Revision History

P07 ROM Family

Models Supported: HP ProDesk 600 G3 SFF Business PC

Version 2.51
ENHANCEMENTS:
This BIOS upgrade package also includes the following firmware versions:
Super I/O (SIO) 6.2.29
Intel VBIOS 9.0.1046
Intel GOP 9.0.1056
USB Type-C PD firmware FW 6.4.0
Intel/Realtek PXE rom V0.1.12
Intel/Realtek UEFI PXE rom V0.0.18
- Enhancement to address security vulnerabilities CVE-2022-27540
- Enhancement to address security vulnerabilities CVE-2023-45229, CVE-2023-45230,
CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235

PCR0(with TPM2.0 SHA256) =

E28C7C25886A96FD0DBF729A2A7B069FB8415C22890166BCDB5E54DA5BD0E2DC

Version 2.49
ENHANCEMENTS:
This BIOS upgrade package also includes the following firmware versions:
Super I/O (SIO) 6.2.29
Intel VBIOS 9.0.1046
Intel GOP 9.0.1056
USB Type-C PD firmware FW 6.4.0
Intel/Realtek PXE rom V0.1.12
Intel/Realtek UEFI PXE rom V0.0.18
- Updates Intel MCU for compatibility enhancement

PCR0(with TPM2.0 SHA256) =

9A3733AE85461EEFEC3AB1AB23DEBF934F0045D2C1CEA98BEEA3DA8FEF8AD8A5

Version 2.48
ENHANCEMENTS:
This BIOS upgrade package also includes the following firmware versions:
Super I/O (SIO) 6.2.29
Intel VBIOS 9.0.1046
Intel GOP 9.0.1056
USB Type-C PD firmware FW 6.4.0
Intel/Realtek PXE rom V0.1.12
Intel/Realtek UEFI PXE rom V0.0.18
- Enhancements to secure boot keys protection.
- HP strongly recommends updating system BIOS to address a potential issue with HP
Sure Start that can cause some devices to experience a SecureBoot error at boot

PCR0(with TPM2.0 SHA256) =

5E716D71D7B43B20B1587562F8F29B2411A24D60312A3E580D466DA7C19BBA29

Version 2.47
ENHANCEMENTS:
This BIOS upgrade package also includes the following firmware versions:
Super I/O (SIO) 6.2.29
Intel VBIOS 9.0.1046
Intel GOP 9.0.1056
USB Type-C PD firmware FW 6.4.0
Intel/Realtek PXE rom V0.1.12
Intel/Realtek UEFI PXE rom V0.0.18
- Integrate Infineon TPM EFI Driver v02.02.3776.00
- Enhancement to address security vulnerabilities CVE-2022-43505
- Enhancement to address security vulnerabilities CVE-2022-40982

PCR0(with TPM2.0 SHA256) =

2858B112A2B489509440564BD5C9A37481E94CC659670C58A8EF0108E29D7CC8

Version 2.46
ENHANCEMENTS:
This BIOS upgrade package also includes the following firmware versions:
Super I/O (SIO) 6.2.29
Intel VBIOS 9.0.1046
Intel GOP 9.0.1056
USB Type-C PD firmware FW 6.4.0
Intel/Realtek PXE rom V0.1.12
Intel/Realtek UEFI PXE rom V0.0.18
- Enhancement ability to update Intel Management Engine firmware.
- Enhancement to address security vulnerabilities CVE-2022-3602, CVE-2022-3786.
- Enhancement to address security vulnerabilities CVE-2022-33894, CVE-2022-38087
- Updates the Intel silicon MCU for compatibility enhancement

PCR0(with TPM2.0 SHA256) =

C2D0856D07330E9B18BFA86C7601DB4370EA239BE984F0CEA2D053736080DCF9

Version 2.45
ENHANCEMENTS:
This BIOS upgrade package also includes the following firmware versions: (only list
appropriate ones)
Super I/O (SIO) 6.2.29
Intel VBIOS 9.0.1046
Intel GOP 9.0.1056
USB Type-C PD firmware FW 6.4.0
Intel/Realtek PXE rom V0.1.12
Intel/Realtek UEFI PXE rom V0.0.18
- Enhancement to address security vulnerabilities CVE-2022-33894
- Enhancement to address security vulnerabilities CVE-2022-43777
- Enhancement to address security vulnerabilities CVE-2022-27541
- Enhancement to address security vulnerabilities CVE-2022-27539

FIXES:
- Fixes issue where BIOS Administrator password/Power on password can be accepted
when the password length is less than Password Minimum Length.

