Printable version

Drivers & software

** CRITICAL ** Online ROM Flash Component for Windows x64 - HP ProLiant XL220a Gen8 v2 (P94) Servers

By downloading, you agree to the terms and conditions of the Hewlett Packard Enterprise Software License Agreement.
Note:  Some software requires a valid warranty, current Hewlett Packard Enterprise support contract, or a license fee.

Type: BIOS (Entitlement Required) - System ROM
Version: 2018.05.21(25 Jun 2018)
Operating System(s): Microsoft Windows Server 2008 R2
Microsoft Windows Server 2008 R2 Foundation Edition
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016
File name: cp036475.exe (2.1 MB)
This component provides updated system firmware that can be installed directly on supported Operating Systems. Additionally, when used in conjunction with Smart Update Manager (SUM), this Component allows the user to update firmware on remote servers from a central location. This remote deployment capability eliminates the need for the user to be physically present at the server in order to perform a firmware update.

Prerequisites:

The "HPE ProLiant iLO 3/4 Channel Interface Driver” (CHIF) for Windows which is available from Service Pack for ProLiant (SPP).


To ensure the integrity of your download, HPE recommends verifying your results with this SHA-256 Checksum value:

b28cf78a648238cd88c195226c9b4c4e36e5215e418d7dfe13f6586b964e037b cp036475.exe

Reboot Requirement:
Reboot is required after installation for updates to take effect and hardware stability to be maintained.


Installation:

To update firmware from Windows operating system on target server: 

1.     Place the Smart Component in a temporary directory.
2.     From the same directory, run the Smart Component by double-clicking it.
3.     When the Smart Component dialog window displays, click the Install button to initiate the firmware upgrade.
4.     Reboot your system if you would like the update to take effect immediately.


Supplemental updates for supported ProLiant servers and options can be done by using HP Smart Update Manager, which is found on the Service Pack for ProLiant ISO.

  • Place the Service Pack for ProLiant on a USB key using the USB Key Creator Utility.
  • Place the desired smart components to be updated in the directory, \hp\swpackages on the USB key.

Update the firmware and software in the usual manner. 

This component can only be executed on Windows x64.


End User License Agreements:
HPE Software License Agreement v1
Hewlett-Packard End User License Agreement


Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important:

Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

For Windows 2008 R2, install all Windows critical update.  Windows 2008 R2 critical update will include security update KB3033395 that will support SHA-2
For Windows 2008 SP2 requires KB4039648 be installed which is not part of the Windows Update 2008 SP2.   Follow this link to download the KB4039648
https://support.microsoft.com/en-us/help/4039648/update-to-add-sha2-code-signing-support-for-windows-server-2008-sp2

Deliverable Name:

HP ProLiant XL220a Gen8 v2 System ROM - P94

Release Version:

05/21/2018

Last Recommended or Critical Revision:

05/21/2018

Previous Revision:

01/22/2018

Firmware Dependencies:

None

Enhancements/New Features:

None

Problems Fixed:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

Known Issues:

None


Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

For Windows 2008 R2, install all Windows critical update.  Windows 2008 R2 critical update will include security update KB3033395 that will support SHA-2
For Windows 2008 SP2 requires KB4039648 be installed which is not part of the Windows Update 2008 SP2.   Follow this link to download the KB4039648
https://support.microsoft.com/en-us/help/4039648/update-to-add-sha2-code-signing-support-for-windows-server-2008-sp2

Firmware Dependencies:

None

Problems Fixed:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

Known Issues:

None

Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

For Windows 2008 R2, install all Windows critical update.  Windows 2008 R2 critical update will include security update KB3033395 that will support SHA-2
For Windows 2008 SP2 requires KB4039648 be installed which is not part of the Windows Update 2008 SP2.   Follow this link to download the KB4039648
https://support.microsoft.com/en-us/help/4039648/update-to-add-sha2-code-signing-support-for-windows-server-2008-sp2

Deliverable Name:

HP ProLiant XL220a Gen8 v2 System ROM - P94

Release Version:

05/21/2018

Last Recommended or Critical Revision:

05/21/2018

Previous Revision:

01/22/2018

Firmware Dependencies:

None

Enhancements/New Features:

None

Problems Fixed:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

Known Issues:

None

Version:2018.05.21 (25 Jun 2018)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

