Release Notes
=============
Broadcom ASF 2.0 Firmware
for BCM5750/BCM5751/BCM5752/BCM5753/BCM5721
Copyright (c) 2000-2005 Broadcom Corporation
All rights reserved.
------------------------------
Version 6.26 -- March 24, 2005
------------------------------
Fixes:
======
1. Problem: (CQ 12483)
Broadcom ASF NIC transmits System Heartbeat PET messages with the Event
Severity field set to 0 ("unspecified"). Other Alert Sending Devices
(ASDs) send System Heartbeat PET messages with the Event Severity
field set to 1 ("Monitor"). An OEM requested that we use the "Monitor"
Event Severity for System Heartbeat PET messages.
Cause:
The Event Severity value for System Heartbeat messages is not defined
anywhere in the ASF specification, so we chose the "unspecified" value
(0).
Change:
When the System Heartbeat PET message is created, a value of 1
("Monitor") is used for the Event Severity field.
Impact:
Any applications that monitor PET messages will need to recognize
System Heartbeat messages with the "Monitor" event severity value.
2. Problem: (CQ 12521)
On some systems, with "PET Retransmit Interval" set to non-zero
(typically 20 seconds) and ASF_INFO->MinWatchdogResetValue set to 0
(an atypical value), any PET messages transmitted by the ASF firmware
would not have any subsequent retransmissions as required by the ASF
specification, section 3.1.1.1.
Cause:
Root cause not identified. The fix for CQ 12530 also eliminated this
problem. When starting the PET retransmission software timer during
the firmware initialization, it appears the software timer entry could
under some circumstances become corrupted or removed.
Change:
The PET retransmission software timer entry is not created until a PET
message (that is subject to retransmission) is actually sent.
3. Problem: (CQ 12530
ASF PET retransmission occurs at indeterministic interval: first PET
retransmission occurs at random interval, second retransmission occurs
at configured PET Retransmit Interval.
Cause:
The PET retransmission timer is a free-running software timer, ticking
at the configured PET Retransmit Interval. A PET message can be sent at
any time. If the transmitted PET messages is subject to retransmission,
the PET message would be added to the retransmission queue somewhere
in the middle of a retransmit interval causing the first retransmission
to occur at the next software timer tick (whenever that may be).
Change:
If the PET retransmission queue is empty (as is usually the case), the
PET retransmit software timer is reset when the PET message is added to
the retransmission queue. If multiple PET retransmissions are enqueued
simultaneously, the software timer cannot be reset (or it would be
possible to fill-up the retransmit queue before any messages were
actually retransmitted).
Also, the software timer mechanism was fixed to insure the first event
(in this case, a PET retransmission) does not occur one second short of
the requested interval.
4. Problem: (CQ 12279)
NIC card lose power when device gets reset. Thus, clears ASF/IPMI saved
data in shared memory.
Cause:
The system was not designed for NIC. NIC card has circuit designed to
generate POR (power on reset) when device get reset without driving
GPIO2 low. The device lose everything and starts fresh in POR and lose
the previous BMC/SMBus information.
Change:
When the NVRAM configuration is configured as NIC, drive GPIO2 low to
avoid POR.
Note:
It is not a requirement for ASF/IPMI to run in NIC. This fix is only for
SQA testing.
---------------------------------
Version 6.25 -- December 17, 2004
---------------------------------
Enhancements:
=============
1. Support for BCM5752 (Baxter).
--------------------------------
Version 6.24 -- December 8, 2004
--------------------------------
Fixes:
======
1. Problem: (CQ 11289)
UDP#2 port filtering problem
Cause:
UDP1 Port Filtering Uses UDP 2 Port Value instead.
Change:
Where when the f/w is setting up the RcvRule, the correct value should
be the UDP1 port number.
2. Problem: (CQ 10569)
Connection to BMC fails when running driver load/unload test in
Windows.
Cause:
GRC reset was generated while we are in master mode sending SMBus
message.
When driver sends NICDRV_PAUSE_FIRMWARE command to firmware, firmware
maybe too busy to respond (already in sending smbus message routine,
for example) and cause drive to timeout in 100us. Then driver may
generate GRC reset while sending SMBus message.
When GRC reset was generated while we are master and sending message,
there is a window can cause SMBus in deadlock condition:
When we are writing the last byte of message and the remote (slave) is
acknowledging the write by driving data line low and awaiting for our
device (master) to generate a falling edge clock to move on, if our
device is reset at this point, we will no longer drive both clock and
data line. As result, the data line will stay low. (because slave is
acknowledging input data by driving data line low and waiting for the
falling edge of clock.)
Because of reset, our device is back to idle state. When we want to
write data again, since data line is already low, we could not gain the
arbitration to become master; therefore we will never be able to send
out data again unless if the data line and clock line back to high
(idle state).
The SMBus become deadlock until someone drives clock low to let the
slave to release data line.
Change:
Change firmware to constantly monitor driver's NICDRV_PAUSE_FIRMWARE
event while sending each byte of SMBus message; when it happens, get
ready to stop and clean up message by issuing stop condition.
