Is it me that just thinks this is weird?

[thestraycat]

I was hoping to talk to you directly superthunder but couldnt find any contact details, so excuse me for posting this here, it's a little bit of a cross-post due to the fact i originally added it to the win-raid.com forums.

I have a Z820 (v1) running the earlier 2011 bootblock. (A few of them actually.) I havnt purchased any v2 CPU's purely because of the bootblock on half of my workstations being 2011.

I wanted to know what you thought about the following:

In the release notes of BIOS 3.05 for the Z820 there is a note that states that this BIOS upgrades the bootblock. Picture attached.

I've actually attempted downgrading to v2.05 and then upgrading (via dosflash and in the bios using a usb stick) the bios from 2.55>3.05 with E14 jumper on to override the bootblock protection in hope that there is something a little special about bios 3.05 that may have been removed in later BIOS's due to HP back pedalling on this update. However there was no change to the bootblock date.

It got me thinking ...

1. That the mechanism to update the Bios from within itself dosnt support writing to the bootblock during internal flashing and that the only way that the bootblock was intended to be updated during the 3.05 update was to use a pre-packaged HP version of dosflash.exe and hpqflash.exe that could do it. But perhaps in the final moments of releasing bios 3.05 either HP negligently packaged it with the usual standard versions of dosflash and hpqflash or purposely went back and ammended the softpaq archive within a few weeks and removed the working applications from the softpaq after changing their mind on the decision. But then negligently decided to leave in the changelog that this version is ment to update the bootblock!

2. Maybe flashbin.exe can do it? is older but cant find any release notes on it to see whether it has any switches to write a bootblock.

3. It seems to me that this is perfectly doable in software as it was all but practically inferred by HP on the HP forums:

4. There are a few references to a redhat/suse firmware updater that HP detail in some of their release notes that was made by them for flashing their BIOS's on Linux, maybe this dosnt have the same limitations of the dos/windows flashing mechanisms?

Are we just using the wrong flashing tool?

I've read nearly every post on the subject accross the internet and have a hard time believing that the only fix to update the bootblock is to dump and write it back to the chip via hardware bios flashing. Makes no sense that the release notes hint that the BIOS is ment to do this in software alone. And there are plenty of references of lenovo/hp/dell flashing their bootblocks via microcode and bios software updates. It's really cool that it can be done in hardware, but it limits the reach of the potential to the other 99% of people who will never attempt the modification and it's such a shame knowing that there was apparantly a safer further reaching method that was hidden away or obscured after release. Even today so many people could benefit hugely from it.

I'm totally suprised that no one even attempted to pull HP up on this, it seems that everyone just kind of went "Oh well, it dosnt work..." after buying 2695v2's to stick in their Z820's! It's crazy.

What do you think? If you need any details on the above i've got it all.

[SuperThunder]

Hello,

It's been a little while since I've looked at this so I may have forgotten some of the details.

Although the BIOS update .bin contains the whole bootblock, only parts of it are actually flashed. As you've discovered, even with the jumper enabled it won't flash the boot block. As far as I could tell this was due to new security requirements that stated something like the boot block should never be modifiable by software.

As you've seen, the documentation for E14 states it should override boot block protection, but it doesn't. My Z620 has too much running on it now to do any more experiments myself, but a while ago I did try to do software flashing with E14 jumper on and was not able to make it work in FreeDOS or Linux.

In late 2019 I did a lot of reading of the original 2012/2013/2014 forum threads and it seemed HP, Lenovo, and Dell all genuinely planned to offer boot block upgrades but then something changed, probably with Intel, so they couldn't. It does seem like if they only changed their mind in 2012/2013 then earlier BIOS versions should still have the capability. Even flashrom (Linux) couldn't write to the boot block region, so something at the BIOS / motherboard level is preventing access.

My planned next step was to hook up a logic analyzer to the SPI flash chip and see what happened when trying to flash with ME disabled and E14 on, but I ran out of time in the end.

[thestraycat]

Thanks for the reply and yes i totally agree with all that you wrote.

My main reoccurring assumption is that the BIOS release notes wouldn't have mentioned the fact that the BIOS update was ment to update the bootblock if it wasnt possible as it wouldnt ever have made it to the release notes. In the same way that the E14 jumper would never have made it to the PCB if it didnt do anything. I've noticed that other boards from other vendors have strange little mechanisms and back doors to being able to use the bootblock override like disabling the soundcard via jumper setting or bridging or removing a seemingly unrelated jumper as a prerequite to bootblock flashing.

I still fully believe that these boards are fully software flashable. And that that the secrets are still out there.

I know HP laptops and the HP blade series and rackmount server have offered up bootblock updates via the HP support pack CD's in the past for many models with the support pack cd's usually being just a collection of softpaq drivers stuffed together wrapped up in a bootable environment) so there's no chance in my mind that the Z series workstation boards were made so differently that this would also not be possible if HP had ever released the tool to do it. Chances are the tool is likely not proprietry to HP and exists in the wild from another vendor.

Very frustrating! What do you think?

[SuperThunder]

While it does seem probable that HP intended for there to be some way to update the boot block, no one has found it in almost 10 years of looking so it seems unlikely to me it is within easy reach. It would probably take a study of how the BIOS code and southbridge chipset (PCH) actually read and write the SPI flash to figure out conclusively if the boot block can or cannot be flashed. Since non-HP tools like flashrom can't access the boot block region from Linux, even with all jumpers set (BB override, ME disable), it would seem there is still some BIOS or chipset limitation to writing to that region that may be in firmware and probably also not circumventable. Someone with significant knowledge of how BIOS updates happen at a firmware/hardware level could probably figure out how to write to the boot block region or conclusively explain why it won't happen (eg a cryptographic key from HP is needed).

[thestraycat]

True. All good points.

My money is on a different combination of unrelated jumpers having to be set on and off to fully disconnect writing the bootblock followed by a straight forward BIOS update at worst with a mofified version of HPQflash, i'd expect in the final moments HP decided against releasing the jumper configs prior to giving away inhouse secrets that could be used on other server/workstations in their catalog. I cant see how and why the mention of the bootcode update would have ever made it as far as release notes otherwise if this wasn't user servicable, at the release notes part of the BIOS release all the works been done and a txt files being throw into the downloadable archive. i cant see them releasing a different tool (other than a modified HPQFlash version in that softpaq release of Bios 3.05 for the only reason that they never seem to have ever had to when their laptops/servers got microcode and bootblock updates in the past. Seems too weird to have got as far as the release notes and bottled it :)

[corrreia]

By this point is a thing of the past, but recently I got my hands on a free z620, and I wonder if there are any updates or easy ways to change the boot block date. Thanks in advance.