For Windows 2008 R2, install all Windows critical update.  Windows 2008 R2 critical update will include security update KB3033395 that will support SHA-2
For Windows 2008 SP2 requires KB4039648 be installed which is not part of the Windows Update 2008 SP2.   Follow this link to download the KB4039648
https://support.microsoft.com/en-us/help/4039648/update-to-add-sha2-code-signing-support-for-windows-server-2008-sp2

Firmware Dependencies:

None

Problems Fixed:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

Known Issues:

None


Version:2018.01.22 (23 Feb 2018)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for Variant 2 of the Side Channel Analysis vulnerability, also known as Spectre. The revision of the microcode included in this System ROM does NOT have issues with more frequent reboots and unpredictable system behavior which impacted the previous Intel microcode which was part of the Spectre Variant 2 mitigation. Additional information is available from Intel’s Security Exploit Newsroom, https://newsroom.intel.com/press-kits/security-exploits-intel-products/.

For Windows 2008 R2, install all Windows critical update.  Windows 2008 R2 critical update will include security update KB3033395 that will support SHA-2
For Windows 2008 SP2 requires KB4039648 be installed which is not part of the Windows Update 2008 SP2.   Follow this link to download the KB4039648
https://support.microsoft.com/en-us/help/4039648/update-to-add-sha2-code-signing-support-for-windows-server-2008-sp2

Firmware Dependencies:

None

Problems Fixed:

Updated the Intel processor microcode to the latest version.

Known Issues:

None


Version:2017.12.12 (3 Jan 2018)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important Notes:

REMOVED - This version of the System ROM is NO LONGER AVAILABLE for download.

On January 11, Intel announced issues with an increased frequency of reboots when using the microcodes they released to address Variant 2 of the Spectre Vulnerability for numerous processors including Broadwell, Haswell, Skylake, Kaby Lake, Ivybridge, and Sandybridge processors. Mitigations for Variant 1 (Spectre) and Variant 3 (Meltdown) vulnerabilities require only OS updates and are not impacted.

Due to the severity of the potential issues that may occur when using these microcodes addressing Variant 2, Intel now recommends that customers discontinue their use.  Additional information is available from Intel’s Security Exploit Newsroom, https://newsroom.intel.com/press-kits/security-exploits-intel-products/.  HPE is in alignment with Intel in our recommendation that customers discontinue use of System ROMs including impacted microcodes and revert to earlier System ROM versions. Earlier versions of the System ROMs display on the ‘Revision History’ tab. Clicking the ‘Obtain software’ link opens the HPE Customer Advisory on this topic where the recommended version of an earlier System ROM for each affected platform is provided along with additional information about this critical issue.

Firmware Dependencies:

None

Problems Fixed:

Updated the Intel processor microcode to the latest version.

Known Issues:

None


Version:2015.01.26 (B) (21 Oct 2016)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

Ver. 2015.01.26 (B) provides the same system ROM image as ver. 2015.01.26. The new ver. 2015.01.26 (B) adds support to perform the Online ROM Flash with Microsoft Windows Server 2016.  The user does not need to flash the system ROM with ver. 2015.01.26 (B) if the system has been previously flashed with System ROM ver. 2015.01.26.

The firmware for the System Programmable Logic Device must be upgraded in addition to the System ROM. Please see the Firmware Dependencies section below.

Firmware Dependencies:

System Programmable Logic Device version 0x15 or later is required. The System Programmamable Logic Device firmware is available for download at the following links:

Online Flash Component for Linux - System Programmable Logic Device (HP ProLiant XL220a Gen8 v2) version 0x15: ftp://ftp.hp.com/pub/softlib2/software1/sc-linux-fw/p1150180434/v103815

Online Flash Component for Win64 - System Programmable Logic Device (HP ProLiant XL220a Gen8 v2) version 0x15: ftp://ftp.hp.com/pub/softlib2/software1/sc-windows-fw/p1281588026/v103857

Problems Fixed:

Addressed an issue where a system under heavy stress could experience an uncorrectable machine check. This issue will be reported in the Integrated Management Log with the following error details (Uncorrrectable Machine Check Exception: APIC ID 0x00000004, Bank 0x00000003, Status 0xF2000000'00800400, Address 0x00000000'00000000, Misc 0x00000000'00000000). This issue is not unique to HP. It is recommended that customers experiencing this issue update to this version of the System ROM before replacing any hardware components.

