![[-]](https://www.bios-mods.com/forum/images/black/collapse.png "[-]")
Hey everyone,
I have a probably rather complicated problem. I have a HP Pavilion 500-549ng Desktop PC, which is affected by the newest Spectre security vulnerability. Though HP did supply an updated BIOS, I cannot install it! I suspect the reason is that HP changed the version number scheme, and therefor the update routine refuses to install the newer version number, because it actually thinks that this number is lower.
But let me explain more: I downloaded the BIOS update from here: http://ftp.hp.com/pub/softpaq/sp84001-84500/sp84453.exe
The description for the update is found here: https://support.hp.com/de-de/drivers/selfservice/swdetails/hp-pavilion-500-500-desktop-pc-series/7477729/model/8902926/swItemId/cp-202533-1
After I installed the update, my BIOS actually did some update. But as it turned out, it just got updated to 80.08, not A0.15, as shown in the release notes. I noticed in past BIOS updates that the version information was not correct, but I didn't think of any. Only now with the Meltdown&Spectre situation did I also investigate the CPU microcode. As the Microsoft checktool for Meltdown&Spectre showed me my PC was still vulnerable, I investigated more, and I found out that the microcode is still at a much older revision.
So, I looked at the update package, and strangely it comes with two different updates! If I extract the update file, I get two update-EXEs, one ME2_8008.exe, and one ME2_A015. But if I try to install the ME2_A015, the PC will reboot into BIOS and everything, but then complains that the image file did not pass validation. First of, if I download any other firmware update for HP computers, they only contain one BIOS update. Second, HP did change the versioning scheme from 80.0x to A0.xx. I therefor assume that the update program doesn't recognize that A0-versions are newer, and downgrades are not allowed, due to SMI(?) security checks.
Also, if I open the .bin-files for the update in AMIBCP, the board version and revision are identical. So both versions do seem to be correct for my board. If I go to "DMI tables"->"BIOS information", I see the following in the right pane:
1 AMI
2 80.08
3 04/17/2017
and for the newer BIOS I see the following:
1 AMI
2 4.6.5
3 12/19/2017
Here, the BIOS versions with 80.0x numbering all show the corresponding number under (2). But all A0 versions show the same 4.6.5 under (2).
If I go to tab "BIOS Features", major and minor version all show the corresponding (with major being 80, or A0, and minor being 06, 07, 08, or 11, 12, 14, 15...).
So, what to do now? Is there a way to remove the SMI security check? I was thinking about "patching" a newer BIOS to have the same versioning scheme as the old ones, and increase it a little bit. But I assume there will be a signature check as well (which would fail).
Or is that a feasible approach?
I would even go in there with an SPI programmer of some sort (I have a TL866CS). But I'd rather do it without.
Ah, it's a Memphis2-S board by Pegatron, IH87 chipset: https://support.hp.com/my-en/document/c04648625
Thank you and sorry if I posted in the wrong forum.
I have a probably rather complicated problem. I have a HP Pavilion 500-549ng Desktop PC, which is affected by the newest Spectre security vulnerability. Though HP did supply an updated BIOS, I cannot install it! I suspect the reason is that HP changed the version number scheme, and therefor the update routine refuses to install the newer version number, because it actually thinks that this number is lower.
But let me explain more: I downloaded the BIOS update from here: http://ftp.hp.com/pub/softpaq/sp84001-84500/sp84453.exe
The description for the update is found here: https://support.hp.com/de-de/drivers/selfservice/swdetails/hp-pavilion-500-500-desktop-pc-series/7477729/model/8902926/swItemId/cp-202533-1
After I installed the update, my BIOS actually did some update. But as it turned out, it just got updated to 80.08, not A0.15, as shown in the release notes. I noticed in past BIOS updates that the version information was not correct, but I didn't think of any. Only now with the Meltdown&Spectre situation did I also investigate the CPU microcode. As the Microsoft checktool for Meltdown&Spectre showed me my PC was still vulnerable, I investigated more, and I found out that the microcode is still at a much older revision.
So, I looked at the update package, and strangely it comes with two different updates! If I extract the update file, I get two update-EXEs, one ME2_8008.exe, and one ME2_A015. But if I try to install the ME2_A015, the PC will reboot into BIOS and everything, but then complains that the image file did not pass validation. First of, if I download any other firmware update for HP computers, they only contain one BIOS update. Second, HP did change the versioning scheme from 80.0x to A0.xx. I therefor assume that the update program doesn't recognize that A0-versions are newer, and downgrades are not allowed, due to SMI(?) security checks.
Also, if I open the .bin-files for the update in AMIBCP, the board version and revision are identical. So both versions do seem to be correct for my board. If I go to "DMI tables"->"BIOS information", I see the following in the right pane:
1 AMI
2 80.08
3 04/17/2017
and for the newer BIOS I see the following:
1 AMI
2 4.6.5
3 12/19/2017
Here, the BIOS versions with 80.0x numbering all show the corresponding number under (2). But all A0 versions show the same 4.6.5 under (2).
If I go to tab "BIOS Features", major and minor version all show the corresponding (with major being 80, or A0, and minor being 06, 07, 08, or 11, 12, 14, 15...).
So, what to do now? Is there a way to remove the SMI security check? I was thinking about "patching" a newer BIOS to have the same versioning scheme as the old ones, and increase it a little bit. But I assume there will be a signature check as well (which would fail).
Or is that a feasible approach?
I would even go in there with an SPI programmer of some sort (I have a TL866CS). But I'd rather do it without.
Ah, it's a Memphis2-S board by Pegatron, IH87 chipset: https://support.hp.com/my-en/document/c04648625
Thank you and sorry if I posted in the wrong forum.
![[Valid RSS]](valid-rss.png "Validate my RSS feed")