Concern:
Driver only wait 100us before times out. CPUB may spending time in other
loop before getting into send routine; even though we reduced the chance
to cause this problem, it is not 100% bullet proof. Furthermore, we need
to insure the smbus is at operational state at initialization all the
time (possible because of other device's chip bug); therefore, extra
security initialization has been put in initialization routine.
1. Checks if Smbus is idle. (Both clock and data lines are high)
2. If it is idle, then no problem, it is operational.
3. If it is not idle, then we monitor the lines. If there is changed,
that means there is activity on the bus; it is operational state.
4. If the bus is not idle and no activity for a long period of time (We
are using 1.6 second), we consider the bus is stuck. To clean up the
bus, we want to generate a stop condition.
--------------------------------
Version 6.23 -- October 29, 2004
--------------------------------
Fixes:
======
1. Problem: (CQ 11181)
System does not boot when ASF is enabled on the 5753A1 NIC.
Cause:
BCM5753 devices use GPIO2 for "main power presence" detection.
Change:
Changed firmware's "hasMainPower" macro to check the "hw_config"
in the shared memory to see if the boot code has configured
GPIO2 to be used for main power detection.
Impact:
Main power detection now works on BCM5753 devices.
2. Problem:
WHQL test was failing due to workaround for CQ 9901
Cause:
When this workaround was implemented, both driver and firmware needed to
be changed. The problem was only seen in Linux system where OS was
performing a PCI Config. space read right after placing our device into
D3Hot. Since Windows driver was not coped to handle the workaround (It
was not needed since Windows OS was not performing PCI config. space read
immediately right after placing our device into D3Hot), the workaround was
causing problem when driver was loaded immediately right after unload.
Change:
Removed the workaround.
Enhancements:
=============
1. Added SST 1MB/512k non-buffered flash (SST45VF010/SST45VF512) support.
Due to buffering issue, no VPD write is supported.
The following is the supported NVRAM summary:
SO: Bit 25, Flash Size, internal pull-up
SI: Bit 24, Protected Mode, internal pull-down
SCLK: Bit 1, Buffered Mode, internal pull-down
CS: Bit 0, Flash Mode, internal pull-down
[SO,SI,SCLK,CS] Device Write Memo
--------------- -------------- ----- ----------------------------
1000 AT24C512 Yes SEEPROM, AT24Cxxx, any size
1011 AT45DB011B Yes Atmel Buffered 1MB Flash
1001 SST SST45VF010 No SST Non-Buffered 1MB Flash
0001 SST SST45VF512 No SST Non-Buffered 512KB Flash
1101 ST M45PE80 Yes ST 8MB Flash
---------------------------------
Version 6.22 -- September 1, 2004
---------------------------------
Fixes:
======
1. Problem: (CQ 10854)
ASF management consoles that verify the DWORD-alignment of the
"integrity data" field of secure RMCP response packets, would fail to
verify the authenticity of some secure RMCP response packets
transmitted by the ASF firmware (i.e. Close Session Response).
Cause:
The integrity-protected portion of transmitted secure RMCP packets
contained the wrong number of pad bytes if the length of the protected
portion was an odd number of bytes, resulting in an "integrity data"
field that was not DWORD-aligned, as is required by the ASF
specification.
Change:
Fixed error in calculating pad length required for DWORD alignment of
the RSP "integrity data" field in secure RMCP response packets.
Impact:
Management consoles that failed to work with previous versions of
ASF firmware due to this defect should now work.
2. Fixed WoL problem when IP address not configured (NULL).
Problem: (CQ 10838)
Standby on does not wake up from ICMP ping if clear the ARP cache on
the ping station. IF not clear the ARP Cache, there is no problem to
wake up with ping. There is also no problem when using the Ethernet
port that does not have ASF/IPMI enabled.
Cause:
In the code logic, WoL was disabled when the IP address mismatches.
When the IP address was uninitialized (NULL), the comparison would
fail when compared to the incoming ARP IP address. Hence, it disabled
WoL as designed.
Change:
Compare the IP only when IP address has been initialized (not NULL).
Enhancements:
=============
1. Change:
Changed the "firmware ID" value stored in the LSB of memory location
0xc0c from 0x05, 0x0a, and 0x0b to 0x15, 0x1a, and 0x1b for the ASF
firmware init, CPUA, and CPUB modules, respectively. This allows the
driver differentiate between ASF and IPMI pass-through firmware, if
necessary.
-------------------------------
Version 6.21 -- August 23, 2004
-------------------------------
Fixes:
======
1. Problem: (CQ 10801)
After creating a secure RMCP session and sending any secure RMCP
command (even a "close session" command), each subsequent PET message
transmitted by the client (e.g. "System Heartbeat") would be followed
by 2 corrupted PET messages.
Cause:
When generating the RSP trailer for the secure RMCP response packets, a
call to the HMAC-SHA1 routine would overflow the firmware stack and
corrupt the bottom portion of the "sys" variable memory which contains
the PET retransmission structures causing erroneous retransmissions
of every transmitted PET message there-after.
Change:
Reduced local (stack) variables used by HMAC-SHA1 routine and increased
the amount of memory reserved for the firmware stack (from 0x300 to
0x500 bytes).
2. Problem: (CQ 10825)
Disabling the transmission of PET messages does not stop the
transmission of "System Heartbeat" messages.
Cause:
A low-level check of the "PET enable" flag was erroneously coded,
evaluating to "always true".
Change:
Fixed the check of the "PET enable" flag.
Impact:
A managed client transmitting PET heartbeats before an upgrade to this
version of firmware may stop transmitting heartbeats after the upgrade
if the client is configured to not transmit PETs (as was originally
intended and documented).
3. Problem: (CQ 10826)
Secure RMCP ACK packets transmitted by the managed client may contain
RSP headers with session IDs and sequence numbers of unexpected values.
Cause:
The RSP header added to an RMCP ACK packet transmitted by the ASF
client is a copy of the RSP header of the received RMCP command packet
that is being acknowledged. The RSP header's session ID and sequence
number were not changed to reflect the "destination entity" (management
console) during a secure session.
Change:
For RMCP command packets received over a secure session, the RSP
headers generated now contain the session ID of the management console
and an incremented sequence number from the saved "sequence number"
state variable.
Impact:
This change has no effect on packets transmitted over the insecure
("compatibility") port, or packets transmitted over the secure port
using the "Bypass" session ID (0).
Management consoles that failed to work with previous versions of
ASF firmware due to this defect should now work.
-------------------------------
Version 6.20 -- August 16, 2004
-------------------------------
Fixes:
======
1. Problem: (CQ 10700)
RSP sequence numbers (included in the RSP header of secure RMCP
packets transmitted from the managed client) are not reset to 0 when
the secure session is established.
ASF specification section 3.2.3.1:
"When a session is created, the Sequence Number is initialized to zero
and incremented by one at the start of outbound processing for a given
message".
Management consoles that check and verify the RSP sequence number of
secure RMCP messages (as described in section 3.2.3.3.3 of the ASF
specification) will silently discard messages from the managed client.
Change:
Reset the client's RSP sequence number when a secure session is
established (session creation phase is complete).
Impact:
Management consoles that failed to work with previous versions of
ASF firmware due to this defect should now work.
2. Problem: (CQ 10701)
RSP headers transmitted by the managed client contain the client's
session ID (SIDc) instead of the management console's session ID (SIDm).
Hidden in the table in section 3.2.3.1 of the ASF specification:
"The session ID of the destination entity". So the session
ID in RSP headers generated by the ASF firmware (managed client)
should be that of the management console, the destination entity.
Management consoles that check and verify the session ID before
processing messages will silently discard messages from the managed
client unless the client's session ID happens to be the same value
as the management console's session ID (not an uncommon occurrence
when using the Broadcom ASF Management Console).
Change:
Save and use the management console's session ID (SIDm) for RSP headers
generated by the ASF firmware for secure RMCP messages transmitted
after session establishment.
Impact:
Management consoles that failed to work with previous versions of
ASF firmware due to this defect should now work.
3. Problem:
Managed client does not verify RSP sequence numbers in received secure
RMCP messages (as described in section 3.2.3.3.3 of the ASF
specification), thereby allowing accidental or malicious "replay" of
previously received secure messages.
Change:
ASF firmware now tracks and verifies RSP sequence numbers in received
secure RMCP messages, silently discarding messages with duplicate or
out-of-order sequence numbers.
Impact:
Managed client will now silently discard the first secure RMCP packet
received from Broadcom ASFMgmtCon v1.14 and earlier since these versions
erroneously used a sequence number of 0 for the first secure message
after session establishment. This problem was fixed in ASFMgmtCon v1.20.
4. Problem:
If any of the "compatibility or secure" remote control capability bits
(4:7) were set in the ASF_RMCP.RemoteControlCapabiltities[6]
(System Capabilities) bit mask, non-secure remote control commands
received over the secure ASF port (using the Bypass session ID) were
allowed to trigger the corresponding remote control function.
Hidden in the table in section 3.2.3.1 of the ASF specification:
"Set-type [remote control] messages (e.g., Reset) shall not be accepted
under this [Bypass] Session ID".
Change:
It seems somewhat illogical to reject non-secure remote control
commands on the secure port while allowing remote control commands on
the "compatibility" (non-secure) port, but in an effort to comply with
the specification as written, the firmware now rejects remote control
commands on the secure port using the Bypass session ID (0), regardless
of the bits set in the "System Capabilities" bit mask.
Impact:
Most likely, none. It's doubtful that anyone would rely on the old
behavior. Typically, remote control commands are only allowed during
secure sessions, if at all.
5. Problem: (CQ 10770)
When attempting a secure session establishment on Shasta B1, the ASF
firmware would lock-up.
Cause:
The ASF firmware must be able to distinguish between Shasta A and B
step devices to use the correct hardware random number generator
interface (B-step devices do not have TPM/Broadsafe). If the firmware
attempts a Broadsafe operation on a B-step device, the firmware will
enter an infinite loop.
Change:
Check for flag indicating Shasta B1 rev.
Enhancements:
=============
1. Change:
On Shasta A4 chips, the Broadsafe random number generator is now used
in low power mode instead of the software random number generator used
to work-around CQ 9685.
-----------------------------
Version 6.15 -- July 13, 2004
-----------------------------
Fixes:
======
1. Problem: (CQ 10447)
System exhibits signs of NMI errors in a driver load/unload stress test.
Problem: (CQ 10450)
System fails to Wake Repeatedly from S3 (Waker/Dozer stress test).
Problem: (CQ 10524)
System hangs while performing disable/enable stress test with windiag.
Cause:
Build chain (compiler/assembler/linker) used to build ASF Firmware
generated invalid op code in "pause_cpu" firmware function executed
during driver shutdown, causing firmware to jump to an invalid memory
location.
Change:
Eliminate "static" function definitions. The compiler appears to have
problems with some functions declared as "static".
2. Problem:
We may continue to service smbus even if we enter pause_cpu
routine.
Cause:
Interrupt is not disabled and interrupt service routine will
continue to service event
Fix:
Before we enter pause_cpu routine, we disable interrupt.
3. Applied extension of workaround for CQ#9901.
Fixing/Affecting: CQ#10452, CQ#10509, CQ#10510
Problem:
In Linux system, when unload driver, may cause system to generate
NMI, hang, or shutdown.
This problem (CQ 10510) is not seen on all systems, but has been
observed on a system that uses the Intel Lindenhurst chipset when
running the Linux 2.6 kernel. This problem (CQ 10510) has never been
observed under Windows on any system.
Cause:
In Linux system, when driver request OS to put device to D3Hot,
there is another PCI config read from 0 followed right after the
write to 0x4c with value 3.
Since the moment our device is put to D3Hot state, our device enters
L1 state; therefore, the read command data is generated but pending
due to L1 state and cause bus to choke.
In PCI-E spec (section 5.6.1) requires host SW to not access a device
for 10ms after it is put into a D3hot state, and that this bootcode
change is needed to workaround a scenario where the newer Linux 2.6
kernel does not follow the PCI-E standard.
Fix:
Put a new algorithm to delay the entering to L1 state.
This workaround requires Linux driver v7.41 or newer version to work.
When in D0 state: We disabled state machine from entering L1 state.
When in D3 state: We wait for at least 10us, then enable state machine
to enter L1 state after the read command completes.
Notes:
This workaround works only when firmware is still running. It is proven
to be working in Linux system; however, in Windows driver case, since
the firmware is halted while shutting down. This workaournd will not
work.
-----------------------------
Version 6.13 -- June 22, 2004
-----------------------------
Fixes:
======
1. Problem: (CQ 10420)
ASF Firmware would not transmit ARP requests after the Windows driver was
loaded and could not then transmit PET System Heartbeat (or any other)
messages until it received a packet from the Management console.
Cause:
As part of the code size reduction effort, in v6.05, the software timer
initialization function was moved from the 2nd initialization phase
(in CPUB) to the 1st initialization phase (in CPUA). Apparently the
device driver is resetting the ASF Retransmission Timer Register
(0x6C1C) to 0 in-between the first and second initialization phases
causing no ASF software timer functions (including ARP requests) to be
called.
Change:
Moved the software timer initialization back to the 2nd initialization
phase (in CPUB).
----------------------------
Version 6.12 -- June 8, 2004
----------------------------
Fixes:
======
1. Problem:
ASF Firmware would respond to SMBus GetUDID with an invalid SMBus
response (missing the SMBus address field).
ASF Firmware would reply to SMBus ARP queries even though we do
not support SMBus ARP.
Change:
Removed the SMBus ARP reply code from the firmware (conditionally
compiled-out).
-----------------------------
Version 6.11 -- May 26, 2004
-----------------------------
Fixes:
======
1. Problem: (CQ 10161)
Attempting to authenticate a secure session on B-step device would
cause firmware to go into an infinite loop and not respond until a
reset.
Cause:
The random number generator interface was changed in B0 due to the
removal of the Broadsafe/TPM block. The new interface is not
backward compatible.
Change:
Added support for the new RNG interface on B-step devices.
-----------------------------
Version 6.10 -- May 13, 2004
-----------------------------
1. Apply "double-ACK" workaround for all revision of 5721 chips
Problem:
BCM 5721, revision A4, B1 or later ASIC will still require this workaround.
Cause:
In the previous version (pre 6.05), the workaround for a "double-ack"
ASIC problem only applies to revision A0, A1, A2 and A3. After consulted
with the ASIC team, this workaround will be needed for all revisions.
Fix:
Change the code so that the "double-ack" workaround applies to all
revisions.
2. Added new support for Flash ST M45PE80 part
Enhancement:
Added new support for Flash ST M45PE80 part for VPD write routine.
M45PE80 uses M25P10-A pin straps.
[SO,SI,CS,SCLK] = 1110
SO - internal pull-up, no need to pull-down
SI - internal pull-down, need to pull-up
CS - internal pull-down, need to pull-up
SCLK - internal pull-down, no need to pull-up.
