Revision History N21 ROM Family Models Supported: HP EliteDesk 800 G2 DM 65W Business PC HP EliteDesk 800 G2 DM 35W Business PC HP MP9 G2 Retail System Version 2.45 - Fixes issue where system spends much time when resume from hibernation if connected with NVMe drive with legacy OS. - Fixes issue where system BIOS fails to be updated and reported ""Failed to determine if new BIOS is available"" if without setting of Proxy Server in F10 setup interface. - Updates the CPU microcode for Intel processors to 0xD6. PCR0(TPM1.2) = 1B6EEA86FB9D36E404E1DE9B308CF41206745E3E PCR0(TPM2.0 SHA1) = 217D32E94077C03914B1B08B3C25837B12873336 PCR0(TPM2.0 SHA256) = 09747DFA4B7A813186F46086C7330EAB873E2729ADC5031AEF620FFDE057E73F Version 2.44 -Fixes issue where specific SanDisk USB drive is not listed in F9 Boot Menu. -Adds a feature "Native OS Firmware Update Service" in F10 setup interface to enable/disable firmware update via Window Update service. -Updates SuperIO firmware to v4.13.29 for stability enhancement. -Enhancement to address security vulnerabilities CVE-2019-0124. -Enhancement to address security vulnerabilities CVE-2019-0123, CVE-2019-0117, CVE-2019-11135, CVE-2019-11139. -Enhancement to address security vulnerabilities CVE-2019-0185, CVE-2019-0154. PCR0(TPM1.2) = 58CB355EC040A17D7AB06F1C964B59EFE46185E4 PCR0(TPM2.0 SHA1) = 0F6F182DE34DE5903A72C5BF1812A1E359398B52 PCR0(TPM2.0 SHA256) = 6F4EC202A077191595412B4FCE7283CE4C97F8FC13245067B9EA6D0A5C57810B Version 2.43 -Fixes issue where specific SanDisk USB drive is not listed in F9 Boot Menu. -Adds a feature "Native OS Firmware Update Service" in F10 setup interface to enable/disable firmware update via Window Update service. -Updates SuperIO firmware to v4.13.29 for stability enhancement. -Enhancement to address security vulnerabilities CVE-2019-0124. -Enhancement to address security vulnerabilities CVE-2019-0123, CVE-2019-0117, CVE-2019-11135, CVE-2019-11139. -Enhancement to address security vulnerabilities CVE-2019-0185, CVE-2019-0154. PCR0(TPM1.2) = 73F3E40C32620797E39D21DF7BBFE6182819E684 PCR0(TPM2.0 SHA1) = EBCB1A4E38A8F13B02AC77579BEDBA9501C62A14 PCR0(TPM2.0 SHA256) = 949DE7EAACAB46A51DA3B6196DEFC4131942A705D1328B62CA549C348F2DB3D8 Version 2.42 - Enhancement to address security vulnerabilities PSR-2019-0138 PCR0(TPM1.2) = 9EECED9A28D2D4872F3D662BA5A77DFCD9B8A8B0 PCR0(TPM2.0 SHA1) = 6934831A76FAA508828A1A4DCD10943D1926F1FA PCR0(TPM2.0 SHA256) = A258382E0874F716337E118DC557CC3F5F07C239AAA79FA0C30F02774653750B Version 2.39 -Fixed issue where Automatic DriveLock password is not following with BIOS Administrator password when HDD is moved to another unit. -Fixed issue where "legacy bootable option" is not listed in F9 when powering on unit with "USB to RJ45 dongle" and "USB flash disk" attached -Locks power button function during TPM firmware update process to avoid firmware corruption. -Enhancement to address security vulnerabilities CVE-2018-12126, CVE-2018-12127, CVE-2018-12130. -Enhancement to address security vulnerabilities CVE-2018-6622. PCR0(TPM1.2) = 6377B9064337357B8555E9E7091395BFA281F587 PCR0(TPM2.0 SHA1) = 047DA8E0D78C7886270EC01C5CBD243007F0C02E PCR0(TPM2.0 SHA256) = 801B6C91621CDBBF67DBEC110469E09AA3DDFE90D9CF16CC692F777BB4DDD056 Version 2.37 -Fixed issue where Win7 OS cannot be installed successful after executing "Secure Erase" on Toshiba SSD KBG30ZMV256G. -Fixed issue where system cannot enter the Startup menu when choosing restart Windows to the firmware UI. -Fixed issue where no bootable device found (3F0) on the first boot after swapping the bootable drives. -Fixed issue where changes made in BIOS Setup (F10) after a failed PXE boot does not be saved. -Fixed issue where BIOS update triggered by Windows Update does not occur after input the incorrect Admin password then