PCR0(with TPM2.0 SHA256) =

6CB995A8BF8E10C6D1B0A105CB6F35DFF942CC86D5207A998AAF46D48A369C8C

Version 2.44
ENHANCEMENTS:
This BIOS upgrade package also includes the following firmware versions: (only list
appropriate ones)
Super I/O (SIO) 6.2.29
Intel VBIOS 9.0.1046
Intel GOP 9.0.1056
USB Type-C PD firmware FW 6.4.0
Intel/Realtek PXE rom V0.1.12
Intel/Realtek UEFI PXE rom V0.0.18
- Updates the Intel silicon reference code for compatibility enhancement
- Enhancement to address security vulnerabilities CVE-2022-37018.
- Enhancement to address security vulnerabilities CVE-2022-27538.

PCR0(with TPM2.0 SHA256) =

9F2E942DA7668B23BB2B7A1E973424FDAA594F96E578646DF15128AA67DDEB09

Version 2.43
ENHANCEMENTS:
This BIOS upgrade package also includes the following firmware versions: (only list
appropriate ones)
Super I/O (SIO) 6.2.29
Intel VBIOS 9.0.1046
Intel GOP 9.0.1056
USB Type-C PD firmware FW 6.4.0
Intel/Realtek PXE rom V0.1.12
Intel/Realtek UEFI PXE rom V0.0.18
- Enhancement to address security vulnerabilities CVE-2022-31635, CVE-2022-31636,
CVE-2022-31637, CVE-2022-31638, CVE-2022-31639.
- Enhancement to address security vulnerabilities CVE-2022-31641.

PCR0(with TPM2.0 SHA256) =

2022BF405EB9B52A19368484CABCFABF884411308A755D7770D7F1E18DD9DDD4

Version 2.40
ENHANCEMENTS:
This BIOS upgrade package also includes the following firmware versions:
(only list appropriate ones)
Super I/O (SIO) 6.2.29
Intel VBIOS 9.0.1046
Intel GOP 9.0.1056
USB Type-C PD firmware FW 6.4.0
Intel/Realtek PXE rom V0.1.12
Intel/Realtek UEFI PXE rom V0.0.18
- Enhancement to address security vulnerabilities CVE-2022-23924, CVE-2022-23925,
CVE-2022-23926, CVE-2022-23927, CVE-2022-23928, CVE-2022-23929, CVE-2022-23930,
CVE-2022-23931, CVE-2022-23932, CVE-2022-23933, CVE-2022-23934.
- Enhancement to address security vulnerabilities CVE-2022-23953, CVE-2022-23954,
CVE-2022-23955, CVE-2022-23956, CVE-2022-23957, CVE-2022-23958.
- Enhancement to address security vulnerabilities CVE-2021-3808, CVE-2021-3809.
- Enhancement to address security vulnerabilities CVE-2022-21166, CVE-2022-21125,
CVE-2022-21123, CVE-2022-21127, CVE-2022-21151, CVE-2022-0005.
- Enhancement to address security vulnerabilities CVE-2021-39299, CVE-2021-39300.

PCR0(with TPM2.0 SHA256) =

6F39DFF47CBE64A92A7F4C73B54D7B8C0E4BFCEE8E0E1D4819EB8C7C89737865

Version 2.39
ENHANCEMENTS:
This BIOS upgrade package also includes the following firmware versions:
(only list appropriate ones)
Super I/O (SIO) 6.2.29
Intel VBIOS 9.0.1046
Intel GOP 9.0.1056
USB Type-C PD firmware FW 6.4.0
Intel/Realtek PXE rom V0.1.12
Intel/Realtek UEFI PXE rom V0.0.18
- Enhancement to address security vulnerabilities CVE-2021-0156, CVE-2021-0157.
- Enhancement to address security vulnerabilities CVE-2021-0127.
- Enhancement to address security vulnerabilities CVE-2021-33107.
FIXES:
- Fixes issue where an error message pops up (0x8007054F) while enabling Power-On
Authentication if user account name exceeds 11 characters.

