HP Prodesk 600 G4 mini upgrade to full Intel vPro ME/AMT/KVM

Hi experts,

I’m trying to upgrade HP Prodesk 600 G4 mini to fully support Intel AMT vPro (KVM redirection).
System currently has Intel Standard Manageability, but since (from what I can see) both the processor (Intel Core i5 8500T) and chipset (Intel Q370) should support vPro, I assume that the only thing stopping full AMT support is the configuration of Intel ME.

I have read and researched multiple posts online including posts and guides in this forum but feel that perhaps I am missing some information.

The main problem seems to be how to enable system to boot without protection of changing ME settings.
There is an FDO (assuming Flash Descriptor Override) marked pin (2 pins) on the motherboard but shortening it does not allow system to boot, it simply kills Intel Management Engine and spins the fan indefinitely and the system does not POST.

Does anyone have any more information about how to boot HP Probook 600 G4 mini into FDO mode?

Or, in case I would need to go the SPI programmer route, can someone please recommend reliable USB programmer set that could reprogram this particular SPI EEPROM without de-soldering?
From the motherboard picture FW chip seems to be Winbond 25Q256JVFQ

Here is info from HWiNFO64 regarding current Intel ME status:

 [Current Computer]
  Computer Name:                          DESKTOP-BE3IBVK
  Computer Brand Name:                    HP HP ProDesk 600 G4 DM
Intel Core i5-8500T -------------------------------------------------------

 [General Information]
  Processor Name:                         Intel Core i5-8500T
  Original Processor Frequency:           2100.0 MHz
  Original Processor Frequency [MHz]:     2100
  CPU ID:                                 000906EA
  CPU Brand Name:                         Intel(R) Core(TM) i5-8500T CPU @ 2.10GHz
  CPU Vendor:                             GenuineIntel
  CPU Stepping:                           U0
  CPU Code Name:                          Coffee Lake-S
  CPU Technology:                         14 nm
  CPU S-Spec:                             SR3XD
  CPU Thermal Design Power (TDP):         35.0 W
  CPU VR Thermal Design Current (TDC):    74.0 A
  CPU Power Limits (Max):                 Power = Unlimited, Time = Unlimited
  CPU Power Limit 1 (Long Duration)/Processor Base Power (PBP):  (35.00 W) (28.00 sec) [Unlocked]
  CPU Power Limit 2 (Short Duration)/Maximum Turbo Power (MTP):  (60.00 W) (2.44 ms) [Unlocked]
  CPU Power Limit 4 (PL4):                60.0 W
  Configurable TDP Level 1 (Down):        25.00 W (Unlimited range), 1600 MHz
  Current Configurable TDP Level:         Nominal (Legacy) [Unlocked]
  CPU Max. Junction Temperature (Tj,max): 100 °C
  CPU Type:                               Production Unit
  CPU Platform:                           Socket H4 (LGA1151)
  Microcode Update Revision:              EA
  Number of CPU Cores:                    6
  Number of Logical CPUs:                 6

Motherboard ---------------------------------------------------------------

  Computer Brand Name:                    HP HP ProDesk 600 G4 DM
  Motherboard Model:                      HP 83EF
  Motherboard Chipset:                    Intel Q370 (Cannon Lake-H)
  Motherboard Slots:                      1xPCI Express x1, 2xPCI Express x4
  PCI Express Version Supported:          v3.0
  USB Version Supported:                  v3.1
  BIOS Manufacturer:                      Hewlett-Packard
  BIOS Date:                              04/16/2021
  BIOS Version:                           Q22 Ver. 02.16.00
  UEFI BIOS:                              Capable
  Super-IO/LPC Chip:                      Unknown
  Trusted Platform Module (TPM) Chip:     Present, version 2.0

Intel ME ------------------------------------------------------------------

 [ME Host Status]
  ME Current Working State:               Normal
  Manufacturing Mode:                     Not Active
  ME Current Operation Mode:              Normal
  Boot Guard Status:                      Enabled
  Boot Guard Verified Boot Policy:        Disabled
  Boot Guard Measured Boot Policy:        Disabled
 [Intel Manageability Engine Features]
  Intel ME Version:                       12.0, Build 1753, Hot Fix 81
  Intel ME Recovery Image Version:        12.0, Build 1753, Hot Fix 81
  Intel ME FITC Version:                  12.0, Build 1122, Hot Fix 7
  Intel AMT Version:                      12.0.81, Build 1753
  Intel AMT Applications Version:         12.0.81
  Flash Version:                          12.0.81
  Netstack Version:                       12.0.81
  Recovery Version:                       12.0.81, Build 1753
  BIOS Version:                           Q22 Ver. 02.16.00
 [ME Firmware Capabilities]
  Full Network Manageability:             Not Capable
  Standard Network Manageability:         Capable
  Manageability (AMT):                    Capable
  Small Business Advantage:               Not Capable
  Intel Integrated Touch:                 Not Capable
  Intel Anti-Theft:                       Not Capable
  Capability Licensing Service:           Capable
  Virtualization Engine:                  Not Capable
  Intel Sensor Hub (ISH):                 Not Capable
  ICC Over Clocking:                      Not Capable
  Protected Audio Video Path (PAVP):      Capable
  Network Frame Forwarder (NFF):          Not Capable
  Remote PC Assist (RPAT):                Capable
  IPV6:                                   Capable
  KVM Remote Control:                     Not Capable
  Outbreak Containment Heuristic (OCH):   Not Capable
  Dynamic Application Loader (DAL):       Capable
  Cipher Transport Layer (TLS):           Capable
  Wireless LAN (WLAN):                    Not Capable
  Platform Trust Technology (PTT):        Not Capable
  Near Field Communication (NFC):         Not Capable
 [ME Firmware Feature State]
  Full Network Manageability:             Disabled
  Standard Network Manageability:         Enabled
  Manageability (AMT):                    Enabled
  Small Business Advantage:               Not Capable
  MEI3:                                   Not Capable
  Intel Anti-Theft:                       Disabled
  Capability Licensing Service:           Enabled
  Virtualization Engine:                  Disabled
  Intel Sensor Hub (ISH):                 Disabled
  ICC Over Clocking:                      Disabled
  Protected Audio Video Path (PAVP):      Enabled
  Network Frame Forwarder (NFF):          Not Capable
  Remote PC Assist (RPAT):                Enabled
  IPV6:                                   Enabled
  KVM Remote Control:                     Disabled
  Outbreak Containment Heuristic (OCH):   Disabled
  Dynamic Application Loader (DAL):       Capable
  Cipher Transport Layer (TLS):           Enabled
  Wireless LAN (WLAN):                    Disabled
  Platform Trust Technology (PTT):        Disabled
  Near Field Communication (NFC):         Disabled
 [ME Firmware Platform Type]
  Platform Target Usage Type:             Desktop
  SKU:                                    Regular SKU
  ME Firmware Image Type:                 Corporate SKU Firmware
  Platform Brand:                         Intel Standard Manageability
  Host ME Region Flash Protection Override (HMRFPO) Status: Locked
System --------------------------------------------------------------------

  System Manufacturer:                    HP
  Product Name:                           HP ProDesk 600 G4 DM
  Product Version:                        
  Product Serial Number:                  xxxxxxxxxxx
  UUID:                                   {xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx}
  SKU Number:                             2YE28AV
  Family:                                 103C_53307F HP ProDesk

Mainboard -----------------------------------------------------------------

  Mainboard Manufacturer:                 HP
  Mainboard Name:                         83EF
  Mainboard Version:                      KBC Version 07.D1.00
  Mainboard Serial Number:                xxxxxxxxxxx
  Asset Tag:                               
  Location in chassis:                     

System Enclosure ----------------------------------------------------------

  Manufacturer:                           HP
  Case Type:                              Mini Tower
  Serial Number:                          xxxxxxxxxxx
  Asset Tag Number:                        

and here is output of MEInfo:

Intel (R) MEInfo Version:
Copyright (C) 2005 - 2022, Intel Corporation. All rights reserved.

