I ran into some issues after flashing my chip… Luckily, I made a backup with the programmer…
I used the latest unconfigured .bin file from the repository… My ProDesk 600 G5 is on ME 12.0.95 Build 2489 as mentioned above. I used 12.0.90.2072_COR_H_BA_PRD_EXTR-Y.bin and followed the instructions.
Everything seemed to go perfectly until I booted up for the first time. The machine detected bios corruption and completed an automatic repair, bringing me back up to 12.0.95.
Although it reset ME, it did not add full AMT as I suspect it wrote over it with the recovery.
I went into the bios and found a section on bios protection… I changed it to manual and tried the process again.
This time, after completing the flash and putting everything back together, when I powered on the machine, I got error beeps and no post. Two long ones and three short ones…
I went back and tried the process with the file you used… Same thing… no post and the same beeps…
I finally flashed the original .bin back to the chip and was able to recover…
So, I’m guessing I either need to find a newer unconfigured file or find some way to roll back my ME firmware, although I’ve read that doesn’t seem to be a possibility…
Any idea on bios settings you might have used? Should I try to roll back my bios?
@sencha , you have the same machine and bios chip as me. Did you get it to work?
@superdupe Not yet, do you have a schematic such as which pins on ch340a to which pins on the eeprom chip to connect to? @dpcwr provided a schematic for SPI pins on the eeprom chip, but I am not sure to which ones on ch340a these correspond.
Should be easy enough to find out, I just didn’t look into it yet.
Which part of my earlier post didn’t you understand?
Look into the first post of this thread, there’s a link to repository with the latest ME versions, including 5 ME 12.0.95…
But that won’t help you, these are most probably HPs anti tampering measures. There’s (probably) another chip on the board which has copies of the firmware for automatic recovery. In addition they might have stored some checksums and hashes in the TPM. You might check for measured boot and verified boot with MEInfo.
If this is a fTPM you can reset this information by re-initializing the ME, but those machines usually have a dTPM.
So you’d have to know how these systems get initialized, where the reduntant parts are stored, how to modify them and how to sell this information to the TPM…
I used the image dpcwr attached above, but also looked it up online to make sure it was the same…
Just pretend your programmer is the 8 pin version at the bottom and the top is the 16 pin chip on your board. Connect the leads to the same corresponding connection type. For example, VCC is pin 8 on the programmer. Connect it to VCC pin 2 on the board.
The next problem I ran into was NeoProgrammer doesn’t have our chip in it. So I had to add it via instructions I found here…
I’m attaching the xml I used to do the import.
When you hit the “detect” button, if its connected correctly, it will find the chip based on the import function you just did above. Ours is GD25B256D.
At first I couldn’t get it to read the chip, but found I had the numbers reversed on my programmer… Make sure you know where pin 1-8 are and then connect accordingly. Import GD25B256D Chip.zip (6.5 KB)
Thank you. Sorry, I will look again. I must have missed it because I couldn’t find the 12.0.95.
But that won’t help you, these are most probably HPs anti tampering measures. There’s (probably) another chip on the board which has copies of the firmware for automatic recovery.
That’s why I was hoping @dpcwr could tell me the bios settings he had on his machine. They re basically the same except his is the micro version and mine is the SFF. He was able to get it done just a few months ago, so I’m guessing there is a way.
If I can find the current ME firmware, I’ll give that a shot next.
I believe I picked COR_H version due to having Firmware SKU = Corporate H displayed when running my dumped firmware through ME Analyzer as explained in this post:
Also note that my machine was Prodesk 600 G4 mini, not G5 so there are probably some additional differences to be considered in your case.
I also think that my BIOS had settings for Data Recovery set to something other than Automatic, but I’m not 100% sure on that.
In any case it does appear you managed to load a new firmware but failed to boot due to some other issue. Search online for HP Prodesk 600 G5 SFF Service Manual - see if beeps are explained there.
Or perhaps @lfb6 is onto something here and HP changed BIOS anti tampering protections in G5+ variants in which case I’m not sure how to proceed at this time.
Thanks for the info! I’m going to try a few more things later today. First, I was able to find the newest firmware… Not sure why I couldn’t before… But I totally overlooked it.
I’ll also mess with the data recovery settings… I have a few of these including a G4, although they are all SFF not mini’s… I may play with the G4 also, as that one is not in service and it won’t matter if I brick it.
In any event, this has been a fun project and I’m not giving up! I have other HP machines that have full AMT natively running so I was hoping to get these SFF’s doing it also.
Ok, to further add to this project, I found the following. Upon opening up my other Prodesk 600’s, a mixture of both G4 and G5’s, I found three different BIOS chips. One of my G5’s has the same BIOS chip at the OP of this thread @dpcwr. Its a Winbond 25Q256JVFQ.
Yesterday as I was exploring how to add my particular chip to NeoProgrammer, I opened my programmer dumped full bios file with UEFITool. In that report, I found something that indicates they use three different chips for these computers. That is now consistent with my findings in the different computers I have.
Here is what the BIOS dump said:
Flash chips in VSCC table:
C22019 (Macronix MX25L256)
EF4019 (Winbond W25Q256)
C84019 (GigaDevice GD25x256C)
I’m continuing to try to make it work on my machines…
Either somwhere this thread or from station drivers. Stitched update- files can be decomposed in FIT, the file in the decomposed folder is normally usable for reinitializing, too. But as written, this isn’t a version problem.
I got it to work twice on my two G4 SFF machines. They have older firmware and ME versions from 2022, but it worked and I was then able to upgrade to the latest BIOS/ME with no issues… KVM working!
So there might be something to the idea the G5’s being a newer model have something I can’t get past.
However, two of my G5’s have the most current firmware and the one I have been playing with has firmware from 2022.
So I’m going to continue playing with the G5 with older firmware and try lowering the BIOS version back even further to see what happens… It has ME 12.0.92.2145 on it…
Anyway, great work by all and thank you all for your help!
PS I bought a 16 pin clip on for programming as the tiny needles were driving me nuts!
Just got back from a business trip and started looking for the additional chip that may be there… Not sure where it might be as nothing jumps out.
Also not seeing any differences between the G4 and G5 boards… The info I have read about HP’s “Sure Start” seems to indicate it could be the problem. But it exists on the G4’s and previous models and I believe I have all the options turned off.
Anyway, the boards and BIOS settings I have appear to be identical between the two models… The G4’s just worked with these instructions and the G5’s didn’t. I believe it might be something different in the BIOS firmware that enables protection on the G5’s but not the G4’s?
And I’m assuming its the “Sure Start” feature although I can’t prove that either… All I know is after the flashing on the G5’s, I get nothing but two long beeps and three short beeps. If I flash back the original programmer dump, it boots up… The G4’s worked just like expected from the instructions above.
The other weird thing is one of my G4’s is actually newer than the G5 I’m working on… So either there is something I’m missing or they enabled something on the G5 models that is different.
Here are pics from my G5/G4 machines… The G5 is the top one. They have different 16pin BIOS chips (only one on each board), but I have found they actually use three different manufacturers and I have the three different chips in different G4’s and G5’s so its not unique to one or another…
But there is no 8pin SPI chip nearby… You can see the TPM chip near the BIOS chips. Its a SLB9670. Nothing else in that area.
Type of dump doesn’t matter if it covers a complete firmware. But that’s just for checking if they did hide the redundandt parts sowmewhere in padding, but you’d need a 64 MByte chip for that, normally.
Had a look into some badcaps threads where people had dumped a 16 MB chip in addition shich was wrongly called EC firmware but it had the recovery information.
Content should like this, parts of parts of ME region, parts of bios region can be recognized:
