Printable version

Drivers & software

** CRITICAL ** Online ROM Flash Component for Windows x64 - HPE ProLiant DL20 Gen9 (U22) Servers

By downloading, you agree to the terms and conditions of the Hewlett Packard Enterprise Software License Agreement.
Note:  Some software requires a valid warranty, current Hewlett Packard Enterprise support contract, or a license fee.

Type: BIOS (Entitlement Required) - System ROM
Version: 2.60_05-21-2018(11 Jun 2018)
Operating System(s): Microsoft Windows Server 2012
Microsoft Windows Server 2012 Essentials
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016
File name: cp036396.exe (5.5 MB)
This component provides updated system firmware that can be installed directly on supported Operating Systems. Additionally, when used in conjunction with Smart Update Manager (SUM), this Component allows the user to update firmware on remote servers from a central location. This remote deployment capability eliminates the need for the user to be physically present at the server in order to perform a firmware update.

Prerequisites:

The "HPE ProLiant iLO 3/4 Channel Interface Driver” (CHIF) for Windows which is available from Service Pack for ProLiant (SPP).


To ensure the integrity of your download, HPE recommends verifying your results with this SHA-256 Checksum value:

20cb597c9199b8f40c396a19dfdc683ea3f157225e0b4169b9852332bacd4b4f cp036396.exe

Reboot Requirement:
Reboot is required after installation for updates to take effect and hardware stability to be maintained.


Installation:

To update firmware from Windows operating system on target server:

1.     Place the Component in a temporary directory.
2.     From the same directory, run the Component by double-clicking it.
3.     When the Component dialog window displays, click the Install button to initiate the firmware upgrade.
4.     Reboot your system if you would like the update to take effect immediately.


 Supplemental updates for supported ProLiant servers and options can be done by using Smart Update Manager, which is found on the Service Pack for ProLiant ISO.

  • Place the Service Pack for ProLiant on a USB key using the USB Key Creator Utility.
  • Place the desired components to be updated in the directory, \packages on the USB key. To use with HP SUM 7.6.0 or earlier, place the components in \hp\swpackages on the USB Key.

Update the firmware and software in the usual manner. 
 

This component can only be executed on Windows x64.


End User License Agreements:
The MIT License Agreement
OpenSSL License Agreement, Version 0.9.8
PNG Graphics File Format Software End User License Agreement
UEFI EDK2 License
zlib End User License Agreement
HPE Software License Agreement v1
Hewlett-Packard End User License Agreement


Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important:

Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

Deliverable Name:

HPE ProLiant DL20 Gen9 System ROM - U22

Release Version:

2.60_05-21-2018

Last Recommended or Critical Revision:

2.60_05-21-2018

Previous Revision:

2.56_01-22-2018

Firmware Dependencies:

None

Enhancements/New Features:

None

Problems Fixed:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

Known Issues:

None


Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

Firmware Dependencies:

None

Problems Fixed:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

Known Issues:

None

Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

Deliverable Name:

HPE ProLiant DL20 Gen9 System ROM - U22

Release Version:

2.60_05-21-2018

Last Recommended or Critical Revision:

2.60_05-21-2018

Previous Revision:

2.56_01-22-2018

Firmware Dependencies:

None

Enhancements/New Features:

None

Problems Fixed:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

Known Issues:

None

Version:2.82_04-04-2019 (1 May 2019)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and/or hypervisor updates, provides mitigation for a new group of side channel vulnerabilities known as Microarchitectural Data Sampling (MDS).  This includes support for mitigating the following vulnerabilities:  CVE-2018-12126 – Microarchitectural Store Buffer Data Sampling, CVE-2018-12130 – Microarchitectural Fill Buffer Data Sampling, CVE-2018-12127 – Microarchitectural Load Port Data Sampling, and CVE-2019-11091 – Microarchitectural Data Sampling Uncacheable Memory.  These issues are not unique to HPE servers.

Firmware Dependencies:

None

Problems Fixed:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and/or hypervisor updates, provides mitigation for a new group of side channel vulnerabilities known as Microarchitectural Data Sampling (MDS).  This includes support for mitigating the following vulnerabilities:  CVE-2018-12126 – Microarchitectural Store Buffer Data Sampling, CVE-2018-12130 – Microarchitectural Fill Buffer Data Sampling, CVE-2018-12127 – Microarchitectural Load Port Data Sampling, and CVE-2019-11091 – Microarchitectural Data Sampling Uncacheable Memory.  These issues are not unique to HPE servers.

Known Issues:

None


Version:2.80_12-18-2018 (2 Apr 2019)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

This revision of the System ROM includes the latest revision of the UEFI EDK2 support that provides mitigations for a variety of security vulnerabilities. The following vulnerabilities have been addressed in this System ROM release: CVE-2018-3613 CVE-2017-5731, CVE-2017-5732, CVE-2017-5733, CVE-2017-5734, CVE-2017-5735, CVE-2018-3630, CVE-2018-12178, CVE-2018-12179, CVE-2018-12180, CVE-2018-12181, CVE-2018-12182 and CVE-2018-12183. These security vulnerabilities are not unique to HPE servers.

Addressed an issue where certain PCIe option cards may not train properly and cause the system to hang during POST. This issue is not unique to HPE servers.

Known Issues:

None
Enhancements

Added support to allow for the ROM Based Setup Utility (RBSU) Power Regulator setting to be set to Static Low or OS Control Mode when the Processor Power and Utilization Support was disabled. Previous ROMs required the Power Regulator to be configured for Static High Mode only.

Updated the RESTful API HPE BIOS Attribute Registry resources to match the latest BIOS/Platform Configuration options.


Version:2.60_05-21-2018 (11 Jun 2018)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

Firmware Dependencies:

None

Problems Fixed:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

Known Issues:

None


Version:2.56_01-22-2018(B) (27 Feb 2018)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for Variant 2 of the Side Channel Analysis vulnerability, also known as Spectre. The revision of the microcode included in this System ROM addresses issues with more frequent reboots and unpredictable system behavior which impacted the previous Intel microcode which was part of the Spectre Variant 2 mitigation. Additional information is available from Intel’s Security Exploit Newsroom, https://newsroom.intel.com/press-kits/security-exploits-intel-products/.

Firmware Dependencies:

None

Problems Fixed:

Updated the Intel processor microcode to the latest version.

Known Issues:

None


Version:2.52_12-12-2017 (3 Jan 2018)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important Notes:

“On January 11, Intel announced issues with an increased frequency of reboots when using the microcodes they released to address Variant 2 of the Spectre Vulnerability for numerous processors including Broadwell, Haswell, Skylake, Kaby Lake, Ivybridge, and Sandybridge processors. Mitigations for Variant 1 (Spectre) and Variant 3 (Meltdown) vulnerabilities require only OS updates and are not impacted.

Due to the severity of the potential issues that may occur when using these microcodes addressing Variant 2, Intel now recommends that customers discontinue their use.  Additional information is available from Intel’s Security Exploit Newsroom, https://newsroom.intel.com/press-kits/security-exploits-intel-products/.  HPE is in alignment with Intel in our recommendation that customers discontinue use of System ROMs including impacted microcodes and revert to earlier System ROM versions. Earlier versions of the System ROMs display on the ‘Revision History’ tab. Clicking the ‘Obtain software’ link opens the HPE Customer Advisory on this topic where the recommended version of an earlier System ROM for each affected platform is provided along with additional information about this critical issue. “

Firmware Dependencies:

None

Problems Fixed:

Updated the Intel processor microcode to the latest version.

Known Issues:

None


Version:2.50_10-02-2017 (11 Oct 2017)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue with Intel processors in which a complex number of concurrent micro-architectural conditions may result in unpredictable system behavior. This revision of the System ROM contains an updated version of Intel’s microcode for these processors that addresses this issue. This issue is not unique to HPE ProLiant servers and could impact any system utilizing affected processors that do not include the updated microcode. Due to the potential severity of the issue addressed in this revision of the System ROM, this System ROM upgrade is considered a critical fix.

Known Issues:

None
Enhancements

Added support for Trusted Platform Module (TPM) 2.0 Firmware flash updates. For systems configured with the optional TPM 2.0 device, this is the minimum revision of the System ROM required to update TPM firmware.

Updated the HPE RESTful API HPE BIOS Attribute Registry resources to match the latest BIOS/Platform Configuration options.


Version:2.30_06-15-2017 (27 Sep 2017)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue where the System Utilities BIOS/Platform Configuration (RBSU) USB Control setting for disabling USB ports would not properly disable the port for USB 3.0 devices plugged into the rear USB ports.

Known Issues:

None

Version:2.20_04-28-2017 (18 Jul 2017)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue with Intel Xeon E3-1200 v5 series processors where the system may become unresponsive or result in unpredictable system behavior. This issue is not unique to HPE ProLiant servers and could impact any system utilizing affected processors that does not include the updated microcode.

Addressed an issue where some 2400 MT/s DIMM configurations may not properly initialize. This issue is not unique to HPE ProLiant servers and could impact any system utilizing affected DIMMs configurations.

Known Issues:

None

Version:2.22_06-13-2017 (30 Jun 2017)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue with Intel Xeon E3-1200 v5 series Processors, Intel Xeon E3-1200 v6 series Processors, 6th Generation Intel Core i3 Processors, 7th Generation Intel Core i3 Processors, and Intel Pentium Processor G Series Processors in which a complex number of concurrent micro-architectural conditions may result in unpredictable system behavior when Intel Hyperthreading is enabled. This revision of the System ROM contains an updated version of Intel’s microcode for these processors that addresses this issue. The issue requires short loops of less than 64 instructions that use the AH, BH, CH, or DH registers as well as their corresponding wider registers (e.g. RAX, EAX, or AX for AH) when both logical processors on the same physical processor core are active. This issue is not unique to HPE ProLiant servers and could impact any system utilizing affected processors which do not include the updated microcode. Due to the potential severity of the issue addressed in this revision of the System ROM, this System ROM upgrade is considered a critical fix for systems with Intel Hyperthreading enabled (which is the default for systems using processors which support Intel Hyperthreading).

Known Issues:

None

Version:2.10_02-21-2017 (21 Apr 2017)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue with the Intel® Direct Connect Interface (DCI) as directed by Intel's Technical Advisory. This issue is not unique to HPE ProLiant servers and could impact any system utilizing the affected chipset.

Addressed an issue where the system may become unresponsive during system boot when a third party USB 3.0 XHCI adapter card is installed in the server.

Addressed an issue where the system may become unresponsive during system boot when a USB-based UPS is attached to the server USB ports. This issue only impacted a system when configured for legacy boot mode.

Addressed an issue where the system may not properly report and log errors to the Integrated Management Log (IML) detected on the optional HPE Dual SD Card option. This issue only impacted logging when the system performed a warm reset. 

Known Issues:

None
Enhancements

Updated the HP RESTful API HPE BIOS Attribute Registry resources to match the latest BIOS/Platform Configuration options.


Version:2.00_01-17-2017(B) (21 Apr 2017)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue where setting the System Utilities BIOS/Platform Configuration (RBSU) Power Regulator option to Low Power Mode would not result in the processor running at its lowest frequency.

Addressed an issue where the System Utilities BIOS/Platform Configuration (RBSU) would incorrectly show Turbo Mode capability on certain processors.

Addressed an issue where the system would not successfully shutdown from Windows 2012R2/2016 installed on a Smart Array controller when the Embedded SATA Controller is disabled in System Utilities BIOS/Platform Configuration (RBSU).

Known Issues:

None

Version:1.80_09-12-2016 (21 Oct 2016)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed a rare issue where fatal system errors may not be logged to the Integrated Management Log (IML) when an error occurs on the processor.

Addressed an issue where the system may exhibit unpredictable behavior when not properly responding to error events from devices attached to PCI Express root ports.

Addressed an extremely rare issue where the system may receive a Red Screen error and become unresponsive during boot. This issue would not be seen if the ROM Based Setup Utility (RBSU) Option for Dynamic Power Calibration is set to Disabled (the default for this option is Auto which could result in this issue).

Addressed an issue where the system would become unresponsive during boot and display a NMI error when configured with an optional PCI Express device supporting older versions of the PCI Express specification.

Addressed an issue with Intel Xeon E3-1200 v5 series processors where the system may become unresponsive or result in unpredictable system behavior when executing 256-bit AVX instructions. This issue is not unique to HPE ProLiant servers and could impact any system utilizing affected processors that does not include the updated microcode.

Known Issues:

None
Enhancements

Updated the UEFI Secure Boot Key Database revocations list (DBX) with the latest version from Microsoft. This includes the latest list of revoked certificates.

Updated the HP RESTful API HPE BIOS Attribute Registry resources to match the latest BIOS/Platform Configuration options.


Version:1.70_05-06-2016 (9 Jun 2016)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue where a system that experiences an HPE Smart Storage Battery failure may become unresponsive when configured with iLO Firmware 2.40.  Note there is an issue where a system configured with Integrated Lights-Out (iLO) Firmware version 2.40 may experience an intermittent and false HPE Smart Storage Battery failure, logged in the Integrated Management Log (IML).  Due to the BIOS issue addressed in this revision, the false HPE Smart Storage Battery failure may result in the system becoming unresponsive.  This issue does not impact systems that are not configured with an HPE Smart Storage Battery or systems configured with iLO Firmware 2.30 or earlier.

Addressed an issue where the System Utilities BIOS/Platform Configuration (RBSU) USB Boot Options setting may not properly allow the server to boot from the internal SD card before a USB key when SD is higher in the priority list. This issue only affects servers configured in Legacy Boot Mode.

Addressed an issue where the ambient temperature reported by the system during server boot may report incorrectly. This issue also requires an iLO firmware version update to a revision later than 2.4x which will be released later this year. This issue has no impact on the thermal operation of the server and is simply an issue with the temperature displayed during boot. While updating to this revision of the BIOS will not address this issue unless the iLO FW revision is later than 2.4x, there are no issues caused by updating the BIOS without updating iLO FW.

Addressed an issue where the UEFI or Legacy Option ROM for a PCIe adapter may not be properly executed when installed in certain slots. This could cause such issues as an inability to boot using the PCIe adapter. This issue was seen with a Brocade network adapter but could be seen with other adapters.

Addressed an issue where the server health LED may remain set in a degraded or failed state after an error event was resolved during server operation. Previously, a server reset may have been needed to clear the health LED event.

Addressed an issue where the System Utilities BIOS/Platform Configuration (RBSU) option for Embedded UEFI Shell Auto Startup Script Network Location does not accept an NSH file name containing upper case characters.

Addressed an issue where the UEFI iSCSI Software Initiator boot options may become invalid if the DHCP server provides a new IP Address to a previously configured iSCSI boot option.

Addressed an issue where the system may become unresponsive during boot when configured with a HPE Dual microSD device when one of the microSD devices is failed or missing.

Addressed an issue where the Automatic Server Recovery (ASR) setting may not be configured properly through the HP RESTful API.

Addressed an issue where the internal SD card would remain active after the user has disabled the SD slot from System Utilities BIOS/Platform Configuration (RBSU) option. This issue only affects systems configured in Legacy Boot Mode.

Addressed an issue where the server may become unresponsive when using the PING command from the Embedded UEFI Shell.

Addressed an issue where the UEFI iSCSI Software Initiator boot options may become invalid if the DHCP server provides a new IP Address to a previously configured iSCSI boot option.

