ProLiant Servers (ML,DL,SL)
cancel
Showing results for 
Search instead for 
Did you mean: 

DL360 Gen9 firmware update for meltdown/spectre?

Daniel13
Occasional Visitor

DL360 Gen9 firmware update for meltdown/spectre?

HP released a new firmware version 3rd of January, and in the "Fixes" section it says: "Updated the Intel processor microcode to the latest version".

Is this the fix for the meltdown and spectre vulnerabilities?

https://support.hpe.com/hpsc/swd/public/detail?sp4ts.oid=7252838&swItemId=MTX_cf6657e373254295b51b2e368a&swEnvOid=4184#tab5

https://support.hpe.com/hpesc/public/home/driverHome?sp4ts.oid=7252838

18 REPLIES
oakwood
Occasional Visitor

Re: DL360 Gen9 firmware update for meltdown/spectre?

We're also trying to hunt down the confirmed patches. I'm quite surpised there is nothing on the front page about this, with it being such a big deal! Seems every other vendor is all over it.....

HPE, we need some help here pretty quick please.,

HPSDMike
HPE Pro

Re: DL360 Gen9 firmware update for meltdown/spectre?

Hello All, new information is continuing to be available frequently on this topic. Please visit the following sites for the most accurate info:

https://www.hpe.com/us/en/services/security-vulnerability.html

https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us

https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00039267en_us

The information, and links, on these pages will link you to appropriate info and patches as they become available. 

 

I work for HPE. The comments in this post are my own and do not represent an official reply from the company. No warranty or guarantees of any kind are expressed in my reply.
Peter stratman
Frequent Visitor

Re: DL360 Gen9 firmware update for meltdown/spectre?

Great, thank you for the pointers.

However, how about pre-GEN9 servers ?

Kissel-B
Occasional Visitor

Re: DL360 Gen9 firmware update for meltdown/spectre?

What About Gen 7 and lower servers are they going to receive a patch as well.

HPSDMike
HPE Pro

Re: DL360 Gen9 firmware update for meltdown/spectre?

Please keep an eye on those URLs as that is where official communication will come from. I don't have any information on timing and availability for Pre Gen9 products. 

I work for HPE. The comments in this post are my own and do not represent an official reply from the company. No warranty or guarantees of any kind are expressed in my reply.
MorbrosIT
Occasional Visitor

Re: DL360 Gen9 firmware update for meltdown/spectre?

Looks like 1/12/18 is when to lookout for the Gen8 patches.

Peter stratman
Frequent Visitor

Re: DL360 Gen9 firmware update for meltdown/spectre?

Given the fact that processors released since 1995 are impacted, I would think everything since G1 needs the updates.

tciecka-CTI
Occasional Visitor

Re: DL360 Gen9 firmware update for meltdown/spectre?

@MorbrosIT

Where did you see 1/12/2018?  I haven't been able to find it in any of the links I've followed from this page:

https://www.hpe.com/us/en/services/security-vulnerability.html



Tom Ciecka
Torsten.
Acclaimed Contributor

Re: DL360 Gen9 firmware update for meltdown/spectre?

https://support.hpe.com/hpsc/swd/public/detail?sp4ts.oid=1009087943&swItemId=MTX_619387df72814a09a6baa555e8&swEnvOid=4184#tab-history

 

Version: 2.54_12-07-2017(3 Jan 2018)


Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.

__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
Denis_Dordoigne
Occasional Visitor

Re: DL360 Gen9 firmware update for meltdown/spectre?

Last bulletin provide a solution for Gen8 servers, « update to a System ROM version dated 12/12/2017 », but the latest system ROM avaiable is dated 24 Oct 2016...

Torsten.
Acclaimed Contributor

Re: DL360 Gen9 firmware update for meltdown/spectre?

It alwas takes a few days until a published version appears on the web pages. The Gen9 and Gen10 updates are obviously already available.


Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.

__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
simonb
Occasional Visitor

Re: DL360 Gen9 firmware update for meltdown/spectre?

When adding this patch for vmware hosts to SUM - I just get component not signed and cannot progress further...any thoughts?

AlecKeeler
Advisor

Re: DL360 Gen9 firmware update for meltdown/spectre?

Seems a bit wrong for a security vulnerability to announce it as available then have a process where it takes days for it to be available to download from the support website. If its critical as described by HP in the bulletin it should be available as soon as possible

 

Alec Keeler, release engineer Nexor

AlecKeeler
Advisor

Re: DL360 Gen9 firmware update for meltdown/spectre?

From https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00039267en_us

"For ProLiant Gen8 series servers, update to a System ROM version dated 12/12/2017."

Is there a direct link available to be able to download this BIOS ?

Alec Keeler, release engineer, Nexor Ltd

tato386
Occasional Advisor

Re: DL360 Gen9 firmware update for meltdown/spectre?

Did they pull the 2.54 BIOS?  I can get to the page but there is no download button?

Thanks,
Diego
AlecKeeler
Advisor

Re: DL360 Gen9 firmware update for meltdown/spectre?

Yep apparently Intel changed some microcode

https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00039267en_us

Currently they are saying roll back to 2.52 if you did put 2.54 on

Alec

JeroenKleen
Frequent Advisor

Re: DL360 Gen9 firmware update for meltdown/spectre?

At this moment it might be good to wait as we might be releasing very soon a new ROMBIOS fix: http://h22208.www2.hpe.com/eginfolib/securityalerts/SCAM/Side_Channel_Analysis_Method.html


Best regards, Jeroen

Working at HPE Pointnext Cloud CoE as HPE OneSphere multi-cloud Evangelist
AlecKeeler
Advisor

Re: DL360 Gen9 firmware update for meltdown/spectre?

Thanks for the update, so still waiting for the new BIOS,

RedHat by the way have RHSA's available now for RHEL 6 and 7, the ones for the Extended Life Cycle Support for RHEL5 are still pending

https://access.redhat.com/security/vulnerabilities/speculativeexecution

Our products are RHEL appliances on DL360 platforms, we span from G5 to Gen9 on the hardware (mostly 8 &9) and RHEL5 and RHEL6 for the OS, hence our interest in resolving this

Alec