PCR0(with TPM2.0 SHA256) =

5B8D493C75E5BF076D4D1D423573AE4C740C14DA422ED585331ACD0BA255EDA6

Version 2.38
ENHANCEMENTS:
This BIOS upgrade package also includes the following firmware versions:
(only list appropriate ones)
Super I/O (SIO) 6.2.29
Intel VBIOS 9.0.1046
Intel GOP 9.0.1056
USB Type-C PD firmware FW 6.4.0
Intel/Realtek PXE rom V0.1.12
Intel/Realtek UEFI PXE rom V0.0.18
- Enhancement to address security vulnerabilities CVE-2020-24512.
- Enhancement to address security vulnerabilities CVE-2020-8670.

PCR0(with TPM2.0 SHA256) =

39AF18932B559231D10936E28DF2ADE6FF72E0C5A2B8C38314604C58D30B72A9

Version 2.37
ENHANCEMENTS:
This BIOS upgrade package also includes the following firmware versions:
(only list appropriate ones)
Super I/O (SIO) 6.2.29
Intel VBIOS 9.0.1046
Intel GOP 9.0.1056
USB Type-C PD firmware FW 6.4.0
Intel/Realtek PXE rom V0.1.12
Intel/Realtek UEFI PXE rom V0.0.18
- Enhancement to address security vulnerabilities CVE-2020-8696, CVE-2020-8695,
CVE-2020-8694.
- Critical Security Update.
- Updates the Intel silicon reference code to 3.8.1.

FIXES:
- Fixes an issue where Secure Erase cannot be executed when Display Language is
changed to non-English.

PCR0(with TPM2.0 SHA256) =

257A0F775327F321B5B45D778D806D7E0625A50E11604E772FEA58B9D99BAC67

Version 2.35
This BIOS upgrade package also includes the following firmware versions:
(only list appropriate ones)
Super I/O (SIO) 6.2.29
Intel VBIOS 9.0.1046
Intel GOP 9.0.1056
USB Type-C PD firmware FW 6.4.0
Intel/Realtek PXE rom V0.1.12
Intel/Realtek UEFI PXE rom V0.0.18
- Enhancement to address security vulnerabilities CVE-2020-0543, CVE-2020-0548,
CVE-2020-0549, CVE-2020-8672.
- Updates the Intel silicon reference code to 3.8.0.
 PCR0(with TPM2.0 SHA256) =
54433AD3AFB6E25E4A8455553022BA8536682F93A975D269019C86C80D0C9481

Version 2.34
This BIOS upgrade package also includes the following firmware versions:
(only list appropriate ones)
Super I/O (SIO) 6.2.29
Intel VBIOS 9.0.1046
Intel GOP 9.0.1056
USB Type-C PD firmware FW 6.4.0
Intel/Realtek PXE rom V0.1.12
Intel/Realtek UEFI PXE rom V0.0.18
ENHANCEMENTS:
- Enhancement to address security vulnerabilities CVE-2020-0528, CVE-2020-0529.

FIXES:
- Fixes an issue where system fails(a required device isn't connected or can't be
accessed, Error code: 0xc000000f) when upgrading to Windows 10 RS3 after encrypting
and setting BCDBOOT
PCR0(with TPM2.0 SHA256) =
331BECC8EAB663617C728D11500A0E4682D51873EE22BC8690C76B01EF03530C

Version 2.32
This BIOS upgrade package also includes the following firmware versions:
(only list appropriate ones)
Super I/O (SIO) 6.2.29
Intel VBIOS 9.0.1046
Intel GOP 9.0.1056
USB Type-C PD firmware FW 6.4.0
Intel/Realtek PXE rom V0.1.12
Intel/Realtek UEFI PXE rom V0.0.18
ENHANCEMENTS:
- Updates the Intel silicon reference code to 3.7.5 for compatibility enhancement.
- Updates the CPU microcode for Intel processors to 0xCA.

FIXES:
- Fixes issue where system BIOS fails to be updated and reported "Failed to
determine if new BIOS is available" without setting Proxy Server in F10 setup
interface.
PCR0(with TPM2.0 SHA256) =
21CC1E6076715E279D55F608FB0B71B1464FD3516404290D5337BB71F54B474D

Version 2.31
This BIOS upgrade package also includes the following firmware versions:
(only list appropriate ones)
Super I/O (SIO) 6.2.29
Intel VBIOS 9.0.1046
Intel GOP 9.0.1056
USB Type-C PD firmware FW 6.4.0
Intel/Realtek PXE rom V0.1.12
Intel/Realtek UEFI PXE rom V0.0.18

-Adds a feature to support Enhanced Secure Erase command for ATA drive in F10 setup
interface.
-Enhancement to address security vulnerabilities CVE-2019-0123, CVE-2019-0117, CVE-
2019-11135, CVE-2019-11139.
-Updates SuperIO firmware to v6.2.29 for stability enhancement.
-Enhancement to address security vulnerabilities CVE-2019-0124.
-Enhancement to address security vulnerabilities CVE-2019-0154.
-Enhancement to address security vulnerabilities CVE-2019-0185.
-Fixes issue where specific SanDisk USB drive is not listed in F9 Boot Menu.
PCR0(with TPM2.0 SHA256) =
EA16E341E1F13DEB40178357DE495F226911E2BD6822E77B94F8EF73D501D362

Version 2.29
-Enhancement to address security vulnerabilities CVE-2018-12126, CVE-2018-12127,
CVE-2018-12130.
-Locks power button function during TPM firmware update process to avoid firmware
corruption.
-Fixed issue where keyboard drop-down menu still shows as English at Power-On
Authentication page after changing the keyboard layout to non-English and selecting
the standard user with the new password at the Power-On Authentication page.
-Fixed issue where legacy bootable option is not listed in F9 when powering on unit
with "USB to RJ45 dongle" and "USB flash disk" attached
-Fixed issue where system hangs in POST when plug in the Apple USB-C HDMI/VGA
Multiport Adapter.
PCR0(with TPM2.0 SHA256) =
A91675159935DFFAE5820618B37EF60237C4BA1712A19A47D2B4C30D7A296D15

Version 2.27
-Enhancement to address security vulnerabilities CVE-2018-12126, CVE-2018-12127,
CVE-2018-12130.
-Locks power button function during TPM firmware update process to avoid firmware
corruption.
-Fixed issue where keyboard drop-down menu still shows as English at Power-On
Authentication page after changing the keyboard layout to non-English and selecting
the standard user with the new password at the Power-On Authentication page.
-Fixed issue where legacy bootable option is not listed in F9 when powering on unit
with "USB to RJ45 dongle" and "USB flash disk" attached
-Fixed issue where system hangs in POST when plug in the Apple USB-C HDMI/VGA
Multiport Adapter.
PCR0(with TPM2.0 SHA256) =
2FC937F257BA4001AC1F73A7E2A65EFB1F34BEEF4E4CF030D4891B331558DCE8

Version 2.25
-Fixed issue where Russian language is unlisted in SMBIOS Type13 (BIOS Language
Information).
-Fixed issue where Win7 OS cannot be successfully installed after executing "Secure
Erase" on Toshiba SSD KBG30ZMV256G.
-Fixed issue where system cannot enter the Startup menu when choosing restart
Windows to the firmware UI.
-Fixed issue where no bootable device is found (3F0) on the first boot after
swapping the bootable drives.
-Fixed issue where changes made in BIOS Setup (F10) after a failed PXE boot are not
be saved.
-Fixed issue where BIOS update triggered by Windows Update does not occur after
inputting the incorrect Admin password then inputting correct password.
-Fixed issue where function keys in POST stop working after deploying system via
SCCM.
-Fixed issue where system does not auto power on automatically with "After Power
Loss" setting "On" when system resumes from sleep and then abnormally shuts down.
-Fixed issue where system still pops out Physical Presence Interface when disabling
Intel SGX in BIOS setup (F10) with Physical Presence Interface setting disabled.
-Fixed issue where the stereo headset connected to the headset jack does not work
when system shuts down and AC adapter is removed.
-Increases PXE IP time-to-live (TTL) value to improve compatibility with diverse
end-user network environments.
-Adds a feature to hide BIOS administrator account in Power-On Authentication
screen.
-Improved Japanese touch keyboard layout.
-Adds enhancement to address security vulnerabilities CVE-2018-12201, CVE-2018-
12202, CVE-2018-12203, CVE-2018-12204, CVE-2018-12205.