General FW Information
    Platform Type                              Desktop
    FW Type                                    Production
    Last ME Reset Reason                       Global system reset
    BIOS boot State                            Post Boot
    Slot 1 Board Manufacturer                  0x0000103C
    Slot 2 System Assembler                    0x00000000
    Slot 3 Reserved                            0x00000000
    Capability Licensing Service               Enabled
    Local FWUpdate                             Enabled
    OEM ID                                     00000000-0000-0000-0000-000000000000
    Integrated Sensor Hub Initial Power State  Disabled
    Intel(R) PTT Supported                     No
    Intel(R) PTT initial power-up state        Disabled
    OEM Tag                                    0x00
    TLS                                        Enabled
Intel(R) ME code versions:                     
    BIOS Version                               Q22 Ver. 02.16.00
    MEBx Version                     
    GbE Version                                0.5
    Vendor ID                                  8086
    FW Version                        H Corporate
    LMS Version                                2130.1.16.1
    MEI Driver Version                         2306.4.3.0
    Wireless Hardware Version                  Not Available
    Wireless Driver Version                    Not Available
IUPs Information                               
    PMC FW Version                             300.2.11.1025
    LOCL FW Version                  
    WCOD FW Version                  
PCH Information                                
    PCH Version                                10
    PCH Device ID                              A306
    PCH Step Data                              B0
    PCH SKU Type                               Production PRQ Revenue
    PCH Replacement State                      Disabled
    PCH Replacement Counter                    0
    PCH Unlocked State                         Disabled
Flash Information                              
    SPI Flash ID 1                             EF4019
    SPI Flash ID 2                             Not Available
    Host Read Access to ME                     Enabled
    Host Write Access to ME                    Disabled
    Host Read Access to EC                     Disabled
    Host Write Access to EC                    Disabled
FW Capabilities                                0x59329146
    Intel(R) Standard Manageability - PRESENT/ENABLED
    Protect Audio Video Path - PRESENT/ENABLED
    Intel(R) Dynamic Application Loader - PRESENT/ENABLED
    Service Advertisement & Discovery - PRESENT/ENABLED
    Persistent RTC and Memory - PRESENT/ENABLED
End Of Manufacturing                           
    Post Manufacturing NVAR Config Enabled     Yes
    HW Binding                                 Enabled
    End of Manufacturing Enable                Yes
Intel(R) Active Management Technology -        
    Intel(R) AMT State                         Disabled
    IPv6 Enablement                            Disabled
    Configuration State                        Completed
    Provisioning Mode                          PKI
    M3 Autotest                                Disabled
    Link Status                                Link Up
    Localized Language                         English
    C-link Status                              Enabled
    System UUID                                ef7be2d2-1f48-8fe3-05a7-2fae3c2d00ec
    Wireless Micro-code Mismatch               No
    AMT Global State                           Enabled
    Intel(R) Standard Manageability State      Enabled
    Privacy/Security Level                     Default
Intel(R) Protected Audio Video Path            
    Keybox                                     Not Provisioned
    Attestation KeyBox                         Not Available
    EPID Group ID                              0x28C7
    Re-key needed                              False
    PAVP Supported                             Yes
Security Version Numbers                       
    Minimum Allowed Anti Rollback SVN          1
    Image Anti Rollback SVN                    12
    Trusted Computing Base SVN                 1
FW Supported FPFs                              
                                               FPF         UEP         ME FW
                                               *In Use
                                               ---         ---         -----
Enforcement Policy                             0x00        0x00        0x00        
EK Revoke State                                Not Revoked Not Revoked Not Revoked 
PTT                                            Disabled    Disabled    Disabled    
OEM ID                                         0x00        0x00        0x00        
OEM Key Manifest Present                       Not Present Not Present Not Present 
OEM Platform ID                                0x00        0x00        0x00        
OEM Secure Boot Policy                         0x404       0x404       0x404       
CPU Debugging                                  Enabled     Enabled     Enabled     
BSP Initialization                             Disabled    Disabled    Disabled    
Protect BIOS Environment                       Disabled    Disabled    Disabled    
Measured Boot                                  Disabled    Disabled    Disabled    
Verified Boot                                  Disabled    Disabled    Disabled    
Key Manifest ID                                0x00        0x00        0x00        
Persistent PRTC Backup Power                   Enabled     Enabled     Enabled     
RPMB Migration Done                            Disabled    Disabled    Disabled    
SOC Config Lock                                Done        Not Done    Done        
SPI Boot Source                                Enabled     Enabled     Enabled     
TXT Supported                                  Disabled    Disabled    Disabled    

ACM SVN FPF                                    0x00
BSMM SVN FPF                                   0x00
KM SVN FPF                                     0x00
OEM Public Key Hash FPF                      0000000000000000000000000000000000000000000000000000000000000000
OEM Public Key Hash UEP                      0000000000000000000000000000000000000000000000000000000000000000
OEM Public Key Hash ME FW                    0000000000000000000000000000000000000000000000000000000000000000
PTT Lockout Override Counter FPF               0x00

NIC should be i219LM, not i219V, seems no WLAN card.

8- pin SOIC clip getting it to fit properly is often a pain in the beginning, never used 16 pin, but it’s described more difficult to get good contact.

There might be other jumpers / pads, sometimes these might have other functions as indicated on the board.
Not read any reports for this specific machine type, though.

Reddit - https://i.redd.it/y1gbu75fsir81.jpg

1 Like

Yes, NIC is i219LM so should be fine there.

Good info in that Reddit thread - I’ll look into this - thanks.