BIOS security updates LGA 3647 - 1st and 2nd Gen Intel Xeon Scalable processors
The following table shows available UEFI firmware/BIOS security updates for LGA 3647 (1st & 2nd Gen Xeon SP) motherboards from Thomas-Krenn. In the columns of the table security flaws are listed, which require UEFI firmware/BIOS updates. For each mainboard it is noted whether an update is already available for the respective vulnerability. Information about other mainboards can be found in the article BIOS security updates.
In the case of security flaws that affect the CPU microcode (e.g. Spectre or L1TF), the microcode can in many cases also be applied alternatively via the operating system.
LGA 3647 - 1st & 2nd Gen Xeon SP
- Processors: Skylake SP / Cascade Lake SP (Purley Platform)
- SPS version: 04.01.*
Security updates from 2022
The table below lists the security updates released as of 2022.
Security update | 2022.1 IPU INTEL-SA-00601 INTEL-SA-00613 INTEL-SA-00614 INTEL-SA-00616 INTEL-SA-00617 |
---|---|
Update Microcode | yes |
Update SPS | under investigation |
Update Platform Sample / Silicon Reference firmware | under investigation |
Update BIOS ACM firmware / SINIT ACM firmware | yes |
ASUS Z11PG-D24 (ESC8000 G4) |
under investigation |
ASUS Z11PG-D16 (ESC4000 G4S) |
under investigation |
ASUS Z11PP-D24 (Barebone RS700-E9-RS12) |
under investigation |
Supermicro X11DDW-NT | BIOS 3.7 (in development) |
Supermicro X11DPT-PS | BIOS 3.7 (in development) |
Supermicro X11DGQ (GPU Server Board) | BIOS 3.7 (in development) |
Supermicro X11DPH-T | BIOS 3.7 (in development) |
Supermicro X11DPi-N | BIOS 3.7 (in development) |
Supermicro X11DPi-NT | BIOS 3.7 (in development) |
Supermicro X11DPL-i | BIOS 3.7 (in development) |
Supermicro X11SPi-TF | BIOS 3.7 (in development) |
Supermicro X11SPW-TF | BIOS 3.7 (in development) |
Supermicro X11SPL-F | BIOS 3.7 (in development) |
Supermicro X11SDV-4C-TP8F (SPS Version (SoC-X): 04.00.04.xxx) | BIOS 1.7 (in development) |
Supermicro X11SDV-8C-TP8F (SPS Version (SoC-X): 04.00.04.xxx) | BIOS 1.7 (in development) |
Security updates until 2021
The table below lists the security updates released through the end of 2021.
Security update | 2021.2 IPU INTEL-SA-00528 INTEL-SA-00562 |
2021.1 IPU INTEL-SA-00442 INTEL-SA-00459 INTEL-SA-00463 INTEL-SA-00464 INTEL-SA-00465 |
2020.2 IPU INTEL-SA-00381 INTEL-SA-00389 INTEL-SA-00391 |
2020-09-08 INTEL-SA-00347 INTEL-SA-00356 INTEL-SA-00404 |
2020.1 IPU INTEL-SA-00295 INTEL-SA-00320 INTEL-SA-00322 |
2020-01 INTEL-SA-00329 |
2019-12 INTEL-SA-00289 INTEL-SA-00317 |
2019.2 IPU INTEL-SA-00220 INTEL-SA-00241 INTEL-SA-00254 INTEL-SA-00270 |
2019.1 QSR INTEL-SA-00213 INTEL-SA-00223 Microarchitectural Data Sampling - ZombieLoad INTEL-SA-00233 |
2018.4 QSR INTEL-SA-00185 INTEL-SA-00191 |
Intel ME, CSME, SPS und TXE INTEL-SA-00125 INTEL-SA-00141 INTEL-SA-00142 |
Spectre V3a and V4, Foreshadow L1 Terminal Fault INTEL-SA-00115 INTEL-SA-00161 |
Spectre Variant 2 INTEL-SA-00088 |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Update Microcode | yes | yes | yes | under investigation | yes | yes | yes | yes | yes | - | - | yes | yes |
Update SPS | under investigation | yes | yes | under investigation | yes | - | - | yes | yes | yes SPS >= 4.00.04.383 SPS >=4.01.02.174 |
yes | - | - |
Update Platform Sample / Silicon Reference firmware | under investigation | under investigation | under investigation | under investigation | under investigation | - | - | yes | under investigation | yes | - | - | - |