3. Enhanced the reliability of PXE load service.
Problem:
As a result of code review, there is a place in the firmware code logic
where on a system with the NIC's PXE enabled, and if the Driver/Firmware
hand-shake went out-of-sync for some unknown reasons, the firmware will
halt itself in order to avoid h/w access conflicts between the f/w and the Driver.
With PXE enabled, When the system starts, the "bootcode" will advertise
the existence of the "optional ROM", however, after firmware halts itself,
if the system attempt to access the expansion ROM data, it will get garbage
and could potentially have bad effect to the system.
Although the "driver and firmware handshake" should never go out-of-sync,
but on the safe side, the code logic should be modified.
Cause:
Found potential code logic problem during code-review.
Fix:
Instead of halting the CPU, the firmware is modified to continue servicing the
system inquiry for the expansion ROM data.
4. Workaround for a "driver/firmware handshake bug.
Problem:
Customer reported after the NDIS driver went into Hibernate state, when pressing
the power button to wake up the system, the IPMI PT stop functioning all the way
until the Windows driver is loaded.
Cause:
On Windows Device Driver v7.73 and prior. When Windows goes into hibernate, the
Driver erroneously deposit an extra "reset signature". Later, when the system
resumes, that extra "reset signature" causes firmware to misinterpret the reset
state, and halt-itself, hence the IPMI PT service stops. When the Windows Driver
is loaded, the driver issues a chip reset (GRC RESET), the firmware restarts and
begin to function normally.
This problem was investigated, and the "extra reset" occurs in both Hibernation and
Standby mode, but due to the resume from Hibernation take a longer time, so the IPMI PT
service interruption is more visible, compared to resume from standby.
Note: because of this bug in the Driver it leads to the discovery of problem #4 above.
Workaround:
The firmware monitors the chip's "Power state", when VMain goes off, the firmware
will clear the "reset signature". This workaround ensure the removal of the extra
"reset signature" that was erroneously left by the faulty Windows Device Driver.
5. When using "0xdeaddead" to disable the NIC, the LED could be left on
Problem:
In the last release, a new feature was added to allow system to disable the NIC using
a special "0xdeaddead" signature command. When using this special mechanism to shutdown
the chip, some times the LED could still be ON.
Cause:
In the previous release, the chip was shutdown as soon as the firmware sees the special
shutdown signature command, without consideration of the LED state. If the shutdown was invoked
when the LED was at a ON state, the chip was shut down with the LED left ON,
which is not desirable.
Fix:
Forced LED to be turned off before shutdown the chip.
-----------------------------
Version 6.09 (April 26, 2004)
-----------------------------
1. Added disabling device feature
Enhancement:
Some customer requested a mechanism to (a) disable the NIC via software control and
(b) the NIC will consume lowest possible power when disabled.
A mechanism is provided to the host by writing a hex value of 0xdeaddead into NIC's
shared memory at location 0xb50 prior to NIC reset. The bootcode is implemented to
continuesly monitor this special hex value, if detected, the bootcode will disable the
NIC device on the PCI bus, which causes the NIC to become invisible to the Host in the
subsequent PCI bus scan.
Furthermore, before the bootcode disables the device, the firmware will program the device
to a lowest possible power consumption level to save system's power supply.
To disable the device (from HOST), write a hex value 0xdeaddead to shared memory location
0xb50 (use pci config cycle, memory access).
A subsequent "hard reset" to the NIC, such as "PCI Reset" or "Power On Reset" without
writing the hex value 0xdeaddead will cause the NIC to resume its normal operation.
Impact:
This change only affect PCI-E devices (5751, 5751m, and 5721).
-----------------------------
Version 6.08 (April 26, 2004) (Internal Release)
-----------------------------
Module Checksum
------ --------
INIT 94457E49
CPUA 921DAD9D
CPUB D478D090
Fixes:
======
1. Problem:
Disabling the "Wake on ARP or RMCP Traffic" ASF configuration option
had no effect. The firmware would always behave as though this option
were enabled.
Cause:
Erroneous syntax in checking of ASF_ENABLE_WOL "enable flag".
Change:
Fixed syntax for checking ASF_ENABLE_WOL bit in AsfGui.enableFlags.
Version 6.07 (April 23, 2004)
-----------------------------
Module Checksum
------ --------
INIT 3B37CF30
CPUA C3A92EBE
CPUB A7750A69
Fixes:
======
1. Change: (CQ 9365)
Implemented a better work-around for this issue, as discovered during
simulation.
Version 6.06 (April 21, 2004)
-----------------------------
Module Checksum
------ --------
INIT C5E3B036
CPUA 01A84B4B
CPUB E096249B
Fixes:
======
1. Problem: (CQ 9685)
When attempting to authenticate a secure management session while
in low-power (S5) mode, ASF firmware would lock-up (no longer
responding to RMCP packets or transmitting PET packets).
Cause:
5751 PCI-E LOM systems that tie the LPC Bus Reset (LRESET#) to PCI-E
Reset (PERST#), would disable the Broadsafe/TPM block when in low-
power mode. The Broadsafe/TPM block is used for random number
generation as part of the ASF 2.0 RAKP authentication sequence.
