ProLiant Servers (ML,DL,SL)
cancel
Showing results for 
Search instead for 
Did you mean: 

Spectre and Meltdown

 
jbruns2006
Occasional Contributor

Spectre and Meltdown

The world is going to want to know from HP, where the firmware and BIOS updates are that mitigate the Spectre and Meltdown exploits on 5 years plus of server models.

We need to hear from you HP and soon.

45 REPLIES 45
parnassus
Honored Contributor

Re: Spectre and Meltdown

Why, before blindly asking, don't you look simply at HPE Community main page?

Don't you think that such important subject already deserved an entire HPE Blog entry?

Here one to start with:

https://community.hpe.com/t5/Servers-The-Right-Compute/Resources-to-help-mitigate-Speculative-Execution-vulnerability/ba-p/6992955
jbruns2006
Occasional Contributor

Re: Spectre and Meltdown

Thanks for the link.

So, no support for machines older than G8?

leemillward
Occasional Visitor

Re: Spectre and Meltdown

We have an array of HP Proliant DL360 and 380 servers all G7 and below will these never receive the ROM updates?

Re: Spectre and Meltdown

I don't think, that HP can afford to let the G7 and even the G6 Servers unpatched - this would be outrageous and forcing many many customers away from HP since G6 and G7 Servers are widely spread in the field out there. Also I don't think that it's legal to require an entitlement for a security issue like that - this already feels wrong...

Let's wait that HP will do once the patches came out.

Jimmy Vance
HPE Pro

Re: Spectre and Meltdown


@JuniperChris929 wrote:

I don't think, that HP can afford to let the G7 and even the G6 Servers unpatched - this would be outrageous and forcing many many customers away from HP since G6 and G7 Servers are widely spread in the field out there. Also I don't think that it's legal to require an entitlement for a security issue like that - this already feels wrong...

Let's wait that HP will do once the patches came out.


While I dont' have answers to your G6 and G7 questions, I can state that security fixes do not require an entitlement to download. This is clearly stated in the document : HPE ProLiant Servers Firmware Access Update  This is the document normally displayed when you try to access a locked download

" “Critical” related firmware updates (addressing safety and security fixes) will be made available to all ProLiant customers outside of a warranty or support contract and are governed by "customer terms of use".

 

No support by private messages. Please ask the forum! 
I am an HPE employee
Accept or KudoI work for HPE
Torsten.
Acclaimed Contributor

Re: Spectre and Meltdown

>> Also I don't think that it's legal to require an entitlement for a security issue like that

For all the BIOS (microcode) updates released so far you don't need an entitlement, because they are "critical".


Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.

__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
Robert Hawle
Advisor

Re: Spectre and Meltdown

Hi.

i already installed Bios 2.54 on my Dl380 Gen9 and MS Patches but i still get a negative response from the "Speculation Control Validation PowerShell Script"

this is what i did:

- apply Regestry keys (QualityCompat, FeatureSettingsOverride and FeatureSettingsOverrideMask)

- install Bios 2.54

- install MS Patches (KB4056898 + KB4056568)

- reboot

seems to me as if there is someting wrong... Bios update or Script!? what is your experience?

here is the output from the script:

spectre.png

JP_KIWI
Occasional Visitor

Re: Spectre and Meltdown

Did you try a second reboot?

I noticed during applying firmware updates to our Gen9 servers that a second reboot was required.

I believe the correct process is to do firmware first then reboot, then apply OS updates and reboot again.

I tried a couple of times to install both the firmware and OS updates at the same time and do a single reboot but it never worked, always needed the second reboot.

 

Robert Hawle
Advisor

Re: Spectre and Meltdown

n1! second reboot did the trick! thx!

 

next problem are our ESX Servers on Dl380 gen9 (latest 6.5201712101 and 6.0 201711101) also with Bios 2.54 (more times rebootet).

all VMs running telling that a Bios update is needed! (HW version 11 used Speculation Control Validation PowerShell Script)

what to do?