uefi_firmware_intel_xeon_e5_family_based_servers_v1.01.pdf

UEFI Compliant Firmware on IBM System x® and BladeCenter® ServersAddendum for Intel Xeon E5 family of servers

FOBIBMu

Introducing UEFI-Compliant Firmware on IBM System x andBladeCenter Servers

Addendum for Intel Xeon E5 family of servers

Sumeet Kochar,Chuck Bauman,Michael Turner,Mehul Shah,Randy Murphy,Chris P Karamatas,John R Encizo,With System x UEFI/BIOS Development TeamIBM Systems and Technology Group


Page 2

Executive overviewThis paper introduces and describes key features of the Unified Extensible Firmware Interface (UEFI)firmware in IBM® System x® and BladeCenter® servers based on the Intel Xeon E5 family. This paperdoes not replace the original System x UEFI white paper(http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5083207) but highlights the valueproposition of this third generation of System x UEFI-based servers.

Family

Numberofsockets Platform Core name

Sockettype

Machine Type and Model

Xeon E5-2400 2 Romley-EN Sandy Bridge-EN Socket B2 x3530 M4 7158x3630 M4 7160

IBI IBM Flex System x220*7906, 2585

HS23E 8038, 8039

Xeon E5-2600 2 Romley-EP/ Romley-WS

Sandy Bridge-EP Socket R HS23*

x3550 M47914x3650 M47915x3500 M47383

IBM Flex System x240*8737, 8738

dx360 M47918, 7919, 7912, 7913

Xeon E5-4600 4 Romley-EP4S

Sandy Bridge-EP4S

Socket R x3750 M4 8722, 8733*

* Note: Optimized boot feature is supported in initial firmware level. Other systems will get it in their firstlifecycle UEFI firmware update.


Page 3

Overview of IBM UEFI firmwareThe UEFI firmware in the IBM Intel Xeon E5 basedservers is based on the latest UEFI 2.3 compliantfirmware. This next-generation firmware enables morecross-brand commonality, improved power and systemsmanagement, reliability and predictive faulttechnologies, and operating-system deployment options.IBM was the first adopter of UEFI in the x86 high-volume and high-end scalable server space. At the timeof writing of this paper, more than one million IBM UEFI-based servers have been deployed. This family ofservers is the third generation of UEFI-based x86servers from IBM.

The UEFI firmware (like BIOS) is primarily responsible for initializing the essential system hardware (suchas memory, microprocessors, and PCI buses), publishing operating-system-required data structures andfunctions, initializing boot devices, and handing off control (booting) to an operating-system boot loader.

This third-generation IBM UEFI firmware has many features that go well beyond the basic requirements ofUEFI-compliant firmware and are a result of direct customer input and experience that IBM has gainedfrom developing scaled servers that are based on Intel EN, EP, and EX platforms over the first twogenerations.

IBM has focused on the following key areas:

Boot and deployment time improvements Configuration management and F1 Setup utility Energy efficiency Advanced reliability, availability, and serviceability (RAS) Security Virtualization


Page 4

Boot and deployment time improvementsThe firmware stack has been redesigned to optimize the performance of many system-board and devicedrivers. The redesign improves boot times and enhances the customer experience through fasterdeployment of richer configurations than are available in previous-generation servers. New boot modechoices have been added to the F1 Setup utility to provide additional customization options that arebased on the capabilities of UEFI-enabled operating systems.

When the user selects Boot Manager from the main menu in the Setup utility, the following menu isdisplayed.

Note that there are also new headings and options within the Boot Manager providing further clarity andconfigurability and that various boot mode options can be set from the Boot Manager menu.


Page 5


Page 6

System Boot Modes

The default system boot mode is UEFI and Legacy, in which the system recognizes both UEFI-enabledoperating systems and legacy operating systems.

UEFI-enabled operating systems are preferable for the following reasons:

UEFI POST and all UEFI-enabled operating systems run in 64-bit mode to improve boot times.Legacy POST runs in 16-bit segmented mode, which uses only a subset of the system memory andrequires code overlays to fit in the smaller memory footprint.

UEFI boot supports richer system configurations. Legacy boot has the old PC architecture limitationson memory and option ROM space.

