Scribd Logo
Upload

Welcome to Scribd!

  • 425 views

    Spectre Meltdown Advisory

    Uploaded by

    frank lopez88
    The document discusses an issue where TwinCAT systems experience freezing or bluescreen errors when setting TwinCAT to RUN mode after installing "spectre/meltdown" OS patches. It provides two actions to address this: 1) Disable the "spectre/meltdown" patches using an automatic tool or manual registry edits. 2) For frozen/blue-screened systems, boot from a Windows PE USB stick created using a provided tool to recover the system without the patches installed. Beckhoff will provide new TwinCAT versions which resolve the incompatibility, but these interim steps avoid issues until the updates are available.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Spectre Meltdown Advisory

    Uploaded by

    frank lopez88
    425 views5 pages
    The document discusses an issue where TwinCAT systems experience freezing or bluescreen errors when setting TwinCAT to RUN mode after installing "spectre/meltdown" OS patches. It provides two actions to address this: 1) Disable the "spectre/meltdown" patches using an automatic tool or manual registry edits. 2) For frozen/blue-screened systems, boot from a Windows PE USB stick created using a provided tool to recover the system without the patches installed. Beckhoff will provide new TwinCAT versions which resolve the incompatibility, but these interim steps avoid issues until the updates are available.

    Original Description:

    disfrute

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document discusses an issue where TwinCAT systems experience freezing or bluescreen errors when setting TwinCAT to RUN mode after installing "spectre/meltdown" OS patches. It provides two actions to address this: 1) Disable the "spectre/meltdown" patches using an automatic tool or manual registry edits. 2) For frozen/blue-screened systems, boot from a Windows PE USB stick created using a provided tool to recover the system without the patches installed. Beckhoff will provide new TwinCAT versions which resolve the incompatibility, but these interim steps avoid issues until the updates are available.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    425 views5 pages

    Spectre Meltdown Advisory

    Uploaded by

    frank lopez88
    The document discusses an issue where TwinCAT systems experience freezing or bluescreen errors when setting TwinCAT to RUN mode after installing "spectre/meltdown" OS patches. It provides two actions to address this: 1) Disable the "spectre/meltdown" patches using an automatic tool or manual registry edits. 2) For frozen/blue-screened systems, boot from a Windows PE USB stick created using a provided tool to recover the system without the patches installed. Beckhoff will provide new TwinCAT versions which resolve the incompatibility, but these interim steps avoid issues until the updates are available.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 5

    TwinCAT and “spectre/meltdown”-OS-patch

    Today: 25th Jan 2018

    Affected systems: all Windows 7/10 with TwinCAT 2/3

    Windows 10 64bit with TwinCAT 3


    Windows 7 64bit with TwinCAT 3
    Windows Server 64bit with TwinCAT 3
    Windows 10 32bit with TwinCAT 2 or TwinCAT 3
    Windows 7 32bit with TwinCAT 2 or TwinCAT 3
    Windows Server 32bit with TwinCAT 2 or TwinCAT 3

    Issue: System freeze or bluescreen, when setting TwinCAT to RUN mode

    Intermediate
    Resolution: Disabling “spectre/meltdown” OS patch

    Final
    Resolution: Beckhoff will provide new TwinCAT 2 and TwinCAT 3 versions

    All actions are provided with automatic tooling or in a manual way for experienced users.

    The tooling is available for download via


    https://www.beckhoff.com/forms/twincat3/download-patch.asp

    The downloaded file carries the name “WinPE_DeployScript.zip”


    “HOWTO”-GUIDE DEPENDING ON YOUR USAGE SCENARIO

    1. TwinCAT on engineering PCs (no machine control e.g. desktop PCs, programming laptops)

    1.1. Using local RUN Mode of TwinCAT for debugging


    Follow Action 1
    However, Beckhoff recommends to make your own security judgement on not to use the
    TwinCAT RUN mode on these PCs versus disabling the OS patch.

