logged in the iLO Integrated Management Log (IML). This issue is not unique to HPE servers.

Addressed an issue where systems may log an erroneous Bank 4 Machine Check to the iLO Integrated Management Log (IML) on a system reset event. In most cases, this error can safely be ignored. This issue is not unique to HPE servers.

Known Issues:

None

Important

Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

Deliverable Name:

HPE ProLiant ML350 Gen10 System ROM - U41

Release Version:

1.42_06-20-2018

Last Recommended or Critical Revision:

1.42_06-20-2018

Previous Revision:

1.40_06-15-2018

Firmware Dependencies:

None

Enhancements/New Features:

None

Problems Fixed:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This firmware version includes additional fixes (since version 1.40) for an issue where systems may experience a 389-Unexpected Shutdown and Restart, logged in the iLO Integrated Management Log (IML). This issue is not unique to HPE servers.

Addressed an issue where systems may log an erroneous Bank 4 Machine Check to the iLO Integrated Management Log (IML) on a system reset event. In most cases, this error can safely be ignored. This issue is not unique to HPE servers.

Known Issues:

None

Revision History

Version:2.04_04-18-2019 (2 May 2019)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and/or hypervisor updates, provides mitigation for a new group of side channel vulnerabilities known as Microarchitectural Data Sampling (MDS).  This includes support for mitigating the following vulnerabilities:  CVE-2018-12126 – Microarchitectural Store Buffer Data Sampling, CVE-2018-12130 – Microarchitectural Fill Buffer Data Sampling, CVE-2018-12127 – Microarchitectural Load Port Data Sampling, and CVE-2019-11091 – Microarchitectural Data Sampling Uncacheable Memory.  These issues are not unique to HPE servers.  Note that MDS is addressed in hardware for systems utilizing the Intel Second Generation Intel Xeon Scalable Processors.

Firmware Dependencies:

None

Problems Fixed:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and/or hypervisor updates, provides mitigation for a new group of side channel vulnerabilities known as Microarchitectural Data Sampling (MDS).  This includes support for mitigating the following vulnerabilities:  CVE-2018-12126 – Microarchitectural Store Buffer Data Sampling, CVE-2018-12130 – Microarchitectural Fill Buffer Data Sampling, CVE-2018-12127 – Microarchitectural Load Port Data Sampling, and CVE-2019-11091 – Microarchitectural Data Sampling Uncacheable Memory.  These issues are not unique to HPE servers.  Note that MDS is addressed in hardware for systems utilizing the Intel Second Generation Intel Xeon Scalable Processors.

This revision of the System ROM includes the latest revision of the Intel Reference code support that provides mitigations for a variety of security vulnerabilities.  The following vulnerabilities have been addressed in this System ROM release: CVE-2019-0119 and  CVE-and CVE-2019-0126.  These security vulnerabilities are not unique to HPE servers.

Addressed an issue where the system may experience a higher rate of boot time Memory training issues with Intel Xeon Scalable Performance Bronze, Silver and Gold 5x00 processors. This issue was first introduced with System ROM version 2.00. HPE recommends that any customer experiencing a memory issue immediately update to this version of the system ROM before replacing any components. This issue is not unique to HPE servers.

Addressed an issue where the HPE RESTful Firmware update manager may fail to update a component or experience a boot time Red Screen (RSOD) after the HPE 369i Integrated NIC firmware was updated to the latest revision.

Known Issues:

None


Version:2.02_03-19-2019 (28 Mar 2019)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for an Intel sighting where under complex microarchitectural conditions, software using Intel TSX (Transactional Synchronizations Extensions) may result in unpredictable system behavior. Intel has only seen this under synthetic testing conditions and is not aware of any commercially available software exhibiting this behavior. This issue is not unique to HPE servers.

Firmware Dependencies:

None

Problems Fixed:

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for an Intel sighting where under complex microarchitectural conditions, software using Intel TSX (Transactional Synchronizations Extensions) may result in unpredictable system behavior. Intel has only seen this under synthetic testing conditions and is not aware of any commercially available software exhibiting this behavior. This issue is not unique to HPE servers.

