DOCSLIB.ORG

SPP 2018.11.0 Component Release Notes

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
SPP 2018.11.0 Component Release Notes SPP 2018.11.0 Component Release Notes BIOS - System ROM Driver - Chipset Driver - Network Driver - Security Driver - Storage Driver - Storage Controller Driver - Storage Fibre Channel and Fibre Channel Over Ethernet Driver - System Driver - System Management Driver - Video Firmware - Blade Infrastructure Firmware - Lights-Out Management Firmware - Network Firmware - NVDIMM Firmware - PCIe NVMe Storage Disk Firmware - Power Management Firmware - SAS Storage Disk Firmware - SATA Storage Disk Firmware - Storage Controller Firmware - Storage Fibre Channel Firmware - System Firmware (Entitlement Required) - Storage Controller Software - Lights-Out Management Software - Management Software - Network Software - Storage Controller Software - Storage Fibre Channel Software - Storage Fibre Channel HBA Software - System Management BIOS - System ROM Top Online ROM Flash Component for Linux - HPE ProLiant DL380 Gen9/DL360 Gen9 (P89) Servers Version: 2.64_10-17-2018 (Recommended) Filename: RPMS/i386/firmware-system-p89-2.64_2018_10_17-1.1.i386.rpm Important Note! Important Notes: None Deliverable Name: HPE ProLiant DL360/DL380 Gen9 System ROM - P89 Release Version: 2.64_10-17-2018 Last Recommended or Critical Revision: 2.64_10-17-2018 Previous Revision: 2.60_05-21-2018 Firmware Dependencies: None Enhancements/New Features: Added support for Microsoft Windows 2019. This System ROM is the minimum recommended version for use with this operating system version. This revision of the System ROM contains updated support for Windows 2019 when using the optional HPE TPM Module. Updated the RESTful API HPE BIOS Attribute Registry resources to match the latest BIOS/Platform Configuration options. Problems Fixed: This revision of the System ROM includes the latest revision of the Intel microcode which addresses an issue where the system could experience an unexpected reset or shutdown with no errors logged to the Integrated Management Log (IML). This issue only impacts systems configured with Intel Xeon 2600 v4 series processors. This issue is not unique to HPE servers. This revision of the System ROM includes the latest revision of the Intel microcode which addresses an issue where the system could experience an unexpected reset or shutdown with no errors logged to the Integrated Management Log (IML) when processor C-states are enabled. This issue does not exist when processor C-states are disabled. This issue is not unique to HPE servers. Known Issues: None Prerequisites The "HPE ProLiant iLO 3/4 Channel Interface Driver” (CHIF) for Linux which is integrated into the standard Linux kernel. Fixes Important Notes: None Firmware Dependencies: None Problems Fixed: This revision of the System ROM includes the latest revision of the Intel microcode which addresses an issue where the system could experience an unexpected reset or shutdown with no errors logged to the Integrated Management Log (IML). This issue only impacts systems configured with Intel Xeon 2600 v4 series processors. This issue is not unique to HPE servers. This revision of the System ROM includes the latest revision of the Intel microcode which addresses an issue where the system could experience an unexpected reset or shutdown with no errors logged to the Integrated Management Log (IML) when processor C-states are enabled. This issue does not exist when processor C-states are disabled. This issue is not unique to HPE servers. Known Issues: None Enhancements Added support for Microsoft Windows 2019. This System ROM is the minimum recommended version for use with this operating system version. This revision of the System ROM contains updated support for Windows 2019 when using the optional HPE TPM Module. Updated the RESTful API HPE BIOS Attribute Registry resources to match the latest BIOS/Platform Configuration options. Online ROM Flash Component for Windows x64 - HPE ProLiant DL380 Gen9/DL360 Gen9 (P89) Servers Version: 2.64_10-17-2018 (Recommended) Filename: cp037692.exe Important Note! Important Notes: None Deliverable Name: HPE ProLiant DL360/DL380 Gen9 System ROM - P89 Release Version: 2.64_10-17-2018 Last Recommended or Critical Revision: 2.64_10-17-2018 Previous Revision: 2.60_05-21-2018 Firmware Dependencies: None Enhancements/New Features: Added support for Microsoft Windows 2019. This System ROM is the minimum recommended version for use with this operating system version. This revision of the System ROM contains updated support for Windows 2019 when using the optional HPE TPM Module. Updated the RESTful API HPE BIOS Attribute Registry resources to match the latest BIOS/Platform Configuration options. Problems Fixed: This revision of the System ROM includes the latest revision of the Intel microcode which addresses an issue where the system could experience an unexpected reset or shutdown with no errors logged to the Integrated Management Log (IML). This issue only impacts systems configured with Intel Xeon 2600 v4 series processors. This issue is not unique to HPE servers. This revision of the System ROM includes the latest revision of the Intel microcode which addresses an issue where the system could experience an unexpected reset or shutdown with no errors logged to the Integrated Management Log (IML) when processor C-states are enabled. This issue does not exist when processor C-states are disabled. This issue is not unique to HPE servers. Known Issues: None Prerequisites The "HPE ProLiant iLO 3/4 Channel Interface Driver” (CHIF) for Windows which is available from Service Pack for ProLiant (SPP). Fixes Important Notes: None Firmware Dependencies: None Problems Fixed: This revision of the System ROM includes the latest revision of the Intel microcode which addresses an issue where the system could experience an unexpected reset or shutdown with no errors logged to the Integrated Management Log (IML). This issue only impacts systems configured with Intel Xeon 2600 v4 series processors. This issue is not unique to HPE servers. This revision of the System ROM includes the latest revision of the Intel microcode which addresses an issue where the system could experience an unexpected reset or shutdown with no errors logged to the Integrated Management Log (IML) when processor C-states are enabled. This issue does not exist when processor C-states are disabled. This issue is not unique to HPE servers. Known Issues: None Enhancements Added support for Microsoft Windows 2019. This System ROM is the minimum recommended version for use with this operating system version. This revision of the System ROM contains updated support for Windows 2019 when using the optional HPE TPM Module. Updated the RESTful API HPE BIOS Attribute Registry resources to match the latest BIOS/Platform Configuration options. Online ROM Flash Component for Linux - HPE Apollo 2000 Gen10/HPE ProLiant XL170r/XL190r Gen10 (U38) Servers Version: 1.46_10-11-2018 (Optional) Filename: RPMS/x86_64/firmware-system-u38-1.46_2018_10_11-1.1.x86_64.compsig; RPMS/x86_64/firmware-system-u38-1.46_2018_10_11- 1.1.x86_64.rpm Important Note! Important Notes: None Deliverable Name: HPE ProLiant XL170r/XL190r Gen10 System ROM - U38 Release Version: 1.46_10-11-2018 Last Recommended or Critical Revision: 1.42_06-23-2018 Previous Revision: 1.42_06-23-2018 Firmware Dependencies: None Enhancements/New Features: Added support for flashing the firmware of the optional HPE Trusted Platform Module (TPM). This is the minimum revision of the System ROM that should be used if updating the firmware on the optional HPE TPM module. Added a new PCIe Peer-to-Peer Serialization option to the Advanced Performance Options menu in the BIOS/Platform Configuration (RBSU). This option can be used to improve peer-to-peer performance between two PCIe devices installed on the same processor. This option may improve performance in certain GP-GPU configurations. Updated the RESTful API HPE BIOS Attribute Registry resources to match the latest BIOS/Platform Configuration options. Problems Fixed: Addressed an issue where early server video output, on a locally attached monitor, may not show correctly when the monitor is attached to the server through a KVM. This issue does not impact systems that are not using a KVM or video output through the iLO Remote Console application. Addressed an issue where firmware flashing through the RESTful API could periodically fail and the task being marked with an exception in the iLO firmware page. This issue could impact flashing firmware such as the HPE Innovation Engine, Intel SPS Firmware or the optional HPE Trusted Platform Module (TPM). Addressed an issue where a PCIe card would not properly train to its maximum speed when the PCIe Bifurcation option was enabled. This issue does not impact PCIe cards that do not require bifurcation. Addressed an extremely rare issue where a system configured with an optional SATA DVD drive and an HPE SmartArray controller may become unresponsive during boot, usually with a Red Screen (RSOD), when in legacy boot mode. This issue does not impact systems in UEFI Boot Mode. Addressed an issue where an optional PCIe card's legacy option ROM may not properly display its legacy setup menu prompt during boot when in legacy boot mode. This issue does not impact systems in UEFI Boot Mode. Addressed an issue where the embedded Network Controller may not function properly under an operating system when the server is configured with a high number of optional PCIe Adapters. Known Issues: None Prerequisites The "iLO 5 Channel Interface Driver” (CHIF) for Linux which is integrated into the standard Linux kernel. Fixes Important Notes: None Firmware Dependencies: None Problems Fixed: Addressed an issue where early server video output, on a locally attached monitor, may not show correctly when the monitor is attached to the server through a KVM. This issue does not impact systems that are not using a KVM or video output through the iLO Remote Console application. Addressed an issue where firmware flashing through the RESTful API could periodically fail and the task being marked with an exception in the iLO firmware page. This issue could impact flashing firmware such as the HPE Innovation Engine, Intel SPS Firmware or the optional HPE Trusted Platform Module (TPM).
Load more

Recommended publications
  • SPP 2019.09.0 Component Release Notes
    SPP 2019.09.0 Component Release Notes BIOS - System ROM Driver - Chipset Driver - Network Driver - Storage Driver - Storage Controller Driver - Storage Fibre Channel and Fibre Channel Over Ethernet Driver - System Driver - System Management Driver - Video Firmware - Blade Infrastructure Firmware - Lights-Out Management Firmware - Network Firmware - NVDIMM Firmware - PCIe NVMe Storage Disk Firmware - Power Management Firmware - SAS Storage Disk Firmware - SATA Storage Disk Firmware - Storage Controller Firmware - Storage Fibre Channel Firmware - System Firmware (Entitlement Required) - Storage Controller Software - Lights-Out Management Software - Management Software - Network Software - Storage Controller Software - Storage Fibre Channel Software - Storage Fibre Channel HBA Software - System Management BIOS - System ROM Top Online ROM Flash Component for Linux - HPE ProLiant DL380 Gen9/DL360 Gen9 (P89) Servers Version: 2.74_07-21-2019 (Optional) Filename: RPMS/i386/firmware-system-p89-2.74_2019_07_21-1.1.i386.rpm Important Note! Important Notes: None Deliverable Name: HPE ProLiant DL360/DL380 Gen9 System ROM - P89 Release Version: 2.74_07-21-2019 Last Recommended or Critical Revision: 2.72_03-25-2019 Previous Revision: 2.72_03-25-2019 Firmware Dependencies: None Enhancements/New Features: This revision of the System ROM includes the latest revision of the Intel microcode which provides mitigation for an Intel sighting where the system may experience a machine check after updating to the latest System ROM which contained a fix for an Intel TSX (Transactional Synchronizations Extensions) sightings. The previous microcode was first introduced in the v2.70 System ROM. This issue only impacts systems configured with Intel Xeon v4 Series processors. This issue is not unique to HPE servers. Problems Fixed: Addressed an extremely rare issue where a system booting to VMware may experience a PSOD in legacy boot mode.
    [Show full text]
  • Microcode Revision Guidance August 31, 2019 MCU Recommendations
    microcode revision guidance August 31, 2019 MCU Recommendations Section 1 – Planned microcode updates • Provides details on Intel microcode updates currently planned or available and corresponding to Intel-SA-00233 published June 18, 2019. • Changes from prior revision(s) will be highlighted in yellow. Section 2 – No planned microcode updates • Products for which Intel does not plan to release microcode updates. This includes products previously identified as such. LEGEND: Production Status: • Planned – Intel is planning on releasing a MCU at a future date. • Beta – Intel has released this production signed MCU under NDA for all customers to validate. • Production – Intel has completed all validation and is authorizing customers to use this MCU in a production environment.
    [Show full text]
  • SDG Adhoc Reporting
    VMware Deliverable Release Notes This document does not apply to HPE Superdome servers. For information on HPE Superdome, see the following links: HPE Integrity Superdome X HPE Superdome Flex Information on HPE Synergy supported VMware ESXi OS releases, HPE ESXi Custom Images and HPE Synergy Custom SPPs is available at: VMware OS Support Tool for HPE Synergy Information on HPE Synergy Software Releases is available at: HPE Synergy Software Releases - Overview SPP 2021.04.0 Release Notes for VMware vSphere 6.5 BIOS (Login Required) - System ROM Driver - Network Driver - Storage Controller Firmware - Network Firmware - NVDIMM Firmware - Storage Controller Firmware - Storage Fibre Channel Software - Management Software - Storage Controller Software - Storage Fibre Channel Software - System Management BIOS (Login Required) - System ROM Top ROM Flash Firmware Package - HPE Apollo 2000 Gen10/HPE ProLiant XL170r/XL190r Gen10 (U38) Servers Version: 2.42_01-23-2021 (Recommended) Filename: U38_2.42_01_23_2021.fwpkg Important Note! Important Notes: None Deliverable Name: HPE Apollo 2000 Gen10/HPE ProLiant XL170r/XL190r Gen10 System ROM - U38 Release Version: 2.42_01-23-2021 Last Recommended or Critical Revision: 2.42_01-23-2021 Previous Revision: 2.40_10-26-2020 Firmware Dependencies: None Enhancements/New Features: Updated the support for Fast Fault Tolerant Memory Mode (ADDDC) to improve system uptime. Added support to the BIOS/Platform Configuration (RBSU) Time Zones to add Dublin/London (UTC+1). This support also requires the latest version of iLO Firmware, version 2.40 or later. Problems Fixed: This revision of the System ROM includes the latest revision of the Intel microcode which provides a fix for a potential machine check exception under heavy stress with short loops of instructions.
    [Show full text]
  • Class-Action Lawsuit
    Case 3:20-cv-00863-SI Document 1 Filed 05/29/20 Page 1 of 279 Steve D. Larson, OSB No. 863540 Email: [email protected] Jennifer S. Wagner, OSB No. 024470 Email: [email protected] STOLL STOLL BERNE LOKTING & SHLACHTER P.C. 209 SW Oak Street, Suite 500 Portland, Oregon 97204 Telephone: (503) 227-1600 Attorneys for Plaintiffs [Additional Counsel Listed on Signature Page.] UNITED STATES DISTRICT COURT DISTRICT OF OREGON PORTLAND DIVISION BLUE PEAK HOSTING, LLC, PAMELA Case No. GREEN, TITI RICAFORT, MARGARITE SIMPSON, and MICHAEL NELSON, on behalf of CLASS ACTION ALLEGATION themselves and all others similarly situated, COMPLAINT Plaintiffs, DEMAND FOR JURY TRIAL v. INTEL CORPORATION, a Delaware corporation, Defendant. CLASS ACTION ALLEGATION COMPLAINT Case 3:20-cv-00863-SI Document 1 Filed 05/29/20 Page 2 of 279 Plaintiffs Blue Peak Hosting, LLC, Pamela Green, Titi Ricafort, Margarite Sampson, and Michael Nelson, individually and on behalf of the members of the Class defined below, allege the following against Defendant Intel Corporation (“Intel” or “the Company”), based upon personal knowledge with respect to themselves and on information and belief derived from, among other things, the investigation of counsel and review of public documents as to all other matters. INTRODUCTION 1. Despite Intel’s intentional concealment of specific design choices that it long knew rendered its central processing units (“CPUs” or “processors”) unsecure, it was only in January 2018 that it was first revealed to the public that Intel’s CPUs have significant security vulnerabilities that gave unauthorized program instructions access to protected data. 2. A CPU is the “brain” in every computer and mobile device and processes all of the essential applications, including the handling of confidential information such as passwords and encryption keys.
    [Show full text]
  • NEC V. Intel: a Guide to Using "Clean Room" Procedures As Evidence, 10 Computer L.J
    The John Marshall Journal of Information Technology & Privacy Law Volume 10 Issue 4 Computer/Law Journal - Winter 1990 Article 1 Winter 1990 NEC v. Intel: A Guide to Using "Clean Room" Procedures as Evidence, 10 Computer L.J. 453 (1990) David S. Elkins Follow this and additional works at: https://repository.law.uic.edu/jitpl Part of the Computer Law Commons, Internet Law Commons, Privacy Law Commons, and the Science and Technology Law Commons Recommended Citation David S. Elkins, NEC v. Intel: A Guide to Using "Clean Room" Procedures as Evidence, 10 Computer L.J. 453 (1990) https://repository.law.uic.edu/jitpl/vol10/iss4/1 This Article is brought to you for free and open access by UIC Law Open Access Repository. It has been accepted for inclusion in The John Marshall Journal of Information Technology & Privacy Law by an authorized administrator of UIC Law Open Access Repository. For more information, please contact [email protected]. NEC V. INTEL: A GUIDE TO USING "CLEAN ROOM" PROCEDURES AS EVIDENCE DAVID S. ELKINS* I. INTRODUCTION The recent United States District Court decision in NEC Corp. v. Intel Corp.' has made a significant imprint on the field of copyright law in two respects. The case marks the first time that computer microcode 2 has been held copyrightable,3 and the first time that "clean room" procedures have been used as evidence in an infringement ac- tion.4 Simply put, clean room procedures comprise a method of creating a certain type of technology without the possibility of influence from outside sources. These procedures may be necessary in situations where the mere creation of the technology gives rise to an inference of copy- * J.D., King Hall School of Law, University of California, Davis, 1990; A.B., Univer- sity of California, Berkeley, 1986.
    [Show full text]
  • Accelerate Hybrid Cloud AI Workloads Solution Brief
    Solution Brief Data Center | Hybrid Cloud Accelerate Hybrid Cloud AI Workloads Ease your journey to hybrid/multicloud with a reference architecture for Intel® technology and VMware Cloud Foundation Executive Summary To remain competitive in today’s world, organizations need a modern data center. Companies using these data centers must accelerate their product development, compete more successfully at a lower cost, and Solution Benefits reduce their downtime and maintenance overhead. Technology must move and change with the times—solutions for hosting applications and Intel’s VMware Cloud Foundation services must innovate and change as well. reference architecture takes advantage of Intel® compute, Companies with older and outdated data centers will want to meet these memory, storage, and networking challenges by upgrading to hybrid cloud solutions, where the data center innovations to help enable can easily and seamlessly interface between on‑premises and cloud software-defined data centers and systems. Based on VMware Cloud Foundation with VMware Tanzu, Intel hybrid/multicloudOptional adoption. partner logo goes here addressed these requirements by offering a hybrid/multicloud reference • Fast AI inference. AI workloads architecture—available in a Base and Plus configuration—that is easily can benefit from innovations deployable and manageable for virtual machines (VMs) and containers. from Intel such as Intel® DL Boost. • Flexibility and portability. VMware Cloud Foundation helps enable enterprises to run their workloads where it makes most sense, whether that’s Private Public on‑premises, in a public cloud, Cloud Cloud or in several clouds at once. VMware Cloud Foundation VMware VMware VMware VMware vSphere vRealize Suite vSA S‑T VMware SDDC Manager Figure 1.
    [Show full text]
  • Beyond MOV ADD XOR – the Unusual and Unexpected
    Beyond MOV ADD XOR the unusual and unexpected in x86 Mateusz "j00ru" Jurczyk, Gynvael Coldwind CONFidence 2013, Kraków Who • Mateusz Jurczyk o Information Security Engineer @ Google o http://j00ru.vexillium.org/ o @j00ru • Gynvael Coldwind o Information Security Engineer @ Google o http://gynvael.coldwind.pl/ o @gynvael Agenda • Getting you up to speed with new x86 research. • Highlighting interesting facts and tricks. • Both x86 and x86-64 discussed. Security relevance • Local vulnerabilities in CPU ↔ OS integration. • Subtle CPU-specific information disclosure. • Exploit mitigations on CPU level. • Loosely related considerations and quirks. x86 - introduction not required • Intel first ships 8086 in 1978 o 16-bit extension of the 8-bit 8085. • Only 80386 and later are used today. o first shipped in 1985 o fully 32-bit architecture o designed with security in mind . code and i/o privilege levels . memory protection . segmentation x86 - produced by... Intel, AMD, VIA - yeah, we all know these. • Chips and Technologies - left market after failed 386 compatible chip failed to boot the Windows operating system. • NEC - sold early Intel architecture compatibles such as NEC V20 and NEC V30; product line transitioned to NEC internal architecture http://www.cpu-collection.de/ x86 - other manufacturers Eastern Bloc KM1810BM86 (USSR) http://www.cpu-collection.de/ x86 - other manufacturers Transmeta, Rise Technology, IDT, National Semiconductor, Cyrix, NexGen, Chips and Technologies, IBM, UMC, DM&P Electronics, ZF Micro, Zet IA-32, RDC Semiconductors, Nvidia, ALi, SiS, GlobalFoundries, TSMC, Fujitsu, SGS-Thomson, Texas Instruments, ... (via Wikipedia) At first, a simple architecture... At first, a simple architecture... x86 bursted with new functions • No eXecute bit (W^X, DEP) o completely redefined exploit development, together with ASLR • Supervisor Mode Execution Prevention • RDRAND instruction o cryptographically secure prng • Related: TPM, VT-d, IOMMU Overall..
    [Show full text]
  • SDG Adhoc Reporting
    VMware Deliverable Release Notes This document does not apply to HPE Superdome servers. For information on HPE Superdome, see the following links: HPE Integrity Superdome X HPE Superdome Flex Information on HPE Synergy supported VMware ESXi OS releases, HPE ESXi Custom Images and HPE Synergy Custom SPPs is available at: VMware OS Support Tool for HPE Synergy Information on HPE Synergy Software Releases is available at: HPE Synergy Software Releases - Overview VMware Upgrade Pack v1.4.2.1 Release Notes for VMware ESXi 7.0 U2 BIOS (Login Required) - System ROM Driver - Lights-Out Management Driver - Network Driver - Storage Controller Driver - System Management Firmware - Network Firmware - NVDIMM Firmware - Storage Controller Firmware - Storage Fibre Channel Software - Management Software - Storage Fibre Channel Software - System Management BIOS (Login Required) - System ROM Top ROM Flash Firmware Package - HPE Apollo 2000 Gen10/HPE ProLiant XL170r/XL190r Gen10 (U38) Servers Version: 2.42_01-23-2021 (Recommended) Filename: U38_2.42_01_23_2021.fwpkg Important Note! Important Notes: None Deliverable Name: HPE Apollo 2000 Gen10/HPE ProLiant XL170r/XL190r Gen10 System ROM - U38 Release Version: 2.42_01-23-2021 Last Recommended or Critical Revision: 2.42_01-23-2021 Previous Revision: 2.40_10-26-2020 Firmware Dependencies: None Enhancements/New Features: Updated the support for Fast Fault Tolerant Memory Mode (ADDDC) to improve system uptime. Added support to the BIOS/Platform Configuration (RBSU) Time Zones to add Dublin/London (UTC+1). This support also requires the latest version of iLO Firmware, version 2.40 or later. Problems Fixed: This revision of the System ROM includes the latest revision of the Intel microcode which provides a fix for a potential machine check exception under heavy stress with short loops of instructions.
    [Show full text]
  • Introduction
    Volume 3, Spring Issue, 1990 NEC v. INTEL : BREAKING NEW GROUND IN THE LAW OF COPYRIGHT Jorge Contreras,* Laura Handley,* and Terrence Yang* INTRODUCTION The status of copyright protection for computer programs has long been in a state of confusion. In NEC Corp. v. Intel Corp., 1 the U.S. Dis- trict Court for the Northern District of California shed some light on three previously unresolved issues in this murky and continually evolv- ing area of copyright. The court ruled that: (1) microcode embedded in certain Intel microprocessors constituted copyrightable material; (2) reverse engineering of the microcode did not infringe the microcode copyright; and (3)independent "clean room" development of similar microcode was persuasive evidence of non-infringement. The execution of a computer program within a computer involves a number of different, operational levels. 2 An applications programmer may write a program to'solve a problem in a high-level.problem-oriented language containing familiar words, variables, and operators. Examples of high-level languages include BASIC, C, FORTRAN, COBOL, and Pascal. However, high-level languages cannot be implemented as such by a computer, which is controlled by the operation of digital circuits. Before instructions can be executed, a program must undergo a series of transformations that enable it-to operate the computer's digital circuitry. The first step in this transformation may involve translation of the pro- gram by a compiler into an assembly-level program. Assembly languages generally reflect the internal organization and operation of the computer more than higher-level languages do, but are still incapable of directly controlling the computer.