    1.2. Not using local RUN Mode of TwinCAT for debugging


    No action necessary – please do no longer use RUN mode on these devices until a new
    version of TwinCAT is supplied by Beckhoff

    2. TwinCAT on machine control PCs

    2.1. Beckhoff supplied images

    2.1.1.Images with Windows 10 IoT Enterprise LTSB


    No action necessary – these images have no automatic update service in place.
    If you experience a system freeze or bluescreen when TwinCAT starts to run then
    please follow the workflow of Action 2

    2.1.2.Images with Windows Server OS


    No action necessary – these images have no automatic update service in place.
    If you experience a system freeze or bluescreen when TwinCAT starts to run then
    please follow the workflow of Action 2

    2.2. Customer (non-Beckhoff) images


    If you experience a system freeze or bluescreen when TwinCAT starts to run then please
    follow the workflow of Action 2
    Action 1: Patching PCs/IPCs with accessible Windows

    Automatic way (recommended)

    - Unzip downloaded ZIP-File to a local folder eg. C:\TEMP


    - Navigate to folder C:\TEMP\WinPE_DeployScript\WinPe_Basic\media
    - Execute Patch.cmd with administrator rights.

    - Reboot the system

    Manual way (for experienced users only)


    - Execute the command “regedit.exe” in the Windows command line with administrator rights
    - Navigate to the key HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory
    Management
    - Insert the following new DWORD (32-bit) values:
    o FeatureSettingsOverride with value 3
    o FeatureSettingsOverrideMask with value 3
    - Close the editor
    - Reboot the computer
    Action 2: Recovering frozen/blue-screened PCs/IPCs

    Automatic way (recommended)

    - Find a spare USB stick with minimum 512MB in size


    - Unzip downloaded ZIP-File to a local folder e.g. C:\TEMP
    - Plug in the USB-Stick in your local PC
    - Navigate to folder C:\TEMP\WinPE_DeployScript\
    - Start “CreatePE.bat” as administrator
    - Enter the DRV-letter of your USB-Stick:

    - The USB-Stick will formatted. All data will be lost! Confirm the request with a “Y”:

    - Press any key to finalize the script


    - Insert the USB stick to a free USB port of the affected PC
    - Reboot the affected PC and enter into its BIOS boot options menu by pressing F7 or ESC (this
    should bring up a selection of available boot devices including the rescue USB stick)
    - Select the rescue USB stick as boot device and press <ENTER>
    - The system shall boot from the USB, execute a script and then shutdown on completion
    - Reboot the PC – now Windows should start and TwinCAT can be used as before

    Manual way (for experienced users only)


    - Boot for three consecutive times and let the PC run deliberately run into the blue screen
    - At the 4th boot, please enter the Windows Rescue Shell. However, the Windows Rescue Shell
    requires the Administrator password.
    - Execute the command “regedit.exe” in the Windows command line
    - Select the registry hive HKEY_LOCAL_MACHINE (HKLM)
    - Open the menu "File" and select the entry "Load Hive"
    - Navigate to the directory C:\windows\system32\config. C represents the local Windows
    system
    - Select the file SYSTEM and click on "Open"
    - After selecting the database file, the editor asks for a name of the key under which the hive
    should be attached. You can choose a key at will, for example “Beckhoff”
    - Navigate to the key HKLM\Beckhoff\Select\Current and make a note of the number of this
    key´s value, e.g. “x”
    - Navigate to the key HKLM\Beckhoff\ControlSet00x\Control\Session Manager\Memory
    Management\, where “x” represents the previously noted number
    - Insert the following new DWORD (32-bit) values:
    o FeatureSettingsOverride with value 3
    o FeatureSettingsOverrideMask with value 3
    - Select the previously attached key (HKLM\Beckhoff)
    - Open the menu “File” and select “Unload Hive”. Acknowledge the dialog that follows. All
    changes to the registry hive are now written back to the local Windows registry and the
    entry “Beckhoff” disappears from the editor
    - Close the editor
    - Close the Windows command line
    - Reboot the computer

    You might also like