IBM Spectre and Meltdown security
update on IBM Power Systems
With the Spectre and Meltdown security vulnerabilities fading from the news, IBM has announced new i5/OS PTFs and firmware updates for the IBM Power Systems. Companies are already asking about status of Spectre and Meltdown vulnerabilities in audit report questionnaires. This document will attempt to point iSeries administrators and management to IBM i5/OS PTFs and Power firmware updates.
- IBM will only support current IBM i5/OS releases 7.1, 7.2, and 7.3. Future i5/OS updates will also be supported.
- IBM will only support Power 7, Power 8, and Power 9 systems with firmware updates. Older Power 4,5, and 6 systems will not be supported by firmware updates.
Since the announcement of the Spectre Meltdown security vulnerabilities on Power systems in January of 2018, IBM has added i5/OS PTFs and firmware updates. As time goes along these PTFs will change, so please check the IBM website for updates.
IBM i PTFs for i5/OS for Spectre and Meltdown Vulnerabilities
http://www-01.ibm.com/support/docview.wss?uid=nas8N1022433
As of March 14th, 2018, order the following PTFs on the IBM Fix Central “Identify fixes” page under Individual Fix IDs. Just copy and paste the PTF list below. Fix Central will generate a PTF iso file that can be loaded on each system or LPAR.
IBM i5/OS PTFs can be downloaded from IBM Fix Central website. An IBM account is required.
https://www.ibm.com/support/fixcentral/
V7R1:
MF64553,MF64571,MF99011,MF64599,MF64602,MF64603,MF64604,MF64609,MF64612,MF64615,
MF64616,MF64617,MF64618,MF64619,MF64620,MF64698,MF64699
V7R2:
MF99108,MF64696,MF64697,MF64598,MF64601,MF64607,MF64611,MF64614,MF64565,MF64552
V7R3:
MF64694,MF64695,MF99204,MF64597,MF64600,MF64605,MF64610,MF64613,MF64568,MF64551
PTF maintenance is very important and it is recommended that PTFs are updated at least every six months. Before installing the Spectre Meltdown PTFs, update the CUME, Group, and Hyper PTFs to the latest levels.
Many of the i5/OS PTFs will require an IPL to install and each system or LPAR must be updated individually.
IBM Power Systems Firmware Update for Spectre and Meltdown Vulnerabilities
http://www-01.ibm.com/support/docview.wss?uid=isg3T1026811
Match system machine type and model to specific firmware update.
Example: IBM Power 720 Express (8202-E4D) – install FW770.92 (01AL770_122_032, 01AM770_122_032)
The firmware updates can also be downloaded from IBM Fix Central
https://www.ibm.com/support/fixcentral/
Firmware updates can be installed from the HMC, if one is present, or as a PTF if using a LAN Console. Complete system outages are required for firmware updates.
Websites of Interest for the Spectre and Meltdown Vulnerabilities on Power Systems
IBM PSIRT Blog:
Linux OS patches are available thru Linux distribution partners:
- Red Hat: https://access.redhat.com/security/vulnerabilities/speculativeexecution
- SUSE: https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/
- Ubuntu: https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown
AIX OS patches and readme file:
