================================================================================ Intel(R) Server Board S2600ST Family for Intel(R) One Boot Flash Update Utility, Windows* Preboot Execution Environment ================================================================================ Intel(R) Server Boards and Systems Intel Corporation 2111 N.E. 25th Avenue, Hillsboro, OR 97124 USA ================================================================================ DATE : April 02, 2019 TO : Intel(R) Server Board S2600ST Family SUBJECT : Release Notes for System Firmware Update Package ================================================================================ ABOUT THIS RELEASE ================================================================================ BIOS : 02.00.0008 ME : 04.01.04.251 BMC : 1.93.870cf4f0 FRUSDR : 1.74 ================================================================================ Support Platforms and Dependency ================================================================================ Processors supported: Intel(R) Xeon(R) Scalable processors Microcode versions: CPUID Version Status 0x50654 0x0200005a (1st Generation Intel(R) Xeon(R) Scalable H0,M0,U0) 0x50656 0x0400001c (2nd Generation Intel(R) Xeon(R) Scalable B0,L0,R0) 0x50657 0x0500001c (2nd Generation Intel(R) Xeon(R) Scalable B1,L1,R1) The following update process must be followed to ensure a trouble free update. 1. BMC firmware 2. BIOS 3. Manageability Engine (ME) firmware 4. FD 5. FRUSDR ================================================================================ IMPORTANT NOTES!!! ================================================================================ - Cipher Suite 3 is disabled by default since BMC firmware 1.90 and only keep Cipher Suite 17 opened by default. Due to this the extra parameter "-C 17" is required for ipmitool to work via LAN. The Cipher Suite 17 was first introduced in ipmitool 1.8.18 on Oct 8th 2016, you have to update ipmitool to this version or newer one, earlier versions of ipmitool don’t have Cipher 17 support ipmitool is not working well when running in high load network. We recommend to add extra timeout by using “-N 5”. Default is 1 second for RMCP+, which is not enough. –N 5 will set 5 second as timeout. So the command will look like: ipmitool –I lanplus –H ip –U user –P password –C 17 –N 5 command Please refer to the included "TA-1143_Extra_parameters_needed_for_ipmitool.pdf" - This Update package must be installed using Intel(R) One-boot Flash Update (OFU) V14.1 Build 19 or later 1. Package C-State only works well with Xeon Scalable Family H0 parts, for other Xeon Scalable Family stepping, C6 non-retention is hardcode from BIOS side. 2. BIOS R00.01.0001 does not support online downgrade to any Dxxx or Xxxx BIOS. 3. BIOS R00.01.0001 removed Xeon Scalable Family A1 microcode(m1350651_8000002B) and Xeon Scalable Family B0 microcode(m9750652_80000035). 4. Removed 'UpdateNvram' support for iflash32 tool for security reason of SRA bios. 5. Security revision upgrade to v0002 on BIOS R00.01.0002 will prevent BIOS downgrade via normal mode to R00.01.0001, user can use BIOS recovery mode for BIOS downgrade. Although Intel doesn't recommend downgrading firmware 6. One new production key is integrated onto R0004 BIOS, which will correct an OEM string. 7. This release include security revision upgrade to version 0004. This will prevent BIOS downgrade via normal mode to previous version with lower security revision, user can use BIOS recovery mode process for BIOS downgrade. 8. System will prevent downgrading ME from 04.00.04.288 to 04.00.04.235 or older version, if system BIOS version is R0009. This is an expected behavior. 9. Security revision upgrade to 0005 since BIOS R010, it will prevent BIOS downgrade via normal mode to previous version that with lower security revision, user can use BIOS recovery mode for BIOS downgrade. 10. Downgrading BMC below version 1.43.660a4315 is not supported due to a security revision change. 11. Security revision upgrade to 0006 on BIOS R0014, it will prevent BIOS downgrade via normal mode to previous version that with lower security revision, user can use BIOS recovery mode for BIOS downgrade. ================================================================================ System Firmware Update Package Usage instructions ================================================================================ This package can be updated using one of the following methods: - Windows* or Linux* operating system using Intel(R) One-boot Flash Update (OFU) V14.1 Build 19 or later) - Windows* Preboot Execution Environment (WinPE) To update from Windows* and Linux* or operating systems using the Intel(R) One Boot Flash Update Utility (OFU) Intel(R) One boot Flash Update utility can be downloaded from http://downloadcenter.intel.com/ and it is part of the "BIOS, Firmware Update & Configuration Utilities" for Windows* and Linux*. Please refer to Intel(R) OFU user guide about the details of installation and usage of OFU. Use OFU to update system firmware by the following steps: - Install OFU on Windows* or Linux* system - Download the latest firmware update package from http://downloadcenter.intel.com/ - Unzip package to a folder - Run the following command in Windows* command line/Linux* terminal window: :\flashupdt -u \flashupdt.cfg To update from Windows* Preboot Execution Environment (WinPE) The System Firmware Update Package can be inserted to Windows* PE customized image for creating a bootable Windows* PE CD. User is able to update system firmware from customized WinPE CD by the following steps: - Boot server with customized WinPE CD - Run script "WinPE_x64_Update.bat" (name may be varied depends on your own customization) Note: 1. The Intel(R) OFU utility is case sensitive. Therefore, when you transfer the Firmware Update Package using USB flash drive from a Microsoft Windows* system to a Linux environment, you must first extract under the Linux* environment. Otherwise, you will need to mount the USB flash drive manually with 'vfat' option under Linux to avoid conversion from upper case to lower case and vice versa. 2. To make Intel(R) OFU utility run properly under x64 OS, you have to read OFU release notes on known issues for OFU installation. 3. In this SFUP package, Intel only provide batch file "WinPE_x64_Update.bat" for WinPE2.1/3.0 64 bit solution as an example. Please refer to white paper "White Paper-Intel Server Utilities Procedure for WinPE.pdf" for details on building your own customized WinPE CD. 4. Windows PE 2.0 - built from Windows Vista SP1 EM64T 5. Windows PE 2.1 - built from Windows Vista SP1 or Windows Server 2008, EM64T 6. Windows PE 3.1 - built from Windows Server 2008 R2, EM64T 7. Microsoft IPMI driver is loaded by default from WinPE CD, if you want to use Intel IPMI driver instead of MS IPMI driver for firmware update, you can un-install Microsoft IPMI driver by: Devicesetup.exe ¨Cv remove *IPI0001 Note: IPI0001 is the device ID for Microsoft IPMI driver. ================================================================================ BIOS R02.00.0008(This release) ================================================================================ Added support for 2nd Generation Intel(R) Xeon(R) Scalable processors Hsd-ES:1507112201, Default option for Resume on Power Loss changed to 'power on' Hsd-ES:1607077352, Default option for Console Redirection changed to 'Serial Port A' Disable "UpdateNvram" in BIOS so that UpdateNvram can't be used in flash utility like iflash32. Hsd-ES:1507108474, BIOS post fail with S2600BPS SKU in Riser solt2 M.2 NVME Hsd-ES:[no_sighting] OpenSSL version update to 1.1.0j. Hsd-ES:2103625393, [S2600ST] TPM BitLocker (Boot order change) test result does NOT match expected result. Remove [Hsd-ES]: 5387873, SMBIOS Type 19/20 is not showing effective memory Size. RP relese Reference code version: CP_PURLEY_0573_D10. This release is mapping to RP daily build:CP_PURLEY_0574_D07. =============================================================================== BMC v1.93.870cf4f0 - (This release) =============================================================================== 1504762562 - [S2600BP LCR] SEL Log has PS1/PS2/P1/P2/HDDs/Pwr Unit Redund Status Assert during DC cycle(appear once) 1506985125 - BMC slow response and EWS can't login during DC/reset cycle test. 1606875819 - Ipmitool command random lost function during DC cycles test and sel log show redundant "bad user PWD" information(EWS can be login). 2103622412 - During the HSC FW update processing, execute the cmdtool 20 c0 38, it could not return response data until the update completed 2103623745 - EWS BIOS Configuration OOB Test: When set the SerialOverLan option to enabled, the SUT will continuously reboot 2103625073 - The "BIOS configurations" items not gray out when login with user privilege 2103625221 - The System Macro key "PrntScrn" and "Alt+PrntScrn" have no function in iKVM over HTML5. 2103625242 - Alert Email of EWS can't save via Chrome/Firefox/Safari 1507016738 - [OOB BIOS Configuration]Some variables have the same value when we don't change the default "Select a BIOS Variable" in EWS. 2103624478 - Description in HELP page isn't corresponding to the actual Chinese EWS page 1507018625 - Fan 6 Present show unknown from EWS and disabled from ipmitool sensor list. 2103625163 - RMCP cipher suite will be disable after offline BMC then online update BMC 1507004031 - Security for missing or insecure "Content-Security-Policy" 1506996790 - [S2600ST]No alert SMTP mail/SNMP trap received after triggering the alert of "intel temp overheat shutdown" 2103624840 - [S2600ST] Alerts and Alert mail setting in EWS Configuration will be lost after click refresh button 2103625101 - Alert Destination can't be saved via LAN3 in WFQ board 2103625071 - The message display incorrect after enable syslog in Chinese EWS 2103625044 - Copyright display incorrect in EWS ============================================================================= FRUSDR 1.74 ============================================================================= 1506731774 - [S2600ST]SDR record failure. 