Addressed an issue where the system may fail to boot from existing UEFI iSCSI Software Initiator boot options if the user changed the iSCSI Target IP address.

Addressed an issue where the system may fail to boot from UEFI iSCSI Software Initiator boot options that has iSCSI Initiator or Target configured using static IPv6 addresses.

Addressed an issue where the UEFI iSCSI Software Initiator boot option IPv6 address cannot be configured using the HP RESTful API.

Addressed an issue that may result in losing the existing UEFI iSCSI Software Initiator boot options if any of the connection parameters (LUN, Remote Port, IP address, login credentials) change.

Addressed an issue in reporting the incorrect PCIe slot number in the error messages of failed iSCSI boot attempts.

Addressed an issue of iSCSI boot configuration options not being available from the HP RESTful API when there are no network adapters in the system.

Addressed an extremely rare issue where the server may become unresponsive due to a Non Maskable Interrupt (NMI) when performing a shutdown or startup from an Operating System.

Known Issues:

None
Enhancements

Enhanced PCIe resource allocation so that systems configured with multiple PCIe expansion devices may in some cases no longer report a "276 Option Card Configuration Error" during system boot due to not having enough I/O resources to support what is requested by the installed devices. This BIOS revision allows a wider range of PCIe configurations that request large amounts of I/O to be configured properly.

Updated the HP RESTful API HPE BIOS Attribute Registry resources to match the latest BIOS/Platform Configuration options.

Updated the UEFI Secure Boot Key Database revocations list (DBX) with the latest version from Microsoft. This includes the latest list of revoked certificates.

Updated the language translations (non-English modes) for System Utilities.

Increased the default timeout value of the iSCSI UEFI Software Initiator boot to 20 seconds. This may help resolve issues of intermittent connection drop during an iSCSI boot.


Version:1.60_12-02-2015 (B) (19 Feb 2016)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important Notes:

Version 1.60_12-02-2015 (B) contains an updated certificate for Windows and is functionally equivalent to version 1.60_12-02-2015 (A).  It is not necessary to upgrade to Revision B if Revision A was used to successfully upgrade to version 1.60_12-02-2015.

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue with Intel Xeon E3-1200 v5 series processors in which a rare and complex micro-architectural condition may result in unpredictable system behavior. While this issue is rare, the workload requirements to expose the issue cannot be characterized. This revision of the System ROM contains an updated version of Intel's microcode that addresses this issue. This issue not unique to HPE ProLiant servers and could impact any system utilizing affected processors which does not include the updated microcode. Due to the potential severity of the issue addressed in this revision of the System ROM, this System ROM upgrade is considered a critical fix.

Addressed a VT-d security issue. This issue is NOT unique to ProLiant servers. HPE recommends that users using processors that support VT-d update the BIOS to this version.

Addressed an issue where the Advanced ECC feature was displayed incorrectly on the graphical POST screen and as a System Utilities BIOS/Platform Configuration (RBSU) option. The DL20 Gen9 supports ECC not Advanced ECC.

Addressed an issue where the system may incorrectly display an error message stating that a device is SR-IOV capable but is installed in a slot that does not support SR-IOV.

Addressed an issue where the system is unable to enter package C6 state when the processor is idle.

Addressed an issue where the processor frequency would stay high when the System Utilities BIOS/Platform Configuration (RBSU) Power Regulator Option is confgured to OS Control Mode.

Addressed an issue where the System Utilities BIOS/Platform Configuration (RBSU) Processor Core Disable Option would not correctly restore its default value when an invalid core number is entered.

Addressed an issue where the System Utilities BIOS/Platform Configuration (RBSU) Redundant Power Supply Mode Option setting would not match with the iLO Web Management System Information Power page.

Addressed an issue where the user may not be able to properly download an Active Health Systems (AHS) file from System Utilities or the Embedded UEFI Shell when certain date ranges were used.

Addressed an issue where a system configured with a Trusted Platform Module (TPM) may improperly measure an extra EV_SEPARATOR into the TPM PCR7.

Addressed an issue where the Active Health System (AHS) file could not be downloaded to the embedded SD card from the Embedded UEFI Shell.

Addressed issues with USB support in the pre-boot environment when the system is configured in Legacy Boot Mode. These issues did not affect systems configured in UEFI Boot Mode.

Addressed an issue where certain optional PCIe video adapters would fail to work properly when using a Linux operating system.

Addressed an issue where industry standard SMBIOS Type 9 entries for PCIe Slots attached to a not installed processor did not exist.

Addressed an issue where the UEFI iSCSI Boot Configuration may not work properly when configuring these options through the HP RESTful Interface. This issue does not affect systems where the UEFI iSCSI Boot Configuration is configured through the System Utilities BIOS/Platform Configuration (RBSU).

Addressed an issue where the drives attached to an HP Smart Array controller may not be detected on the first boot after switching from UEFI Boot Mode to Legacy Boot Mode.

Addressed an issue where the PXE Boot Policy does not function properly when the Network VLAN Configuration option is enabled. When Network VLAN Configuration is enabled, the server would always attempt to boot both iPV4 and iPV6 regardless of the PXE Boot Order Policy setting.

Addressed an issue where the server would display a Red Screen error and become unresponsive when exiting the System Utilities Embedded User Diagnostics when configured for Legacy Boot Mode. This issue does not impact systems configured for UEFI Boot Mode.

Addressed an issue where the HP ProLiant Dynamic Power Regulator would not function properly when configured for Slow Mode. In rare cases, this could cause the system to not optimally switch processor power states.

Addressed an issue where the system may display a Red Screen error and become unresponsive from the Embedded UEFI Shell when interrupting the ping command via a CTRL-C key press.

Addressed an issue where the system may report a 335-HP RESTful API error after setting the BIOS Administrator password through the HP RESTful API.

Addressed an issue where the Date and Time may be set incorrectly when using the Date and Time option from the BIOS/Platform Configuration (RBSU) when the Daylight Savings Time option is enabled.

Addressed an issue where the server may display a Red Screen error and become unresponsive during boot when more than 256 hard drives are attached to a storage controller. The UEFI BIOS will now limit the enumeration of bootable devices to 256 entries.

Addressed an issue where video is not displayed when using the embedded video controller with certain newer monitors, such as the HP E190i, which do not properly operate in native resolutions such as 1280x1024.

Addressed an issue with the incorrect version of the HpServerBootSettings schema in the HP RESTful API.

Addressed an issue where the server could become unresponsive during boot or from the Embedded UEFI Shell when a Block I/O device such as a USB key or hard drive has a corrupt FAT32 file system.

Addressed an issue where an erroneous 312 - HP Smart Battery error message would be displayed and logged to the Integrated Management Log (IML) on the first boot after the system battery was removed from the server.

Addressed an issue where the UEFI or Legacy Option ROM for a PCIe adapter may not be properly executed when installed in certain slots. This could cause such issues as an inability to boot using the PCIe adapter. This issue was seen with a Brocade network adapter but could be seen with other adapters.

Addressed an issue where Extended Page Table (EPT) Write protect fault when using string operation in a virtual machine may result in unexpected behavior.

Known Issues:

None

Enhancements

Added support for an optional Trusted Platform Module (TPM) 2.0.

Added support to the Embedded UEFI Shell to allow the user to export Secure Boot certificates to a file.

Added support to automatically initialize the Trusted Platform Modules (TPM) nonvolatile storage when the TPM is first installed on a platform. This feature helps avoid issues where a TPM may be locked out from use to an operating system and requires the user to manually clear the TPM setting from the BIOS/Platform Configuration (RBSU) menus when first installed.

Updated branding during the boot process and in the pre-boot System Utilities from HP to Hewlett Packard Enterprise. No branding changes were made that could impact software running on the system. Industry standard SMBIOS tables were NOT updated to reflect Hewlett Packard Enterprise branding.

Updated the language translations (non-English modes) for System Utilities.

Updated the HP RESTful API HP BIOS Attribute Registry resources to match the latest BIOS/Platform Configuration options.

Added support for the industry standard SMBIOS Type 2 baseboard record.

Added support to the HP RESTful API to allow the user to configure the UEFI boot order when the system is configured for Legacy Boot Mode.


Version:1.60_12-02-2015 (22 Jan 2016)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


REMOVED - This package version contained a SHA1 signature issued after 1 January 2016. The package is NO LONGER AVAILABLE for download. Attempts to run this package might present the user with the following error message: "The signature of cp029070.exe is corrupt or invalid". Click the ‘Obtain software link’ to open the web page of the replacement version.

Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue with Intel Xeon E3-1200 v5 series processors in which a rare and complex micro-architectural condition may result in unpredictable system behavior. While this issue is rare, the workload requirements to expose the issue cannot be characterized. This revision of the System ROM contains an updated version of Intel's microcode that addresses this issue. This issue not unique to HPE ProLiant servers and could impact any system utilizing affected processors which does not include the updated microcode. Due to the potential severity of the issue addressed in this revision of the System ROM, this System ROM upgrade is considered a critical fix.

Addressed a VT-d security issue. This issue is NOT unique to ProLiant servers. HPE recommends that users using processors that support VT-d update the BIOS to this version.

Addressed an issue where the Advanced ECC feature was displayed incorrectly on the graphical POST screen and as a System Utilities BIOS/Platform Configuration (RBSU) option. The DL20 Gen9 supports ECC not Advanced ECC.

Addressed an issue where the system may incorrectly display an error message stating that a device is SR-IOV capable but is installed in a slot that does not support SR-IOV.

Addressed an issue where the system is unable to enter package C6 state when the processor is idle.

Addressed an issue where the processor frequency would stay high when the System Utilities BIOS/Platform Configuration (RBSU) Power Regulator Option is confgured to OS Control Mode.

Addressed an issue where the System Utilities BIOS/Platform Configuration (RBSU) Processor Core Disable Option would not correctly restore its default value when an invalid core number is entered.

Addressed an issue where the System Utilities BIOS/Platform Configuration (RBSU) Redundant Power Supply Mode Option setting would not match with the iLO Web Management System Information Power page.

Addressed an issue where the user may not be able to properly download an Active Health Systems (AHS) file from System Utilities or the Embedded UEFI Shell when certain date ranges were used.

Addressed an issue where a system configured with a Trusted Platform Module (TPM) may improperly measure an extra EV_SEPARATOR into the TPM PCR7.

Addressed an issue where the Active Health System (AHS) file could not be downloaded to the embedded SD card from the Embedded UEFI Shell.

Addressed issues with USB support in the pre-boot environment when the system is configured in Legacy Boot Mode. These issues did not affect systems configured in UEFI Boot Mode.

Addressed an issue where certain optional PCIe video adapters would fail to work properly when using a Linux operating system.

Addressed an issue where industry standard SMBIOS Type 9 entries for PCIe Slots attached to a not installed processor did not exist.

Addressed an issue where the UEFI iSCSI Boot Configuration may not work properly when configuring these options through the HP RESTful Interface. This issue does not affect systems where the UEFI iSCSI Boot Configuration is configured through the System Utilities BIOS/Platform Configuration (RBSU).

Addressed an issue where the drives attached to an HP Smart Array controller may not be detected on the first boot after switching from UEFI Boot Mode to Legacy Boot Mode.

Addressed an issue where the PXE Boot Policy does not function properly when the Network VLAN Configuration option is enabled. When Network VLAN Configuration is enabled, the server would always attempt to boot both iPV4 and iPV6 regardless of the PXE Boot Order Policy setting.

Addressed an issue where the server would display a Red Screen error and become unresponsive when exiting the System Utilities Embedded User Diagnostics when configured for Legacy Boot Mode. This issue does not impact systems configured for UEFI Boot Mode.

Addressed an issue where the HP ProLiant Dynamic Power Regulator would not function properly when configured for Slow Mode. In rare cases, this could cause the system to not optimally switch processor power states.

Addressed an issue where the system may display a Red Screen error and become unresponsive from the Embedded UEFI Shell when interrupting the ping command via a CTRL-C key press.

Addressed an issue where the system may report a 335-HP RESTful API error after setting the BIOS Administrator password through the HP RESTful API.

Addressed an issue where the Date and Time may be set incorrectly when using the Date and Time option from the BIOS/Platform Configuration (RBSU) when the Daylight Savings Time option is enabled.

Addressed an issue where the server may display a Red Screen error and become unresponsive during boot when more than 256 hard drives are attached to a storage controller. The UEFI BIOS will now limit the enumeration of bootable devices to 256 entries.

Addressed an issue where video is not displayed when using the embedded video controller with certain newer monitors, such as the HP E190i, which do not properly operate in native resolutions such as 1280x1024.

Addressed an issue with the incorrect version of the HpServerBootSettings schema in the HP RESTful API.

Addressed an issue where the server could become unresponsive during boot or from the Embedded UEFI Shell when a Block I/O device such as a USB key or hard drive has a corrupt FAT32 file system.

Addressed an issue where an erroneous 312 - HP Smart Battery error message would be displayed and logged to the Integrated Management Log (IML) on the first boot after the system battery was removed from the server.

Addressed an issue where the UEFI or Legacy Option ROM for a PCIe adapter may not be properly executed when installed in certain slots. This could cause such issues as an inability to boot using the PCIe adapter. This issue was seen with a Brocade network adapter but could be seen with other adapters.

Addressed an issue where Extended Page Table (EPT) Write protect fault when using string operation in a virtual machine may result in unexpected behavior.

Known Issues:

None

Enhancements

REMOVED - This package version contained a SHA1 signature issued after 1 January 2016. The package is NO LONGER AVAILABLE for download. Attempts to run this package might present the user with the following error message: "The signature of cp029070.exe is corrupt or invalid". Click the ‘Obtain software link’ to open the web page of the replacement version.

Added support for an optional Trusted Platform Module (TPM) 2.0.

Added support to the Embedded UEFI Shell to allow the user to export Secure Boot certificates to a file.

Added support to automatically initialize the Trusted Platform Modules (TPM) nonvolatile storage when the TPM is first installed on a platform. This feature helps avoid issues where a TPM may be locked out from use to an operating system and requires the user to manually clear the TPM setting from the BIOS/Platform Configuration (RBSU) menus when first installed.

Updated branding during the boot process and in the pre-boot System Utilities from HP to Hewlett Packard Enterprise. No branding changes were made that could impact software running on the system. Industry standard SMBIOS tables were NOT updated to reflect Hewlett Packard Enterprise branding.

Updated the language translations (non-English modes) for System Utilities.

Updated the HP RESTful API HP BIOS Attribute Registry resources to match the latest BIOS/Platform Configuration options.

Added support for the industry standard SMBIOS Type 2 baseboard record.

Added support to the HP RESTful API to allow the user to configure the UEFI boot order when the system is configured for Legacy Boot Mode.


Version:1.50_09-24-2015 (1 Dec 2015)
Enhancements

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


Important Notes:

None

Firmware Dependencies:

None

Enhancements/New Features:

This is the initial version of the firmware.

Known Issues:

None

Type: BIOS (Entitlement Required) - System ROM
Version: 2.60_05-21-2018(11 Jun 2018)
Operating System(s):
Microsoft Windows Server 2012
Microsoft Windows Server 2012 Essentials
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016

Description

This component provides updated system firmware that can be installed directly on supported Operating Systems. Additionally, when used in conjunction with Smart Update Manager (SUM), this Component allows the user to update firmware on remote servers from a central location. This remote deployment capability eliminates the need for the user to be physically present at the server in order to perform a firmware update.

Installation Instructions

Prerequisites:

The "HPE ProLiant iLO 3/4 Channel Interface Driver” (CHIF) for Windows which is available from Service Pack for ProLiant (SPP).


To ensure the integrity of your download, HPE recommends verifying your results with this SHA-256 Checksum value:

20cb597c9199b8f40c396a19dfdc683ea3f157225e0b4169b9852332bacd4b4f cp036396.exe

Reboot Requirement:
Reboot is required after installation for updates to take effect and hardware stability to be maintained.


Installation:

To update firmware from Windows operating system on target server:

1.     Place the Component in a temporary directory.
2.     From the same directory, run the Component by double-clicking it.
3.     When the Component dialog window displays, click the Install button to initiate the firmware upgrade.
4.     Reboot your system if you would like the update to take effect immediately.


 Supplemental updates for supported ProLiant servers and options can be done by using Smart Update Manager, which is found on the Service Pack for ProLiant ISO.

  • Place the Service Pack for ProLiant on a USB key using the USB Key Creator Utility.
  • Place the desired components to be updated in the directory, \packages on the USB key. To use with HP SUM 7.6.0 or earlier, place the components in \hp\swpackages on the USB Key.

Update the firmware and software in the usual manner. 
 

This component can only be executed on Windows x64.


Release Notes

End User License Agreements:
The MIT License Agreement
OpenSSL License Agreement, Version 0.9.8
PNG Graphics File Format Software End User License Agreement
UEFI EDK2 License
zlib End User License Agreement
HPE Software License Agreement v1
Hewlett-Packard End User License Agreement


Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important:

Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

Deliverable Name:

HPE ProLiant DL20 Gen9 System ROM - U22

Release Version:

2.60_05-21-2018

Last Recommended or Critical Revision:

2.60_05-21-2018

Previous Revision:

2.56_01-22-2018

Firmware Dependencies:

None

Enhancements/New Features:

None

Problems Fixed:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

Known Issues:

None


Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

Firmware Dependencies:

None

Problems Fixed:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

Known Issues:

None

Important

Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

Deliverable Name:

HPE ProLiant DL20 Gen9 System ROM - U22

Release Version:

2.60_05-21-2018

Last Recommended or Critical Revision:

2.60_05-21-2018

Previous Revision:

2.56_01-22-2018

Firmware Dependencies:

None

Enhancements/New Features:

None

Problems Fixed:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

Known Issues:

None

Revision History

Version:2.82_04-04-2019 (1 May 2019)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and/or hypervisor updates, provides mitigation for a new group of side channel vulnerabilities known as Microarchitectural Data Sampling (MDS).  This includes support for mitigating the following vulnerabilities:  CVE-2018-12126 – Microarchitectural Store Buffer Data Sampling, CVE-2018-12130 – Microarchitectural Fill Buffer Data Sampling, CVE-2018-12127 – Microarchitectural Load Port Data Sampling, and CVE-2019-11091 – Microarchitectural Data Sampling Uncacheable Memory.  These issues are not unique to HPE servers.

Firmware Dependencies:

None

Problems Fixed:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and/or hypervisor updates, provides mitigation for a new group of side channel vulnerabilities known as Microarchitectural Data Sampling (MDS).  This includes support for mitigating the following vulnerabilities:  CVE-2018-12126 – Microarchitectural Store Buffer Data Sampling, CVE-2018-12130 – Microarchitectural Fill Buffer Data Sampling, CVE-2018-12127 – Microarchitectural Load Port Data Sampling, and CVE-2019-11091 – Microarchitectural Data Sampling Uncacheable Memory.  These issues are not unique to HPE servers.

Known Issues:

None


Version:2.80_12-18-2018 (2 Apr 2019)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

This revision of the System ROM includes the latest revision of the UEFI EDK2 support that provides mitigations for a variety of security vulnerabilities. The following vulnerabilities have been addressed in this System ROM release: CVE-2018-3613 CVE-2017-5731, CVE-2017-5732, CVE-2017-5733, CVE-2017-5734, CVE-2017-5735, CVE-2018-3630, CVE-2018-12178, CVE-2018-12179, CVE-2018-12180, CVE-2018-12181, CVE-2018-12182 and CVE-2018-12183. These security vulnerabilities are not unique to HPE servers.

Addressed an issue where certain PCIe option cards may not train properly and cause the system to hang during POST. This issue is not unique to HPE servers.

Known Issues:

None
Enhancements

Added support to allow for the ROM Based Setup Utility (RBSU) Power Regulator setting to be set to Static Low or OS Control Mode when the Processor Power and Utilization Support was disabled. Previous ROMs required the Power Regulator to be configured for Static High Mode only.

Updated the RESTful API HPE BIOS Attribute Registry resources to match the latest BIOS/Platform Configuration options.


Version:2.60_05-21-2018 (11 Jun 2018)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

Firmware Dependencies:

None

Problems Fixed:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system and hypervisor updates, provides mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1 Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities.  These vulnerabilities may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a side-channel analysis.  These security vulnerabilities are not unique to HPE servers and impact any servers utilizing impacted processors.  Note that this server is NOT vulnerable to L1 Terminal Fault – SGX (CVE-2018-3615), also known as Foreshadow, because this server does NOT support SGX.

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for the Speculative Store Bypass (also known as Variant 4) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3639. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for the Rogue Register Read (also known as Variant 3a) security vulnerability. A Medium level CVE has been assigned to this issue with ID CVE-2018-3640. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This security vulnerability is not unique to HPE servers and impacts any systems utilizing impacted processors.

Known Issues:

None


Version:2.56_01-22-2018(B) (27 Feb 2018)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important Notes:

This revision of the System ROM includes the latest revision of the Intel microcode which, in combination with operating system updates, provides mitigation for Variant 2 of the Side Channel Analysis vulnerability, also known as Spectre. The revision of the microcode included in this System ROM addresses issues with more frequent reboots and unpredictable system behavior which impacted the previous Intel microcode which was part of the Spectre Variant 2 mitigation. Additional information is available from Intel’s Security Exploit Newsroom, https://newsroom.intel.com/press-kits/security-exploits-intel-products/.

Firmware Dependencies:

None

Problems Fixed:

Updated the Intel processor microcode to the latest version.

Known Issues:

None


Version:2.52_12-12-2017 (3 Jan 2018)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important Notes:

“On January 11, Intel announced issues with an increased frequency of reboots when using the microcodes they released to address Variant 2 of the Spectre Vulnerability for numerous processors including Broadwell, Haswell, Skylake, Kaby Lake, Ivybridge, and Sandybridge processors. Mitigations for Variant 1 (Spectre) and Variant 3 (Meltdown) vulnerabilities require only OS updates and are not impacted.

Due to the severity of the potential issues that may occur when using these microcodes addressing Variant 2, Intel now recommends that customers discontinue their use.  Additional information is available from Intel’s Security Exploit Newsroom, https://newsroom.intel.com/press-kits/security-exploits-intel-products/.  HPE is in alignment with Intel in our recommendation that customers discontinue use of System ROMs including impacted microcodes and revert to earlier System ROM versions. Earlier versions of the System ROMs display on the ‘Revision History’ tab. Clicking the ‘Obtain software’ link opens the HPE Customer Advisory on this topic where the recommended version of an earlier System ROM for each affected platform is provided along with additional information about this critical issue. “

Firmware Dependencies:

None

Problems Fixed:

Updated the Intel processor microcode to the latest version.

Known Issues:

None


Version:2.50_10-02-2017 (11 Oct 2017)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue with Intel processors in which a complex number of concurrent micro-architectural conditions may result in unpredictable system behavior. This revision of the System ROM contains an updated version of Intel’s microcode for these processors that addresses this issue. This issue is not unique to HPE ProLiant servers and could impact any system utilizing affected processors that do not include the updated microcode. Due to the potential severity of the issue addressed in this revision of the System ROM, this System ROM upgrade is considered a critical fix.

Known Issues:

None
Enhancements

Added support for Trusted Platform Module (TPM) 2.0 Firmware flash updates. For systems configured with the optional TPM 2.0 device, this is the minimum revision of the System ROM required to update TPM firmware.

Updated the HPE RESTful API HPE BIOS Attribute Registry resources to match the latest BIOS/Platform Configuration options.


Version:2.30_06-15-2017 (27 Sep 2017)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue where the System Utilities BIOS/Platform Configuration (RBSU) USB Control setting for disabling USB ports would not properly disable the port for USB 3.0 devices plugged into the rear USB ports.

Known Issues:

None

Version:2.20_04-28-2017 (18 Jul 2017)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue with Intel Xeon E3-1200 v5 series processors where the system may become unresponsive or result in unpredictable system behavior. This issue is not unique to HPE ProLiant servers and could impact any system utilizing affected processors that does not include the updated microcode.

Addressed an issue where some 2400 MT/s DIMM configurations may not properly initialize. This issue is not unique to HPE ProLiant servers and could impact any system utilizing affected DIMMs configurations.

Known Issues:

None

Version:2.22_06-13-2017 (30 Jun 2017)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue with Intel Xeon E3-1200 v5 series Processors, Intel Xeon E3-1200 v6 series Processors, 6th Generation Intel Core i3 Processors, 7th Generation Intel Core i3 Processors, and Intel Pentium Processor G Series Processors in which a complex number of concurrent micro-architectural conditions may result in unpredictable system behavior when Intel Hyperthreading is enabled. This revision of the System ROM contains an updated version of Intel’s microcode for these processors that addresses this issue. The issue requires short loops of less than 64 instructions that use the AH, BH, CH, or DH registers as well as their corresponding wider registers (e.g. RAX, EAX, or AX for AH) when both logical processors on the same physical processor core are active. This issue is not unique to HPE ProLiant servers and could impact any system utilizing affected processors which do not include the updated microcode. Due to the potential severity of the issue addressed in this revision of the System ROM, this System ROM upgrade is considered a critical fix for systems with Intel Hyperthreading enabled (which is the default for systems using processors which support Intel Hyperthreading).

Known Issues:

None

Version:2.10_02-21-2017 (21 Apr 2017)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue with the Intel® Direct Connect Interface (DCI) as directed by Intel's Technical Advisory. This issue is not unique to HPE ProLiant servers and could impact any system utilizing the affected chipset.

Addressed an issue where the system may become unresponsive during system boot when a third party USB 3.0 XHCI adapter card is installed in the server.

Addressed an issue where the system may become unresponsive during system boot when a USB-based UPS is attached to the server USB ports. This issue only impacted a system when configured for legacy boot mode.

Addressed an issue where the system may not properly report and log errors to the Integrated Management Log (IML) detected on the optional HPE Dual SD Card option. This issue only impacted logging when the system performed a warm reset. 

Known Issues:

None
Enhancements

Updated the HP RESTful API HPE BIOS Attribute Registry resources to match the latest BIOS/Platform Configuration options.


Version:2.00_01-17-2017(B) (21 Apr 2017)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue where setting the System Utilities BIOS/Platform Configuration (RBSU) Power Regulator option to Low Power Mode would not result in the processor running at its lowest frequency.

Addressed an issue where the System Utilities BIOS/Platform Configuration (RBSU) would incorrectly show Turbo Mode capability on certain processors.

Addressed an issue where the system would not successfully shutdown from Windows 2012R2/2016 installed on a Smart Array controller when the Embedded SATA Controller is disabled in System Utilities BIOS/Platform Configuration (RBSU).

Known Issues:

None

Version:1.80_09-12-2016 (21 Oct 2016)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed a rare issue where fatal system errors may not be logged to the Integrated Management Log (IML) when an error occurs on the processor.

Addressed an issue where the system may exhibit unpredictable behavior when not properly responding to error events from devices attached to PCI Express root ports.

Addressed an extremely rare issue where the system may receive a Red Screen error and become unresponsive during boot. This issue would not be seen if the ROM Based Setup Utility (RBSU) Option for Dynamic Power Calibration is set to Disabled (the default for this option is Auto which could result in this issue).

Addressed an issue where the system would become unresponsive during boot and display a NMI error when configured with an optional PCI Express device supporting older versions of the PCI Express specification.

Addressed an issue with Intel Xeon E3-1200 v5 series processors where the system may become unresponsive or result in unpredictable system behavior when executing 256-bit AVX instructions. This issue is not unique to HPE ProLiant servers and could impact any system utilizing affected processors that does not include the updated microcode.

Known Issues:

None
Enhancements

Updated the UEFI Secure Boot Key Database revocations list (DBX) with the latest version from Microsoft. This includes the latest list of revoked certificates.

Updated the HP RESTful API HPE BIOS Attribute Registry resources to match the latest BIOS/Platform Configuration options.


Version:1.70_05-06-2016 (9 Jun 2016)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue where a system that experiences an HPE Smart Storage Battery failure may become unresponsive when configured with iLO Firmware 2.40.  Note there is an issue where a system configured with Integrated Lights-Out (iLO) Firmware version 2.40 may experience an intermittent and false HPE Smart Storage Battery failure, logged in the Integrated Management Log (IML).  Due to the BIOS issue addressed in this revision, the false HPE Smart Storage Battery failure may result in the system becoming unresponsive.  This issue does not impact systems that are not configured with an HPE Smart Storage Battery or systems configured with iLO Firmware 2.30 or earlier.

Addressed an issue where the System Utilities BIOS/Platform Configuration (RBSU) USB Boot Options setting may not properly allow the server to boot from the internal SD card before a USB key when SD is higher in the priority list. This issue only affects servers configured in Legacy Boot Mode.

Addressed an issue where the ambient temperature reported by the system during server boot may report incorrectly. This issue also requires an iLO firmware version update to a revision later than 2.4x which will be released later this year. This issue has no impact on the thermal operation of the server and is simply an issue with the temperature displayed during boot. While updating to this revision of the BIOS will not address this issue unless the iLO FW revision is later than 2.4x, there are no issues caused by updating the BIOS without updating iLO FW.

Addressed an issue where the UEFI or Legacy Option ROM for a PCIe adapter may not be properly executed when installed in certain slots. This could cause such issues as an inability to boot using the PCIe adapter. This issue was seen with a Brocade network adapter but could be seen with other adapters.

Addressed an issue where the server health LED may remain set in a degraded or failed state after an error event was resolved during server operation. Previously, a server reset may have been needed to clear the health LED event.

Addressed an issue where the System Utilities BIOS/Platform Configuration (RBSU) option for Embedded UEFI Shell Auto Startup Script Network Location does not accept an NSH file name containing upper case characters.

Addressed an issue where the UEFI iSCSI Software Initiator boot options may become invalid if the DHCP server provides a new IP Address to a previously configured iSCSI boot option.

Addressed an issue where the system may become unresponsive during boot when configured with a HPE Dual microSD device when one of the microSD devices is failed or missing.

Addressed an issue where the Automatic Server Recovery (ASR) setting may not be configured properly through the HP RESTful API.

Addressed an issue where the internal SD card would remain active after the user has disabled the SD slot from System Utilities BIOS/Platform Configuration (RBSU) option. This issue only affects systems configured in Legacy Boot Mode.

Addressed an issue where the server may become unresponsive when using the PING command from the Embedded UEFI Shell.

