cancel
Showing results for 
Search instead for 
Did you mean: 
  • ×
    Information
    Need Windows 11 help?
    Check documents and videos on compatibility, FAQs, upgrade information and available fixes.Windows 11 Support Center.
  • post a message
  • ×
    Information
    Need Windows 11 help?
    Check documents and videos on compatibility, FAQs, upgrade information and available fixes.Windows 11 Support Center.
  • post a message
ArchivedThis topic has been archived. Information and links in this thread may no longer be available or relevant. If you have a question create a new topic by clicking here and select the appropriate board.
tmacalp
New member
1 0 0 0
Message 1 of 1
1,031
Flag Post

ProDesk 600 G2 Desktop Mini FreeDOS/EFI Intel ME Firmware Update Workaround

HP Recommended
ProDesk 600 G2 Desktop Mini
FreeDOS

This is more of a workaround than a question. I have a number of ProDesk 600 G2 Destop Minis that were bought configured with FreeDOS (no MS Windows license). Recently, there was a severe vulnerability with Intel's Management Engine that has now been patched. This update is listed as "Critical" (CVE-2017-5689) because it allows anyone on my local network to trivially bypass any AMT password. Unfortunately, even though these machines are all still under warranty, HP has stopped providing EFI patching utilities with their latest software packages. They now only include Windows update utilities. If anyone from HP reads this, please revert back to including the EFI utilities with Intel ME firmware update packages!

 

When I asked chat support how HP will update ME firmware on the machines it sells with FreeDOS, I was told they will not support updating the ME Firmware on FreeDOS configured machines. Support chat then suggested that I buy and install MS Windows on a HDD, then move that HDD around to each of my computers in order to update the ME firmware...

 

Workaround:
If you can still find the previous Intel ME update package (SP78318 - Intel ME 11.0.18.1002 update), it contained all of the EFI patching utilities/instructions in a directory called "./Update Utility/Local-EFI/". Those utilities/instructions still work with the new 110183003_H.bin file from the sp80346 package (Intel ME 11.0.18.3003 update). Unfortunately, I don't believe HP still has active download links to the sp78318 package. Also, like the BIOS update file, MS Windows is REQUIRED to run the self-extracting executable to extract the necessary files.

Note that I've renamed/moved some utilities on my flash drive, but it should be pretty easy to figure out which utilities/files I'm using. I keep these files in my flash drive's "/Hewlett-Packard/ME/" directory.

 

I use the boot menu to select an efi shell file that I keep in the root of my flash drive. From there, I then run:

fs0:
Hewlett-Packard\ME\FWUpdLcl.efi -f "Hewlett-Packard\ME\110183003_H.bin"

After I got things working, I created a startup.nsh file to perform this update automatically.

 

EDIT (2017-06-09):

I received a critical support alert yesterday, listing the availability of the "Intel Management Engine (ME) Firmware Update Tool for DOS or EFI (ver 1.0.0.0 Rev.A)".  So it appears that HP is again providing tools to support their products!  Thanks HP!

ArchivedThis topic has been archived. Information and links in this thread may no longer be available or relevant. If you have a question create a new topic by clicking here and select the appropriate board.
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation