Operational Defect Database
BugZero found this defect 3841 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
Hewlett Packard Enterprise | c04013831
CUSTOMER ADVISORY: HP B-series SAN Switches - Encryption Switch and HP Encryption FC Blade May Incorrectly Decrypt Data When a Bit Error is not Detected
Last update date:
2/28/2024
Affected products:
HPE B-series Encryption Option
HPE Encryption SAN Switch
HPE Storage SAN Director Switch
Affected releases:
No affected releases provided.
Fixed releases:
No fixed releases provided.
Description:
Info
An issue has been identified within the HP B-series Encryption SAN Switch and DC Switch Encryption Fibre Channel (FC) Blade, running Fabric OS versions prior to 6.4.3e/7.0.2d/7.1.0, where one or more bit errors in lookup memory are not detected properly. This condition may result in certain bytes of the data frame being decrypted incorrectly rather than being dropped. If the ROM inside the Field Programmable Gate Array (FPGA) used by the Advanced Encryption Standard (AES) engine for memory lookups encounters a bit error, data frames may be wrongly decrypted. The likelihood of this occurring is rare and is generally detected by the host operating system and application. Upgrading to the new version of Fabric OS addresses this issue by providing additional integrity checking in the AES engine with identifiable log messages generated in case a bit error should be encountered. This issue only affects units that are configured as part of an Encryption Group, and has only been seen on the decryption path during data read operations. The likelihood of running into this issue is rare and has not been recreated in a lab environment under stress test conditions, including extended periods of heavy load using multiple I/O profiles. There is no mechanism from within the HP Encryption SAN Switch or DC Switch Encryption FC Blade to detect the exposure of this issue.
Scope
HP B-series Encryption SAN Switches and DC Switch Encryption Fibre Channel (FC) Blades are affected by this advisory.
Resolution
Fabric OS v6.4.3e/v7.0.2d/v7.1.0 and later have added parity protection of lookup memory used by the AES engine. This parity protection ensures that a FATAL error interrupt is generated upon encountering the lookup memory bit error, and the HP Encryption SAN Switch and DC Switch Encryption FC Blade will be faulted with the following RASLog message: [EM-1034], 7856906/7482155, CHASSIS, ERROR, BS3ES00, Switch set to faulty, rc=20015., OID:0x43000000, em_board_lib.c, line: 1673, comp:emd, HP recommends users concerned with the defined situation to upgrade the HP Encryption SAN Switch or director chassis containing a DC Switch Encryption FC Blade at the earliest opportunity. Users encountering a faulted HP Encryption SAN Switch or DC Backbone Switch Encryption FC Blade when running one of the newer Fabric OS versions should contact HP support to determine the cause of the fault. HP support will request users to collect a SupportSave for reference, then power cycle the HP Encryption SAN Switch or perform a slotpoweroff/slotpoweron on the DC Backbone Switch Encryption Fibre Channel Blade to reinitialize the ROM. Should the error and RASLog message continue to occur following a power cycle, contact HP to arrange for a replacement hardware unit per the hardware warranty or customer’s support contract. Workaround If data inconsistency is detected by the host operating system and/or application, HP recommends the following recovery steps: Collect a Support Save (SS) for reference use by HP support. Power cycle the HP Encryption SAN Switch or perform a slotpoweroff/slotpoweron on the DC Switch Encryption FC Blade to reinitialize the ROM. HP recommends upgrading the HP Encryption SAN Switch or director chassis containing a DC Switch Encryption FC Blade to Fabric OS v6.4.3e/v7.0.2d/v7.1.0 or later at the soonest opportunity to gain additional checking in the AES engine and additional log message generation for issue identification and isolation. Proactive Updates Receive support alerts (such as Customer Advisories), driver updates, software, firmware, and customer replaceable components, in your e-mail through HP Subscriber's Choice. Sign up for Subscriber's Choice Driver, Patch, Security, and Support alerts at the following URL: http://www.hp.com/go/myadvisory