Addressed an issue where the UEFI iSCSI Software Initiator boot options may become invalid if the DHCP server provides a new IP Address to a previously configured iSCSI boot option.

Addressed an issue where the system may fail to boot from existing UEFI iSCSI Software Initiator boot options if the user changed the iSCSI Target IP address.

Addressed an issue where the system may fail to boot from UEFI iSCSI Software Initiator boot options that has iSCSI Initiator or Target configured using static IPv6 addresses.

Addressed an issue where the UEFI iSCSI Software Initiator boot option IPv6 address cannot be configured using the HP RESTful API.

Addressed an issue that may result in losing the existing UEFI iSCSI Software Initiator boot options if any of the connection parameters (LUN, Remote Port, IP address, login credentials) change.

Addressed an issue in reporting the incorrect PCIe slot number in the error messages of failed iSCSI boot attempts.

Addressed an issue of iSCSI boot configuration options not being available from the HP RESTful API when there are no network adapters in the system.

Addressed an extremely rare issue where the server may become unresponsive due to a Non Maskable Interrupt (NMI) when performing a shutdown or startup from an Operating System.

Known Issues:

None
Enhancements

Enhanced PCIe resource allocation so that systems configured with multiple PCIe expansion devices may in some cases no longer report a "276 Option Card Configuration Error" during system boot due to not having enough I/O resources to support what is requested by the installed devices. This BIOS revision allows a wider range of PCIe configurations that request large amounts of I/O to be configured properly.

Updated the HP RESTful API HPE BIOS Attribute Registry resources to match the latest BIOS/Platform Configuration options.

Updated the UEFI Secure Boot Key Database revocations list (DBX) with the latest version from Microsoft. This includes the latest list of revoked certificates.

Updated the language translations (non-English modes) for System Utilities.

Increased the default timeout value of the iSCSI UEFI Software Initiator boot to 20 seconds. This may help resolve issues of intermittent connection drop during an iSCSI boot.


Version:1.60_12-02-2015 (B) (19 Feb 2016)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Important Notes:

Version 1.60_12-02-2015 (B) contains an updated certificate for Windows and is functionally equivalent to version 1.60_12-02-2015 (A).  It is not necessary to upgrade to Revision B if Revision A was used to successfully upgrade to version 1.60_12-02-2015.

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue with Intel Xeon E3-1200 v5 series processors in which a rare and complex micro-architectural condition may result in unpredictable system behavior. While this issue is rare, the workload requirements to expose the issue cannot be characterized. This revision of the System ROM contains an updated version of Intel's microcode that addresses this issue. This issue not unique to HPE ProLiant servers and could impact any system utilizing affected processors which does not include the updated microcode. Due to the potential severity of the issue addressed in this revision of the System ROM, this System ROM upgrade is considered a critical fix.

Addressed a VT-d security issue. This issue is NOT unique to ProLiant servers. HPE recommends that users using processors that support VT-d update the BIOS to this version.

Addressed an issue where the Advanced ECC feature was displayed incorrectly on the graphical POST screen and as a System Utilities BIOS/Platform Configuration (RBSU) option. The DL20 Gen9 supports ECC not Advanced ECC.

Addressed an issue where the system may incorrectly display an error message stating that a device is SR-IOV capable but is installed in a slot that does not support SR-IOV.

Addressed an issue where the system is unable to enter package C6 state when the processor is idle.

Addressed an issue where the processor frequency would stay high when the System Utilities BIOS/Platform Configuration (RBSU) Power Regulator Option is confgured to OS Control Mode.

Addressed an issue where the System Utilities BIOS/Platform Configuration (RBSU) Processor Core Disable Option would not correctly restore its default value when an invalid core number is entered.

Addressed an issue where the System Utilities BIOS/Platform Configuration (RBSU) Redundant Power Supply Mode Option setting would not match with the iLO Web Management System Information Power page.

Addressed an issue where the user may not be able to properly download an Active Health Systems (AHS) file from System Utilities or the Embedded UEFI Shell when certain date ranges were used.

Addressed an issue where a system configured with a Trusted Platform Module (TPM) may improperly measure an extra EV_SEPARATOR into the TPM PCR7.

Addressed an issue where the Active Health System (AHS) file could not be downloaded to the embedded SD card from the Embedded UEFI Shell.

Addressed issues with USB support in the pre-boot environment when the system is configured in Legacy Boot Mode. These issues did not affect systems configured in UEFI Boot Mode.

Addressed an issue where certain optional PCIe video adapters would fail to work properly when using a Linux operating system.

Addressed an issue where industry standard SMBIOS Type 9 entries for PCIe Slots attached to a not installed processor did not exist.

Addressed an issue where the UEFI iSCSI Boot Configuration may not work properly when configuring these options through the HP RESTful Interface. This issue does not affect systems where the UEFI iSCSI Boot Configuration is configured through the System Utilities BIOS/Platform Configuration (RBSU).

Addressed an issue where the drives attached to an HP Smart Array controller may not be detected on the first boot after switching from UEFI Boot Mode to Legacy Boot Mode.

Addressed an issue where the PXE Boot Policy does not function properly when the Network VLAN Configuration option is enabled. When Network VLAN Configuration is enabled, the server would always attempt to boot both iPV4 and iPV6 regardless of the PXE Boot Order Policy setting.

Addressed an issue where the server would display a Red Screen error and become unresponsive when exiting the System Utilities Embedded User Diagnostics when configured for Legacy Boot Mode. This issue does not impact systems configured for UEFI Boot Mode.

Addressed an issue where the HP ProLiant Dynamic Power Regulator would not function properly when configured for Slow Mode. In rare cases, this could cause the system to not optimally switch processor power states.

Addressed an issue where the system may display a Red Screen error and become unresponsive from the Embedded UEFI Shell when interrupting the ping command via a CTRL-C key press.

Addressed an issue where the system may report a 335-HP RESTful API error after setting the BIOS Administrator password through the HP RESTful API.

Addressed an issue where the Date and Time may be set incorrectly when using the Date and Time option from the BIOS/Platform Configuration (RBSU) when the Daylight Savings Time option is enabled.

Addressed an issue where the server may display a Red Screen error and become unresponsive during boot when more than 256 hard drives are attached to a storage controller. The UEFI BIOS will now limit the enumeration of bootable devices to 256 entries.

Addressed an issue where video is not displayed when using the embedded video controller with certain newer monitors, such as the HP E190i, which do not properly operate in native resolutions such as 1280x1024.

Addressed an issue with the incorrect version of the HpServerBootSettings schema in the HP RESTful API.

Addressed an issue where the server could become unresponsive during boot or from the Embedded UEFI Shell when a Block I/O device such as a USB key or hard drive has a corrupt FAT32 file system.

Addressed an issue where an erroneous 312 - HP Smart Battery error message would be displayed and logged to the Integrated Management Log (IML) on the first boot after the system battery was removed from the server.

Addressed an issue where the UEFI or Legacy Option ROM for a PCIe adapter may not be properly executed when installed in certain slots. This could cause such issues as an inability to boot using the PCIe adapter. This issue was seen with a Brocade network adapter but could be seen with other adapters.

Addressed an issue where Extended Page Table (EPT) Write protect fault when using string operation in a virtual machine may result in unexpected behavior.

Known Issues:

None

Enhancements

Added support for an optional Trusted Platform Module (TPM) 2.0.

Added support to the Embedded UEFI Shell to allow the user to export Secure Boot certificates to a file.

Added support to automatically initialize the Trusted Platform Modules (TPM) nonvolatile storage when the TPM is first installed on a platform. This feature helps avoid issues where a TPM may be locked out from use to an operating system and requires the user to manually clear the TPM setting from the BIOS/Platform Configuration (RBSU) menus when first installed.

Updated branding during the boot process and in the pre-boot System Utilities from HP to Hewlett Packard Enterprise. No branding changes were made that could impact software running on the system. Industry standard SMBIOS tables were NOT updated to reflect Hewlett Packard Enterprise branding.

Updated the language translations (non-English modes) for System Utilities.

Updated the HP RESTful API HP BIOS Attribute Registry resources to match the latest BIOS/Platform Configuration options.

Added support for the industry standard SMBIOS Type 2 baseboard record.

Added support to the HP RESTful API to allow the user to configure the UEFI boot order when the system is configured for Legacy Boot Mode.


Version:1.60_12-02-2015 (22 Jan 2016)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


REMOVED - This package version contained a SHA1 signature issued after 1 January 2016. The package is NO LONGER AVAILABLE for download. Attempts to run this package might present the user with the following error message: "The signature of cp029070.exe is corrupt or invalid". Click the ‘Obtain software link’ to open the web page of the replacement version.

Important Notes:

None

Firmware Dependencies:

None

Problems Fixed:

Addressed an issue with Intel Xeon E3-1200 v5 series processors in which a rare and complex micro-architectural condition may result in unpredictable system behavior. While this issue is rare, the workload requirements to expose the issue cannot be characterized. This revision of the System ROM contains an updated version of Intel's microcode that addresses this issue. This issue not unique to HPE ProLiant servers and could impact any system utilizing affected processors which does not include the updated microcode. Due to the potential severity of the issue addressed in this revision of the System ROM, this System ROM upgrade is considered a critical fix.

Addressed a VT-d security issue. This issue is NOT unique to ProLiant servers. HPE recommends that users using processors that support VT-d update the BIOS to this version.

Addressed an issue where the Advanced ECC feature was displayed incorrectly on the graphical POST screen and as a System Utilities BIOS/Platform Configuration (RBSU) option. The DL20 Gen9 supports ECC not Advanced ECC.

Addressed an issue where the system may incorrectly display an error message stating that a device is SR-IOV capable but is installed in a slot that does not support SR-IOV.

Addressed an issue where the system is unable to enter package C6 state when the processor is idle.

Addressed an issue where the processor frequency would stay high when the System Utilities BIOS/Platform Configuration (RBSU) Power Regulator Option is confgured to OS Control Mode.

Addressed an issue where the System Utilities BIOS/Platform Configuration (RBSU) Processor Core Disable Option would not correctly restore its default value when an invalid core number is entered.

Addressed an issue where the System Utilities BIOS/Platform Configuration (RBSU) Redundant Power Supply Mode Option setting would not match with the iLO Web Management System Information Power page.

Addressed an issue where the user may not be able to properly download an Active Health Systems (AHS) file from System Utilities or the Embedded UEFI Shell when certain date ranges were used.

Addressed an issue where a system configured with a Trusted Platform Module (TPM) may improperly measure an extra EV_SEPARATOR into the TPM PCR7.

Addressed an issue where the Active Health System (AHS) file could not be downloaded to the embedded SD card from the Embedded UEFI Shell.

Addressed issues with USB support in the pre-boot environment when the system is configured in Legacy Boot Mode. These issues did not affect systems configured in UEFI Boot Mode.

Addressed an issue where certain optional PCIe video adapters would fail to work properly when using a Linux operating system.

Addressed an issue where industry standard SMBIOS Type 9 entries for PCIe Slots attached to a not installed processor did not exist.

Addressed an issue where the UEFI iSCSI Boot Configuration may not work properly when configuring these options through the HP RESTful Interface. This issue does not affect systems where the UEFI iSCSI Boot Configuration is configured through the System Utilities BIOS/Platform Configuration (RBSU).

Addressed an issue where the drives attached to an HP Smart Array controller may not be detected on the first boot after switching from UEFI Boot Mode to Legacy Boot Mode.

Addressed an issue where the PXE Boot Policy does not function properly when the Network VLAN Configuration option is enabled. When Network VLAN Configuration is enabled, the server would always attempt to boot both iPV4 and iPV6 regardless of the PXE Boot Order Policy setting.

Addressed an issue where the server would display a Red Screen error and become unresponsive when exiting the System Utilities Embedded User Diagnostics when configured for Legacy Boot Mode. This issue does not impact systems configured for UEFI Boot Mode.

Addressed an issue where the HP ProLiant Dynamic Power Regulator would not function properly when configured for Slow Mode. In rare cases, this could cause the system to not optimally switch processor power states.

Addressed an issue where the system may display a Red Screen error and become unresponsive from the Embedded UEFI Shell when interrupting the ping command via a CTRL-C key press.

Addressed an issue where the system may report a 335-HP RESTful API error after setting the BIOS Administrator password through the HP RESTful API.

Addressed an issue where the Date and Time may be set incorrectly when using the Date and Time option from the BIOS/Platform Configuration (RBSU) when the Daylight Savings Time option is enabled.

Addressed an issue where the server may display a Red Screen error and become unresponsive during boot when more than 256 hard drives are attached to a storage controller. The UEFI BIOS will now limit the enumeration of bootable devices to 256 entries.

Addressed an issue where video is not displayed when using the embedded video controller with certain newer monitors, such as the HP E190i, which do not properly operate in native resolutions such as 1280x1024.

Addressed an issue with the incorrect version of the HpServerBootSettings schema in the HP RESTful API.

Addressed an issue where the server could become unresponsive during boot or from the Embedded UEFI Shell when a Block I/O device such as a USB key or hard drive has a corrupt FAT32 file system.

Addressed an issue where an erroneous 312 - HP Smart Battery error message would be displayed and logged to the Integrated Management Log (IML) on the first boot after the system battery was removed from the server.

Addressed an issue where the UEFI or Legacy Option ROM for a PCIe adapter may not be properly executed when installed in certain slots. This could cause such issues as an inability to boot using the PCIe adapter. This issue was seen with a Brocade network adapter but could be seen with other adapters.

Addressed an issue where Extended Page Table (EPT) Write protect fault when using string operation in a virtual machine may result in unexpected behavior.

Known Issues:

None

Enhancements

REMOVED - This package version contained a SHA1 signature issued after 1 January 2016. The package is NO LONGER AVAILABLE for download. Attempts to run this package might present the user with the following error message: "The signature of cp029070.exe is corrupt or invalid". Click the ‘Obtain software link’ to open the web page of the replacement version.

Added support for an optional Trusted Platform Module (TPM) 2.0.

Added support to the Embedded UEFI Shell to allow the user to export Secure Boot certificates to a file.

Added support to automatically initialize the Trusted Platform Modules (TPM) nonvolatile storage when the TPM is first installed on a platform. This feature helps avoid issues where a TPM may be locked out from use to an operating system and requires the user to manually clear the TPM setting from the BIOS/Platform Configuration (RBSU) menus when first installed.

Updated branding during the boot process and in the pre-boot System Utilities from HP to Hewlett Packard Enterprise. No branding changes were made that could impact software running on the system. Industry standard SMBIOS tables were NOT updated to reflect Hewlett Packard Enterprise branding.

Updated the language translations (non-English modes) for System Utilities.

Updated the HP RESTful API HP BIOS Attribute Registry resources to match the latest BIOS/Platform Configuration options.

Added support for the industry standard SMBIOS Type 2 baseboard record.

Added support to the HP RESTful API to allow the user to configure the UEFI boot order when the system is configured for Legacy Boot Mode.


Version:1.50_09-24-2015 (1 Dec 2015)
Enhancements

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


Important Notes:

None

Firmware Dependencies:

None

Enhancements/New Features:

This is the initial version of the firmware.

Known Issues:

None

Legal Disclaimer: Products sold prior to the November 1, 2015 separation of Hewlett-Packard Company into Hewlett Packard Enterprise Company and HP Inc. may have older product names and model numbers that differ from current models.