Server Products
Data Center Products including boards, integrated systems, Intel® Xeon® Processors, RAID Storage, and Intel® Xeon® Processors
4761 Discussions

BIOS update SE5C610.86B.01.01.0028 don't support AES-NI?"

User1585051830145643
2,050 Views

BIOS update SE5C610.86B.01.01.0028 don't support AES-NI?"

I have Xeon E5-2630 and BIOS version SE5C610.86B.01.01.0024.021320181901 where AES is enabled but the other machine where 

SE5C610.86B.01.01.0028.121720182203 AES is not enabled ,

Is the latest verison not supporting AES , I checked processor E5-2630 supports it

 

0 Kudos
1 Solution
JoseH_Intel
Moderator
1,825 Views

Hello User15850518301456433508,

 

Thanks very much for your patience regarding this issue. We already received an answer from our engineering team letting us the following:

 

BIOS release R0024 which has BMC Firmware: 01.51.11142 has been tested and found that only "None" and "Stunnel" are the options listed for encryption.

 

AES and RC4 have been removed in an earlier FW package (R0021)

All currently available FW packaged available online have this implemented.

 

There is a chance that you are still seeing the option because of a browser cookie issue that could be holding those options. For this matter please proceed to clear the browser cookies, even trying with a new browser never used before could be a good test here.

 

The following is the section of the release notes which talks about this fix/change: AES removed_Release notes

 

AES removed_Release notes.jpg

 

Regards

 

Jose A.

Intel Customer Support

 

View solution in original post

13 Replies
JoseH_Intel
Moderator
1,825 Views

Hello User15850518301456433508,

 

Thank you for joining the community

 

AES-NI is part of the security features for the Xeon processors. Could you tell what exact server board are you using? This same BIOS version you specify applies for 4 different server boards families: S2600WT Family, S2600KP Family, S2600TP Family, S2600CW Family. Also please attach a screenshot of any of your systems running BIOS v0024, so we can see the AES option.

 

We will look forward for your updates

 

Regards

 

Jose A.

Intel Customer Support

0 Kudos
User1585051830145643
1,825 Views

kvm.jpgActually cpuid command show aes flag for local Linux Os 

Once I open IPMI ,I am not able to see AES-128/256 under Remote session> KVM encryption

 

Product Name : S2600WTTR

Version :Intel(R) Xeon(R) CPU E5-2630 v4 @ 2.20GHz

Actually cpuid command show aes flag for local Linux Os 

Once I open IPMI ,I am not able to see AES-128/256 under Remote session> KVM encryption

IPMI system Information:

Remote Management Module key : Installed Device (BMC) Available : Yes

BMC FW Build Time : 2019-03-26 17:58:32

BIOS ID : SE5C610.86B.01.01.0028.121720182203

BMC FW Rev : 1.56.11315

Boot FW Rev : 1.07

SDR Package Version : SDR Package 1.18

Mgmt Engine (ME) FW Rev : 03.01.03.051

 

0 Kudos
JoseH_Intel
Moderator
1,825 Views

Hello User15850518301456433508,

 

Thanks for the updates. Could you tell if you are using the older java runtime environment console that downloads the JNLP file or the iKVM that runs over HTML5?

 

In the RMM4 user guide table 20, states the 3 KVM encryption modes Stunnel, RC4 or AES are available for the S1200V3RP product family mainly.

 

Will wait for your feedback

 

Regards

 

Jose A.

Intel Customer Support

0 Kudos
User1585051830145643
1,825 Views

To monitor and control the server remotely , we use JNLP to launch console from Console Redirection.

 

 

0 Kudos
JoseH_Intel
Moderator
1,825 Views

Hello User15850518301456433508,

 

Thanks for the updates, we will research a bit on this. Will let you know as soon as we have any info

 

Regards

 

Jose A.

Intel Customer Support

0 Kudos
JoseH_Intel
Moderator
1,825 Views

Hello User15850518301456433508,

 

After our research and consulting with our engineering team we found out that the options you are seeing are normal. AES and RC4 algorithms have been removed from KVM encryption as well as SSL, in the latest BMC update releases.

 

In regards to AES-NI is an instruction set supported in Processors to accelerate encryptions. This is different from the KVM encryption situation.

 

Regards

 

Jose A.

Intel Customer Support

0 Kudos
User1585051830145643
1,825 Views

Thanks for your support. Can you please provide link/document where these new changes are mentioned for our reference .

 

0 Kudos
JoseH_Intel
Moderator
1,825 Views

Hello User15850518301456433508,

 

I will double check if such document is available. Take into consideration that sometime this kind of information requires a Non-Disclosure Agreement with Intel. Will let you know as soon as I have any updates.

 

Regards

 

Jose A.

Intel Customer Support

0 Kudos
JoseH_Intel
Moderator
1,825 Views

Hello User15850518301456433508,

 

We found that AES and RC4 options were removed from KVM encryption options in a prior BIOS version but we see that you have mentioned AES is present in BIOS version R0024 (SE5C610.86B.01.01.0024.021320181901). We would like to clarify if you are referring to

1) KVM encryption options in BMC webconsole page here

2) or is it the AES-NI instruction set support for processors.

Please clarify. Could you also send us a screenshot of the "System information" page after logging into BMC webconsole of the system where you see all 4 options in KVM encryption section. This is to confirm the BIOS and BMC version.

 

Regards

 

Jose A.

Intel Customer Support

 

0 Kudos
User1585051830145643
1,825 Views

1) KVM encryption options in BMC webconsole page here PFA

0 Kudos
JoseH_Intel
Moderator
1,825 Views

Hello User15850518301456433508,

 

Thanks for the update. Let me pass this on to our engineering team. I will keep you posted.

 

Regards

 

Jose A.

Intel Customer Support

0 Kudos
JoseH_Intel
Moderator
1,826 Views

Hello User15850518301456433508,

 

Thanks very much for your patience regarding this issue. We already received an answer from our engineering team letting us the following:

 

BIOS release R0024 which has BMC Firmware: 01.51.11142 has been tested and found that only "None" and "Stunnel" are the options listed for encryption.

 

AES and RC4 have been removed in an earlier FW package (R0021)

All currently available FW packaged available online have this implemented.

 

There is a chance that you are still seeing the option because of a browser cookie issue that could be holding those options. For this matter please proceed to clear the browser cookies, even trying with a new browser never used before could be a good test here.

 

The following is the section of the release notes which talks about this fix/change: AES removed_Release notes

 

AES removed_Release notes.jpg

 

Regards

 

Jose A.

Intel Customer Support

 

User1585051830145643
1,825 Views

Thanks very much for update and excellent  support to resolve query

0 Kudos
Reply