Addressed an issue where an uncorrectable machine check exception can cause the server to reboot continuously or stop responding. This solution requires the System Programmable Logic Device be upgraded to version 0x15 or later.

Known Issues:

None


Version:2015.01.26 (6 Apr 2015)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

The firmware for the System Programmable Logic Device must be upgraded in addition to the System ROM. Please see the Firmware Dependencies section below.

Firmware Dependencies:

System Programmable Logic Device version 0x15 or later is required. The System Programmamable Logic Device firmware is available for download at the following links:

Online Flash Component for Linux - System Programmable Logic Device (HP ProLiant XL220a Gen8 v2) version 0x15: ftp://ftp.hp.com/pub/softlib2/software1/sc-linux-fw/p1150180434/v103815

Online Flash Component for Win64 - System Programmable Logic Device (HP ProLiant XL220a Gen8 v2) version 0x15: ftp://ftp.hp.com/pub/softlib2/software1/sc-windows-fw/p1281588026/v103857

Problems Fixed:

Addressed an issue where a system under heavy stress could experience an uncorrectable machine check. This issue will be reported in the Integrated Management Log with the following error details (Uncorrrectable Machine Check Exception: APIC ID 0x00000004, Bank 0x00000003, Status 0xF2000000'00800400, Address 0x00000000'00000000, Misc 0x00000000'00000000). This issue is not unique to HP. It is recommended that customers experiencing this issue update to this version of the System ROM before replacing any hardware components.

Addressed an issue where an uncorrectable machine check exception can cause the server to reboot continuously or stop responding. This solution requires the System Programmable Logic Device be upgraded to version 0x15 or later.

Known Issues:

None


Version:2014.06.20 (28 Oct 2014)
Enhancements

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

None

Firmware Dependencies:

None

Enhancements/New Features:

Update system thermal settings to improve the server's thermal solution.

Known Issues:

None

Version:2014.04.29 (24 Jun 2014)
Enhancements

Upgrade Requirement:
Recommended - HP recommends users update to this version at their earliest convenience.


Important Notes:

None

Firmware Dependencies:

None

Enhancements/New Features:

This is the initial version of the firmware.

Known Issues:

None

Type: BIOS (Entitlement Required) - System ROM
Version: 2018.05.21(25 Jun 2018)
Operating System(s):
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2008 R2 Foundation Edition
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016

Description

This component provides updated system firmware that can be installed directly on supported Operating Systems. Additionally, when used in conjunction with Smart Update Manager (SUM), this Component allows the user to update firmware on remote servers from a central location. This remote deployment capability eliminates the need for the user to be physically present at the server in order to perform a firmware update.

Installation Instructions

Prerequisites:

The "HPE ProLiant iLO 3/4 Channel Interface Driver” (CHIF) for Windows which is available from Service Pack for ProLiant (SPP).


To ensure the integrity of your download, HPE recommends verifying your results with this SHA-256 Checksum value:

b28cf78a648238cd88c195226c9b4c4e36e5215e418d7dfe13f6586b964e037b cp036475.exe

Reboot Requirement:
Reboot is required after installation for updates to take effect and hardware stability to be maintained.


Installation:

To update firmware from Windows operating system on target server: 

1.     Place the Smart Component in a temporary directory.
2.     From the same directory, run the Smart Component by double-clicking it.
3.     When the Smart Component dialog window displays, click the Install button to initiate the firmware upgrade.
4.     Reboot your system if you would like the update to take effect immediately.


Supplemental updates for supported ProLiant servers and options can be done by using HP Smart Update Manager, which is found on the Service Pack for ProLiant ISO.

  • Place the Service Pack for ProLiant on a USB key using the USB Key Creator Utility.
  • Place the desired smart components to be updated in the directory, \hp\swpackages on the USB key.

Update the firmware and software in the usual manner. 

This component can only be executed on Windows x64.


Release Notes

End User License Agreements:
HPE Software License Agreement v1
Hewlett-Packard End User License Agreement


Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important:

Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

For Windows 2008 R2, install all Windows critical update.  Windows 2008 R2 critical update will include security update KB3033395 that will support SHA-2
For Windows 2008 SP2 requires KB4039648 be installed which is not part of the Windows Update 2008 SP2.   Follow this link to download the KB4039648
https://support.microsoft.com/en-us/help/4039648/update-to-add-sha2-code-signing-support-for-windows-server-2008-sp2

Deliverable Name:

HP ProLiant XL220a Gen8 v2 System ROM - P94

Release Version:

05/21/2018

Last Recommended or Critical Revision:

05/21/2018

Previous Revision:

01/22/2018

Firmware Dependencies:

None

Enhancements/New Features:

None

Problems Fixed:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

Known Issues:

None


Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

For Windows 2008 R2, install all Windows critical update.  Windows 2008 R2 critical update will include security update KB3033395 that will support SHA-2
For Windows 2008 SP2 requires KB4039648 be installed which is not part of the Windows Update 2008 SP2.   Follow this link to download the KB4039648
https://support.microsoft.com/en-us/help/4039648/update-to-add-sha2-code-signing-support-for-windows-server-2008-sp2

Firmware Dependencies:

None

Problems Fixed:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

Known Issues:

None

Important

Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

For Windows 2008 R2, install all Windows critical update.  Windows 2008 R2 critical update will include security update KB3033395 that will support SHA-2
For Windows 2008 SP2 requires KB4039648 be installed which is not part of the Windows Update 2008 SP2.   Follow this link to download the KB4039648
https://support.microsoft.com/en-us/help/4039648/update-to-add-sha2-code-signing-support-for-windows-server-2008-sp2

Deliverable Name:

HP ProLiant XL220a Gen8 v2 System ROM - P94

Release Version:

05/21/2018

Last Recommended or Critical Revision:

05/21/2018

Previous Revision:

01/22/2018

Firmware Dependencies:

None

Enhancements/New Features:

None

Problems Fixed:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

Known Issues:

None

Revision History

Version:2018.05.21 (25 Jun 2018)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

For Windows 2008 R2, install all Windows critical update.  Windows 2008 R2 critical update will include security update KB3033395 that will support SHA-2
For Windows 2008 SP2 requires KB4039648 be installed which is not part of the Windows Update 2008 SP2.   Follow this link to download the KB4039648
https://support.microsoft.com/en-us/help/4039648/update-to-add-sha2-code-signing-support-for-windows-server-2008-sp2

Firmware Dependencies:

None

Problems Fixed:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

Known Issues:

None


Version:2018.01.22 (23 Feb 2018)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for Variant 2 of the Side Channel Analysis vulnerability, also known as Spectre. The revision of the microcode included in this System ROM does NOT have issues with more frequent reboots and unpredictable system behavior which impacted the previous Intel microcode which was part of the Spectre Variant 2 mitigation. Additional information is available from Intel’s Security Exploit Newsroom, https://newsroom.intel.com/press-kits/security-exploits-intel-products/.

For Windows 2008 R2, install all Windows critical update.  Windows 2008 R2 critical update will include security update KB3033395 that will support SHA-2
For Windows 2008 SP2 requires KB4039648 be installed which is not part of the Windows Update 2008 SP2.   Follow this link to download the KB4039648
https://support.microsoft.com/en-us/help/4039648/update-to-add-sha2-code-signing-support-for-windows-server-2008-sp2

Firmware Dependencies:

None

Problems Fixed:

Updated the Intel processor microcode to the latest version.

Known Issues:

None


Version:2017.12.12 (3 Jan 2018)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important Notes:

REMOVED - This version of the System ROM is NO LONGER AVAILABLE for download.

On January 11, Intel announced issues with an increased frequency of reboots when using the microcodes they released to address Variant 2 of the Spectre Vulnerability for numerous processors including Broadwell, Haswell, Skylake, Kaby Lake, Ivybridge, and Sandybridge processors. Mitigations for Variant 1 (Spectre) and Variant 3 (Meltdown) vulnerabilities require only OS updates and are not impacted.

Due to the severity of the potential issues that may occur when using these microcodes addressing Variant 2, Intel now recommends that customers discontinue their use.  Additional information is available from Intel’s Security Exploit Newsroom, https://newsroom.intel.com/press-kits/security-exploits-intel-products/.  HPE is in alignment with Intel in our recommendation that customers discontinue use of System ROMs including impacted microcodes and revert to earlier System ROM versions. Earlier versions of the System ROMs display on the ‘Revision History’ tab. Clicking the ‘Obtain software’ link opens the HPE Customer Advisory on this topic where the recommended version of an earlier System ROM for each affected platform is provided along with additional information about this critical issue.