input correct password. -Fixed issue where function keys in POST stop working after deploy system via SCC. -Fixed issue where system BSOD when resume from hibernation with Win7 UEFI OS. -Fixed issue where system event log reports warning ID 17 message about "WHEA-Logger". -Increase PXE IP time-to-live (TTL) value to improved compatibility with diverse end-user network environments. -Enhancement to address security vulnerabilities. PCR0(TPM1.2) = 42B0B64B8D1FD781913E4F833C3D573F333270E5 PCR0(TPM2.0 SHA1) = 5A954E4861931549714A28A24F3A7A5CE6E4427F PCR0(TPM2.0 SHA256) = 8BE624E829DA4A5FDB412BC0A4163D4A7A9DFDC576A5453832BBF4F6D5782742 Version 2.36 -Fixes issue where Device Guard test tool reports HSTI warning message. -Fixes issue where the option ¡§Prompt for Admin password on Capsule Update¡¨ cannot be set to "Enable" in F10 setup interface. -Fixes issue where system cannot power on after abnormal shutdown or power loss when S5 Maximum Power Savings is enabled. -Fixes issue where Physical Presense Interface is disabled in BIOS, but system still request PPI when "Drivelock Password on restart" setting changes. -Fixes issue where BIOS cannot rollback back to previous version with security vulnerability issue in non-delay mode. -Fixes issue where system still requests DriveLock password during restart when "DriveLock password on Restart" is disabled in BIOS. PCR0(TPM1.2) = D075727A1BA283434C4C6B016E315F154088A099 PCR0(TPM2.0 SHA1) = 9665166F41F41CCC4523B7D75884B255F3266698 PCR0(TPM2.0 SHA256) = 47F386E9187FCA72C9FA3C8A93D40C0D0EB85D2CCAB29129D96B63ECD56E39BE Version 2.35 -Security update with new MCU version NOTE: Due to the security changes in this release, attempts to install older BIOS versions will require the user to be physically present to accept the older version. PCR0(TPM1.2) = 3CED572762833699A26BDD09D4F8DA508ABDD93C PCR0(TPM2.0 SHA1) = ABDE1BA558F5F49850A53BD60B3C9875F8498A06 PCR0(TPM2.0 SHA256) = AC458CE0FD60E30A29DCBB84CC8D4CC8AA288F9F9F14A1FD45A89051132181EF Version 2.33 -Fixes issue where network boot order is changed when PXE ROM version is updated. -Fixes issue where system fails(a required device isn't connected or can't be accessed, Error code: 0xc000000f) when upgrading to Windows 10 RS3 after encrypting and setting BCDBOOT. -Fixes issue where BIOS update by Windows Update fails if Administrator Password is set. -Fixes issue where Seagate 2TB HDD would have a beep sound when exiting from BIOS F10 Setup menu. -Fixes issue where Smart Cover password is unexpectedly bypassed. -Fixes issue where system cannot boot to USB recovery disk created by Cloud Recovery. -Improves security of Intel MEBx protected by Administrator password. NOTE: Due to the security changes in this release, attempts to install older BIOS versions will require the user to be physically present to accept the older version. PCR0(TPM1.2) = A0CD125069FD16A2F3FF1B785F000B9381E8EE3E PCR0(TPM2.0 SHA1) = 6743DC020A9350F8188E0E49AF488496C16B80B5 PCR0(TPM2.0 SHA256) = F4E245B19A8C224C4B2E00B557AA66BA9F6B9E48ECCB463B450E402B195D949A Version 2.32 - Provides a update of the CPU microcode for Intel 6th generation processors (Sky Lake) to 0xC2 to prevent the occurrence of frequent system restarts and other unpredictable system behavior. PCR0(TPM1.2) = 3A42764C3EFFAC03E3881E3DBAB0B1D6FF02014F PCR0(TPM2.0 SHA1) = 12D155F51C9AB5A14949B1D494B873983D60FECB PCR0(TPM2.0 SHA256) = ED3160075F2039C3BE94E94B9402110AF156ACFA8C7C0E0E3FBA9FCC6603E190 Version 2.31 - Provides rollback to the CPU microcode for Intel 6th generation processors (Skylake) to 0xBA as they may introduce higher than expected reboots and other unpredictable system behavior PCR0(TPM1.2) = 5A3111DB410572A7AD980FC86F74ED90EF5BA1F6 PCR0(TPM2.0 SHA1) = 371435D46ADF8262025AC8CDFAFD96FD93D4F46E PCR0(TPM2.0 SHA256) = EAD942A160FFBCE10D634C55A46651B7F1433992F0AFB4EE349E28FBADD210A8 Version 2.30 -Update Intel MCU of SkyLake to 0xC2. -Improved security of UEFI code and variables in Intel platforms. HP strongly recommends promptly transitioning to these updated BIOS versions which supersede all previous releases. NOTE: Due to the security changes in this release, attempts to install older BIOS versions will require the user to be physically present to accept the older version. PCR0(TPM1.2) = 88A1B418A5036ABEB7426891178B017FB313837D PCR0(TPM2.0 SHA1) = E7A69582D9A89FC2D96B3B45BD130B96792C4F3F PCR0(TPM2.0 SHA256) = 5057FA0EA4FAAB8C1545A076E42C571E6EE48CA01CDF5CD45AB7C321A877487C Version 2.28 -Fixes issue where system stalls over 7 minutes during POST if Targus dock and DELL keyboard are connected. -Fixes issue where CPU stays in high usage when waking from LAN in Intel platforms. -Updates Intel Ethernet i219 PXE to v1.12 and UEFI driver to 0.0.18. -Improves security of UEFI code and variables in Intel platforms. HP strongly recommends promptly transitioning to these updated BIOS versions which supersede all previous releases. PCR0(TPM1.2) = EF9DB19A3FD4E8674E4A3C813F89CB6C6966044B PCR0(TPM2.0 SHA1) = 7D205D612CEEF9C6EA491765C92C15FED7A3C9B8 PCR0(TPM2.0 SHA256) = 78253A0894FD1570161BF57C92A1BD69E8A335C4AB7D38062C9D3A6323BB0605 Version 2.26 -Fixed issue where Ctrl + Alt + Delete can bypass DirveLock Password. -Fixed issue where BitLocker could not be enabled while FastBoot is enabled. -Fixed issue where Sandisk SDSSDHII-480G-G25 can't be recognized in legacy mode -Fixed issue where SMC blob in FAT32 HDD is not working when USB Storage Boot is disabled. -Fixed issue where X2APIC unexpected disabled in Intel platform. -Fixed issue where unexpected POST Error:90D-System Temperature displayed after BurnIn test then restart system in Intel platform. -Add feature that Power-on password is bypassed only on the initial Wake-on-LAN. -Add Wake on LAN option "Boot to normal boot order" in F10 setup menu. -Add TPM1.2 to 2.0 Upgrade PPI to "TPM Activation Policy". -Improved security of UEFI code and variables. HP strongly recommends promptly transitioning to these updated BIOS versions which supersede all previous releases. NOTE: Due to the security changes in this release, attempts to install older BIOS versions will require the user to be physically present to accept the older version. PCR0(TPM1.2) = EB3F687382BAEB291A95DEA26AED08F7F50784B0 PCR0(TPM2.0 SHA1) = 3DDB0154A241EE50ABBB670E4152267D189C43B5 PCR0(TPM2.0 SHA256) = 9FB70611B2AC1862EFFA0869D66F3A042836C7A91F3A1F6CA6E13E8D485F9ED9 Version 2.24 - Update Intel Microcode to 0xBA for SKL CPU. - Update Intel ME Firmware to 11.0.22.3001. - Improved security of UEFI code and variables. HP strongly recommends promptly transitioning to these updated BIOS versions which supersede all previous releases. NOTE: Due to the security changes in this release, attempts to install older BIOS versions will require the user to be physically present to accept the older version. PCR0(TPM1.2) = 11D0BA4E25506FC079545B031A0C492E85398A40 PCR0(TPM2.0 SHA1) = 1ECFE638A39D399F0439F8C3115C5AFC6B69C960 PCR0(TPM2.0 SHA256) = B71F5C9763B1B774FBD04F9558CB7871E68B80C11D6BA8394F39EE2CC1623190 Version 2.22 - Fixes issue where rollback PPI does not pop out after changing language to non-English from F10 setup menu. - Fixes issue where SecureBoot status display on Windows does not align with F10 setup menu. - Fixes issue where system does not boot with USB Accu-Chek Smartpix connected. - Fixes issue where system's boot time would be longer than 4 minutes when Joystick is connected. - Fixes issue where legacy boot order would change if SATA HDD was removed from system. - Fixes issue where user cannot change boot order with BIOSConfigurationUtility. - Fixes issue where POST cannot prompt the virtual keyboard for user. - Fixes issue where PXE Boot malfunctions when CD-ROM Boot is disabled in BIOS - Fixes issue where PXE malfunctions in UEFI mode - Fixes issue where system stops at black screen when unit boots to legacy SATA ODD - Fixes issue where system with NVIDIA NVS 310 graphics card continuously reboots without monitor connected. - Fixes issue where system hangs when the HP S230tm external touch display is connected via USB. - Fixes issue where USB optical drive does not work properly with additional USB Devices. - Fixes issue where Bitlocker recovery key screen cannot be launched when user forgets PIN and presses ESC to enter the Bitlocker recovery key. - Fixes issue where USB KB/Mouse cannot be used to enter the PIN while unlocking the drive using Bitlocker. - Fixes issue where UEFI Boot does not boot from SSD/HDD after USB key initiated MDT. - Fixes issue where system boots slowly with Alcatel-Lucent Keyboard connected on Intel platforms. - Fixes issue where BIOSConfigurationUtility shows AMT as enabled on non-vPro/AMT CPU - Fixes issue where system hangs during restart test on a Device Guard enabled system. - Fixes issue where system displays an ME error message after provision ME and enable "Power On from Keyboard Ports" function. - Fixes issue where system hangs when a Phillips Digital Pocket Memo 9620 recorder is connected via USB. - Adds new LGD panel support. - Updates Intel RC code to 2.1.0; MCU to 0x9E. - Improves usable memory higher than 3GB for system installed with 4GB or higher memory. - Adds an option in F10 setup menu to suppress user confirmation prompting. - Allows F1 information to be launched when BIOS power on password is set. - Adds ability to create a POST Power-On Password when Administrator Password is unknown. - Adds Linux repsetup utility support on Intel platform. - Adds Linux Flash utility support on Intel platform. - Adds ¡§NumLock on at Boot¡¨ item in F10 setup menu - Changes instances of "DXE Update" to "BIOS Update". PCR0(TPM1.2) = 7615C720CD5F5BD73DD4908051B113E22C88027B PCR0(TPM2.0 SHA1) = 5E9EF28AED1C8E3C0E992774B9BE0D5EFFBCCF1F PCR0(TPM2.0 SHA256) = B83F98ACF89ED21A32160387B5959E659E9FC616993027A72F899C36F94AFE02 Version 2.21 - Add a "Drivelock password on restart" option in F10 BIOS setup menu. - Update ME FW to 11.0.18.1002: Fixes some ME security issues and prevents BIOS/MEFW corruption issues susceptible to previous releases - Change M.2 SSD boot priority prior than HDD. - Fixed issue where reported CPU L2 Cache size is incorrect after applying "Restore Security Settings" from BIOS setup menu. - Fixed issue where USB Type-C PD FW update procedure skipped. - Improved security of UEFI code and variables. HP strongly recommends promptly transitioning to these updated BIOS versions which supersede all previous releases *** ALERT *** - BIOS can't be flashed back to earlier version. PCR0(TPM1.2) = 6DC828D2018C9C060B55A89667AF511F63DCD101 PCR0(TPM2.0 SHA1) = B0B2E8C9B49CA9523A10A3CB6A24FCCF660B8871 PCR0(TPM2.0 SHA256) = F803F2DD5F534934C4F6D7A6551FF6B5A0F923A88343E8F9D6BE006E47F8582E Version 2.20 - Removes bit locker prompt for recovery key during every boot. - Fixes issue where unit fails to boot to OS after clearing TPM2.0 in f10. - Fixes issue where Reboot command does not work from the etc/reboot/ prompt when using USB Key. - Fixes boot problems when hand scanner is connected to USB port. - Fixes F10 setup popup warning message error. - Fixes issue where system will hang after setting "SGX" value to Enable or Disable by BCU in system and rebooting. - Adds Roll Back prevention. - Removes Trusted Execution Technology (TXT) settings from BCU file. - Adds Video memory size option in F10 BIOS Menu. - Enables IDE/USB Redirection. - Removes