HP Prodesk 600 G3 AMT Enable KVM

I have this devices. By intel specification it support AMT. However kvm is not enable.
I do fpt -desc -d hp.bin and succesfully get file hp.bin.
After that I edit this file and save it as hp_fix.bin
Moreover, I get sucessfully get dump ftp -d hp_full.bin
An next step i look on ME:

E:\Soft\Intel CSME System Tools v11 r29\MEInfo\WIN64>MEInfoWin64.exe

Intel(R) MEInfo Version: 11.8.70.3626
Copyright(C) 2005 - 2019, Intel Corporation. All rights reserved.



Intel(R) Manageability and Security Application code versions:

BIOS Version P07 Ver. 02.31
MEBx Version 11.0.0.0010
GbE Version 0.1
Vendor ID 8086
PCH Version 0
FW Version 11.8.65.3590 H
Security Version (SVN) 3
LMS Version 1927.14.0.1305
MEI Driver Version 1931.14.0.1323
Wireless Hardware Version 2.1.77
Wireless Driver Version 20.70.12.5

FW Capabilities 0x593A1146

Intel(R) Standard Manageability - PRESENT/ENABLED
Intel(R) Capability Licensing Service - PRESENT/ENABLED
Protect Audio Video Path - PRESENT/ENABLED
Intel(R) Dynamic Application Loader - PRESENT/ENABLED
Service Advertisement & Discovery - PRESENT/ENABLED

Re-key needed False
Platform is re-key capable True
Intel(R) AMT State Disabled
AMT Global State Enabled
Intel(R) Standard Manageability State Enabled
TLS Enabled
Last ME reset reason Power up
Local FWUpdate Enabled
BIOS Config Lock Enabled
GbE Config Lock Enabled
Host Read Access to ME Enabled
Host Write Access to ME Disabled
Host Read Access to EC Disabled
Host Write Access to EC Disabled
SPI Flash ID 1 C84018
SPI Flash ID 2 Unknown
BIOS boot State Post Boot
OEM ID 00000000-0000-0000-0000-000000000000
Link Status Link Up
System UUID 0e781479-d74f-14c7-e1f2-d82aa45d135a
MAC Address f4-39-09-1d-f9-9e
IPv4 Address 10.0.16.115
IPv6 Enablement Disabled
IPv6 Address Unknown
Privacy/Security Level Default
Configuration State Completed
Provisioning Mode PKI
Capability Licensing Service Enabled
OEM Tag 0x00000000
Slot 1 Board Manufacturer 0x00000000
Slot 2 System Assembler 0x00000000
Slot 3 Reserved 0x00000000
M3 Autotest Disabled
C-link Status Enabled
Wireless Micro-code Mismatch No
Wireless Micro-code ID in Firmware 0x24FD
Wireless LAN in Firmware Intel(R) Dual Band Wireless-AC 8265
Wireless Hardware ID 0x24FD
Wireless LAN Hardware Intel(R) Dual Band Wireless-AC 8265
Localized Language Russian
Independent Firmware Recovery Disabled
EPID Group ID 0x2055
LSPCON Ports None
5K Ports None
OEM Public Key Hash FPF 0000000000000000000000000000000000000000000000000000000000000000
OEM Public Key Hash ME 0000000000000000000000000000000000000000000000000000000000000000
ACM SVN FPF 0x0
KM SVN FPF 0x0
BSMM SVN FPF 0x0
GuC Encryption Key FPF 0000000000000000000000000000000000000000000000000000000000000000
GuC Encryption Key ME 0000000000000000000000000000000000000000000000000000000000000000

FPF ME
— –
Force Boot Guard ACM Disabled Disabled
Protect BIOS Environment Disabled Disabled
CPU Debugging Enabled Enabled
BSP Initialization Enabled Enabled
Measured Boot Disabled Disabled
Verified Boot Disabled Disabled
Key Manifest ID 0x0 0x0
Enforcement Policy 0x0 0x0



Now is clear, what i have a Read permission, but do not have a Write permission. I need to set MB to test/service mode.
Someone, can me say (see attachment), what think HP when paint this subscribe? Where is “FDO” contact plate? If I set a jumper, computer started, but after 5 sec. go down. Shorting of first upper plates don’t give a effect.

Standard Manageability is Enabled which means that HP has disabled AMT for that machine/SKU via the CSME firmware settings. You can verify by dumping your current SPI image (fptw -d spi.bin), loading it into Flash Image Tool and checking the state of AMT related settings. Since you don’t have Write access, you’ll need to use the jumper (if that’s what it does) or a programmer, as explained at [Guide] Unlock Intel Flash Descriptor Read/Write Access Permissions for SPI Servicing. Once you have Write access, dump your SPI image, follow [Guide] Clean Dumped Intel Engine (CS)ME/(CS)TXE Regions with Data Initialization and adjust all AMT related settings as well in between steps 10 and 11.

Thanks. I’m already going this way. I already watched the full image and the AMT part there is really disabled in the settings.
I’m waiting for an order with the SPI programmer because the jumper doesn’t work.
Although I found several articles where this jumper worked on similar models and allowed the system to boot.
Apparently, HP has improved something in the protection of this model.
Well, I’ll be back when I experiment with the SPI programmer.

I took the programmer and read the chip. However, I ran into another problem, the files I read through the programmer and fpt are different. I suspect it is in the "ME Data Section" area. Can I write only the Flash descriptor through the programmer without writing the entire BIOS?

Not with the programmer. Do as I say above and the problem should go away.

I must have missed something. I tried to do everything according to your recommendations.
At the first stage, I have to read the full SPI through the programmer, change the access bits in FD, and then write this file by the programmer? I did it. Judging by https://files.homepagemodules.de/b602300/f39t3553p49758n8_ANSjkyiZ.png I have version 2-3. Files: Original Dump, Fixed Dump. After loading the fixed dump, the computer does not load. After loading Original dump, the computer tried to start several times and booted up normally with 5 times.
I suspect it’s a tricks of hp sure start…