Intel R2224WFQZS Server System OFU Firmware 02.01.0014

This update package includes the following production-level system firmware updates:

- System BIOS - 02.01.0014
- ME Firmware - 04.01.04.505
- BMC Firmware - 2.86
- FRUSDR - 2.02
- Intel Optane DC Persistent Memory Firmware - 01.02.00.5446

Important notes:

- OFU utility with flashupdt tool does not support PMEM FW update, please refer to "PMEM_Update_Intructions.txt" part of this package for instructions to update PMEM.
- This SFUP package includes the FW 01.02.00.5446 for Intel Optane DC Persistent Memory (PMEM), if you received your PMEM DIMMs with a different FW, please install this one.
- This Update package must be installed using Intel One-boot Flash Update (OFU) V14.1 Build 28
- Starting from BMC v2.86, BMC does not allow upload .key files and only accepts .pem file for SSL certificate.
- If uploaded SSL Certificate or Key files fail to format checking, BMC will remove the invalid format file before starting BMC EWS and re-generate a self-signed certificate to ensure the BMC EWS can boot up successfully. Please consult TA-1176 for more details
- Starting from BMC v2.88, Purley platfomrs only support SSL certificate which is equal to or longer than 2048 bit.
- A security issue was fixed in Purley platforms. BMC credential is required to access files in internal virtual media from BMC v2.88.
- Issue:[Internal Virtual Media] Files in internal virtual media are accessible without BMC credential
- Starting from BMC v2.88, EWS Active Directory should allow domain name and user name longer than 16 characters.
- The AD Setting will be cleared after downgrade to v2.86 or lower BMC versions if the Domain Name is equal to or longer than 32 characters.
- Starting from BMC 2.22.59c3b83a, when KCS Policy Control Mode is configured as "Deny ALL" on BMC EWS, BMC and FRUSDR cannot be upgraded/downgraded as expected behavior.
- Updates can still be performed via Redfish or BMC EWS

Changes in BIOS:

- [HSD-ES]: [1509670554] PurleyPlatPkg/Platform: S2600WF SATA Controller will change to "Controller is Disable" after Change QAT to Disable.
- [HSD-ES]: [CCB3364] PurleyPlatPkg/Platform: Add a hidden knob "Override QAT" to control if to use "GPP_B3_CPU_GP2" to detect QAT.
- [HSD-ES]: [2103642368] PurleyPlatPkg: Stop bit should be "1" according to new ACPI SPCR spec.
- [HSD-ES]: [2103641990] CpPcRestrictedPkg/SetupBrowserDxe: Use the BIOS UI to modify the BMC password, it actually does not take effect.
- [HSD-ES]: [1509426976] CpPcRestrictedPkg/Bds: The copyright should be Copyright (c) 2006-2021 instead of Copyright(c) 2006-2020.
- [HSD-ES]: [1508885724] PurleyPlatPkg/ProcessorErrorHandler: [IPU2021.1 PC RAS] Incorrect channel in PPR address after UCE error occur in mirrored backup region
- [HSD-ES]: [1509245448] PurleyPcPkg/RasPkg: [IPU2021.1 PC RAS] ADDDC should do intra bank VLS when all ranks are unhealthy.
- [HSD-ES]: [1509203310] PurleyPcPkg/WheaErrorInj: [IPU2021.1 PC RAS] SMI 0x9a mEinjParam address is not correctly passed to OS.
- [HSD-ES]: [1509231092 1509261012] PurleyPcPkg/RasPkg: [IPU2021.1 PC RAS] Support single-rank bank VLS ADDDC
- [HSD-ES]: [5388648] PurleyPlatPkg/ProcessorErrorHandler: [IPU 2021.1] [1st Generation Intel Xeon] [2nd Generation Intel Xeon] [RAS] Disable fast string from SMI after the first poison detected when EMCA is enabled
- [HSD-ES]: [22012477418] PurleyPlatPkg/ProcessorErrorHandler: [IPU 2021.1] [IPU-2021.1,Beta][Purley][Regression] Additional PPR entry is logged with incorrect information for DCU error.
- [HSD-ES]: [22011769652] CpRcPkg/Library/BaseMemoryCoreLib: [IPU 2021.1] [NVDIMM-N] data is lost on warm boot when MRC sets setupChanged to 1
- [HSD-ES]: [5388662] PurleySktPkg/MemRas: [IPU 2021.1] [RAS] VLS operation uses non healthy rank as buddy rank
- [HSD-ES]: [5388647] PurleySktPkg/Library/ProcMemInit, CpRcPkg/Library/BaseMemoryCoreLib, PurleyPlatPkg/Platform/Dxe/MemorySubClass: [IPU 2021.1] Fix critical KW Issues in Memory IP code
- [HSD-ES]: [5388654] CpRcPkg/Library, PurleySktPkg/Library: [IPU 2021.1] Improve how MemTest failure list is being reset
- [HSD-ES]: [5388609] [CVE-2020-12358] [IPU 2021.1] Attacker can change/crash SMI behavior by modifying the IioUdsData data structure
- [HSD-ES]: [22011323440] PurleyRpPkg/PurleyPcPkg/AcpiPlatformTableLib/AcpiPlatformLibBdat: [IPU 2021.1] Added EWL to BDAT/ACPI table
- [HSD-ES]: [5388593] [IPU 2021.1] [RAS] SMI will not be triggered on the new rank with increasing CE count over threshold while another spare copy ongoing in the same memory controller
- [HSD-ES]: [5388649] PurleySktPkg/ProcMemErrReporting: [IPU 2021.1] [RAS] Ktiviral errors are not handled
- [HSD-ES]: [5388645] [CVE-2020-24486] [IPU 2021.1] MemSetLocal may overwirte PEI stack
- [Hsd-ES]: [5388610,1509203310] PurleyPlatPkg/Ras/Whea/WheaErrorInj: [CVE-2020-12360] [IPU 2021.1] SMI 0x9a mEinjParam address is not correctly passed to OS
- [HSD-ES]: [5388646, 1508362522] PurleySktPkg/MemRas: [IPU 2021.1] Bank reverse VLS should not be allowed when single DIMM ,single rank is present.
- [HSD-ES]: [5388594, 5388595] PurleyPlatPkg/ProcessorErrorHandler: [IPU 2021.1] Channel and bank information of PPR entry for the UCE PS error is wrong when the error is happening in mirrored backup region
- [HSD-ES]: [5388658] PurleySktPkg/Library/ProcMemInit: [IPU 2021.1] Avoid MemTest type 17 logs invalid errors on DDR4 DIMMs
- [HSD-ES]: [5388650] PurleySktPkg/Library, CpRcPkg/Library: [IPU 2021.1] Prevent CPGC Timeout during MemTest
- [HSD-ES]: [05388630] PurleySktPkg/ProcMeminit: [IPU 2021.1] Support for 1:2 (NM:FM) ratio memory mode configuration for Intel Optane DC Persitent Memory
- [HSD-ES]: [1508891772] PurleyPcPkg/RasPkg: There is no PPR info record when inject CE error with parameter "PatrolConsume = True"
- [HSD-ES]: [1509336085] PurleyPcPkg/Roms: The pointers coming from untrusted source can't be overlap or within SMM range.
- [HSD-ES]: [N/A] PurleyPCPkg/StitchingPkg: Integrate Microcode 02006b06 for 1st Generation Intel Xeon H0
- [HSD-ES]: [N/A] PurleyPCPkg/StitchingPkg: Integrate SPS E5_04_01_04_505_0 to Trunk