BIOS annunciation (beeping) throughout the BIOS update process *** ALERT *** - BIOS can't be flashed back to earlier version. PCR0(TPM1.2) = 4F495A5172A377218E087C66B2F3D7D5E646CA15 PCR0(TPM2.0 SHA1) = 5FFBC69C7DBE12F7BB6D77F5ABFB25D94C623DE4 PCR0(TPM2.0 SHA256) = 6F2BACCAC58183E465B276453308C04F1E325CFE14869211E94D5704F871ED7B Version 2.19 - Fixes issue where the flash process will not resume after unplugging and plugging the AC. - Fixes TPM State in BIOS requiring user to toggle (disable then enable) to allow OS to take ownership and enable Bitlocker, even though the TPM State is already set to "enable" in BIOS. - Fixes the DXE corruption issue during the FLASH process and power loss. - Fixes issue where in normal boot sequence, system will boot to Windows 7 recovery mode. - Fixes issue where Xinya SATA cable cannot be detected - Fixes issue where system will hang after reboot when USBR function is enable and a bootable image is loaded from console - Fixes issue where Boot devices will be disabled after pressing cmos button or removing the battery - Fixes issue where the item "Active Management (AMT)" does not exist in BIOS setup - Fixes issue where a system event log shows warning ID 17 message about ¡§WHEA-Logger¡¨ after an overnight stress test while using a Sunix Parallel card - Fixes issue where ME warning message was found in BIOS post screen after executing Enable Hapfull process - Add UEFI Specification Revision : 2.40 in release note - Implemented Roll Back prevention. - Implemented SATA EQ tuning RX/TX strength between HDD and SATA cable. - Enable NTFS support. PCR0 = 87D6B62072AAC7198E81590D7039930EB04A25DC Version 2.16 - Fixed the DXE corruption issue during the FLASH process and a power loss. PCR0 = 816AEC6F79C1E05A926E49BAC5261082A85D19E1 Version 2.13 - Fixes where will malfunction after powering off and then using power on from Keyboard Port. - Fixes issue where System BIOS does not recognize 32GB USB 3.0 Flash driver in the USB 3.0 ports. - Fixes issue where USB Type C Firmware versions cannot be updated by flashing system BIOS. PCR0 = A8B998527CD9F45521300BC31C384555DD0F953C Version 2.10 - Show TPM actication policy in BCU & remove unused touchpad ID. - Security enchancement. PCR0 = C822D88ACCB744E429CB23F76A6C8847F405285C Version 2.05 - Improves available memory in 32-bit operating systems. - Updates Intel TXT firmware component to v1.3. - Adds a timeout to avoid missing drive during boot or potential data corruption if power is lost with Samsung SSDs. - Fixes an intermittent hang when authenticating Drive Encryption during POST. - Fixes failure to initialize graphics properly after Apply Factory Defaults when G3900 or G3920 CPU is installed. - Corrects a hang after disabling network boot on systems with RAID and add-in Intel NIC. - Corrects which set default action affects Save/Restore MBR setting. - Fixes an issue where Intel SGX setting would report incorrectly as enabled when the physical presence check was not authenticated. - Updates Super I/O firmware to v4.12.6 for improved stability and power button/LED functionality. - Improves support for certain interrupt-driven serial devices that may fail to function correctly (e.g. some serial mice). - Updates USB Type-C controller firmware to v13. PCR0 = F31819BC66CE729D712F32D862A6FF47AC0C5E40 Version 2.04 - Adds support for dual core processors. - Updates the legacy PXE option ROM to version 1.06. This should fix intermittent failures to connect with slower connection speeds. - Implements support for Intel Software Guard Extensions (SGX). - Corrects display of Turbo-boost option in BIOS Setup when a CPU without the feature is installed. PCR0 = 4C72DAFBD4C33D806FCF5B446CF1F3A78295B973 Version 2.03 - Initial Release. PCR0 = DA1828C13CC0246F3617DC7F997FB95305905A6E