1506114815 - [S2600ST]The sensor type of Remote Debug PECI is wrong. ================================================================================ SYSTEM HARDWARE & SOFTWARE REQUIREMENTS/REVISIONS ================================================================================ - S2600STB, S2600STQ baseboards only. System BIOS - 00.01.0016 or later ME Firmware - 04.00.04.393 or later BMC Firmware - 1.90 or later FRUSDR - 1.74 or later - Front Panel, Hot-swap backplane, and Baseboard FRU data must be available for chassis auto-detection to succeed. - IMPORTANT: BIOS 00.01.2001 is an earlier version than 00.01.0004 if you have this version please update to 00.01.0004 first, and then follow the appropiate path to get to this release. =============================================================================== KNOWN ISSUES/WORKAROUNDS/REQUIREMENTS =============================================================================== HSD-ES 2103620401: After downgrade FD and ME, SUT will halt with beep code 1-5-1-2 when reboot. Please use the following WA when online downgrading SW stacks from R010 SUP to previous SUP version: Online downgrade process: flash BIOS -> flash FD -> reset SUT -> flash ME -> flash BMC -> flash FRUSDR -> AC cycle SUT -> SUT can boot up normally. HSD-ES 2103621818: Screen will show static noise while booting to RHEL7.5, and a PCCT error is loged No functional impact WARNING: This release has the BMC PCIe bridge disabled. This will cause the majority of operating systems to fail at boot as they stall during video driver initialization Steps to recover a failing operating system: Linux variants (one of the below): A. Ensure the "modprobe.blacklist=ast" parameter is set in your boot loader (grub) B. Ensure you are using a kernel version v4.10 or newer For Red Hat* Enterprise Linux* v7.3, please refer to the included "RHEL73_InstallationGuide_Rev1.00.pdf" For SUSE* Linux* Enterprise Server v12 SP1 or SP2, please refer to the included "SLES12_InstallationGuide_Rev1.00.pdf" Windows variants: Boot to safe mode, and load aspeed video driver v1.03 or greater and reboot For Windows* Server 2016, please refer to the included "WinSrv16_InstallationGuide_Rev1.00.pdf" IPMI usage: This release disables RMCP authentication by default. ipmitool uses RMCP by default, so it will fail to authenticate. Add the '-I lanplus' parameter to all ipmitool commands to use RMCP+ instead. Cipher Suite 3 is disabled by default since BMC firmware 1.90 and only keep Cipher Suite 17 opened by default. Due to this the extra parameter "-C 17" is required for ipmitool to work via LAN. The Cipher Suite 17 was first introduced in ipmitool 1.8.18 on Oct 8th 2016, you have to update ipmitool to this version or newer one, earlier versions of ipmitool don’t have Cipher 17 support ipmitool is not working well when running in high load network. We recommend to add extra timeout by using “-N 5”. Default is 1 second for RMCP+, which is not enough. –N 5 will set 5 second as timeout. So the command will look like: ipmitool –I lanplus –H ip –U user –P password –C 17 –N 5 command Please refer to the included "TA-1143_Extra_parameters_needed_for_ipmitool.pdf" When using IPMI to establish a SOL session using KONSOLE: A. The "Delete" input cannot be captured when pressing "Backspace" Workaround: Modify the "Backspace" key to "0x08" in the KONSOLE profile keyboard settings. B. Resizing a KONSOLE window with an active SOL session can cause the content to overlap Workaround: None. Recommend using the Java SOL Viewer instead of KONSOLE Redfish API: Redfish API POST requests using a browser extension or plugin will fail if the extension manipulates the HTTP(S) Origin header. This affects REST clients which are implemented as browser (chrome, Firefox) plugins or extensions such as the older versions of Postman. It is recommended to use Postman version 6.0 or later. For security purposes, the BMC Redfish API requires that if a HTTP Origin header is present, the host portion of the Origin header must match the HTTP Host header. Some browser based REST clients alter the Origin header preventing their use with the BMC. ============================================================================= LEGAL INFORMATION ============================================================================= Information in this document is provided in connection with Intel products. No license, express or implied, by estoppel or otherwise, to any intellectual property rights is granted by this document. Except as provided in Intel's Terms and Conditions of Sale for such products, Intel assumes no liability whatsoever, and Intel disclaims any express or implied warranty, relating to sale and/or use of Intel products including liability or warranties relating to fitness for a particular purpose, merchantability, or infringement of any patent, copyright or other intellectual property right. Intel Corporation may have patents or pending patent applications, trademarks, copyrights, or other intellectual property rights that relate to the presented subject matter. The furnishing of documents and other materials and information does not provide any license, express or implied, by estoppel or otherwise, to any such patents, trademarks, copyrights, or other intellectual property rights. Intel products are not intended for use in medical, life saving, or life sustaining applications. Intel may make changes to specifications and product descriptions at any time, without notice. Intel is a registered trademark of Intel Corporation. *Other names and brands are the property of their respective owners. Copyright (c) 2019 Intel Corporation. A portion of this firmware is open source code, which falls under the GPL 2.0 license.