- [HSD-ES]: [N/A] PurleyPCPkg/StitchingPkg: Integrate BIOS ACM 1.7.43 PW and SINIT ACM 1.7.4A PW to purley trunk
- [HSD-ES]: [N/A] PurleyPCPkg/StitchingPkg: Integrate IntelDCPersistentMemoryDriver v01.00.00.3515 to Trunk
- [HSD-ES]: [CCB3402] CpPcRestrictedPkg/BootOrder: CCB3402 - Add a new marker line, FORCE_EFI_BOOT_SILENT.
- [HSD-ES]: [CCB3402] CpPcRestrictedPkg/BootOrder: CCB3402 - Port StartupMarkfileBootorder driver from Whitley
- [HSD-ES]: [1508841518] PurleyPcPkg/RasPkg: Rank CE Time Window does not work
- [HSD-ES]: [CCB3364] PurleyPcPkg/Restricted: CCB3364 - Add a new knob to override QAT(Auto(default)/Enable/Disable) to PC generation.
- [HSD-ES]: [1508841411] PurleyPcPkg/RasPkg: Rank CE will disable after inject 11 times error
- [HSD-ES]: [1508733401] PurleyPcPkg/RasPkg: SUT will reboot after 3rd strike when do ADDDC test
- [HSD-ES]: [CCB3356] CpPcRestrictedPkg/Ipmi: CCB3356 - Modify BIOS setup behavior around complex password
- [HSD-ES]: [16010688351] PurleyPcPkgRestricted: Please replace BIOS RAID Option "Intel RSTe" to "Intel VROC (SATA RAID)"
- [Hsd-Es]: [1508961754] PurleyPcPkg/PprVlsErrorLogListener: The debug log will show “[PPR] Entry already existed for” when inject 2nd CE just DIMM slot is different
- [HSD-ES]: [2103639586] PurleyPcPkg/RasPkg: CCB3390 2nd Patch - ECC error logs will be generated after inject several PPR error on different one by one with BIOS 0X020312
- [HSD-ES]: [CCB3390] PurleyPcPkg/RasPkg: CCB#3390: Request PPR within SW Error Threshold Flow for new row entries
- [HSD-ES]: [1508838608] PurleyPcPkg/RasPkg: Handle CSMI during VLS
- [HSD-ES]: [CCB3389] PurleyPcPkg/RasPkg: CCB#3389: PPR Runtime request SEL event
- [HSD-ES]: [1508923841] PurleyPcPkg/Restricted: Add "Disable FRB-2 if any bit is enabled" in "Adv MemTest Options" setup help information.
- [HSD-ES]: [1508895344] CpPcRestrictedPkg/Ipmi: BMC user setup does not report error if input user name is the same as user 14 or user 15 name
- [HSD-ES]: [1508895086] CpPcRestrictedPkg/Ipmi: BMC user setup does not report error if user2 name input is same as other user such as user3
- [Hsd-ES]: [CCB3272] PurleyPcPkg/RasPkg: Only record a single SEL entry for a single VLS copy during ADDDC
- [Hsd-ES]: [1508774126] PurleyPcPkg/RasPkg: Handle SMI and CE Threshold for ADDDC handler
- [Hsd-ES]: [CCB3245] PurleyPcPkg/Restricted: Log AMT and PPR results in SEL - 2nd Patch
- [HSD-ES]: [1508779249] PurleyPcPkg/RasPkg: CE error triggered need inject over threshold errors after 2nd waiting for Correctable Error Time window
- [HSD-ES]: [1508773048] PurleyPcPkg/RasPkg: Bank error counter not clear when reach the time of correctable error time window
- [HSD-ES]: [1508772732] PurleyPcPkg/RasPkg: SW Bank Threshold, and Time Window only available when PcieErrEn != 0
- [HSD-ES]: [1508756520] PurleyPcPkg/Restricted: Fix incorrect SEL info for AMT & PPR
- [HSD-ES]: [1508578905] PurleyPcPkg/Restricted: The help info is not including bit 16 -19 about Adv MemTest Options
- [HSD-ES]: [CCB3305] PurleySktPkg/Library: Change default SPAREINTERVAL.normopdur and SPAREINTERVAL.numspare.
- [HSD-ES]: [1508667225] PurleyPcPkg: Enable Samsung and Hynix AMT test
- [HSD-ES]: [1507980834] PurleyPcPkg/RasPkg: TC2B fourth strike does not intiate any spare action
- [HSD-ES]: [1507980834] PurleyPcPkg/RasPkg: Fix report incorrect bank number in case rank VLS.
- [HSD-ES]: [CCB3243] PurleyPcPkg/RasPkg: Improve algorithm for when DSG Commercial BIOS enters VLS mode
- [HSD-ES]: [2103636701] CpPcRestrictedPkgIpmi: The help notes for enable complex password is incorrect in the BIOS setup when set password complexity to "Medium" or "High" in EWS
- [HSD-ES]: [22011859965] CpPcRestrictedPkg/Library: MCA Recovery (Data Poison) should be enabled by default
- [Hsd-ES]: [CCB3245] PurleyPcPkg/Restricted: Log AMT and PPR results in SEL
- [Hsd-ES]: [CCB3030] PurleyPlatPkg/Override: Support Intel DG1 graphic card
- [Hsd-ES]: [N/A] PurleyPCPkg/StitchingPkg: Revert PeciProxyEnabled and PmBusProxyEnabled from "Integrate SPS E5_04_01_04_505_0 to Trunk"

Changes in BMC:

- 15010010055 - [Purley][Internal Tool]cannot decrypt BMC debug log
- 14012941881 -[S2600BP]: PSU on 3 Compute Module system chassis is reporting 0% current out and PS status indicating "Power Supply AC lost"
- 2103643380 - [S2600ST][internal virtual media]Failed to download files from the internal VM to OS
- 2103643416 - Login to EWS with LDAP or AD users, there shows a new added "CPLD Update" option in the "Configuration" menu
- 2103643309 - [S2600ST]SUT will fail to connect to the SSH console after change default port number to other port
- 2103643393 - [S2600ST] it pops up an empty dialog box when replace a new certificate with 512 bits or 1024 bits in Chinese EWS
- 2103643315 - [S2600ST]The SSH console is still active when disable SOL SSH in EWS
- 1509762682 - [S9200WK]The ca signed of the 4096-bit SSL certificate error when viewed in Redfish after successfully uploaded via EWS
- 2103643101 - [S2600WF]There are 3 more AIC risers' FRU info in EWS after BMC update to version 2.86.2da97d3f
- 1509732850 - [S2600ST]Restore BMC with checking "Keep User and LAN configuration",IPV4 Network Settings has abnormal behavior.
- 1509732551 - [S2600ST]The primary port is changed when restore BMC with checking "Keep User and LAN configuration"
- 1509675014 - [S2600ST]When set SMTP authentication Method to "Authentication after STARTTLS" or "Authentication over TLS/SSL session", the email alert function is failed.
- 1509673621 - [S2600ST]The "PercentComplete" always is 60 when simple update BMC via redfish.
- 2103642161 - [S2600ST]The“Advanced System Management Key”item in EWS shouldn’t be displayed in Purely project
- 1509732255 - [S2600ST]There are four channel options in EWS->VLAN Settings->LAN Channel.
- 1509724643 - [S2600WF/S9200WK]The mounted samba img file via Web ISO can't be opened or auto-detected by SUT OS.
- 1509417498 - #CCB 3402: [S2600BP] With three virtual media devices mounted by HTML5, mounting the new image created by internal interface via Redfish, the response is 200 OK and with no error info
- 2103642381 - [S2600ST]The boot order can't be changed via redfish
- 2103642152 - [S2600WF/S9200WK] The DIMM location is incorrect for "Mem err Sensor" SEL in EWS.
- 2103642154 - [S2600WF/S9200WK] Change KVM(Secure) port value, open KVM /HTML5 KVM session and it will be disconnected automatically soon.
- Upgrade kernel to 4.9.282
- CCB3388: Add one additional type to CCB 3245 to log AMT and PPR to SEL
- CCB3389: Need SEL for runtime PPR request
- CCB3402: Internal Virtual Media Image with file upload/download
- CCB3403: Redfish and EWS Virtual Media IMG & ISO support over NFS/SAMBA/Local
- CCB3245: Log AMT and PPR results in SEL

Changes in FRU/SDR:

- Update BIOS sensor number according to BIOS EPS v1.18
- HSD 1509288822 -S2600WF uses the wrong entity ID for the sensor "NVMe 1 Therm Mgn"

About Firmware Updates:

Applying a newer firmware version than the one already installed on your unit can bring various enhancements, include workarounds for diverse problems encountered by the device, and improve or add newly developed features.

On the other hand, downgrading the firmware version can recover the device's functionality in the event of a software update either turning up faulty or causing the unit's overall performance to drop. However, bear in mind that applying an older firmware isn't recommended and might not always be possible.

When it comes to the update steps, due to the large variety of devices and numerous ways for installing a new firmware, it is recommended that you carefully read and understand the upgrade steps, and consider applying a different firmware only when you have familiarized yourself with the update method.

As the installation process is most of the times quite risky, this step should be taken by users that have the ability to successfully complete the update; regular users may initiate it at their own risk. Moreover, it's best that this task be performed in a steady power environment such as the one ensured by a UPS unit.

Therefore, if you consider applying this release, hit the download button, take into account all the aforementioned aspects, and update the device's firmware. Also make sure you constantly check with our website to ensure that you don't miss a single new release.