here the v2.72 and v2.30 bios part FIT info.
the SYSTEM-25Q128FVSGMOCFeatTest.7z bios can’t boot with the error
the SYSTEM-25Q128FVSGMRBSUTest.7z bios can boot and see more info
@carson512 - Yes, that is broken FIT table in both, incorrect microcode offset in the FIT table causes that blank entry (We can fix).
Thanks for test result, the code/info does not help me, and I did not use invalid opcode, so not sure what it’s referring to? I could however do the same edit a few alternate ways, but kinda waste of time due to >>
But, that is platform edit anyway, so not visible to you now that I’ve seen BIOS images now, so we don’t need to worry about this one further.
So, now we know edits to RSBU can be made and function properly, please look over IFR output from those setups and let me know if anything missing that you need to be visible, or any of that can help with what you originally wanted etc?
I cannot make items in platform visible, only what’s in RSBU can be made visible (if hidden)
The RSBU menu is enough.May be in the bios menu need use specially key to open the Platform menu.I can use IFR and RU.tool to do the same.Really appreciate for that.
Now is the microcode remove which is the originally wanted.
1. I try to change the HEX that CPUID of microcode.Than use UEFI Tool 57 shows:
is there a way to calculate the checksun…
2. I try to use UEFI tool 0.28 to extract 197DB236-F856-4924-90F8-CDF12FB875F3 to a raw fil which have microcode.remove the all 306F2 part from the raw file.than replace the bady.A new rom here.
Than use UEFI Tool 57 to open the new rom which FIT and Secuity info all gone…Is the UEFI Tool error?Or the FIT table error.
Which way is easier or need specified version UEFI TOOL to replace.
Is there a possibility that replace the Bios Region with other C612 board?
I found the supermicro have the two cpus board…But it’s bios region is 12M larger than 8M.
zip it to 8M or change the desp to use the entire 16M chip
which it easy?
There is several ways to remove microcode generally, for that kind of mod. Remove only microcode itself, or remove the entire microcode module, or remove only the microcode entries and leave the header of the module, which are you doing?
And, what tool are you using to do the actual edit? To fix checksum you mentioned is easy, but if you remove microcode there would not be any checksum shown by UEFITool 57, since that long microcode checksum like you showed above is part of the actual microcode.
In this BIOS, microcodes (x2) are located in 8C8CE578-8A3D-4F1C-9935-896185C32DD3 >> 197DB236-F856-4924-90F8-CDF12FB875F3 as you mentioned, there is two of these volumes in the BIOS so you need to edit both same/same
And yes, FIT always needs corrected after you edit microcodes for sure, and often any other BIOS edit too. FIT was broken by default in this BIOS, and incorrectly setup too if the offsets were even correct to begin with (which they are not)
FIT needs entry count increased to 2 microcodes by default not one, and then correct microcode offsets added. If you are removing microcodes, then you need to decrease total entry count by one (so remove original single microcode entry value)
And then fix offsets of all other items in the FIT table via straight hex edit on entire BIOS as a whole.
So you want BIOS with 306F2 removed and FIT fixed? If yes, I can make for you from the dump you sent me. Don’t use UEFITool 28, it breaks this BIOS, and removes padding at PEI volumes on rebuild
Sorry, didn’t see your other reply until I posted the above. No, you can’t replace BIOS region from one board to another, too many things differ between boards for stuff like that usually (rare occasions maybe)
* Edit @carson512 - here is BIOS including mods I already did for you + 306F2 removed and FIT table fixed for microcode entry (so you will see fixed entry for microcode now, but only 406F1 is there)
Additionally included is BIOS with fixed FIT table on BIOS that includes both original microcodes, so you can see how FIT Table should have been initially from HP
http://s000.tinyupload.com/index.php?fil…215321482320073
here is the test result:
MRBSUTestUEFI25306F2REMFITFix.bin can’t boot with tha same error that i remove the microcode…
SYSTEM-25Q128FVSGMRBSUTest-FITFixed.bin can boot normal.Check the debug log with the backup bios.Look like the same.
here is the end part of debug log with first one MRBSUTestUEFI25306F2REMFITFix.bin
here is the normal boot log near
that may the key is ‘Loading PEIM at 0x000FFFBDC40 EntryPoint=0x000FFFBF870 HpSecPhaseErrorReportingPei.efi’
and try to use IDA with this efi file
change that ‘jz’ to ‘jnz’
than make other error.
Maybe the HpSecPhaseErrorReportingPei just a error handler module? The code 275 was pass to the HpSecPhaseErrorReportingPei?
@carson512 - SYSTEM-25Q128FVSGMRBSUTest-FITFixed.bin is same BIOS I sent you already at post #12, but with FIT Fixed for both microcodes, so you can see how it should look in UEFITool NE
Other BIOS = fail, this means your system cannot boot without microcode for the CPU, not all can and this must be one of those. Does the board have a service or management jumper? If yes, try that BIOS again with jumper in place and see if that matters or not.
