HP – Critical Update! ME Firmware and BIOS Updates Required to Avoid System Board Replacement

Standard

Background

Recently HP released an advisory for many of their enterprise desktop, laptop and workstation devices with an interesting title:

Advisory: HP Commercial and Workstation Skylake-based PC’s (6th Gen Intel Core Processors ) – Critical Update! ME Firmware and BIOS Updates Required to Avoid System Board Replacement

Wow, a firmware update to avoid system board replacement!  Symptoms of the issue include:

  • No POST
  • No video
  • No fans run
  • Only one LED lit on the system board

We have 1,000s of these devices so something needed to be done.  Incidentally another HP advisory  HP Elite Slice, EliteDesk 800 G2, EliteOne 800 G2, ProDesk 600 G2 DeskTop Mini, SFF and Non-Touch All-in-one PCs – System Fails to Get a DHCP IP Address After Resuming From Sleep (S3) Mode is also resolved by updating the ME firmware so this fix will resolve both issues.

Deploying the Firmware with ConfigMgr

HP have a useful SCUP catalogue for their enterprise updates.  Unfortunately it does not contain these ME firmware updates so the work needs to be done manually.

First we need a collection to deploy the update to.  Although this affects many models I am only concerned with EliteDesk 800 G2.  With that in mind I have a collection which contains all machines of this model using this query statement:

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,
SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,
SMS_R_SYSTEM.Client from
SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on
SMS_G_System_COMPUTER_SYSTEM.ResourceId = SMS_R_System.ResourceId where
SMS_G_System_COMPUTER_SYSTEM.Model LIKE "HP EliteDesk 800 G2%" and
(SMS_G_System_COMPUTER_SYSTEM.Manufacturer = "Hewlett-Packard" or
SMS_G_System_COMPUTER_SYSTEM.Manufacturer = "HP")

Now we have a collection to target we’ll make the package:

Download the ME firmware package from HP (link is in the advisory).  Run it to expand the sp to a new folder.  Copy this folder to wherever you keep your ConfigMgr package source files.  If you want to conserve some space (every little helps) remove the pdf, html and bmp files as you won’t need them.

hpextract

HP Provide a batch file with the syntax to run the update so we’ll just use that.  Within the SP78318\Update Utility\Local-Win\ folder you’ll find Update.bat and Update64.bat.  I am only concerned with Update64.bat as I’m running 64-bit OS.  Edit the batch file to remove the @pause from the end so that the script exits correctly.

Create the package and program as follows:

Deploy this program to your clients and all will be resolved.  The update doesn’t ask for a reboot (or at least hasn’t when I’ve deployed it) so safe to run at any time.  The FW level will not be reported as updated until after a reboot.

A BIOS update is also available, which contains the ME firmware.  These are available in SCUP but you won’t be able to deploy using SCUP if you have a BIOS password set.  You would need to follow a similar procedure to above to manually deploy the BIOS update using an encrypted password file.  For me at least with W10 1607 the latest HP BIOS update for an EliteDesk 800 G2 causes a BSOD if applied from Windows so I’m avoiding it for now…