This system ROM contains the latest Intel microcode that addresses an issue where the system may experience an Uncorrected Machine Check Exception in Bank 0 with Status containing 000F0150. This update may not address all Bank 0 machine check events with a Status containing 000F0150 but should be used before any other further service actions for issues resulting in this Integrated Management Log (IML) entry. This issue is not unique to HPE servers.

This revision of the System ROM includes the latest revision of the UEFI EDK2 support that provides mitigations for a variety of security vulnerabilities.  The following vulnerabilities have been addressed in this System ROM release: CVE-2018-3613 CVE-2017-5731, CVE-2017-5732, CVE-2017-5733, CVE-2017-5734, CVE-2017-5735, CVE-2018-3630, CVE-2018-12178, CVE-2018-12179, CVE-2018-12180, CVE-2018-12181, CVE-2018-12182, CVE-2018-12183, CVE-2018-12201, CVE-2018-12202, CVE-2018-12203, CVE-2018-12204 and CVE-2018-12205. For additional information please refer to the security bulletin at https://support.hpe.com/hpsc/doc/public/display?docId=hpesbhf03912en_us.  These security vulnerabilities are not unique to HPE servers.

Addressed an issue in which the system may not properly boot to the HPE 8GB Dual microSD Flash USB Drive when an SD card is installed on the internal SD slot when the system is configured for Legacy Boot Mode. This issue does not impact systems in UEFI Boot Mode.

Addressed an issue where certain 3rd party USB drive keys may not function properly after a system reset when the system is configured in UEFI Boot Mode.

Addressed an issue where the HPE CN1000E-T adapter may not boot properly in Legacy Boot Mode.  This issue does not impact systems configured in UEFI Boot Mode.

Addressed an issue where firmware updates staged through the HPE RESTful API may fail to properly execute on a subsequent boot and be marked with an exception in the iLO firmware installation queue.

Addressed an issue where iLO virtual media may not boot properly after setting the Boot on Next Reset option in the iLO Remote Console and Media - Virtual Media settings.

Addressed an issue where the AHS Download application from the System Utilities Embedded Applications or UEFI Shell may fail to work properly with iLO firmware 1.30 or later.

Addressed an issue where the UEFI Shell sysconfig command may fail to set an option or become unresponsive.

Addressed an issue where an optional SATA DVD drive may not unlock and allow media to be ejected after an operating system reboot.

Addressed an issue where the system may become unresponsive during boot and experience a Red Screen (RSOD) when booting in Legacy Boot mode with a SATA M.2 drive installed. This issue does not impact systems in UEFI Boot Mode.

Addressed an issue where a USB KVM, such as the HP AF611A KVM,  may not function properly after a system reboot.

Known Issues:

This revision of the System ROM may result in a VMware PSOD (crash) when a system is configured with Intel Trusted eXecution Technology (TXT) enabled and the Trusted Platform Module (TPM) in TPM 1.2 Mode. This issue is only seen in certain memory configurations. Please consult the following HPE Customer Advisory for more details on this issue. https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00065453en_us
 

Enhancements

Added support for Intel Xeon Scalable Performance 3200, 4200, 5200, 6200 and 8200 series processors.

Added support for HPE One button secure erase. This option can be launched from the HPE Intelligent Provisioning application or through the HPE RESTful API to securely restore the system back to a default configuration.  This option also requires iLO firmware 1.40 or later, and Intelligent Provisioning 3.30 or later.

Added Secure Configuration Lock feature.  This feature can be enabled to detect system hardware, security configuration, or firmware revision changes to protect against malicious or unintended modifications to the server.  This protection can be enabled for systems in transit from the factory to the customer site, in transit from one customer site to another, or can be left enabled on a deployed server.  A new BIOS/Platform Configuration (RBSU) Server Configuration Lock menu in the Server Security Options is available to enable and configure this functionality.

Added a new BIOS/Platform Configuration (RBSU) Backup and Restore Settings menu to System Default Options. This option can be used to backup (save off) the current BIOS configurations settings to a USB storage device for migration to another server.