Not sure on the assembly, if that would help or not I mean, if you want to bypass all that, I’d change that JZ to JMP >> hex >> 74 37 >> EB 37, so flow them becomes as you see below
There is two modules “HpSecPhaseErrorReportingPei”, Edit both and make the edit via direct hex editing on entire BIOS as a whole, that way PEI volume does not get rebased.
Check post-edit file in UEFITool NE and make sure you don’t then need to correct checksum for those two modules, if so re-edit via direct hex on BIOS as a whole.
there is a System maintenance switch On board. I try MRBSUTestUEFI25306F2REMFITFix.bin with change Reserved SW(S3,S4,S8,S9,S10,S11,S12) to ON.Nothing changed…still show the ‘unsupported’ error.
in the debug log :
S3、S4、S12 add one log ‘Maintenance Switch** is set.’
S4 may change the debug log level. add some like 'Loading PEIM at 0x000FFF97FC0 EntryPoint=0x000FFF98B78 HpStatusCodeHandlerPei.efi ’ in the log
at this phase can’t find nothing different.
there is 4 jumpers with pins. two of them is the COM pin(RX TX GND VCD),One is NMI functionality jumper(An NMI crash dump creates a crash dump log before resetting a system which is not responding.).One is just 3 pins near ME rom One GND and two 3.3V,and not mention in the guide.
with the debug log is loaded 13 modules before the unsupported error
The microcode check must in this module.
Is that possible use IDA to chek which module call the HpSecPhaseErrorReportingPei.efi to show the unsupported error or just HpSecPhaseErrorReportingPei.efi itself.
use winhex to edit the bios file directly 74 >> EB
the system boot without the ‘unsupported’ error and continue the progress.
until the red screen show ‘PiSmmCore+00BA8Eh RIP address out of range’ error same as jnz or remove the HpSecPhaseErrorReportingPei module.
but i realize that jmp is much better than jnz when the cpu change …
The PiSmmCore is the modulethat load all SMM module?
And searching the rom just PiSmmCpuDxeSmm module with the ‘RIP address out of range’ string and a SMM module.
here is the part debug log with ‘EB’bios
here is the part debug log with normal bios
before ‘SMM IPL closed SMRAM window’ this line. the log seem the same.
in normal boot next progress is to load the EF827D89-960E-485B-9D0F-2850E6CB2BB0 which is HpstatusCodeHandlerSmm
is that possible that the HpStatusCodeHandlerPei call the HpSecPhaseErrorReportingPei than HpstatusCodeHandlerSmm couse the RIP address out of range error.
All log in the zip file below.
by the way.i just think the two bios region was stand alone. Beacuse just change the firest 8M bios part will effect.Unless in the bios menu to change the backup rom…Maybe the FIT will looks good after cut.
debuglog.zip (322 KB)
Maybe test that jumper and see on/off what happens, or is it maybe ME FW disable etc?
Sorry, I can’t help with the logs or assembly, I know very little in this area. Maybe @Mov_AX_0xDEAD or @CodeRush could advise here, I think maybe they are only ones I know that knows this much about assembly/BIOS
Yes, sorry, I forgot only one part of the BIOS applies to your system, so only one needs edited 
No, I checked, remember, you sent me partial/split BIOS, FIT is broken still there too.
test all three pins.With jumper one 2 pins the system can boot like press the power button…
i will try to update the bios from hpe web and compare the bios later.make sure the FIT is broken or hp’s doing…
I just found in UEFItool File GUID: AAE07B90-4CF8-5986-AD2A-48B72CAB98A8.
there is a pad-file.What this file use for? I saw “Header checksum: E8h, valid Data checksum: AAh, valid”.When i change the ‘jz’ to ‘jmp’ this checksum don’t change. is that possible the error couse by the checksum?
AAE07B90-4CF8-5986-AD2A-48B72CAB98A8 should not be edited using tools, due to being in PEI Volume, only direct hex edited changes on the entire BIOS as a whole.
I did the edit with tools, and SH + Rebuild those modules, to check about the checksum for you, and that does not change on rebuilds, so that is normal/expected and would not be the cause of any error here.
About the jumper, I don’t understand what you mean? position 1-2, what happens, position 2-3, same? Boot to windows or BIOS with either, and see if ME FW disabled, and test if you can dump FD with FPT and write it back or not (FPTw.exe -desc -d fd.bin >> FPTw.exe -desc -f fd.bin)
Also, I meant to test these with the mod BIOS I sent you (With microcode removed), once you find which one boots OK, or both etc.
the jumper thing.position 1-2 just like the power on pin funtion the system boot up.position 2-3 press the power button nothing change cpu fan even not run.Nothing about the ME.
Than i use this tool https://github.com/corna/me_cleaner close ME.than use MRBSUTestUEFI25306F2REMFITFix.bin and jmp one still can’t boot with unsupported error or RIP error.
how to check the ME funtion been closed or not.
