Thanks for the link.

So, no support for machines older than G8?

We have an array of HP Proliant DL360 and 380 servers all G7 and below will these never receive the ROM updates?

I don't think, that HP can afford to let the G7 and even the G6 Servers unpatched - this would be outrageous and forcing many many customers away from HP since G6 and G7 Servers are widely spread in the field out there. Also I don't think that it's legal to require an entitlement for a security issue like that - this already feels wrong...

Let's wait that HP will do once the patches came out.

---

JuniperChris929 wrote:

I don't think, that HP can afford to let the G7 and even the G6 Servers unpatched - this would be outrageous and forcing many many customers away from HP since G6 and G7 Servers are widely spread in the field out there. Also I don't think that it's legal to require an entitlement for a security issue like that - this already feels wrong...

Let's wait that HP will do once the patches came out.

---

While I dont' have answers to your G6 and G7 questions, I can state that security fixes do not require an entitlement to download. This is clearly stated in the document : HPE ProLiant Servers Firmware Access Update  This is the document normally displayed when you try to access a locked download

" “Critical” related firmware updates (addressing safety and security fixes) will be made available to all ProLiant customers outside of a warranty or support contract and are governed by "customer terms of use".

__________________________________________________
No support by private messages. Please ask the forum!      I work for HPE

If you feel this was helpful please click the KUDOS! thumb below!   

>> Also I don't think that it's legal to require an entitlement for a security issue like that

For all the BIOS (microcode) updates released so far you don't need an entitlement, because they are "critical".

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   

Hi.

i already installed Bios 2.54 on my Dl380 Gen9 and MS Patches but i still get a negative response from the "Speculation Control Validation PowerShell Script"

this is what i did:

- apply Regestry keys (QualityCompat, FeatureSettingsOverride and FeatureSettingsOverrideMask)

- install Bios 2.54

- install MS Patches (KB4056898 + KB4056568)

- reboot

seems to me as if there is someting wrong... Bios update or Script!? what is your experience?

here is the output from the script:

Did you try a second reboot?

I noticed during applying firmware updates to our Gen9 servers that a second reboot was required.

I believe the correct process is to do firmware first then reboot, then apply OS updates and reboot again.

I tried a couple of times to install both the firmware and OS updates at the same time and do a single reboot but it never worked, always needed the second reboot.

n1! second reboot did the trick! thx!

next problem are our ESX Servers on Dl380 gen9 (latest 6.5201712101 and 6.0 201711101) also with Bios 2.54 (more times rebootet).

all VMs running telling that a Bios update is needed! (HW version 11 used Speculation Control Validation PowerShell Script)

what to do?

We are in the same boat.  DL360 Gen9's running 2.54 bios, VMware esxi 6.5 with the patches applied, and VM-guest Windows OS' with the Patches/Registry entries, rebooted multiple times.

In-guest Get-SpeculationControlSettings gives the following

CVE-2017-5754 is all green

CVE-2017-5715 shows no hardware support.  Recommendation is to "Install BIOS/firmware update provided ...".

I tried upgrading a VM to hardware v13, no change.

Vmware released new Patches:

here is the microcode we have bben waiting for...

https://esxi-patches.v-front.de/ESXi-6.0.0.html

https://esxi-patches.v-front.de/ESXi-6.5.0.html

happy patching

Got it working!  Upgraded my VC Appliance, patched the hosts, and still was showing unprotected.  Powered off, and on the VM, it's now all green.

same here after Patch and PowerOFF/On all are green.

Again, the main Question: What about Firmware Updates for Gen7 Servers and below?

Sorry, but the update process of a Gen9 doesn't matter. Now, everyone knows that nobody needs an entitlement, but needs a statement if an update will be released for older hardware and when does it happen. 

Thanks...

When will the GEN7 patch be available?  Im scrambling here...

You obviously don't understand HP's licensing and profit model.  G6 and G7 are so far out of support that you can get an almost fully populated DL360 G6 for less than $300 pretty much anywhere.  Unless you're willing to pay more than that (3-4 times as much as that, actually) for support, they could care less that you have problems with the hardware.  The answer is to upgrade your hardware and repeat the cycle in another three years.

next roud ....

https://newsroom.intel.com/news/intel-security-issue-update-addressing-reboot-issues/

vmware already pulled back their updates...

https://kb.vmware.com/s/article/52345

https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00039267en_us

also HP pulled back their Bios 2.54 for Gen9...

@QuiteTrite

OK so can I assume you are using sarcasm? Your statement is kind of ridiculous, servers and infrastructure replacement isn't quite the same as sheeple jonesing the latest iPhone. The amount of G6 and G7 kit still in service in IT/IS departments is enormous. Even when you replace critical performance components and servers most IT departments will frequently re-purpose for lower performance requirements and cold type storage. That's why you can still buy HP Carepacks for G7 gear and I suspect you could probably find carepacks for G6 kit too.

Please put me down for notification of G6 and G7 mitigation of the Spectre vulnerability for BIOS ROM updates please.

Did everyone see that the Gen9 ROMs have been pulled?

https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00039267en_us
https://newsroom.intel.com/news/intel-security-issue-update-addressing-reboot-issues/

Perfect ! 

So now we have Dell pulling back their updates, HPE pulling back their G9 updates ( G8 still under investigation), and no news from HPE on Gen 7 (coordinating with HPE TAM on our end ). Cisco on their hand have played safe, no updates till 18th Feb 2018 ! 

We have hundreds of Gen 7 servers in production !! 

And ideally speaking, Gen 7 was retired on 30th April 2013 - so the support with regard to critical patches should be entertained till 30th April 2018 ... no ?! 

Got a link to the Dell pulls?