Added a new BIOS/Platform Configuration (RBSU) Opportunistic Self Refresh menu to Memory Options. This option can be enabled to reduce idle system power usage, but the system may incur additional memory latency.

Added a new BIOS/Platform Configuration (RBSU) Memory Controller Interleaving menu to Memory Options.  This option can be used to disable memory controller interleaving which may provide more balanced memory performance when a system is configured in an unbalanced memory configuration.

Added a new BIOS/Platform Configuration (RBSU) for dual bifurcation (quadfurcation) of PCIe Adapters to the Advanced PCIe Configuration Options. This option will allow a x16 PCIe device to be bifurcated into four x4 devices.  This option would only be used for PCIe Adapters that support this level of bifurcation.

Updated the system thermal logic to support the latest GPU adapters.

Updated the language translations (non-English modes) for System Utilities.

Updated the RESTful API HPE BIOS Attribute Registry resources to match the latest BIOS/Platform Configuration options.


Version:1.50_12-29-2018 (30 Jan 2019)
Enhancements

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


Important Notes:

This revision of the System ROM contains enhancements to the HPE memory support to improve memory resiliency. Please consult the following Customer Advisory for additional details: https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00064444en_us

Firmware Dependencies:

None

Enhancements/New Features:

Improved the memory resiliency of the server with enhanced support for HPE Fast Fault Tolerant Memory (ADDDC) capabilities. This System ROM will now configure the Advanced Memory Protection mode of the server to HPE Fast Fault Tolerant (ADDDC) memory mode for all Workload Profiles except Low Latency and Custom if the feature is supported by the server's DIMM configuration. Note that if the Advanced Memory Protection mode had previously been configured for Mirroring or Online Spare, the setting will NOT be automatically changed to HPE Fast Fault Tolerant Memory (ADDDC) mode. Also, if the DIMM configuration does not support HPE Fast Fault Tolerant Memory (ADDDC) mode, then the Advanced Memory Protection Mode will remain Advanced ECC Mode. Note that if the current BIOS configuration settings are queried via Redfish or the RESTful API, the setting for the Advanced Memory Protection Mode will indicate this change.

Known Issues:

None

Version:1.46_10-02-2018 (27 Nov 2018)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue where early server video output, on a locally attached monitor, may not show correctly when the monitor is attached to the server through a KVM. This issue does not impact systems that are not using a KVM or video output through the iLO Remote Console application.

Addressed an issue where firmware flashing through the RESTful API could periodically fail and the task being marked with an exception in the iLO firmware page. This issue could impact flashing firmware such as the HPE Innovation Engine, Intel SPS Firmware or the optional HPE Trusted Platform Module (TPM).

Addressed an issue where a PCIe card would not properly train to its maximum speed when the PCIe Bifurcation option was enabled. This issue does not impact PCIe cards that do not require bifurcation.

Addressed an extremely rare issue where a system configured with an optional SATA DVD drive and an HPE SmartArray controller may become unresponsive during boot, usually with a Red Screen (RSOD), when in legacy boot mode. This issue does not impact systems in UEFI Boot Mode.

Addressed an issue where an optional PCIe card's legacy option ROM may not properly display its legacy setup menu prompt during boot when in legacy boot mode. This issue does not impact systems in UEFI Boot Mode.

Known Issues:

None
Enhancements

Added support for flashing the firmware of the optional HPE Trusted Platform Module (TPM). This is the minimum revision of the System ROM that should be used if updating the firmware on the optional HPE TPM module.

Added a new PCIe Peer-to-Peer Serialization option to the Advanced Performance Options menu in the BIOS/Platform Configuration (RBSU). This option can be used to improve peer-to-peer performance between two PCIe devices installed on the same processor. This option may improve performance in certain GP-GPU configurations.

Updated the RESTful API HPE BIOS Attribute Registry resources to match the latest BIOS/Platform Configuration options.


Version:1.42_06-20-2018 (4 Jul 2018)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

Firmware Dependencies:

None

Problems Fixed:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This firmware version includes additional fixes (since version 1.40) for an issue where systems may experience a 389-Unexpected Shutdown and Restart, logged in the iLO Integrated Management Log (IML). This issue is not unique to HPE servers.

Addressed an issue where systems may log an erroneous Bank 4 Machine Check to the iLO Integrated Management Log (IML) on a system reset event. In most cases, this error can safely be ignored. This issue is not unique to HPE servers.

Known Issues:

None


Version:1.40_06-15-2018 (2 Jul 2018)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue where systems may experience an 389-Unexpected Shutdown and Restart, logged in the iLO Integrated Management Log (IML). This issue is not unique to HPE servers.

Addressed an issue where the Embedded Diagnostics may not launch properly when the UEFI POST Discovery Mode option is set to Force Fast Discovery.

Addressed an issue where the Integrated Management Log (IML) Viewer in the System Utilities menu may become unresponsive when launched.

Addressed an issue where the HPE Dual SD Card USB Module may not boot properly when the UEFI POST Discovery Mode option is set to Force Fast Discovery.

Addressed an issue where the Trusted Platform Module (TPM) Firmware update may not complete properly when the TPM is configured for TPM 2.0 Mode. This issue does not impact systems configured with a TPM operating in TPM 1.2 mode.

Addressed an issue where the system may not be able to boot to Intelligent Provisioning when a third party USB Key was installed in one of the server USB Ports. This issue was seen with a specific USB Key and has not been seen with other devices.

Addressed an issue where Integrated Lights-Out (iLO) Virtual Media may not boot properly when the UEFI POST Discovery Mode option is set to Force Full Discovery.

Addressed an issue where the system may become unresponsive during POST or experience a Red Screen on the next boot following an I/O Machine Check Failure at runtime.

Addressed an issue where a system configured with the internal SD Card disabled from BIOS/Platform Configuration (RBSU) and an HPE Dual SD card installed would not boot from the HPE Dual SD card USB Module when configured in Legacy Boot Mode. This issue does not impact systems configured in UEFI Boot Mode.

Addressed an issue where a system configured with an optional HPE CN1200E-T adapter would not boot properly when configured in Legacy Boot Mode. This issue does not impact systems configured in UEFI Boot Mode.

Addressed an issue where systems configured with HPE s100i Software RAID may experience a failed RAID volume on a system reset.

Known Issues:

None
Enhancements

Added support for the latest VMware vSphere Secure Boot Certificate.

Added support to decode certain Machine Check Exceptions to a specific failing PCIe device. Previous versions of the System ROM would log a generic Machine Check event to the Integrated Management Log (IML) for these error events.

Added a new BIOS/Platform Configuration (RBSU) Memory Controller Interleaving menu. This option allows disabling memory controller interleaving which may improve memory performance for systems configured with an unbalanced memory configuration.

Added a new BIOS/Platform Configuration (RBSU) Processor Jitter Control Optimization menu for Jitter Smoothing Support. This new optimization setting allows customers to choose between optimizing Auto-tuned mode for maximum throughput performance, low latency, or the default - zero latency.

Updated the RESTful API HPE BIOS Attribute Registry resources to match the latest BIOS/Platform Configuration options.

Updated the language translations (non-English modes) for System Utilities.


Version:1.36_02-14-2018 (28 Feb 2018)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue where the UEFI Boot Order would not get reset to a default value when loading a default configuration. This issue does not impact systems configured in Legacy Boot Mode.

Addressed an issue where the High Performance Event Timer (HPET) may not function properly under an Operating System. This was typically seen under a Windows Operating System where the HPET was reported as not functioning properly in Windows Device Manager.

Addressed an issue where the Embedded Serial Port option could not be properly configured through the RESTful Interface.

Addressed an issue where the PCI Express I/O Proximity values were not properly allocated in the ACPI System Locality Information Table (SLIT). This change may help provide a performance benefit in applications and configurations that are sensitive to PCIe Device I/O NUMA awareness.

Addressed a rare issue where the system may become unresponsive when a SAS drive was inserted with the HPE Smart Array S100i SR Gen10 SW RAID enabled. This issue does not impact systems configured in AHCI mode.

Addressed an issue where the system may experience an erroneous boot-time message and Integrated Management Log (IML) entry stating that Core Boost Technology is disabled due to a lack of an iLO Advanced License (531 - Core Boost Technology missing required iLO License) when using the Version 1.20 System ROM. This issue does NOT occur with the Version 1.00 or Version 1.22 System ROM. Note that this IML entry is only valid for servers using the Intel Xeon Scalable 6143 processor. If the message and IML entry are received with any other processor model installed, the message is erroneous and can be ignored without any negative impact to the system.

Known Issues:

None
Enhancements

Added new Storage Information page to the System Information section of System Utilities.

Added a new BIOS/Platform Configuration (RBSU) Advanced PCIe Configuration option for PCIe Bifurcation of PCI Express Slots. When enabled, this option will bifurcate a PCIe slot into two equal width slots. This option is used for certain PCIe option cards that support/require bifurcation.

Added a new BIOS/Platform Configuration (RBSU) Power and Performance option for Direct to UPI. When Enabled, this option can provide a performance benefit in multi-processor configured systems that are reliant on the UPI bus for remote memory or I/O accesses.

Added a new BIOS/Platform Configuration (RBSU) Thermal Configuration option for Enhanced CPU Cooling. When running certain processor intensive workloads, this option can provide additional cooling to the processors which can result in improved performance.

Added a new System Utilities option for Embedded Diagnostics. To take advantage of this feature, the user must also update Intelligent Provisioning to version 3.10 or later.

Added support for the Integrated Lights-Out (iLO) virtual wheel mouse functionality in the BIOS System Utilities application. This feature also requires iLO firmware version 1.20 or later for proper support.

Added RESTful API configuration support for the HPE Smart Array S100i SR Gen10 SW RAID controller.

Improved performance with applications and configurations that are sensitive to PCIe Device I/O NUMA awareness. This change optimally allocates the PCI Express I/O Proximity values in the ACPI System Locality Information Table (SLIT).

Updated the RESTful API HPE BIOS Attribute Registry resources to match the latest BIOS/Platform Configuration options.

Updated the language translations (non-English modes) for System Utilities.


Version:1.32_02-01-2018 (16 Feb 2018)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for Variant 2 of the Side Channel Analysis vulnerability, also known as Spectre. The revision of the microcode included in this System ROM addresses issues with more frequent reboots and unpredictable system behavior which impacted the previous Intel microcode which was part of the Spectre Variant 2 mitigation.  Additional information is available from Intel’s Security Exploit Newsroom, https://newsroom.intel.com/press-kits/security-exploits-intel-products/.

Firmware Dependencies:

None

Problems Fixed:

Updated the Intel processor microcode to the latest version.

Known Issues:

None


Version:1.28_12-11-2017 (3 Jan 2018)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important Notes:

“On January 11, Intel announced issues with an increased frequency of reboots when using the microcodes they released to address Variant 2 of the Spectre Vulnerability for numerous processors including Broadwell, Haswell, Skylake, Kaby Lake, Ivybridge, and Sandybridge processors. Mitigations for Variant 1 (Spectre) and Variant 3 (Meltdown) vulnerabilities require only OS updates and are not impacted.

Due to the severity of the potential issues that may occur when using these microcodes addressing Variant 2, Intel now recommends that customers discontinue their use.  Additional information is available from Intel’s Security Exploit Newsroom, https://newsroom.intel.com/press-kits/security-exploits-intel-products/.  HPE is in alignment with Intel in our recommendation that customers discontinue use of System ROMs including impacted microcodes and revert to earlier System ROM versions. Earlier versions of the System ROMs display on the ‘Revision History’ tab. Clicking the ‘Obtain software’ link opens the HPE Customer Advisory on this topic where the recommended version of an earlier System ROM for each affected platform is provided along with additional information about this critical issue. “

Firmware Dependencies:

None

Problems Fixed:

Updated the Intel processor microcode to the latest version.