I try to clear the cmos and nvram than reflash the webdownloaded bios.The same with the backup one "SYSTEM-25Q128FVSG.bin".So the FIT error maybe the hp’s problem.
Than I found the S3 S4 was the debug log funtion switch.
With S12 is shows
On screen and debug log.
But when SW12 os ON with the microcode removed bios MRBSUTestUEFI25306F2REMFITFix.bin can’t boot either.still the unsupported error.
-----------------------------
Was this bios a EDK2 base UEFI ROM?
@carson512 - ME Cleaner should not be used here, please PROGRAM back some non ME Cleaner edited BIOS.
Yes, FIT error can be HP issue, some manufacturers do not care/pay attention etc.
S12 - “Certain Security Protections” that is what we want to override to use FPT I bet But you have programmer, so none of that matters really.
EDK2, I have no idea what that is or if this is that, sorry.
Best to maybe just used known supported CPU, at stock unedited specs? Unless DeathBringer has time and can help on this one
@DeathBringer - Can you help here, BIOS need to modify is SYSTEM-25Q128FVSG.bin in post #4, or last link on post #12 for menu edited BIOS we’ve been using
Need to make Max Turbo edit, and or make BIOS bootable for 306F2 microcode removed (or is this system not one that can boot with no microcode?)
Unlocking mods aren’t interesting to me.
ok i will program back the ME bios.
there is a GUID: 1BA0062E-C779-4582-8566-336AE8F78F09 which subtype was ‘SEC core’ in UEFITOOL.
with the error moudle HpSecPhaseErrorReportingPei name. maybe the SEC part find a error and show by the moudle.
So use IDA to check the SEC core PE32 img.
there is a cpuid check.
change the jnz 75 to jz 74
but can’t boot with blackscreen…
any idea…
--------------------
still thanks for you help.
@carson512 - Are you wanting to -
1. Make it avoid >> manufacture’s diagnostic checkpoint (POST code) and end up at >> movd esi, mm3
OR
2. Make it definitely go to >> manufacture’s diagnostic checkpoint (POST code)
If #1 is goal >>
At loc_FFFFEBDC >> Change JNZ >> 75 15 >> Change to >> 75 00
At loc_FFFFEBE8 >> Change JNZ >> 75 0D >> Change to >> 75 00
At loc_FFFFEBF0 >> Change JNZ >> 75 05 >> Change to >> 75 00
IF #2 is goal >>
At loc_FFFFEBDC >> Change JNZ to JMP >> 75 15 >> Change to EB 15
change as #1 goal way.
But still unsupport…maybe not the funtion we want
I check all the SecCore
there is 8 times ‘cpuid’ usage:
with the ‘cpuid’ info https://en.wikipedia.org/wiki/CPUID the key is eax value.
when eax=1 use ‘cpuid’ will return Processor Version Information in eax with ‘Family ID’ 'Stepping ID’an etc…
in those place
1.eax,1
2.eax,[ebp+arg_0] (can’t understand what "[ebp+arg_0]" for. )
3.eax,eax (maybe eax is ‘0’ with IDA F5 key in loc_FFFFEA38,also the last time changed zone,and than check the ebx,ecx,edx with 1970169159,1818588270,1231384169,what this str mean… ))
4.eax,1
5.eax,1
6.eax,1
7.eax,0
8.eax,0Bh(with the wiki maybe the Intel thread/core and cache topology)
so the key may in 1,4,5,6 and 2…
Sorry, I can’t help or understand any of the above, I know very little assembly 
Maybe @dsanke can help - BIOS need to modify is SYSTEM-25Q128FVSG.bin in post #4, or last link on post #12 for menu edited BIOS we’ve been using
Need to make Max Turbo edit, and or make BIOS bootable for 306F2 microcode removed (or is this system not one that can boot with no microcode?)
Hi all,
This is the most advanced thread on Proliant bioses, so I will this one.
Issue:
Proliant servers have IPMI (which has some Matrox chip for video output) and as result, the Intel iGPU is disabled. One can install a video card in PCIe slot, but it’s a tough choice if you have only one slot.
Question:
I have Proliant Microserver Gen8 (non-UEFI) and would like to enable iGPU (at least, media transcoding part). What should be done for that?
@Lost_N_BIOS : could you please give an advice?
If I understand correctly, I have to take SPI programmer like carson512 and copy the bios. Then, add vBIOS and somehow enable it, and flash the board bios back?
Also, I found this answer on HPE site (I have Gen8, not Gen10 Plus, but the principle is similar):
What is relation between SPS firmware and video bios? Why can it be part of the SPS?
From the other hand, I also have seen a case, in which Asrock engineers added Quick Sync capability at customer request - so, that should be possible.
P.S.:
Got a feedback that on my MB, there are two phases for Vcore, one for Vccsa, and zero for Vccgt - i.e., no power supply for iGPU. So, any bios trick is not gonna do anything 