================================================================================
Intel(R) Server Board S2600BP and Intel(R) HNS2600BP Product Family
Firmware Update Package for Intel(R) One Boot Flash Update Utility and
Windows* Preboot Execution Environment 
================================================================================
Intel(R) Server Boards and Systems
Intel Corporation
2111 N.E. 25th Avenue, Hillsboro, OR 97124 USA
================================================================================
DATE    : 	April 02, 2019
TO      : 	Intel(R) Server Board S2600BP Product Family
			Intel(R) Compute Module HNS2600BP Product Family             
SUBJECT : Release Notes for System Firmware Update Package 
================================================================================
                              ABOUT THIS RELEASE
================================================================================
BIOS   : 02.00.0008
ME     : 04.01.04.251
BMC    : 1.93.870cf4f0
FRUSDR : 1.39
================================================================================
                           Support Platforms and Dependency
================================================================================
Processors supported: 
Intel(R) Xeon(R) Scalable processors

Microcode versions:
        CPUID           Version       Status
        0x50654        0x0200005a     (1st Generation Intel(R) Xeon(R) Scalable H0,M0,U0)
        0x50656        0x0400001c     (2nd Generation Intel(R) Xeon(R) Scalable B0,L0,R0)
        0x50657        0x0500001c     (2nd Generation Intel(R) Xeon(R) Scalable B1,L1,R1)

The following update process must be followed to ensure a trouble free update.
1.	BMC firmware
2.	BIOS
3.	Manageability Engine (ME) firmware
4. 	FD
5.	FRUSDR

================================================================================
                             IMPORTANT NOTES!!!                   
================================================================================
 - Cipher Suite 3 is disabled by default since BMC firmware 1.90 and only keep Cipher Suite 17 opened by default.
   Due to this the extra parameter "-C 17" is required for ipmitool to work via LAN.
   The Cipher Suite 17 was first introduced in ipmitool 1.8.18 on Oct 8th 2016, 
   you have to update ipmitool to this version or newer one, earlier versions of ipmitool dont have Cipher 17 support
   ipmitool is not working well when running in high load network. We recommend to add extra timeout by using -N 5. 
   Default is 1 second for RMCP+, which is not enough. N 5 will set 5 second as timeout.
   So the command will look like:
   ipmitool I lanplus H ip U user P password C 17 N 5 command
   Please refer to the included "TA-1143_Extra_parameters_needed_for_ipmitool.pdf"

 - This Update package must be installed using 
   Intel(R) One-boot Flash Update (OFU) V14.1 Build 19 or later
   
1. Package C-State only works well with Xeon Scalable Family H0 parts, for other Xeon Scalable Family stepping, C6 non-retention is hardcode from BIOS side.
2. BIOS R00.01.0001 does not support online downgrade to any Dxxx or Xxxx BIOS.
3. BIOS R00.01.0001 removed Xeon Scalable Family A1 microcode(m1350651_8000002B) and Xeon Scalable Family B0 microcode(m9750652_80000035).
4. Removed 'UpdateNvram' support for iflash32 tool for security reason of SRA bios.
5. Security revision upgrade to v0002 on BIOS R00.01.0002 will prevent BIOS downgrade via normal mode to R00.01.0001, user can use BIOS recovery mode for BIOS downgrade. Although Intel doesn't recommend downgrading firmware
6. One new production key is integrated onto R0004 BIOS, which will correct an OEM string. 
7. This release include security revision upgrade to version 0004. This will prevent BIOS downgrade via normal mode to previous version with lower security revision, user can use BIOS recovery mode process for BIOS downgrade.
8. System will prevent downgrading ME from 04.00.04.288 to 04.00.04.235 or older version, if system BIOS version is R0009. This is an expected behavior. 
9. Security revision upgrade to 0005 since BIOS R010, it will prevent BIOS downgrade via normal mode to previous version that with lower security revision, user can use BIOS recovery mode for BIOS downgrade.
10. Downgrading BMC below version 1.43.660a4315 is not supported due to a security revision change.
11. Security revision upgrade to 0006 on BIOS R0014, it will prevent BIOS downgrade via normal mode to previous version that with lower security revision, user can use BIOS recovery mode for BIOS downgrade.
================================================================================
                  System Firmware Update Package Usage instructions                   
================================================================================
This package can be updated using one of the following methods:
 - Windows* or Linux* operating system using Intel(R) One-boot Flash Update (OFU)
   V14.1 Build 19 or later)
 - Windows* Preboot Execution Environment (WinPE)