The UEFI standards provide a published interface to allow for interaction between the operatingsystem and the UEFI preboot firmware. For example, the operating system can automatically updatethe boot options through a published UEFI runtime interface. All major operating systems supportUEFI now, and some operating-system vendors have indicated that future innovations will supportonly UEFI.

UEFI supports more granular boot target selections instead of generic boot-device selections (suchas CD-ROM and Hard Disk 0). UEFI supports larger (greater than 2.2 TB) bootable partitions, using aGUID partition table instead of a master boot record.

If you choose to use a legacy operating system, for improved boot times, set the system boot mode toLegacy Only so that the system spends a minimum time in UEFI mode. The Legacy Only selection


Page 7

provides better boot performance than what is available in previous-generation servers, in which the userachieves similar functionality by adding ”Legacy Only” as the first entry in the boot list.

Optimized Boot

When the System Boot Mode is UEFI and Legacy or UEFI Only, POST searches all possible bootdevices for boot options. Optimized Boot improves boot time: POST remembers the boot device that wasused previously and performs an extensive handshake only with the UEFI driver of that device. WhenOptimized Boot is disabled, POST searches all possible boot devices on every boot. By default,Optimized Boot is enabled.

When Optimized Boot is enabled, you can override the boot device selection that POST remembers byusing the Setup utility (press F1 at startup) or by using the boot device list (press F12 at startup)..

You can disable Optimized Boot through the Setup utility or through the Advanced Setup Utility (ASU).


Page 8

Quiet Boot

Quiet Boot suppresses the display of a summary of the server configuration before the initial splashscreen is displayed. To display the summary of the server configuration, disable Quiet Boot.


Page 9

Driver Health Check

UEFI health check is a new feature in UEFI. A device driver that supports the Driver Health Protocol canreport its status during POST through UEFI health check. If a device driver returns a Not Healthy status,the Setup utility starts automatically for resolution through configuration menus that are provided by thedevice driver. The Driver Health Check examines the specified device drivers only during POST.


Page 10

Improvements in the F1 Setup utility

Many customer recommendations have been implemented to impove clarity and consistency in the Setuputility menus.

From the main menu in the Setup utility, you can now select options related to driver health and configurestorage,and network devices.

For example, the network and iSCSI configuration settings have been consolidated into a single Networkmenu. Many of these changes have been implemented in all System x products.


Page 11

Under System Settings, you can now view current driver health details of all corresponding devices, asshown in the following screenshot.


Page 12

Device configuration managementIBM Unified Configuration Manager (UCM) is a new feature that is being introduced with the Intel XeonE5 family of servers. It enables configuration of the base server and third-party optional devices with asingle tool. Future versions of the Advanced Settings Utility (ASU), IBM Systems Director, and othersystems-management tools will enable zero-touch in-band and out-of-band cloning, deployment, creationof configuration profiles, and direct management of preboot functionality. IBM is working with vendors toenable support for this.

Example: A customer uses ASU or IBM Systems Director to enable a zero-touch out-of-box automateddeployment of a large number of systems, including the roll out of an optional third-party adapter. Thecustomer configures the initial base system and any HII-compliant UCM-enabled adapter settings anddeploys them by using a single comprehensive out-of-band cloning operation.

System + (third-party) Optional Devices = A Unique Hardware Configuration Profile

IBM extensions to UEFI standards make managing unique configurations easier.

UEFI helps centralize and secure management of self-encrypting drives by enabling this feature for IBMTivoli® Key Lifecycle Manager, which provides a database for a centralized key repository. UEFI requeststhat the systems-management software help retrieve a key and passes the information onto the RAIDdevice driver to unlock the drive.


Page 13

Energy efficiencyUEFI system settings contain preset operating modes that are based on extensive workload andbenchmark testing to provide the best performance per watt. System x servers can also be configured foradditional power savings or power capping.

Power savings are automatically achieved by gating power to internal chip set functions that are not usedor by dynamically turning voltage regulator phases on and off according to system utilization. Additionalpower savings can be acheived by using the latest chip set and operating-system power saving featuresthat are based on Advanced Configuration and Power Interface (ACPI) standards and by disablingunused PCI onboard and optional devices. New features in the chip sets in the Intel Xeon E5 family ofservers include C7 CPU C-state and selective aggressiveness on Turbo Mode for better energyefficiency.

The systems can also be configured through the IBM Active Energy Manager feature so that the systemfirmware enforces a user-selected power cap to keep energy consumption by the data center within acustomer-allocated budget.

Advanced RAS

The Intel Xeon E5 family of servers brings new reliability, availability, and serviceability (RAS) featuresinto the System x enterprise class of servers. Advanced features that are available in some processorstock-keeping units (SKUs) improve server resilience by preventing the system from going down until adetected error is consumed. This is an improvement over previous processor SKUs, which allowed thesystem to fail immediately on the first observed error. In conjunction with other new chip set features, thisimprovement protects against propagation of errors that are detected early by marking data as poisoned.Disruption of server operation is prevented until a transaction attempts to consume the poisoned data, atwhich point the transaction is prevented and a fatal error is asserted. These features are combined withenhanced RAS algorithms to provide improved predictive failure events versus false early warnings thatare generated by some operating systems and applications.

In the unlikely event that a catastrophic failure occurs, the system firmware attempts to disable the devicethat failed, providing automatic system recovery. A data capture facility also exists for offline analysis andfuture error prevention. If any field replaceable unit (FRU) must be replaced as a result of an error, thesystem will automatically detect and enable the device replacement.

SecuritySystems-management components typically have extensive access to the managed system and cancause serious problems if they are not secured properly. Therefore, IBM has invested in hardware andSystem x firmware features to become a trusted system component to protect against software attacks.Both UEFI and the integrated management module (IMM) run Core Root of Trust Measurement (CRTM)code out of reset. The CRTM code protects itself by locking itself, using hardware features that preventany other software entity from updating the root of trust code.

UEFI CRTM measures all other firmware that runs during POST and stores these measurements in theform of a hash value in the trusted platform module (TPM) chip. An operating system can use thesemeasurements for hard disk and other encryption features, such as Windows BitLocker Drive Encryption.The IMM CRTM prevents non-genuine IMM firmware from running in the systems-management domain.

System x firmware accepts only signed updates for all the firmware components that it updates. Firmwarefor other components that are updated by the IMM, such as platform-unique Field Programmable Gate


Page 14

Array Logic (FPGA) code, can be updated by the IMM only when it is running its trusted code (CRTM)after a system reset.


Page 15

Virtualization

System x firmware (UEFI and IMM) enable the latest virtualization features by supporting System x serverconfigurations with virtualization-capable adapters. With large memory configurations, these features helpremove or reduce bottlenecks in a virtualized environment. In addition, Single Root I/O Virtualization (SR-IOV) technology allows for sharing PCI devices among multiple virtual machines (VMs) in a singlephysical server.


Page 16

SR-IOV technology combined with future Multi Root Aware (MRA) switches will support sharing PCIdevice resources among multiple physical servers that use Multi Root I/O Virtualization (MR-IOV)technology. This will reduce hardware costs by decreasing the number of switches that are required,avoid over-provisioning, and improve hardware utilization. The reduction in hardware will also help reducepower consumption in the data center.

-


Page 17

Useful links

Understanding UEFI and Tuning for PerformanceUnderstanding UEFI and Tuning for Performance - E5 Update

Features On Demandhttp://publib.boulder.ibm.com/infocenter/toolsctr/v1r0/index.jsp?topic=%2Fasu%2Fmj1nxmst35.html

Firmware Update Best Practices - IBM BladeCenter and System xhttp://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5082923

IBM ToolsCenter for System x and BladeCenterhttp://publib.boulder.ibm.com/infocenter/toolsctr/v1r0/index.jsp

IBM Systems Director Active Energy Managerhttp://publib.boulder.ibm.com/infocenter/director/v6r2x/topic/com.ibm.director.aem.helps.doc/frb0_aem4.3_docs_user.pdf

Security (IBM and Intel white paper)http://download.intel.com/technology/efi/SF09_EFIS001_UEFI_PI_TCG_White_Paper.pdf

System x Virtualization Strategyhttp://publib-b.boulder.ibm.com/abstracts/redp4480.html?Open

Stay informed about System x firmware updateshttp://www.ibm.com/supportportal/

IBM System x technical documentshttp://www-03.ibm.com/support/techdocs/atsmastr.nsf/Web/WP-ByProduct?OpenDocument&Start=1&Count=1000&Expand=21