Change:
Use software-generated random number when in low-power mode
(for chip revs < B0). A high-resolution hardware timer is used to
seed the random number generator to provide adequate security.
2. Problem:
Under a couple of circumstances, an RAKP MSG2 response packet could
contain the client's session-ID in the "management console session-ID"
field.
Change:
If the management console session-ID cannot be determined, then the
by-pass session-ID (0) is used.
3. Problem:
If an management console included a boot options structure longer
than 11 bytes in a remote control message (i.e. Reset, Power-Up, or
Power-Reset), the additional bytes (beyond 11) would not be passed
to the system firmware over the SMBus.
Change:
Support boot options > 11 bytes in length (per ASF specification
section 3.2.4.1).
Enhancements:
=============
1. Change:
If for some reason the Broadsafe/TPM core clock has been disabled,
an RAKP MSG2 response packet will return an "insufficient resources"
status, rather than lock-up the firmware trying to access the
Broadsafe registers to generate a random number.
2. Change:
Code-size reduction by optimization, clean-up (elimination of
unnecessary code) and reusing functions in the "init" portion of the
firmware.
Version 6.05 (Internal Release)
-------------------------------
Fixes:
1. Fixed non-ACPI compliance OS shutdown problem
Problem:
From non-ACPI compliance OS, such as, Linux, a un-gracefully
system shutdown can cause ASF firmware to stop working.
Cause:
In a un-gracefully system shutdown, the OS Driver did not have
a chance to properly stop the hardware state machine nor inform
the firmware that the OS Driver is unloaded, as a result, after
main power goes away, the hardware and firmware still operating
under OS present mode, and causes the hardware and firmware to
have unexpected behavior, including stopped ASF function.
Fix:
Add Firmware logic to monitor main power state. When the main
power goes off while in OS Preset mode, the firmware will generate
a GRC reset to restart the hardware and firmware.
2. Fixed WoL problem
Problem:
With multiple WoL packet comes in, PME signal will be reasserted
and cause system not able to power down.
Cause:
After system is waking up from WoL, BIOS will clear PME status.
However, since ASF firmware will re-initialize WoL upon reset, when
new WoL packet arrives, the hardware will re-assert PME single again
after BIOS clear the status.
Fix:
Changed IPMI firmware to initialize WoL configuration only when there
is no main power.
Impact:
This fix will also make WoL to work under DOS shutdown.
3. Skipped the LED mode initialization
Problem:
Customer's LED mode setting was destroyed.
Cause:
The code was unconditionally set LED mode to phy1 mode. NVRAM setting
was ignored.
Fix:
Since bootcode will initialize LED mode correctly. The LED mode
initialization should not be done in ASF/IPMI code.
4. Fixed ASF Boot Option problem
Problem: (CQ9761) After an adapter reset, an SMBus query of the stored
ASF Boot Options would always result in a response of
"No boot options", even if RMCP boot options were previously
received and stored by the ASF firmware.
Change:
Eliminated local variable ("BootOptionsValid") stored in
volatile memory. Using BootOptions magic number in ASF
"Saved State" structure instead, which is retained between
adapter resets.
Impact:
Remote Control commands (e.g. RMCP Reset) with specified
boot options should now work on systems with supporting BIOSes.
5. Applied workaround for 100 half duplex problem
Problem:
System locks if link is connected to 100 half duplex when OS present.
Cause:
When there is collision, it can cause transmit buffer to buffer up
data. Hardware generate different ACK signals from two different
state machine block. When there is data in buffer, it cause hardware
to increase time gap between those two acknowledges. If host does any
register read between those ACKs, it will cause system to lock.
Workaround:
Poll for buffer empty before transmit data.
Impact:
This bug should be fixed in ASIC rev A4 or later. Therefore,
The workaround only applies to A0-A3 and B0.
6. Changed workaround for version 6.03 item 1.
Problem:
There is an alternate and simple way to workaround this issue.
In addition, with previous workaround, there is a chance that it
may cause problem when OS and firmware is out of sync.
New workaround:
Instead of freeing buffer from firmware, we change the buffer status
to invalid buffer and let hardware to free the buffer.
Version 6.04 (February 26, 2004)
--------------------------------
Fixes:
======
1. Problem: Receiving an RMCP remote control command (e.g. reset),
the firmware would look for control data in the ASF_RCTL
table with a function number matching the RMCP msg type
(e.g. 0x10-0x13) rather than the control function number
defined in section 4.1.2.5 of the ASF specification
(e.g. 0x00-0x03), and send an SMBus command with the
incorrect function number.
Change: Map the RMCP remote control msg type to the appropriate
RCTL control function number.
Impact: RMCP remote control commands can now work as documented.
2. Problem: When sending RCTL function messages over SMBus, all 8-bits
of the configured Device Address were used as the target
SMBus address. If an odd address was configured in the
ASF_RCTL table (bit 0 represents the inclusion of PEC in the
SMBus message or not), this would cause an SMBus message to
be sent to an invalid address.
Change: Only use bits 7:1 in the ASF_RCTL control data device address
field for the target SMBus address as defined in section
4.1.2.5 of the ASF specification.
Impact: Odd Device Addresses in the RCTL control data table should
now work as documented.
3. Problem: Support for remote control commands (e.g. reset) was only
implemented for secure (ASF 2.0) sessions.
Change: Support remote control commands in both secure and non-secure
ASF 2.0 sessions as well as non-secure ASF 1.0 sessions based
on configured RMCP system capabilities bit mask.
Impact: Must have the appropriate bits set in the configured RMCP
system capabilities bit mask to enable specific remote control
commands.
4. Problem: Only the upper 4-bits of the configured RMCP system
capabilities bit mask were being used to determine support for
remote control commands (e.g. reset).
Change: Use the low 4-bits of the configured RMCP system capabilities
bit mask to determine if support for a specific secure remote
control command is only supported via secure (authenticated)
ASF 2.0 sessions.
Impact: Must configure RMCP system capabilities bit mask (ASF_RMCP
RemoteControlCapabilities byte offset 6) per the table
describing the System Capabilities Bit Mask in section 3.2.4.4
of the ASF 2.0 specification.
Enhancements:
=============
1. Change: Added configurable secure session time-out parameter. The
value stored in this parameter determines the number of
seconds of ASF 2.0 authenticated-session inactivity before
the session ID may be re-used for a new open session
request. This value was previously hard-coded to 5 minutes
(300 seconds).
Impact: You must use b57diag v7.21 or later to configure this
parameter. The size of the ASF configuration table was
changed and only b57diag v7.21 or later will handle the
size change correctly. If this value is configured to 0
(seconds), a default value of 300 seconds is used.
2. Change: The MIPS instruction cache is now enabled and posted-writes
are now enabled if the chip is rev A1 or later.
Impact: Slight performance improvement.
3. Change: ASF 1.0 compatibility can now be optionally disabled.
Impact: RMCP messages sent to the ASF 1.0 "compatibility port"
will be ignored if both this option and secure RMCP
support are enabled. This option is ignored if secure RMCP
support is disabled. b57diag v7.21 or later is required
to make this configuration change (on the "asfcfg" Secure
RMCP sub-menu). The default behavior is with ASF 1.0
compatibility enabled.
4. Change: Chip-bug (CQ 9365) work-around disabled if using chip revs
after A1.
Impact: Work-around has potential performance impact, so we may see
slight performance improvement with non-A0/A1 chips.
Version 6.03 (February 23, 2004)
--------------------------------
Fixes:
======
1. Problem: (CQ 9365)
When stressing ASF firmware with RMCP traffic while
simultaneously stressing host device driver with TCP
traffic, adapter could stop receiving until reset.
Cause: Race condition in chip's RxMbuf free logic.
Change: Firmware work-around by polling buffer manager hardware
diagnostic register 3 until it contains the descriptor
of the RxMbuf chain the ASF firmware is about to free.
Impact: Under heavy loads, there may be a throttle on the receive
rate of RMCP packets.
2. Problem: (CQ 9322)
When stressing ASF firmware with RMCP traffic while having
PET Heartbeat transmits enabled, transmitted RMCP ACK or
response packets could be corrupted.
Cause: Transmits of PET packets during interrupt time could corrupt
RMCP ACK or response packets since they share the same
transmit packet buffer.
Change: Fixed by disabling interrupts during receive packet event.
Impact: None.
3. Problem: (CQ 9336)
When using an ASF configuration program to modify the security
keys in the ASF configuration table, if such program wrote the
key lengths in little-endian byte order, a subsequent
authentication attempt would cause the ASF firmware to halt
or return erroneous status codes (e.g. 0x01 - insufficient
resources).
Cause: A key size larger than the key buffer (20 bytes) could corrupt
the firmware code space. A little-endian key size of a valid
length would be interpreted by the firmware (in big-endian
byte order) as a very large number and exceed the bounds of
the allocated key buffer.
Change: Key sizes are now validated during ASF firmware initialization.
Key sizes exceeding the maximum are automatically truncated.
Impact: A wrong-endian key size will most likely just cause any
authentication attempts to silently fail, but the firmware will
continue to execute.
4. Problem: Creating 2 secure sessions, one immediately after the other,
with no other RMCP traffic in-between, would cause the first
session ID to be re-allocated for the second session.
Creating a 3rd session with no other RMCP traffic in-between
would re-use the same session ID, and so on.
Cause: When creating a new secure session, the "last active" time
stamp value was initialized to 0 and would not be set to a
valid time stamp value until an RMCP command was received
from the management console. With a "last active" time stamp
of 0, any new session requests would automatically timeout
this session ID and re-use it for the new session.
Change: When creating a new secure session, the "last active" time
stamp value is now initialized to the current time.
Impact: None.
Enhancements:
=============
1. Change: Removed support for intelligent ASF sensor and SMBus ARP
responses as these features are not yet supported.
Impact: Reduced code size by approximately 2 kilobytes.
Version 6.02 (January 27, 2004)
--------------------------------
Fixes:
======
1. Problem: (CQ 9264)
Corrupted receive Mbuf pool memory if ASF Heartbeat PET
transmission is enabled. Symptoms include: DMA engine
halting causing subsequent receives to fail, corrupted
packets, and system lock-ups.
Cause: ASF firmware interrupt service routine could corrupt an
embedded MIPS CPU register.
Change: Added NOP after JAL instruction in ASF ISR.
Impact: None.
Enhancements:
=============
1. Change: MIPS Data cache was not enabled after OS-present resets.
Impact: ASF code should execute faster (same as v6.00).
2. Change: Removed BCM5702FE support.
Impact: None.
Version 6.01 (January 21, 2004)
--------------------------------
Fixes:
======
1. Problem: (CQ 9062)
Secure destructive RMCP commands caused ASF firmware to stop
responding to secure RMCP packets. This problem only occurred
with RMCP commands that use the "Boot Options" field, which
includes all destructive RMCP commands except "Power Down".
Cause: ASF firmware code uses a pointer into the non-volatile ASF
saved states structure to store secure session information
(including the session integrity key used during secure packet
authentication). This pointer was pointing to the wrong
location in the structure which would conflict with other
elements in the structure, namely the boot options, which would
be updated whenever any destructive RMCP commands were received,
thus overwriting a portion of the session integrity key causing
subsequent secure commands to fail authentication.
Change: Changed the secure session saved state pointer to the proper
offset into the ASF saved states structure.
Impact: None.
2. Problem: Boot option updates caused by SMBus or specific RMCP commands
(e.g. "Power Up") would corrupt ASF saved state table.
Cause: All boot option array offsets used were "off by one",
overwriting the first byte of next element in the ASF saved
states structure.
Change: Fixed "boot options" array offsets.
Impact: None.
3. Problem: (CQ 9155)
An adapter reset would cause any existing secure RMCP sessions
to subsequently fail (secure RMCP packets are unanswered).
Cause: ASF firmware was re-initializing the ASF saved states structure
to zero upon any OS-absent reset (assuming initial power-up).
Change: This has been fixed by checking for a signature in the saved
states structure which will not exist if the structure
has not been initialized at least once.
Impact: Existing saved state structures stored in the static memory
will be re-initialized by this new version since it will be
missing the required signature.
4. Problem: (CQ 9184) and (CQ 9207)
Exclusive to BCM5751 (PCI-E), adapter would lose Ethernet link
status when device driver was loaded with ASF firmware already
running.
Cause: Race conditions in driver/firmware handshaking causing driver
initialization to step on ASF initialization. This race
condition occurs on BCM5751 because the A0 rev requires a 300ms
delay in the driver after GRC and before initialization. During
this period ASF may be loaded and begin initialization.
Change: ASF firmware now waits (up to 3 seconds) for a "driver
initialization done" flag to be set by the driver in shared
memory, signaling to the firmware that the driver has completed
initialization (or uninitialization) and the firmware may
continue without risk of conflict. The MIPS data cache must be
disabled to see the immediate change to the shared memory. The
MIPS data cache is now enabled later in the ASF initialization.
Impact: When used in combination with device drivers that do not
implement this new handshaking method, a 3 second delay can be
expected during ASF initialization.
5. Problem: (CQ 9038)
If ASF is enabled but not configured, the System IP and
Management Console IP addresses will be 0.0.0.0.
Cause: The ASF code didn't check if the System IP and Management
Console addresses are valid before generating ARP requests for
the Management Console MAC address.
Change: ASF will no longer send ARP requests if the Management Console
IP address is not configured (i.e. 0.0.0.0).
Impact: None.
Enhancements:
=============
1. Request: Use different ASF firmware filenames for BCM575x adapters.
Change: ASF firmware for BCM575x now uses the following filenames:
ASFE5xI.BIN
ASFE5xA.BIN
ASFE5xB.BIN
Impact: You must use b57diag v7.16 or later to update the ASF firmware
for a BCM575x adapter.
2. Change: Active secure session's "last activity" timer value is
initialized upon reset, preventing premature session time-out
due to reset.
Impact: Creating a new session after an adapter reset should no longer
overwrite an existing session that has not actually been
inactive longer than the maximum inactivity period (5 minutes).
3. Change: ASF no longer attempts to transmit ARP requests or PET HeartBeat
packets if there is no Ethernet link.
Worked-around race condition during initialization on BCM5751
(CQ 9184), left in place since it's the logical thing to do.
Impact: None.
Version 6.00 (December 15, 2003)
--------------------------------
Initial release. See readme.txt for documentation.
Fixes:
======
None.
Enhancements:
=============
None.
/* End of File */
Download Driver Pack
After your driver has been downloaded, follow these simple steps to install it.
Expand the archive file (if the download file is in zip or rar format).
If the expanded file has an .exe extension, double click it and follow the installation instructions.
Otherwise, open Device Manager by right-clicking the Start menu and selecting Device Manager.
Find the device and model you want to update in the device list.
Double-click on it to open the Properties dialog box.
From the Properties dialog box, select the Driver tab.
Click the Update Driver button, then follow the instructions.
Very important: You must reboot your system to ensure that any driver updates have taken effect.
For more help, visit our Driver Support section for step-by-step videos on how to install drivers for every file type.