Firmware Dependencies:

None

Problems Fixed:

Updated the Intel processor microcode to the latest version.

Known Issues:

None


Version:2015.01.26 (B) (21 Oct 2016)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

Ver. 2015.01.26 (B) provides the same system ROM image as ver. 2015.01.26. The new ver. 2015.01.26 (B) adds support to perform the Online ROM Flash with Microsoft Windows Server 2016.  The user does not need to flash the system ROM with ver. 2015.01.26 (B) if the system has been previously flashed with System ROM ver. 2015.01.26.

The firmware for the System Programmable Logic Device must be upgraded in addition to the System ROM. Please see the Firmware Dependencies section below.

Firmware Dependencies:

System Programmable Logic Device version 0x15 or later is required. The System Programmamable Logic Device firmware is available for download at the following links:

Online Flash Component for Linux - System Programmable Logic Device (HP ProLiant XL220a Gen8 v2) version 0x15: ftp://ftp.hp.com/pub/softlib2/software1/sc-linux-fw/p1150180434/v103815

Online Flash Component for Win64 - System Programmable Logic Device (HP ProLiant XL220a Gen8 v2) version 0x15: ftp://ftp.hp.com/pub/softlib2/software1/sc-windows-fw/p1281588026/v103857

Problems Fixed:

Addressed an issue where a system under heavy stress could experience an uncorrectable machine check. This issue will be reported in the Integrated Management Log with the following error details (Uncorrrectable Machine Check Exception: APIC ID 0x00000004, Bank 0x00000003, Status 0xF2000000'00800400, Address 0x00000000'00000000, Misc 0x00000000'00000000). This issue is not unique to HP. It is recommended that customers experiencing this issue update to this version of the System ROM before replacing any hardware components.

Addressed an issue where an uncorrectable machine check exception can cause the server to reboot continuously or stop responding. This solution requires the System Programmable Logic Device be upgraded to version 0x15 or later.

Known Issues:

None


Version:2015.01.26 (6 Apr 2015)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

The firmware for the System Programmable Logic Device must be upgraded in addition to the System ROM. Please see the Firmware Dependencies section below.

Firmware Dependencies:

System Programmable Logic Device version 0x15 or later is required. The System Programmamable Logic Device firmware is available for download at the following links:

Online Flash Component for Linux - System Programmable Logic Device (HP ProLiant XL220a Gen8 v2) version 0x15: ftp://ftp.hp.com/pub/softlib2/software1/sc-linux-fw/p1150180434/v103815

Online Flash Component for Win64 - System Programmable Logic Device (HP ProLiant XL220a Gen8 v2) version 0x15: ftp://ftp.hp.com/pub/softlib2/software1/sc-windows-fw/p1281588026/v103857

Problems Fixed:

Addressed an issue where a system under heavy stress could experience an uncorrectable machine check. This issue will be reported in the Integrated Management Log with the following error details (Uncorrrectable Machine Check Exception: APIC ID 0x00000004, Bank 0x00000003, Status 0xF2000000'00800400, Address 0x00000000'00000000, Misc 0x00000000'00000000). This issue is not unique to HP. It is recommended that customers experiencing this issue update to this version of the System ROM before replacing any hardware components.

Addressed an issue where an uncorrectable machine check exception can cause the server to reboot continuously or stop responding. This solution requires the System Programmable Logic Device be upgraded to version 0x15 or later.

Known Issues:

None


Version:2014.06.20 (28 Oct 2014)
Enhancements

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

None

Firmware Dependencies:

None

Enhancements/New Features:

Update system thermal settings to improve the server's thermal solution.

Known Issues:

None

Version:2014.04.29 (24 Jun 2014)
Enhancements

Upgrade Requirement:
Recommended - HP recommends users update to this version at their earliest convenience.


Important Notes:

None

Firmware Dependencies:

None

Enhancements/New Features:

This is the initial version of the firmware.

Known Issues:

None

Legal Disclaimer: Products sold prior to the November 1, 2015 separation of Hewlett-Packard Company into Hewlett Packard Enterprise Company and HP Inc. may have older product names and model numbers that differ from current models.