HPE Community
ProLiant Servers (ML,DL,SL)
1751972 Members
4785 Online
108783 Solutions
New Discussion юеВ

Re: Spectre and Meltdown

 
HPSDMike
HPE Pro

тАО01-17-2018 05:20 AM

тАО01-17-2018 05:20 AM

Re: Spectre and Meltdown

Yes, my comment was going to be the same as Torsten. If you had 2.52 previously then you can simply use the backup ROM. Instructions for doing so can be found on page 119 of https://support.hpe.com/hpsc/doc/public/display?docId=c04398276

 



I work for HPE. The comments in this post are my own and do not represent an official reply from the company. No warranty or guarantees of any kind are expressed in my reply.

Accept or Kudo

0 Kudos
Reply
PatrickLong
Trusted Contributor

тАО01-19-2018 07:44 AM - edited тАО01-19-2018 07:35 PM

тАО01-19-2018 07:44 AM - edited тАО01-19-2018 07:35 PM

Re: Spectre and Meltdown

Dell has not "pulled" any of their recent BIOS releases to mitigate these issues, including those for servers supporting Haswell and Broadwell procsessors.  What they did was leave the downloads available on their support site and add the following warning text on each download:

"Intel has communicated a potential issue with the microcode included in this BIOS update. This issue is currently under investigation by Intel. See Intel's statement at https://newsroom.intel.com/news/intel-security-issue-update-addressing-reboot-issues/ for more information. "

HPE has removed the option to download recent BIOS releases for Haswell/Broadwell servers from the support site; typically I have seen previous recalls implemented by changing the release date shown on the page to 1 Jan, 3000 so that they no longer appear in Support Site serach results - but in this case the updates still appear in the Support site search results with their original release date (i.e. 3 Jan 2018) but the following warning text has been added:

"REMOVED - This version of the System ROM is NO LONGER AVAILABLE for download. See Important Notes for more information."

and the download link now redirects to http://h22208.www2.hpe.com/eginfolib/securityalerts/SCAM/Side_Channel_Analysis_Method.html

 

Reply
mikldk
Advisor

тАО01-24-2018 12:18 AM

тАО01-24-2018 12:18 AM

Re: Spectre and Meltdown

Perhaps you will be able to find it in a previous released HP SPP bundle?

http://h17007.www1.hpe.com/us/en/enterprise/servers/products/service_pack/spp/index.aspx

What about 2017.07.2 or 2017.04.0?

Kind Regards Mikkel Knudsen
0 Kudos
Reply
testmado662
Regular Advisor

тАО01-24-2018 11:08 AM

тАО01-24-2018 11:08 AM

Re: Spectre and Meltdown

Hello,

If I've alla understood, SPP to correct Spectre tghreat is not yet available ?

I don't find any download link in HPE dedicated to Spectre and Meltdown alert.

Thanks for your help

0 Kudos
Reply
Torsten.
Acclaimed Contributor

тАО01-24-2018 11:46 AM

тАО01-24-2018 11:46 AM

Re: Spectre and Meltdown

it is not yet and also no longer available. Intel stopped the published updates and is investigating.

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
Reply
testmado662
Regular Advisor

тАО01-25-2018 03:04 AM

тАО01-25-2018 03:04 AM

Re: Spectre and Meltdown

Thanks Torsten to confirm what I though after reading the post.

Regards

0 Kudos
Reply
Torsten.
Acclaimed Contributor

тАО01-25-2018 03:16 AM

тАО01-25-2018 03:16 AM

Re: Spectre and Meltdown

see

https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00039267en_us

http://h22208.www2.hpe.com/eginfolib/securityalerts/SCAM/Side_Channel_Analysis_Method.html

 

for latest information.


Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
0 Kudos
Reply
Rob Leadbeater
Honored Contributor

тАО01-25-2018 11:26 PM

тАО01-25-2018 11:26 PM

Re: Spectre and Meltdown

Has anyone seen any information yet as to whether HPE will be producing BIOS updates for retired servers, which are still supported ?

For example DL360 G7 and DL380 G7 have a retirement date of 2013-04-30 and are typically supported for 5 years after that date.

The documents linked to above, mention a mitigation section for the DL380 G7, that doesn't exist...

Obviously the answer will depend on whether Intel produce microcode updates for the particular CPU in use, but it would be useful to have a clear statement from HPE for older and retired products.

0 Kudos
Reply
Adrian Clint
Honored Contributor

тАО01-29-2018 05:31 AM

тАО01-29-2018 05:31 AM

Re: Spectre and Meltdown

Its occurred to me that maybe HPE just dont know about G7 servers -because Intel are not doing them urgently.

Intel write the microcode that needs fixing - not HPE. And Intel is urgently trying to find a working fix for the CPUs that HPE use in the Gen9/Gen10 servers .. the ones that are selling or have just been sold. Then its CPUs before them (the ones in the Gen8).

Gen7 processors .... way down the list of things to spend time on, for a threat that doesnt yet exist to anyone's knowledge!

0 Kudos
Reply
Rob Leadbeater
Honored Contributor

тАО03-04-2018 09:50 AM

тАО03-04-2018 09:50 AM

Re: Spectre and Meltdown

The Customer Bulletin below has now been updated to indicate which G6 and G7 ProLiants will get a BIOS update...

https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00039267en_us

 

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.