[Fixed] HP Prodesk 600 G4 mini upgrade to full Intel vPro ME/AMT/KVM

Special Topics Intel Management Engine
5

I finally managed to upgrade to full AMT support.

First a few notes from what I observed:
For HP Prodesk 600 G4 it does not seem to be possible to change Flash/SPI Descriptor region Master permissions, since they are restored to original values after each boot.
Also I have not found a way to boot with FDO (Flash Descriptor Override) so the only remaining option was to use flash programmer.

I have used:

CH341A programmer software I tried had issues with failing verification after reading 25% of flash’s content and also was not able to consistently read full flash dump. I assume it was not able to support W25Q256JV correctly, but NeoProgrammer had no problems.

To be on the safe side, I used powered USB hub and connected CH341A programmer to USB hub directly, since most of the motherboard will get power directly from CH341A programmer.
Also when you connect CH341A to the flash chip - power LED which is usually white will start flashing red, so do not be alarmed by it - I didn’t see any ill effect from this.

Once flashing is completed and Intel AMT is active, remote video will only be shown when there is a monitor connected to display port, otherwise the image from remote computer will be blank.
To fully support remote management without connected monitor you need to use dummy Display Port plug which emulates connected monitor.

And final warning - do not share or reuse full SPI/flash .bin files created with these instructions, since they are specific to the system in question and contain system IDs and MAC addresses.

Now for the steps:

  1. download CSME System Tools v12 r38 and read instructions from thread
    [Guide] Clean Dumped Intel Engine (CS)ME/(CS)TXE Regions with Data Initialization
    [Guide] Clean Dumped Intel Engine (CS)ME/(CS)TXE Regions with Data Initialization - #2 by plutomaniac

  2. Download CSME 12.0 Repository r33 (linked from the thread)
    Intel (CS)ME, (CS)TXE, (CS)SPS, GSC, PMC, PCHC, PHY & OROM Firmware Repositories - Intel Management Engine - Win-Raid Forum

  3. Identifiy needed “Unconfigured” Management Engine .bin file.
    In my case I used:
    12.0.81.1753_COR_H_BA_PRD_EXTR-Y.bin

  4. Open ME .bin file with ME Analyzer and check that “File System State” is Unconfigured.

  5. From Prodesk computer, use FPT Flash Programming Tool to dump full SPI/flash image and save it somewhere safe in case you need to restore it.
    CSME System Tools v12 r38\Flash Programming Tool\WIN64>FPTW64.exe -d fulldump.bin

  6. Start Flash Image Tool (fit.exe) and open dumped fulldump.bin file
    Change these settings for AMT support:
    Intel(R) AMT → Intel(R) AMT Parameter Configuration → Intel(R) AMT Supported = YES
    Intel(R) AMT → KVM Configuration → Firmware KVM Screen Blanking = YES
    Intel(R) AMT → KVM Configuration → KVM Redirection supported = YES

    image
    image1207×568 46.9 KB

  7. Save this new configuration as .xml file and close Intel Flash Tool

  8. In the directory where fit.exe is locate there should now be a sub-directory “Decomp” containing “ME Sub Partition.bin” file.
    CSME System Tools v12 r38\Flash Image Tool\WIN32\fulldump\Decomp\ME Sub Partition.bin

This file needs to be replaced/overwritten with the appropriate Unconfigured ME .bin file which is renamed to “ME Sub Partition.bin”

  1. Open FIT tool again and loaded previously saved .xml file

  2. Build new .bin image: Build → Build Image

You will be prompted for:

"Boot Guard Profile Configuration " is set to “Boot Guard Profile 0 - No_FVME”.
The Boot Guard feature will be disabled on the platform.

Select Yes to continue

Are you sure you want to set “Intel(R) PTT Supported [FPF]” to “No”?
This will cause Intel (R) PTT to be disabled permanently in HW.

Select Yes to continue

You will get “outimage.bin” file created - this is the .bin image that needs to be flashed on the chip using programmer.

  1. open “outimage.bin” with MEAnalyzer and check that “File System State” is shown as Configured now.

  2. Power down and disconnect all cables from Prodesk computer. Press and hold power button for 5 seconds to clear all resident electrical charge.
    Open the computer and connect flash programmer onto Winbond flash chip (it is located below SATA hard disk cage so remove it first).
    Make sure to connect pins correctly to avoid damaging the system board.

image
image1244×919 137 KB

image

  1. If not done before install CH341A drivers on Windows

  2. Start NeoProgrammer and connect programmer to computer USB port. Prodesk power button should now flash red from time to time.
    Press Detect in NeoProgrammer - and from the selected list of possible flash chips select W25Q256JV [3.3V]
    Open “outimage.bin” file.

Select operations in NeoProgrammer in the following order:

  • Erase IC
  • Write IC
  • Verify IC
    (this takes around 15 minutes)

image
image872×814 51.3 KB

Once Verification completes with Success programming is done.
Disconnect programmer from the flash chip

  1. Before booting Prodesk clear CMOS. If you do not do this it might not boot properly.
    Hold for 5 seconds CMOS reset button (it’s a small white button between C-type USB and USB A-type connectors on the front of the system board)

  2. Boot computer, enter BIOS and change settings as required (e.g. increase boot time wait to 5 or 10 seconds)

  3. In Windows go to “Flash Programming Tool” directory and issue ME reset command
    fptw64.exe -greset

Computer will reboot now

  1. Select in the boot menu (press ESC key during boot) option to enter ME Setup.
    Here you should finally see that Intel AMT is now enabled.
    Configure Intel AMT as needed and enable AMT networking and you’re done.

Feel free to update HP BIOS to the latest available version after this and AMT should continue to work as expected.

2 Likes