To update from Windows* and Linux* or operating systems using the Intel(R) One Boot
Flash Update Utility (OFU)

Intel(R) One boot Flash Update utility can be downloaded from http://downloadcenter.intel.com/
and it is part of the "BIOS, Firmware Update & Configuration Utilities" for 
Windows* and Linux*. Please refer to Intel(R) OFU user guide about the details of 
installation and usage of OFU.

Use OFU to update system firmware by the following steps:
- Install OFU on Windows* or Linux* system
- Download the latest firmware update package from http://downloadcenter.intel.com/
- Unzip package to a folder
- Run the following command in Windows* command line/Linux* terminal window:
  <OFU install folder name>:\flashupdt -u  <package folder name>\flashupdt.cfg
                       
To update from Windows* Preboot Execution Environment (WinPE)

The System Firmware Update Package can be inserted to Windows* PE customized image 
for creating a bootable Windows* PE CD. User is able to update system firmware from 
customized WinPE CD by the following steps:
- Boot server with customized WinPE CD
- Run script "WinPE_x64_Update.bat"
  (name may be varied depends on your own customization)
  
Note:
1. The Intel(R) OFU utility is case sensitive. Therefore, when you transfer the 
Firmware Update Package using USB flash drive from a Microsoft Windows* system to a Linux
environment, you must first extract under the Linux* environment. Otherwise, you 
will need to mount the USB flash drive manually with 'vfat' option under Linux to avoid 
conversion from upper case to lower case and vice versa.

2. To make Intel(R) OFU utility run properly under x64 OS, you have to read
OFU release notes on known issues for OFU installation.

3. In this SFUP package, Intel only provide batch file "WinPE_x64_Update.bat" 
for WinPE2.1/3.0 64 bit solution as an example. Please refer to white paper 
"White Paper-Intel Server Utilities Procedure for WinPE.pdf" for details on 
building your own customized WinPE CD.

4. Windows PE 2.0 - built from Windows Vista SP1 EM64T
5. Windows PE 2.1 - built from Windows Vista SP1 or Windows Server 2008, EM64T
6. Windows PE 3.1 - built from Windows Server 2008 R2, EM64T
7. Microsoft IPMI driver is loaded by default from WinPE CD, if you want to use 
Intel IPMI driver instead of MS IPMI driver for firmware update, you can un-install
Microsoft IPMI driver by:
                Devicesetup.exe Cv remove *IPI0001
                Note: IPI0001 is the device ID for Microsoft IPMI driver.

================================================================================
                         BIOS R02.00.0008(This release)
================================================================================
Added support for 2nd Generation Intel(R) Xeon(R) Scalable processors
Hsd-ES:1507112201, Default option for Resume on Power Loss changed to 'power on'
Hsd-ES:1607077352, Default option for Console Redirection changed to 'Serial Port A'
Disable "UpdateNvram" in BIOS so that UpdateNvram can't be used in flash utility like iflash32.
Hsd-ES:1507108474, BIOS post fail with S2600BPS SKU in Riser solt2 M.2 NVME
Hsd-ES:[no_sighting] OpenSSL version update to 1.1.0j.
Hsd-ES:2103625393, [S2600ST] TPM BitLocker (Boot order change) test result does NOT match expected result.
Remove [Hsd-ES]: 5387873, SMBIOS Type 19/20 is not showing effective memory Size.
RP relese Reference code version: CP_PURLEY_0573_D10.
This release is mapping to RP daily build:CP_PURLEY_0574_D07.


===============================================================================
		BMC v1.93.870cf4f0 - (This release)
===============================================================================
    1504762562 - [S2600BP LCR] SEL Log has PS1/PS2/P1/P2/HDDs/Pwr Unit Redund Status Assert during DC cycle(appear once)
    1506985125 - BMC slow response and EWS can't login during DC/reset cycle test.
    1606875819 - Ipmitool command random lost function  during DC cycles test and sel log show redundant "bad user PWD"  information(EWS can be login).
    2103622412 - During the HSC FW update processing, execute the cmdtool 20 c0 38, it could not return response data until the update completed
    2103623745 - EWS BIOS Configuration OOB Test: When set the SerialOverLan option to enabled, the SUT will continuously reboot
    2103625073 - The "BIOS configurations" items not gray out when login with user privilege
    2103625221 - The System Macro key "PrntScrn" and "Alt+PrntScrn" have no function in iKVM over HTML5.
    2103625242 - Alert Email of EWS can't save via Chrome/Firefox/Safari
    1507016738 - [OOB BIOS Configuration]Some variables have the same value when we don't change the default "Select a BIOS Variable" in EWS.
    2103624478 - Description in HELP page isn't corresponding to the actual Chinese EWS page
    1507018625 - Fan 6 Present show unknown from EWS and disabled from ipmitool sensor list.
    2103625163 - RMCP cipher suite will be disable after offline BMC then online update BMC
    1507004031 - Security for missing or insecure "Content-Security-Policy"
    1506996790 - [S2600ST]No alert SMTP mail/SNMP trap received  after triggering the alert of "intel temp overheat shutdown"
    2103624840 - [S2600ST] Alerts and Alert mail  setting in EWS Configuration will be lost after click refresh button
    2103625101 - Alert Destination can't be saved via LAN3 in WFQ board
    2103625071 - The message display incorrect after enable syslog in Chinese EWS
    2103625044 - Copyright display incorrect in EWS

=============================================================================
				FRUSDR 1.74
=============================================================================

 1506731774    - [S2600ST]SDR record failure.
 1506114815    - [S2600ST]The sensor type of Remote Debug PECI is wrong.

================================================================================
			SYSTEM HARDWARE & SOFTWARE REQUIREMENTS/REVISIONS
================================================================================
- S2600BPB, S2600BPQ, S2600BPS, S2600BPL baseboards only.

  System BIOS  - 00.01.0016 or later
  ME Firmware  - 04.00.04.393 or later
  BMC Firmware - 1.90 or later
  FRUSDR       - 1.39  or later

- Front Panel, Hot-swap backplane, and Baseboard FRU data must be available
  for chassis auto-detection to succeed.

- IMPORTANT: BIOS 00.01.2001 is an earlier version than 00.01.0004 if you have 
this version please update to 00.01.0004 first, and then follow the appropiate path
to get to this release.
===============================================================================
                        KNOWN ISSUES/WORKAROUNDS/REQUIREMENTS
===============================================================================
HSD-ES 2103620401: After downgrade FD and ME, SUT will halt with beep code 1-5-1-2 when reboot.
       Please use the following WA when online downgrading SW stacks from R010 SUP to previous SUP version: 
       Online downgrade process: flash BIOS -> flash FD -> reset SUT -> flash ME -> flash BMC -> flash FRUSDR -> AC cycle SUT -> SUT can boot up normally.

HSD-ES 2103621818: Screen will show static noise while booting to RHEL7.5, and a PCCT error is loged
	No functional impact


    WARNING: This release has the BMC PCIe bridge disabled. This will cause the
    majority of operating systems to fail at boot as they stall during video
    driver initialization
    
    Steps to recover a failing operating system:
    
	Linux variants (one of the below):
        A. Ensure the "modprobe.blacklist=ast" parameter is set in your boot loader (grub)
        B. Ensure you are using a kernel version v4.10 or newer
    For Red Hat* Enterprise Linux* v7.3, please refer to the included "RHEL73_InstallationGuide_Rev1.00.pdf"
	For SUSE* Linux* Enterprise Server v12 SP1 or SP2, please refer to the included "SLES12_InstallationGuide_Rev1.00.pdf"
	
    Windows variants:
        Boot to safe mode, and load aspeed video driver v1.03 or greater and reboot
	For Windows* Server 2016, please refer to the included "WinSrv16_InstallationGuide_Rev1.00.pdf"

    IPMI usage:
    	This release disables RMCP authentication by default.  ipmitool uses
	RMCP by default, so it will fail to authenticate.  Add the '-I lanplus' parameter
	to all ipmitool commands to use RMCP+ instead.

    	Cipher Suite 3 is disabled by default since BMC firmware 1.90 and only keep Cipher Suite 17 opened by default.
    	Due to this the extra parameter "-C 17" is required for ipmitool to work via LAN.
    	The Cipher Suite 17 was first introduced in ipmitool 1.8.18 on Oct 8th 2016, 
    	you have to update ipmitool to this version or newer one, earlier versions of ipmitool dont have Cipher 17 support
	ipmitool is not working well when running in high load network. We recommend to add extra timeout by using -N 5. 
	Default is 1 second for RMCP+, which is not enough. N 5 will set 5 second as timeout.
	So the command will look like:
		ipmitool I lanplus H ip U user P password C 17 N 5 command
	Please refer to the included "TA-1143_Extra_parameters_needed_for_ipmitool.pdf"

    When using IPMI to establish a SOL session using KONSOLE:
    	A. The "Delete" input cannot be captured when pressing "Backspace" 
	   Workaround: Modify the "Backspace" key to "0x08" in the KONSOLE profile keyboard settings.
	B. Resizing a KONSOLE window with an active SOL session can cause the content to overlap 
	   Workaround: None. Recommend using the Java SOL Viewer instead of KONSOLE

    Redfish API:
        Redfish API POST requests using a browser extension or plugin will fail if the
        extension manipulates the HTTP(S) Origin header. This affects REST clients which
        are implemented as browser (chrome, Firefox) plugins or extensions such as the
        older versions of Postman. It is recommended to use Postman version 6.0 or later.

        For security purposes, the BMC Redfish API requires that if a HTTP Origin header
        is present, the host portion of the Origin header must match the HTTP Host header.
        Some browser based REST clients alter the Origin header preventing their use with
        the BMC.

=============================================================================
                            LEGAL INFORMATION
=============================================================================
Information in this document is provided in connection with Intel products. 
No license, express or implied, by estoppel or otherwise, to any intellectual 
property rights is granted by this document. Except as provided in Intel's 
Terms and Conditions of Sale for such products, Intel assumes no liability 
whatsoever, and Intel disclaims any express or implied warranty, relating to 
sale and/or use of Intel products including liability or warranties relating 
to fitness for a particular purpose, merchantability, or infringement of any 
patent, copyright or other intellectual property right. Intel Corporation may 
have patents or pending patent applications, trademarks, copyrights, or other 
intellectual property rights that relate to the presented subject matter.  
The furnishing of documents and other materials and information does not 
provide any license, express or implied, by estoppel or otherwise, to any 
such patents, trademarks, copyrights, or other intellectual property rights.  
Intel products are not intended for use in medical, life saving, or life 
sustaining applications. Intel may make changes to specifications and product 
descriptions at any time, without notice.

Intel is a registered trademark of Intel Corporation. 
*Other names and brands are the property of their respective owners.
Copyright (c) 2019 Intel Corporation.

A portion of this firmware is open source code, which falls under the
GPL 2.0 license.