    [Show full text]
  • Cacheout: Leaking Data on Intel Cpus Via Cache Evictions
    CacheOut: Leaking Data on Intel CPUs via Cache Evictions Stephan van Schaik* Marina Minkin Andrew Kwong University of Michigan University of Michigan University of Michigan [email protected] [email protected] [email protected] Daniel Genkin Yuval Yarom University of Michigan University of Adelaide and Data61 [email protected] [email protected] Abstract—Recent transient-execution attacks, such as RIDL, instructions, bypassing the CPU’s address and permission Fallout, and ZombieLoad, demonstrated that attackers can leak checks. Using these techniques, an attacker can siphon off data information while it transits through microarchitectural buffers. as it appears in the buffer, bypassing all previous hardware Named Microarchitectural Data Sampling (MDS) by Intel, these attacks are likened to “drinking from the firehose”, as the and software countermeasures and again breaking nearly all attacker has little control over what data is observed and from hardware-backed security domains. what origin. Unable to prevent the buffers from leaking, Intel Responding to the threat of unconstrained data extraction, issued countermeasures via microcode updates that overwrite the Intel deployed countermeasures for blocking data leakage from buffers when the CPU changes security domains. internal CPU buffers. For older hardware, Intel augmented a In this work we present CacheOut, a new microarchitectural attack that is capable of bypassing Intel’s buffer overwrite legacy x86 instruction, verw, to overwrite the contents of countermeasures. We observe that as data is being evicted from the leaking buffers. This countermeasure was subsequently the CPU’s L1 cache, it is often transferred back to the leaky CPU deployed by all major operating system vendors, performing buffers where it can be recovered by the attacker.
    [Show full text]
  • Undocumented X86 Instructions to Control the CPU at the Microarchitecture Level
    UNDOCUMENTED X86 INSTRUCTIONS TO CONTROL THE CPU AT THE MICROARCHITECTURE LEVEL IN MODERN INTEL PROCESSORS Mark Ermolov Dmitry Sklyarov Positive Technologies Positive Technologies [email protected] [email protected] Maxim Goryachy independent researcher [email protected] July 7, 2021 ABSTRACT At the beginning of 2020, we discovered the Red Unlock technique that allows extracting microcode (ucode) and targeting Intel Atom CPUs. Using the technique we were able to research the internal structure of the microcode and then x86 instructions implementation. We found two undocumented x86 instructions which are intendent to control the microarhitecture for debug purposes. In this paper we are going to introduce these instructions and explain the conditions under which they can be used on public-available platforms. We believe, this is a unique opportunity for third-party researchers to better understand the x86 architecture. Disclamer. All information is provided for educational purposes only. Follow these instructions at your own risk. Neither the authors nor their employer are responsible for any direct or consequential damage or loss arising from any person or organization acting or failing to act on the basis of information contained in this paper. Keywords Intel · Microcode · Undocumented · x86 1 Introduction The existence of undocumented mechanisms in the internals of modern CPUs has always been a concern for information security researchers and ordinary users. Assuming that such mechanisms do exist, the main worry is that
    [Show full text]
  • Red Hat Enterprise Linux 7 7.1 Release Notes
    Red Hat Enterprise Linux 7 7.1 Release Notes Release Notes for Red Hat Enterprise Linux 7.1 Last Updated: 2018-05-18 Red Hat Enterprise Linux 7 7.1 Release Notes Release Notes for Red Hat Enterprise Linux 7.1 Red Hat Customer Content Services Legal Notice Copyright © 2015-2017 Red Hat, Inc. This document is licensed by Red Hat under the Creative Commons Attribution-ShareAlike 3.0 Unported License. If you distribute this document, or a modified version of it, you must provide attribution to Red Hat, Inc. and provide a link to the original. If the document is modified, all Red Hat trademarks must be removed. Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law. Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries. Linux ® is the registered trademark of Linus Torvalds in the United States and other countries. Java ® is a registered trademark of Oracle and/or its affiliates. XFS ® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries. MySQL ® is a registered trademark of MySQL AB in the United States, the European Union and other countries. Node.js ® is an official trademark of Joyent. Red Hat Software Collections is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
    [Show full text]