ProLiant Servers (ML,DL,SL)
cancel
Showing results for 
Search instead for 
Did you mean: 

Spectre and Meltdown

 
kiwiant
Occasional Visitor

Re: Spectre and Meltdown

If HP is unable to patch, opts not to patch or is waiting on updates from Intel this needs to be listed in the CUSTOMER BULLETIN.

Marco4
Occasional Visitor

Re: Spectre and Meltdown

Hello, we updated three DL360 Gen9 with latest 2.54 BIOS. Now Intel and HP say this BIOS (microcode) is buggy. How can we revert to 2.52? We cannot get it since BIOS 2.52 is not available for free download while 2.54 was.

 

grinningdevil
Valued Contributor

Re: Spectre and Meltdown

I guess wait for HPE to release their next good version, and then patch again...
Torsten.
Acclaimed Contributor

Re: Spectre and Meltdown

this new microcode may cause problems, but maybe it works for you.

HPE does not say what to do if you already have this version ...

however, check what version your backup ROM has and consider to revert.

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.

__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
HPSDMike
HPE Pro

Re: Spectre and Meltdown

Yes, my comment was going to be the same as Torsten. If you had 2.52 previously then you can simply use the backup ROM. Instructions for doing so can be found on page 119 of https://support.hpe.com/hpsc/doc/public/display?docId=c04398276

 

I work for HPE. The comments in this post are my own and do not represent an official reply from the company. No warranty or guarantees of any kind are expressed in my reply.
PatrickLong
Advisor

Re: Spectre and Meltdown

Dell has not "pulled" any of their recent BIOS releases to mitigate these issues, including those for servers supporting Haswell and Broadwell procsessors.  What they did was leave the downloads available on their support site and add the following warning text on each download:

"Intel has communicated a potential issue with the microcode included in this BIOS update. This issue is currently under investigation by Intel. See Intel's statement at https://newsroom.intel.com/news/intel-security-issue-update-addressing-reboot-issues/ for more information. "

HPE has removed the option to download recent BIOS releases for Haswell/Broadwell servers from the support site; typically I have seen previous recalls implemented by changing the release date shown on the page to 1 Jan, 3000 so that they no longer appear in Support Site serach results - but in this case the updates still appear in the Support site search results with their original release date (i.e. 3 Jan 2018) but the following warning text has been added:

"REMOVED - This version of the System ROM is NO LONGER AVAILABLE for download. See Important Notes for more information."

and the download link now redirects to http://h22208.www2.hpe.com/eginfolib/securityalerts/SCAM/Side_Channel_Analysis_Method.html

 

mikldk
Advisor

Re: Spectre and Meltdown

Perhaps you will be able to find it in a previous released HP SPP bundle?

http://h17007.www1.hpe.com/us/en/enterprise/servers/products/service_pack/spp/index.aspx

What about 2017.07.2 or 2017.04.0?

Kind Regards Mikkel Knudsen
testmado662
Advisor

Re: Spectre and Meltdown

Hello,

If I've alla understood, SPP to correct Spectre tghreat is not yet available ?

I don't find any download link in HPE dedicated to Spectre and Meltdown alert.

Thanks for your help

Highlighted
Torsten.
Acclaimed Contributor

Re: Spectre and Meltdown

it is not yet and also no longer available. Intel stopped the published updates and is investigating.

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.

__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
testmado662
Advisor

Re: Spectre and Meltdown

Thanks Torsten to confirm what I though after reading the post.

Regards

Torsten.
Acclaimed Contributor

Re: Spectre and Meltdown

see

https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00039267en_us

http://h22208.www2.hpe.com/eginfolib/securityalerts/SCAM/Side_Channel_Analysis_Method.html

 

for latest information.


Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.

__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
Rob Leadbeater
Honored Contributor

Re: Spectre and Meltdown

Has anyone seen any information yet as to whether HPE will be producing BIOS updates for retired servers, which are still supported ?

For example DL360 G7 and DL380 G7 have a retirement date of 2013-04-30 and are typically supported for 5 years after that date.

The documents linked to above, mention a mitigation section for the DL380 G7, that doesn't exist...

Obviously the answer will depend on whether Intel produce microcode updates for the particular CPU in use, but it would be useful to have a clear statement from HPE for older and retired products.

Adrian Clint
Honored Contributor

Re: Spectre and Meltdown

Its occurred to me that maybe HPE just dont know about G7 servers -because Intel are not doing them urgently.

Intel write the microcode that needs fixing - not HPE. And Intel is urgently trying to find a working fix for the CPUs that HPE use in the Gen9/Gen10 servers .. the ones that are selling or have just been sold. Then its CPUs before them (the ones in the Gen8).

Gen7 processors .... way down the list of things to spend time on, for a threat that doesnt yet exist to anyone's knowledge!

Rob Leadbeater
Honored Contributor

Re: Spectre and Meltdown

The Customer Bulletin below has now been updated to indicate which G6 and G7 ProLiants will get a BIOS update...

https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00039267en_us

 

grinningdevil
Valued Contributor

Re: Spectre and Meltdown

Think contradicts with another HPE link present here  >  

https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00039267en_us

 

For example, if you search 660c Gen 8,  the above link says "TBD" under resolved in which ROM version - but the same server when searched in the link you gave advises for installation of  "I 32" ROM version.  

Which is the correct link to follow to check if my specific model has a fix available or not ? ( earlier was using the link I gave above ) 

HPFrC
Occasional Visitor

Re: Spectre and Meltdown

 Hi, I have the same Trouble,

I have updated my server "Proliant DL380p Gen8", with the last system ROM available "P70 01/22/2018"

I have update my vmware 5.5 to the last version available, " ESXI,5.5.0, 7618464"

My OS have bben updated too.

And i have always not patched for all.

Hardware support branch target injection mitigation is present : False

 

I have restated several time, and it's the same.

 

 

 

 

mikldk
Advisor

Re: Spectre and Meltdown

Anybody running HPE BL460c G8/9 safe now by upgrading to HP SPP 2018.03?

Kind Regards Mikkel Knudsen
grinningdevil
Valued Contributor

Re: Spectre and Meltdown

I have not updated mine to 2018.03 - but rather used manual patching on couple of servers - G8 and G9 - and they are working fine since a week or so.  They have been now handed over to Virtualization guys to apply their end of patch for Hypervisor layer.  

mikldk
Advisor

Re: Spectre and Meltdown

Allright. 

I do both the hardware and software patching from our company.

We're running G9 BL460c with Server 2016 and Hyper-V in clusters.

Have you been able to see any performance impacts yet on these Hypervisors? Running ESXi I guess?

Kind Regards Mikkel Knudsen
grinningdevil
Valued Contributor

Re: Spectre and Meltdown

None so far - no impact noticed.  Load on hypervisor is the same as before - check wih MS about probable patching needed for HyperV. 

For Instance, VMWARE has come up with the following final advisory - 

https://www.vmware.com/security/advisories/VMSA-2018-0007.html