HP EliteDesk 800 G3 ME Repair

I have a HP EliteDesk 800 G3 65W with a ME that does not work anymore. The ME stopped working as I was upgrading it from 11.6 to 11.8.9.3987 using sp136319. The ME Setup menu option is no longer available in the BIOS menu. But the AMT settings are available in the remote management menu in BIOS settings. If it matters, I had the MeshCommander compressed web application installed at the time.

According to the InstallCmdWrapper-InstallCmd log:

Sending the update image to FW for verification: COMPLETE
FW Update: last value was at 73%

After:

Error 8769: Polling for FW Update Failed.

Error 8193: Fail to load MEI device driver (PCI access for Windows)
Above error is often caused by one of below reasons:
Administrator privilege needed for running the tool
ME is in an error state causing MEI driver fail
MEI driver is not installed
C:MEFWDetailFile.exe
1 File(s) copied
Update complete. You must reboot your computer in order for the Management Engine firmware update to be effective.

Attempts to rerun the software give:

"System is not match prerequisites to update MEFW"

I was on the latest BIOS (2.39), and in an attempt to rescue the ME, I tried downgrading and upgrading hoping the BIOS upgrade process would also identify an unresponsive ME and force write it. I went down to 2.38 and back up, I also downgraded down to 2.35 using local USB before going back up to 2.39, 2.35 is the most up to date available on the HP Drivers website even though 2.39 is available. But this was wishful thinking, after all even in normal process the ME firmware upgrade is separate. I’m not sure if there is a way to make a crisis recovery happen, and if it would even rescue the ME.

I also tried using HPIA, which ironically says it successfully installed firmware.

I found this website while looking for information on ME firmware… Before I get a EEPROM programmer and re-read the guides thoroughly, are there any other rescue options that I can try?

I have access to additional similar computers, all 800 G3 65W with the same P21 board and BIOS. If it matters, I have them in different configurations (same CPU, but slightly different memory, slightly different storage, some with or without Wi-Fi, etc.) Hopefully this can be helpful in some way.

If not, I will have to get shopping. Along with a CH341A, is a SOIC8 clip the right size for the ME chips on these computers? Anything else I should get? If I am unable to simply “copy paste” a dump from another computer into this broken one, will I be able to use some bin found in the firmware upgrade package, or are there stock bins available here to use?

No bios re-flash can resolve your ME issue, the ME FW image is always corrupted and will stay like this.

Follow the guide to fix it: [Guide] Clean Dumped Intel Engine (CS)ME/(CS)TXE Regions with Data Initialization

Since the machine is still booting you could use CSME System Tools v11 r45 from Intel (Converged Security) Management Engine: Drivers, Firmware and Tools to make a backup of your firmware and then clean ME firmware according to the guide mentioned by MeatWar.

If there’s a protection error when reading/writing with fpt(w(64)) search for a service jumper on the mainboard, maybe a jumper without description or marked FDO or recovery or service… If there’s no such jumper, follow [Guide] Unlock Intel Flash Descriptor Read/Write Access Permissions for SPI Servicing to unlock the flash descriptor or use a programmer.

Make a valid backup (at least 2 reads with 100% identical dump and corerct structure in UEFIToolNE) before writing anything to the chip!

If the ME of your machine isn’t readable by FIT dump the firmware of another machine you have access to which has identical configuration (LP/H, vpro/AMT) and use the config read from this firmware to clean your own dump.



Double checking, when you say this, do you mean I am able to use CSME System Tools to dump the entire ME chip from the host OS without having to clip on a programmer?

So the procedure would be:

1. Dump the ME chip from the host using CSME System Tools (I can’t find instructions on this and can’t seem to find an appropriate command in System Tools FIT, so I’m assuming I am being confused by the statement)

2. Treat the dump with ME Analyzer like any dirty EXTR by following D4. CSME 11 - 15 & CSTXE 3 - 4

3. Flash the chip from the host using CSME System Tools

Or have I misinterpreted the message and steps 1 and 3 would be done with a hardware programmer?

I also assume the chip is corrupted in some non-recoverable way, so would need to start fresh with one of:

- an unconfigured bin from Intel archived here
- a dumped bin from another computer (which I will need to reset to dump in a configured state)
- a configured bin from a user archive here



Edit 1:

Here is something interesting. I saw that CSME System Tools had some Linux folders, so I was wondering if I could manage the ME on Linux which I would prefer. I see I have a device:

1
2
 
$ ls /dev/mei*
/dev/mei0
 


Intel has a Linux tool for checking against CVE-2017-5705 vulnerability, the SA-00086 Detection Tool. When I run this tool, it detects somehow that I have ME with 11.8.90.3987:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
 
Intel-SA-00086$ sudo ./intel_csme_version_detection_tool
Intel(R) CSME Version Detection Tool
Copyright(C) 2017-2020, Intel Corporation, All rights reserved.
 
Application Version: 5.1.0.0
Scan date: 2022-04-11 10:21:03 GMT
 
*** Host Computer Information ***
Name: (hostname)
Manufacturer: HP
Model: HP EliteDesk 800 G3 DM 65W
Processor Name: Intel(R) Core(TM) i7-7700 CPU @ 3.60GHz
OS Version: Ubuntu 20.04.4 LTS (5.4.0-107-generic)
 
*** Intel(R) ME Information ***
Engine: Intel(R) Converged Security and Management Engine
Version: 11.8.90.3987
 
*** Risk Assessment ***
Based on the analysis performed by this tool: This system is not vulnerable. It has already been patched.
 
For more information refer to the Intel(R) CSME Version Detection Tool User Guide
or the related Intel Security Advisory list at:
(link removed due to new user requirement)
 


So I am stumped if the tool has connected and validated ME information with the ME directly, or if it's looking at some imprint or string on the BIOS which is still working.

Looking at the tool, it calls get_fw_state() which is imported from common/heci.py. This function calls get_fw_ver_sysfs() which appears to actively open a connection with the mei device. It remains unclear if this device interface exposed to Linux is directly connected with the ME or if it has an abstraction or proxy layer controlled by the BIOS in between, and the ME is indeed corrupted.



Edit 2:

CSME System Tools: MEInfo

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
 
$ sudo ./MEInfo
 
Intel(R) MEInfo Version: 11.8.92.4222
Copyright(C) 2005 - 2020, Intel Corporation. All rights reserved.
 

 
Driverless mode
 
Error 76: Communication error between application and Intel(R) ME module (AMT client)
 
Error 76: Communication error between application and Intel(R) ME module (AMT client)
 
Error 76: Communication error between application and Intel(R) ME module (AMT client)
 
Error 76: Communication error between application and Intel(R) ME module (AMT client)
 
Error 76: Communication error between application and Intel(R) ME module (AMT client)
 
Error 107: Failed to create dependency list for features
 
Unable to clean up MEInfo before exiting.
 


Just trying CSME System Tools: FWUpdLcl

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
 
$ sudo ./FWUpdLcl
 
Intel (R) Firmware Update Utility Version: 11.8.92.4222
Copyright (C) 2007 - 2022, Intel Corporation. All rights reserved.
 
FWUpdLcl.exe [-H|?] [-VER] [-EXP] [-VERBOSE] [-F] [-Y] [-SAVE]
[-FWVER] [-PARTID] [-ALLOWSV] [-FORCERESET] [-OEMID] [-PASS]
[-PARTVER]
 
-H|? Displays help screen.
-VER Displays version information.
-EXP Displays example usage of this tool.
-VERBOSE<file> Display the debug information of the tool.
-F <file> File used for updating the FW.
-Y Automatically answer Yes to prompts.
-SAVE <file> Save the current FW to an update image.
-FWVER<file> Display the FW Version of current FW or update image.
-PARTID<Partition ID> Provide specific Partition ID to perform partial update.
-ALLOWSV Allows same version firmware updates.
-FORCERESET Automatically Reboots system after update (if needed).
-OEMID <UUID> OEM ID needed to perform firmware update.
-PASS <pass> MeBX password. Optional with the '-f' option.
-PARTVER <Partition ID> Display the Version of specific partition.
 
Error 8716: Invalid usage
 


1
2
3
4
5
6
 
$ sudo ./FWUpdLcl -FWVER
 
Intel (R) Firmware Update Utility Version: 11.8.92.4222
Copyright (C) 2007 - 2022, Intel Corporation. All rights reserved.
 
FW Version: 11.8.90.3987
 


1
2
3
4
5
6
7
8
9
 
$ sudo ./FWUpdLcl -SAVE test.bin
 
Intel (R) Firmware Update Utility Version: 11.8.92.4222
Copyright (C) 2007 - 2022, Intel Corporation. All rights reserved.
 

Error 8753: Restore Point Image Failure.
 
Error 8828: Restore point operation failed.
 




Edit 3:

I don't believe it:

1
2
3
4
5
6
7
8
9
 
$ sudo ./FWUpdLcl -F ME_11.8_Corporate_D0_H_Production.bin
 
Intel (R) Firmware Update Utility Version: 11.8.92.4222
Copyright (C) 2007 - 2022, Intel Corporation. All rights reserved.
 
Communication Mode: MEI
Checking firmware parameters...
 
Error 8772: Invalid usage, -allowsv switch required to update the same version firmware
 


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
 
$ sudo ./FWUpdLcl -F ME_11.8_Corporate_D0_H_Production.bin -ALLOWSV
 
Intel (R) Firmware Update Utility Version: 11.8.92.4222
Copyright (C) 2007 - 2022, Intel Corporation. All rights reserved.
 
Communication Mode: MEI
Checking firmware parameters...
 
Warning: Do not exit the process or power off the machine before the firmware update process ends.
Sending the update image to FW for verification: [ COMPLETE ]
 

 
FW Update: [ 100% (-)]Do not Interrupt
FW Update is completed successfully.
 


I'm verifying everything works before I let go of my breath, but I will write up my process after.

Basically, I was able to “repair” my ME by firmware updating it again. The HP tool for some reason would not do this.

I put off updating ME firmware on EliteDesks because HP insists on you using their Windows-only tools, but now I see this is a limitation from HP, not Intel! I can only assume something interfered during the FWUpdate operation in Windows (I was using the latest Windows 10 downloaded yesterday).

While looking through CSME, I discovered there were two folders with LINUX32 and LINUX64 folders, MEInfo and FWUpdate. Both tools ran on Linux, so while it was risky, I thought why not try to FWUpdate again but using the original Intel tool and not the HP OEM Windows-only one.

Looking at the HP tool, the ME folder had two files:

- ME_11.8_Corporate_C0_LP_Production.bin
- ME_11.8_Corporate_D0_H_Production.bin

Looking at the InstallCmdWrapper-InstallCmd log of the original firmware upgrade attempt, it reported that my previous FW Version was 11.6.12.3202 H. I’m assuming H is high power, and LP is low power, so went with the H one.

Using FWUpdLcl, I was able to successfully update the firmware, although the tool saw the same version was still on the ME and needed ALLOW SAME VERSION flag.

My ME came back online and still had MeshCommander installed.

In the BIOS startup menu, I got back the ME Setup menu, but for some reason selecting it would boot me right into my host OS. I had to unconfigure (this is HP term, not sure if it also means ME unconfigure without OEM features or just means ME uninitialized but in configured state with OEM data) and reprovision ME to make the menu work again. MeshCommander is no longer installed but this is not a problem.

I am very angry at HP for not only forcing me to use their Windows tool, but which can get interrupted and cause the ME to break.

But knowing there is a Linux tool from Intel means now I can easily manage my own EliteDesks from Linux and not have to use Windows.

Thank you to this community and all the information! I hope this helps someone else who comes across this online like I did. Thank you to lfb6 for directly recommending System Tools v11 r45 so I wouldn’t have to figure this out myself - I still am not sure how to determine this.

Two “problems”: first MEInfo still does not work, but ME clearly works:

1
2
3
4
5
6
7
8
9
10
11
12
 
$ sudo ./MEInfo
 
Intel(R) MEInfo Version: 11.8.92.4222
Copyright(C) 2005 - 2020, Intel Corporation. All rights reserved.
 

 
Driverless mode
 
Error 107: Failed to create dependency list for features
 
Unable to clean up MEInfo before exiting.
 


Second I just upgraded several machines remotely from Linux. All still display the ME Setup menu option, but selecting that menu option just goes into the OS.

As written fpt(w(64), either DOS, EFI shell or Win32/Win64: fpt(w(64) -d spi.bin ME is not a separate chip it’s part of the firmware together with bios region and maybe other regions. MEAnalyzer doesn’t ‘treat’ ME firmware, as the name says, the guide is clear on this. It’s FIT that’s needed to repair/clean the ME region.

If your step 3 would work without programmer depends on the presence of a recovery jumper or possibility for a pinmod to unloch the flash descriptor.

Open the HP tool with 7-zip, it uses the original Intel tools, just executed by some scripts. H/ LP relates to the abilities of the firmware, not the power! Unsure about non working MEInfo, try to dump the firmware as described, and link it/ attach it.