I went through the entire thread and I think I read it’s not possible to get Kaby Lake working on an HP 800 G2, is that correct?
I see the motherboards go cheap on eBay and the standard ones appear to be Micro ATX so I thought about getting one, but if I can’t run a Kaby Lake on them, I can’t use it.
Hey guys, I started a new threat on Sure Start. The whitepaper suggests that the BIOS recovery is also on system flash same as the BIOS. The second chip is only used to recover the boot block (or some such). I ordered a CH341a but it could take a few days for it to arrive. In the meantime, maybe someone could check if there’s a backup of the BIOS on the flash itself? (assuming it’s even large enough to do that…)
Also, HP can supposedly restore BIOS from disk. I removed the Windows recovery partition as a result. I think that should be good insofar as removing the 3rd copy of the BIOS.
@freeloader247 @Thu_Lam are you still interested? I honestly think that this can be hacked, unless when HP said “system flash” they were referring to multiple physical chips. If I understand correctly, you can even use the i9-9900k on the G2 when everything is done, though I seriously doubt you’ll have the technology to cool that 250w+ CPU within the G2 chassis. I’m using the Vetroo V5 120mm cooler, which is the tallest you can fit inside the TWR version. (Tried a bunch of others, too tall; even Vetroo is maybe 1mm too tall but the side panel can bend a little. Cryorig H7 is shorter but bulkier and the TDP is no better at 140w.) You do need to somehow remove the “CPU backplate” which is “formed sheet metal”(not sure what the right term is). I used a plier and brute force… but now I realize that a tin snip would probably be perfect. Anyway, even with the freedom to use any backplate, you’re still stuck with 150w TDP coolers. I run Noctua redux P12 at 7v so my cooling capacity is much lower than 150w. A 7700k at stock is probably as much as it can handle. 8700k is 150w+ under AVX loads, and 9700k is like 200w…
Anyway, 7700k/8700k on a G2 would still be a very good situation. If you’re still interested, we could explore this further, starting with looking for BIOS/ME backup inside the main flash.
I may have been a little too optimistic. HP also mentions a public key onboard (not rewritable) that is used to check the hash of firmware and BIOS encrypted with a HP private key. This might mean that even if we overwrite all HP recovery data, Sure Start will still refuse to start (ironic, no?) because the decrypted hash (which cannot be faked without the HP private key) does not match the hash of the BIOS.
The hash alone really is enough to prevent any modding. Backups are only there to restore HP code in the event of failure. The same protection extends to the firmware of the Sure Start Embedded Controller itself, and I assume the cryptographic procedure is hardcoded into the chip? The BIOS is never checked against the backup I guess, the only verification they need is from the HP-provided hash. I do wonder: what would happen if we mod all copies of the BIOS, would it just refuse to boot and fail to recover? If so, it’s at least satisfying to prevent Sure Start from reinstalling and running the HP crap it is intended to run.
Another thing that could be done is to get the Sure Start and bios chip from another system that supports Kaby Lake… Too bad they aren’t sold on ebay.
Does this make sense to anyone else?
@Lost_N_BIOS did something has changed?
I own HP EliteDesk 800 G2 SFF, and I would like to put in here kaby lake/coffee lake/coffee lake refresh CPU instead of i5 6500.
I own CH341a
In terms of HP surestart someone has bypassed it
https://doc.coreboot.org/mainboard/hp/hp_sure_start.html
Also it can be set to manual in UEFI settings.
I also found that there is unsoldered header for ME Debug - could that disable sure start?
LOST is no longer an active forum member since Jan2021.