Page 18

For More InformationIBM System x and xSeries Servers ibm.com/systems/x/IBM Rack Configurator ibm.com/systems/x/hardware/configtools.htmlIBM Configuration and Options Guide ibm.com/systems/xbc/cog/

Legal Information© IBM Corporation 2012

IBM Systems and Technology GroupDept. U2SA3039 Cornwallis RoadResearch Triangle Park, NC 27709

Produced in the USAJanuary 2012All rights reserved

For a copy of applicable product warranties, write to: WarrantyInformation, P.O. Box 12195, RTP, NC 27709, Attn: Dept.JDJA/B203. IBM makes no representation or warrantyregarding third-party products or services including thosedesignated as Server Proven or Cluster Proven. Telephonesupport may be subject to additional charges. For onsite labor,IBM will attempt to diagnose and resolve the problem remotelybefore sending a technician.

IBM, the IBM logo, and ibm.com are trademarks or registeredtrademarks of International Business Machines Corporation inthe United States, other countries, or both. If these and otherIBM trademarked terms are marked on their first occurrence inthis information with a trademark symbol (® or ™), thesesymbols indicate U.S. registered or common law trademarksowned by IBM at the time this information was published.Such trademarks may also be registered or common lawtrademarks in other countries. A current list of IBM trademarksis available on the Web at “Copyright and trademarkinformation” at http://ibm.com/legal/copytrade.shtml.

Intel, Intel Xeon, Itanium, and Pentium are trademarks orregistered trademarks of Intel Corporation or its subsidiaries inthe United States and other countries.

Linux is a registered trademark of Linus Torvalds in the UnitedStates, other countries, or both.

Microsoft, Windows, and Windows NT are trademarks ofMicrosoft Corporation in the United States, other countries, orboth.

Other company, product, or service names may betrademarks or service marks of others.

IBM reserves the right to change specifications or otherproduct information without notice. References in thispublication to IBM products or services do not imply that IBMintends to make them available in all countries in which IBMoperates. IBM PROVIDES THIS PUBLICATION “AS IS”WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSOR IMPLIED, INCLUDING THE IMPLIED WARRANTIES OF

MERCHANTABILITY AND FITNESS FOR A PARTICULARPURPOSE. Some jurisdictions do not allow disclaimer ofexpress or implied warranties in certain transactions;therefore, this statement may not apply to you.

This publication may contain links to third party sites that arenot under the control of or maintained by IBM. Access to anysuch third party site is at the user's own risk and IBM is notresponsible for the accuracy or reliability of any information,data, opinions, advice or statements made on these sites. IBMprovides these links merely as a convenience and theinclusion of such links does not imply an endorsement.

Information in this presentation concerning non-IBM productswas obtained from the suppliers of these products, publishedannouncement material or other publicly available sources.IBM has not tested these products and cannot confirm theaccuracy of performance, compatibility or any other claimsrelated to non-IBM products. Questions on the capabilities ofnon-IBM products should be addressed to the suppliers ofthose products.

MB, GB and TB = 1,000,000, 1,000,000,000 and1,000,000,000,000 bytes, respectively, when referring tostorage capacity. Accessible capacity is less; up to 3 GB isused in service partition. Actual storage capacity will varybased upon many factors and may be less than stated.

Performance is in Internal Throughput Rate (ITR) ratio basedon measurements and projections using standard IBMbenchmarks in a controlled environment. The actualthroughput that any user will experience will depend onconsiderations such as the amount of multiprogramming in theuser’s job stream, the I/O configuration, the storageconfiguration and the workload processed. Therefore, noassurance can be given that an individual user will achievethroughput improvements equivalent to the performance ratiosstated here.

Maximum internal hard disk and memory capacities mayrequire the replacement of any standard hard drives and/ormemory and the population of all hard disk bays and memoryslots with the largest currently supported drives available.When referring to variable speed CD-ROMs, CD-Rs, CD-RWsand DVDs, actual playback speed will vary and is often lessthan the maximum possible.

XSW02525-USEN-00

uefi_firmware_intel_xeon_e5_family_based_servers_v1.01.pdf

Documents

generation ibm uefi

ibm uefibased servers

generation of uefi

system deployment

generation firmware

ibm intel xeon e5 basedservers

adopter of uefi

latest uefi