Addressed an issue where the system may experience an erroneous boot-time message and Integrated Management Log (IML) entry stating that Core Boost Technology is disabled due to a lack of an iLO Advanced License (531 - Core Boost Technology missing required iLO License) when using the Version 1.20 System ROM. This issue does NOT occur with the Version 1.00 or Version 1.22 System ROM. Note that this IML entry is only valid for servers using the Intel Xeon Scalable 6143 processor. If the message and IML entry are received with any other processor model installed, the message is erroneous and can be ignored without any negative impact to the system.

Known Issues:

None


Version:1.26_11-14-2017 (16 Nov 2017)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


Important Notes:

This revision of the System ROM enables flash support for Innovation Engine (IE) Firmware revision 0.1.4.4 and later. It must be installed prior to updating to IE FW 0.1.4.4. Attempting to update to IE FW 0.1.4.4 or later without this revision of the System ROM or later will result in the flash operation not occurring. This revision of the BIOS, along with IE FW 0.1.4.4 and SPS FW 04.00.04.288, provide a solution to mitigate security vulnerability CVE-2017-5706 (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5706) and CVE-2017-5709 (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5709) with Intel’s SPS FW. It is anticipated that details regarding these security vulnerabilities will be published to these links on November 20,2017. These security vulnerabilities are not unique to HPE servers. Note that IE FW 0.1.4.4 must be installed prior to updating to SPS FW 04.00.04.288.

Firmware Dependencies:

None

Problems Fixed:

This revision of the System ROM enables flash support for Innovation Engine (IE) Firmware revision 0.1.4.4 and later. It must be installed prior to updating to IE FW 0.1.4.4. Attempting to update to IE FW 0.1.4.4 or later without this revision of the System ROM or later will result in the flash operation not occurring. This revision of the BIOS, along with IE FW 0.1.4.4 and SPS FW 04.00.04.288, provide a solution to mitigate security vulnerability CVE-2017-5706 (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5706) and CVE-2017-5709 (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5709) with Intel’s SPS FW. It is anticipated that details regarding these security vulnerabilities will be published to these links on November 20,2017. These security vulnerabilities are not unique to HPE servers. Note that IE FW 0.1.4.4 must be installed prior to updating to SPS FW 04.00.04.288.

Known Issues:

None

Version:1.22_09-29-2017 (23 Oct 2017)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue where the system would not achieve maximum performance results when the BIOS/Platform Configuration (RBSU) Sub-NUMA Clustering option is enabled. This option is not enabled by default.

Addressed an issue where the system may have the system time incorrectly "shifted" to the incorrect time after the operating system has been running for an extended period of time. This issue was typically seen under Microsoft Windows when the Set Time Automatically option was enabled from the Windows Date and Time Settings configuration page.

Addressed an issue where the system may report an inaccurate error message in the Integrated Management Log (IML) when a memory training failure occurred. It is recommended that customers update to this version of the system ROM before replacing any DIMMs due to a training issue.

Addressed an issue where the system may experience an erroneous boot-time message and Integrated Management Log (IML) entry stating that Core Boost Technology is disabled due to a lack of an iLO Advanced License (531 - Core Boost Technology missing required iLO License) when using the Version 1.20 System ROM. This issue does NOT occur with the Version 1.00 System ROM. Note that this IML entry is only valid for servers using the Intel Xeon Scalable 6143 processor. If the message and IML entry are received with any other processor model installed, the message is erroneous and can be ignored without any negative impact to the system.

Known Issues:

None

Version:1.20_08-18-2017 (27 Sep 2017)
Enhancements

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


Important Notes:

None

Firmware Dependencies:

None

Enhancements/New Features:

This is the initial version of the firmware.

Known Issues:

None

Legal Disclaimer: Products sold prior to the November 1, 2015 separation of Hewlett-Packard Company into Hewlett Packard Enterprise Company and HP Inc. may have older product names and model numbers that differ from current models.