PCR0(with TPM1.2) = D9BEB1C918B8AA70944DCCBA3C7418472497A5BE

PCR0(with TPM2.0 SHA1) = B93711E29DCD4ACD226AB8CE0EA57360498969D6
PCR0(with TPM2.0 SHA256) =
98F52564204E9F61DDE70238C23A8FADBD37AF50DF4C2AC923552A17A37678B2

Version 2.22
-Fixes issue where system hangs after executing Secure Erase with Toshiba NVMe SSD.
-Fixes issue where system hangs during POST after connecting EMDEP USB analyzer.
-Fixes issue where BIOS cannot rollback to previous version with security
vulnerability issue in non-delay mode.
-Fixes issue where system fails to boot after enabling "Physical Presence
Interface" and "SureStart Settings Protection" setting at the same time.
-Fixes issue where system hangs during booting process after connecting mechanical
keyboards(Abko K6000).
-Fixes issue where system cannot enter F10 setup menu and Power on Password feature
does not work if 3rd party PCIE serial port card is installed.
-Adds Russian Language Support in F10 setup interface.

PCR0(with TPM1.2) = AA62FDD0CDDA7EBB0631C0FC52E694AE4573BB47

PCR0(with TPM2.0 SHA1) = 32DAA0FAD9F1794EFD1B2EAE1CAE2CD9344FD7AC
PCR0(with TPM2.0 SHA256) =
B481040AA3EF4CD2FAF9E9E661A677D43CEACCAA78682DC30132EFAC7ADAE7B1

Version 2.19
-Security update with new MCU version.

PCR0(with TPM1.2) = 6362EF17EA5AA99FAB7CFD84F34F95DA1274DEAE

PCR0(with TPM2.0 SHA1) = 7AF0DB8E0C7417C10495B0EE5E0572ED7EF7D159
PCR0(with TPM2.0 SHA256) =
26A5AA95EBC523FB44C93FABD2CDE1097A7BCA10EBA91E40483F7A4939690C88

Version 2.16
-Fixed issue where network boot order is changed when PXE ROM version is updated.
-Fixed issue where BSOD (a required device isn't connected or can't be accessed,
Error code: 0xc000000f) when do win10 RS3 upgrade after encrypted and set BCDBOOT.
-Bypass the WinMagic SecureDoc Logon Screen when F9 & F10 key get triggered
-Fixed issue where BIOS update by Windows Update failure if Administrator Password
is set.
-Fixed issue where 1st keystroke lost in some EFI applications.
-Fixed issue where "Physical Presence Interface" cannot be configured by BCU.
-Fixed issue where Seagate 2TB HDD have a beep sound occurred when exit from BIOS
F10 Setup menu.
-Update Intel Reference Code to 2.6.0.
-Fixed issue where Smart Cover password unexpectedly bypass.
-Fixed issue where serial port is not working.
-Improved security of Intel MEBx protected by Administrator password.
-Fixed issue where Media Card Reader / SD_RDR USB does not list in F10 Setup Menu
if device is not connected.

NOTE: Due to the security changes in this release, attempts to install older BIOS
versions will require the user to be physically present to accept the older
version.

PCR0(with TPM1.2) = C06015EF3DA2E232D437A68962E374708596035F

PCR0(with TPM2.0 SHA1) = 4A693B777A700A9BE0C44E1A41E3EEEDF2D4775F
PCR0(with TPM2.0 SHA256) =
C2053C368D1003D840E96C0A824CACB8AC7A4ECF37485BD6BEEB57BD5A122714
Version 2.15
-Updates the CPU microcode for Intel 6th generation processors (Sky Lake) to 0xC2,
and 7th generation processors (Kaby Lake) to 0x84.

PCR0(with TPM1.2) = B55516BC160D2A7EB744CE39C3C1947848EB6B63

PCR0(with TPM2.0 SHA1) = 04186D218C9F8781245397D67119B3060BAFDC75
PCR0(with TPM2.0 SHA256) =
A5EA6C59E0CE959E78A940676115AE31732EF94C79A07C863213726DD52520E3

Version 2.14
- Fixes an issue where the Windows Management Instrumentation (WMI) Physical
Presence Interface setting does not function properly after the setup password is
configured.
- Provides a rollback of the CPU microcode for Intel 6th generation processors
(Skylake) to 0xBA and Intel 7th generation processors (Kaby Lake) to 0x5E to
prevent the occurrence of frequent system restarts and other unpredictable system
behavior.

PCR0(with TPM1.2) = F0FADC15A93DE151884F19C6E79A3DCABA813375

PCR0(with TPM2.0 SHA1) = 26B225ADE7388C226796BE015E0DAFFC71256C38
PCR0(with TPM2.0 SHA256) =
DF495C5AFCEED275ED1718A383D40275BFAA30FFD2BDEA447ED0E936E4191446
Version 2.13
-Updates the CPU microcode for Intel 6th generation processors (Sky Lake) to 0xC2,
and 7th generation processors (Kaby Lake) to 0x80.
-Fixed issue where WMI configuring "Physical Presence Interface" setting is not
working when Setup Password is configured.
-Improved security of UEFI code and variables in Intel platforms. HP strongly
recommends promptly transitioning to these updated BIOS versions which supersede
all previous releases.
NOTE: Due to the security changes in this release, attempts to install older BIOS
versions will require the user to be physically present to accept the older version

PCR0(with TPM1.2) = 0821726E310E4DDC0D677602B9A66A121BC3E164

PCR0(with TPM2.0 SHA1) = 61CD2F060C6DA5C20A61DE29C9EB3D0E2B1B33F1
PCR0(with TPM2.0 SHA256) =
4E5D62E102799C4DF1BE8219D6CE57DD32264F442F31CD2BE3CC1DCB0146B3A8

Version 2.12
-Fixed issue where WMI configuring "Physical Presence Interface" setting is not
working when Setup Password is configured.
-Update Intel MCU of SkyLake to 0xC2, and KabyLake to 0x7C.
-Improved security of UEFI code and variables in Intel platforms. HP strongly
recommends promptly transitioning to these updated BIOS versions
which supersede all previous releases.
NOTE: Due to the security changes in this release, attempts to install older BIOS
versions will require the user to be physically present to accept the older
version.
 PCR0(with TPM1.2) = F341586DC3D2D0DF9D464F564C82D5B9DA09BDB1
PCR0(with TPM2.0 SHA1) = D10C4BCA8317C3D07835878A2A420295690B0DD4
PCR0(with TPM2.0 SHA256) =
5D274FBFEDE019A64CED96CFC7B6C8FA0B182A5D474F42B280FC674E8A6B1AC8

Version 2.11
-Add a feature to disable all integrated audio devices when the feature byte is
present.
-Add Hood sensor intrusion log to be captured by Intel vPro technology.
-Fixed issue where Save/Restore GPT feature does not work when Fast boot is
enabled.
-Fixed issue where system hangs up after turn off AMT in F10 and update BIOS in
Non-Delay Mode.
-Fixed issue where CPU stays in high usage when wake from LAN in Intel platforms.
-Fixed issue where 300-Configuration Change Warning prompt when disable Fast
Boot in F10 without fixed storage device change.
-Improved security of UEFI code and variables in Intel platforms. HP strongly
recommends promptly transitioning to these updated BIOS versions which supersede
all previous releases.
-Update I210 PXE to v1.12 and UEFI driver to 7.6.09.
NOTE: Due to the security changes in this release, attempts to install older BIOS
versions will require the user to be physically present to accept the older
version.