Update BIOS ACM firmware / SINIT ACM firmware | under investigation | under investigation | under investigation | under investigation | under investigation | - | - | yes | ? | ? | ? | ? | ? |
ASUS Z11PG-D24 (ESC8000 G4) |
under investigation | affected, Microcode and ME firmware update necessary | affected, Microcode and ME firmware update necessary | not affected | BIOS 6201 | BIOS 5102 | |||||||
ASUS Z11PG-D16 (ESC4000 G4S) |
under investigation | affected, Microcode and ME firmware update necessary | BIOS 6701 | not affected | BIOS 6201 | BIOS 6102 | BIOS 5102 | ||||||
ASUS Z11PP-D24 (Barebone RS700-E9-RS12) |
under investigation | affected, Microcode and ME firmware update necessary | affected, Microcode and ME firmware update necessary | not affected | BIOS 6203 | BIOS 6102 | BIOS 6001 | BIOS 5102 | BIOS 3501 | BIOS 0905 | |||
Supermicro X11DDW-NT | BIOS 3.6 (in development) | BIOS 3.5 (test pending) | BIOS 3.4 | not affected | BIOS 3.3 | BIOS 3.2 | BIOS 3.1 | BIOS 3.0a | BIOS 2.2 | ||||
Supermicro X11DPT-PS | BIOS 3.6 (in development) | BIOS 3.5 (test pending) | BIOS 3.4 | not affected | BIOS 3.3 | BIOS 3.2 | BIOS 3.1 | BIOS 3.0c | BIOS 2.1 | ||||
Supermicro X11DGQ | BIOS 3.6 (in development) | BIOS 3.5 (test pending) | BIOS 3.4 | not affected | BIOS 3.3 | BIOS 3.2 | BIOS 3.1 | BIOS 3.0c | BIOS 2.0b | ||||
Supermicro X11DPH-T | BIOS 3.6 (in development) | BIOS 3.5 (test pending) | BIOS 3.4 | not affected | BIOS 3.3 | BIOS 3.2 | BIOS 3.1 | BIOS 3.0 | BIOS 2.1 | ||||
Supermicro X11DPi-N | BIOS 3.6 (in development) | BIOS 3.5 | BIOS 3.4 | not affected | BIOS 3.3 | BIOS 3.1a | BIOS 3.1 | BIOS 3.0a | BIOS 2.1 | BIOS 2.0b | |||
Supermicro X11DPi-NT | BIOS 3.6 (in development) | BIOS 3.5 | BIOS 3.4 | not affected | BIOS 3.3 | BIOS 3.1a | BIOS 3.1 | BIOS 3.0a | BIOS 2.1 | BIOS 2.0b | |||
Supermicro X11DPL-i | BIOS 3.6 (in development) | BIOS 3.5 (test pending) | BIOS 3.4 | not affected | BIOS 3.3 | BIOS 3.2 | BIOS 3.1 | BIOS 3.0b | BIOS 2.1 | BIOS 2.0b | |||
Supermicro X11SPi-TF | BIOS 3.6 (in development) | BIOS 3.5 (test pending) | BIOS 3.4 | not affected | BIOS 3.3 | BIOS 3.2 | |||||||
Supermicro X11SPW-TF | BIOS 3.6 (in Entwicklung) | BIOS 3.5 (Test anstehend) | BIOS 3.4 | nicht betroffen | BIOS 3.3 | ||||||||
Supermicro X11SPL-F | BIOS 3.6 (in development) | BIOS 3.5 (test pending) | BIOS 3.4 | not affected | BIOS 3.3 | BIOS 3.2 | BIOS 3.1 | BIOS 3.0b | BIOS 2.1 | BIOS 2.1 | |||
Supermicro X11SDV-4C-TP8F (SPS Version (SoC-X): 04.00.04.xxx) | BIOS 1.6 (in development) | BIOS 1.5 | BIOS 1.4 | not affected | BIOS 1.3 | BIOS 1.2 | BIOS 1.1a | BIOS 1.1 | |||||
Supermicro X11SDV-8C-TP8F (SPS Version (SoC-X): 04.00.04.xxx) | BIOS 1.6 (in development) | BIOS 1.5 | BIOS 1.4 | not affected | BIOS 1.3 | BIOS 1.2 | BIOS 1.1a | BIOS 1.1 |
Author: Thomas Niedermeier Thomas Niedermeier working in the product management team at Thomas-Krenn, completed his bachelor's degree in business informatics at the Deggendorf University of Applied Sciences. Since 2013 Thomas is employed at Thomas-Krenn and takes care of OPNsense firewalls, the Thomas-Krenn-Wiki and firmware security updates.
|
Author: Werner Fischer Werner Fischer, working in the Knowledge Transfer team at Thomas-Krenn, completed his studies of Computer and Media Security at FH Hagenberg in Austria. He is a regular speaker at many conferences like LinuxTag, OSMC, OSDC, LinuxCon, and author for various IT magazines. In his spare time he enjoys playing the piano and training for a good result at the annual Linz marathon relay.
|