Forum RSS Feed Follow @ Twitter Follow On Facebook

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[-]
Welcome
You have to register before you can post on our site.

Username:


Password:





[-]
Latest Threads
Clevo P775TM1-G BIOS
Last Post: ActivatedNut
Today 01:36 AM
» Replies: 145
» Views: 55271
[REQUEST] Lenovo G50-70 (9ACNxxWW) BIOS ...
Last Post: colin89
Yesterday 06:16 PM
» Replies: 138
» Views: 40931
ASUS P5G41T-M LX2/GB Unlocked Hidden Ove...
Last Post: GangsteR23
Yesterday 04:58 PM
» Replies: 25
» Views: 64112
lenovo z570 Advanced Menu Unlocked
Last Post: Kaluva12345
Yesterday 04:58 PM
» Replies: 7
» Views: 4094
[Request] HP Elitebook 6930P WLAN Whitel...
Last Post: Maxinator500
Yesterday 02:25 PM
» Replies: 15
» Views: 6555
[REQUEST] Lenovo Yoga 11E (N15ETxxW) Whi...
Last Post: drradkin
Yesterday 12:30 PM
» Replies: 4
» Views: 2500
Lenovo ThinkCentre M715q 2nd Gen & AMD R...
Last Post: RedfieldHUN1987
Yesterday 09:23 AM
» Replies: 2
» Views: 134
L14 Gen 3 AMD , Need UEFI unlock advance...
Last Post: frankeinstein2532555
Yesterday 04:08 AM
» Replies: 0
» Views: 80
[REQUEST] Lenovo Y400 & Y500 (6BCNxxWW) ...
Last Post: freedome
03-26-2024 11:00 PM
» Replies: 188
» Views: 52157
[REQUEST] Lenovo G510 (79CNxxWW) Whiteli...
Last Post: ghostinoss
03-26-2024 09:21 PM
» Replies: 655
» Views: 167039
[Request] CPU support for Lenovo IQ57I
Last Post: DeathBringer
03-26-2024 10:02 AM
» Replies: 5
» Views: 230
unlocked Bios for Machenike s16
Last Post: Dudu2002
03-26-2024 09:06 AM
» Replies: 5
» Views: 321
[REQUEST] Bios Unlock Whitelist HP DV6-6...
Last Post: DimanTLT63
03-26-2024 03:03 AM
» Replies: 0
» Views: 132
[REQUEST] HP Pavilion G6-1252ss Whitelis...
Last Post: joseefitness
03-26-2024 01:40 AM
» Replies: 0
» Views: 115
[REQUEST] Lenovo S310 & S410 (8BCNxxWW) ...
Last Post: morgley
03-25-2024 10:43 PM
» Replies: 14
» Views: 6325
Acer Nitro ANV15-51 Bios Bin File Reques...
Last Post: Papethzkie23
03-25-2024 06:04 PM
» Replies: 0
» Views: 131
[REQUEST] Lenovo G710 BIOS Whitelist Rem...
Last Post: si1975
03-25-2024 01:28 PM
» Replies: 468
» Views: 125385
[REQUEST] Lenovo Yoga 2 Pro (76CNxxWW) W...
Last Post: TalKaz
03-25-2024 11:10 AM
» Replies: 844
» Views: 316977
[REQUEST] Toshiba Satellite A300D PSAK0C...
Last Post: 1000palladium
03-25-2024 10:43 AM
» Replies: 4
» Views: 227
[REQUEST] Lenovo G780 (5ECNxxWW) Whiteli...
Last Post: Dudu2002
03-25-2024 08:36 AM
» Replies: 877
» Views: 280981

Modify AMI Aptio4 BIOS for HP Pavilion 500-549ng
#1
Hey everyone,

I have a probably rather complicated problem. I have a HP Pavilion 500-549ng Desktop PC, which is affected by the newest Spectre security vulnerability. Though HP did supply an updated BIOS, I cannot install it! I suspect the reason is that HP changed the version number scheme, and therefor the update routine refuses to install the newer version number, because it actually thinks that this number is lower.

But let me explain more: I downloaded the BIOS update from here: http://ftp.hp.com/pub/softpaq/sp84001-84500/sp84453.exe
The description for the update is found here: https://support.hp.com/de-de/drivers/selfservice/swdetails/hp-pavilion-500-500-desktop-pc-series/7477729/model/8902926/swItemId/cp-202533-1
After I installed the update, my BIOS actually did some update. But as it turned out, it just got updated to 80.08, not A0.15, as shown in the release notes. I noticed in past BIOS updates that the version information was not correct, but I didn't think of any. Only now with the Meltdown&Spectre situation did I also investigate the CPU microcode. As the Microsoft checktool for Meltdown&Spectre showed me my PC was still vulnerable, I investigated more, and I found out that the microcode is still at a much older revision.

So, I looked at the update package, and strangely it comes with two different updates! If I extract the update file, I get two update-EXEs, one ME2_8008.exe, and one ME2_A015. But if I try to install the ME2_A015, the PC will reboot into BIOS and everything, but then complains that the image file did not pass validation. First of, if I download any other firmware update for HP computers, they only contain one BIOS update. Second, HP did change the versioning scheme from 80.0x to A0.xx. I therefor assume that the update program doesn't recognize that A0-versions are newer, and downgrades are not allowed, due to SMI(?) security checks.

Also, if I open the .bin-files for the update in AMIBCP, the board version and revision are identical. So both versions do seem to be correct for my board. If I go to "DMI tables"->"BIOS information", I see the following in the right pane:
1 AMI
2 80.08
3 04/17/2017
and for the newer BIOS I see the following:
1 AMI
2 4.6.5
3 12/19/2017
Here, the BIOS versions with 80.0x numbering all show the corresponding number under (2). But all A0 versions show the same 4.6.5 under (2).

If I go to tab "BIOS Features", major and minor version all show the corresponding (with major being 80, or A0, and minor being 06, 07, 08, or 11, 12, 14, 15...).

So, what to do now? Is there a way to remove the SMI security check? I was thinking about "patching" a newer BIOS to have the same versioning scheme as the old ones, and increase it a little bit. But I assume there will be a signature check as well (which would fail).

Or is that a feasible approach?

I would even go in there with an SPI programmer of some sort (I have a TL866CS). But I'd rather do it without.

Ah, it's a Memphis2-S board by Pegatron, IH87 chipset: https://support.hp.com/my-en/document/c04648625

Thank you and sorry if I posted in the wrong forum.
find
quote
#2
So I've made some progress on this issue:

after changing the FDO jumper (flash descriptor override) I am now able to read and write the BIOS with Intel's Flash Programming Tool from the ME System Tools (v9.5 r6).

So I've played around a little. I could flash a newer version than 80.08 (e.g. A0.14) and then use the normal update routine to update to the newest A0.17. However, since the newer versions are just flashed 1:1 they don't contain my system data like serial number of mainboard, service tag, Windows 8 serial, probably also missing the MAC address.

Now if I flash back the dumped 80.08 I get all those data back, but I'm again not able to update. At least I was able to integrate the Haswell microcode update against Spectre/Meltdown. But I'd still like to update the bios in general.

My theory is still that the update mechanism checks for the bios version and thinks that 80.08 is newer than A0.17, and therefor refuses to accept the update. I wonder if it is maybe possible to change the version number of my current 80.08 to something like let's say A0.08 so that I can then use the normal update routine to get to the newest BIOS version while retaining all system specific data.

So far, I've tried editing it with UEFITool oder AMIBCP 4.53, but it seems I am always missing some parts. That is, I wasn't able to change the version number. I changed some strings, but when I flashed that bios and rebooted it would still show the original 80.08. Maybe I am overlooking something? Please, could somebody with better knowledge have a look at the attached dump?

BIOS 80.08 with microcode v.24 for Haswell
https://www.sendspace.com/file/xpc6gq

PS: I x-ed out part of the Windows 8 serial since I didn't want it to appear on the net forever.
find
quote


Forum Jump:


Users browsing this thread: 1 Guest(s)