ProLiant Servers (ML,DL,SL)
cancel
Showing results for 
Search instead for 
Did you mean: 

Spectre and Meltdown

kiwiant
Occasional Visitor

Re: Spectre and Meltdown

If HP is unable to patch, opts not to patch or is waiting on updates from Intel this needs to be listed in the CUSTOMER BULLETIN.

Marco4
Occasional Visitor

Re: Spectre and Meltdown

Hello, we updated three DL360 Gen9 with latest 2.54 BIOS. Now Intel and HP say this BIOS (microcode) is buggy. How can we revert to 2.52? We cannot get it since BIOS 2.52 is not available for free download while 2.54 was.

 

grinningdevil
Valued Contributor

Re: Spectre and Meltdown

I guess wait for HPE to release their next good version, and then patch again...
Torsten.
Acclaimed Contributor

Re: Spectre and Meltdown

this new microcode may cause problems, but maybe it works for you.

HPE does not say what to do if you already have this version ...

however, check what version your backup ROM has and consider to revert.

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.

__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
HPSDMike
Respected Contributor

Re: Spectre and Meltdown

Yes, my comment was going to be the same as Torsten. If you had 2.52 previously then you can simply use the backup ROM. Instructions for doing so can be found on page 119 of https://support.hpe.com/hpsc/doc/public/display?docId=c04398276

 

I work for HPE. The comments in this post are my own and do not represent an official reply from the company. No warranty or guarantees of any kind are expressed in my reply.
PatrickLong
Occasional Advisor

Re: Spectre and Meltdown

Dell has not "pulled" any of their recent BIOS releases to mitigate these issues, including those for servers supporting Haswell and Broadwell procsessors.  What they did was leave the downloads available on their support site and add the following warning text on each download:

"Intel has communicated a potential issue with the microcode included in this BIOS update. This issue is currently under investigation by Intel. See Intel's statement at https://newsroom.intel.com/news/intel-security-issue-update-addressing-reboot-issues/ for more information. "

HPE has removed the option to download recent BIOS releases for Haswell/Broadwell servers from the support site; typically I have seen previous recalls implemented by changing the release date shown on the page to 1 Jan, 3000 so that they no longer appear in Support Site serach results - but in this case the updates still appear in the Support site search results with their original release date (i.e. 3 Jan 2018) but the following warning text has been added:

"REMOVED - This version of the System ROM is NO LONGER AVAILABLE for download. See Important Notes for more information."

and the download link now redirects to http://h22208.www2.hpe.com/eginfolib/securityalerts/SCAM/Side_Channel_Analysis_Method.html

 

mikldk
Occasional Advisor

Re: Spectre and Meltdown

Perhaps you will be able to find it in a previous released HP SPP bundle?

http://h17007.www1.hpe.com/us/en/enterprise/servers/products/service_pack/spp/index.aspx

What about 2017.07.2 or 2017.04.0?

Kind Regards Mikkel Knudsen
testmado662
Occasional Advisor

Re: Spectre and Meltdown

Hello,

If I've alla understood, SPP to correct Spectre tghreat is not yet available ?

I don't find any download link in HPE dedicated to Spectre and Meltdown alert.

Thanks for your help

Highlighted
Torsten.
Acclaimed Contributor

Re: Spectre and Meltdown

it is not yet and also no longer available. Intel stopped the published updates and is investigating.

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.

__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
testmado662
Occasional Advisor

Re: Spectre and Meltdown

Thanks Torsten to confirm what I though after reading the post.

Regards

Torsten.
Acclaimed Contributor

Re: Spectre and Meltdown

see

https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00039267en_us

http://h22208.www2.hpe.com/eginfolib/securityalerts/SCAM/Side_Channel_Analysis_Method.html

 

for latest information.


Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.

__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
Rob Leadbeater
Honored Contributor

Re: Spectre and Meltdown

Has anyone seen any information yet as to whether HPE will be producing BIOS updates for retired servers, which are still supported ?

For example DL360 G7 and DL380 G7 have a retirement date of 2013-04-30 and are typically supported for 5 years after that date.

The documents linked to above, mention a mitigation section for the DL380 G7, that doesn't exist...

Obviously the answer will depend on whether Intel produce microcode updates for the particular CPU in use, but it would be useful to have a clear statement from HPE for older and retired products.

Adrian Clint
Honored Contributor

Re: Spectre and Meltdown

Its occurred to me that maybe HPE just dont know about G7 servers -because Intel are not doing them urgently.

Intel write the microcode that needs fixing - not HPE. And Intel is urgently trying to find a working fix for the CPUs that HPE use in the Gen9/Gen10 servers .. the ones that are selling or have just been sold. Then its CPUs before them (the ones in the Gen8).

Gen7 processors .... way down the list of things to spend time on, for a threat that doesnt yet exist to anyone's knowledge!