PCR0(with TPM1.2) = 74261017F2D43E1CC29820622A4240980355C26A

PCR0(with TPM2.0 SHA1) = ECBC1D6FE6AAB52B9A5A0CB67A4EA11FFEA18BA2
PCR0(with TPM2.0 SHA256) =
1FBDFA63DF202B11FA873F1787CEEA9625F50309651787E6A42BFE78738D8358

Version 2.07
-Fixes issue where the display language changes to Japanese
-Fixes issue where Save Restore GPT feature is not working.
-Fixes issue where Sandisk SDSSDHII-480G-G25 can't be recognized in legacy mode
-Fixes issue where Automatic DriveLock setting cannot be cleared after restoring
security settings to factory defaults.
-Fixed issue where DriveLock user password cannot be used after uncheck
"Automatical drivelock" and enable drivelock password at the same time.
-Fixes issue where system stops on HP logo at POST after pressing Apply Factory
Defaults and Exit, and then setting Legacy Support Enable and Secure Boot Disable
in BIOS F10.
-Fixes issue where the F10 BIOS interface will only be displayed at upper left of
the monitor when pressing F1 at the BIOS Administrator Password input interface
before entering BIOS Administrator Password.
-Fixes issue where the "Configure Legacy Support and Secure Boot" option cannot be
restored correctly after recovering via "Sure Start BIOS Settings Protection".
-Fixes issue where Runtime Intrusion Prevention PPI appears repeatedly upon reboot
when Runtime Intrusion is disabled and Sure Start Settings Protection is enabled.
-Fixes issue where SMC blob in FAT32 HDD is not working when USB Storage Boot is
disabled.
-Fixes issue where TPM 2.0 TCG Physical Presence Interface 1.3 Test would FAIL with
Windows RS2 OS.
-Fixes issue where BitLocker could not be enabled while FastBoot is enabled.
-Fixes issue where the keyboard loses functionality after restarting unit and
pressing F10 to enter into BIOS interface.
-Fixes issue where the USB device shows "CDROM:USB:1" in Boot Order of the BCU
getting file.
-Fixes issue where system displays an An error occurred (0x8007054F) message
after enabling Power-On Authentication under HP Client Security.
-Fixes issue where a Sure Start enabled system doesn't perform F10 upgrade
properly.
-Fixes issue where system failure would(CRITICAL_PROCESS_DIED) occur after setting
DriveLock password then resuming from S3.
-Fixes issue where system makes noise (Long Bee sound about 2-3 sec) before showing
Sure Start Policy Update PPI message at POST.
-Fixes issue where if the network connection is lost, the system does not time out
and restarting takes 5 mins when running scheduled BIOS update using Custom URL.
-Fixes issue where Intermec SG20T USB Bar Code reader prevents boot/power on.
-Fixes issue where POST delays when connecting to the third party USB card reader.
-Fixes issue where system cannot detect IP address when PXE boots with Intel
onboard NIC.
-Updates Intel RC code to 2.5.1.
-Modifies SMBIOS Chassistype to 0x03 if Windows7 OS is installed to be compatible
with SCCM
-Adds Intel SGX (Software Guard Extensions) support
-Adds Wake on LAN option "Boot to normal boot order" in F10 setup menu.
-Adds TPM1.2 to 2.0 Upgrade PPI to "TPM Activation Policy".
-Adds support for dual signed option ROMs.
-Adds an option in F10 setup menu to suppress user confirmation prompting.
-Improves security of UEFI code and variables. HP strongly recommends promptly
transitioning to these updated BIOS versions which supersede all previous releases.
NOTE: Due to the security changes in this release, attempts to install older BIOS
versions will require the user to be physically present to accept the older
version.

PCR0(with TPM1.2) = 0AD343665E004F2480381D4BA27EBE7E83F0B9C1

PCR0(with TPM2.0 SHA256) =
54F8DA6C190BAC2D7581F80883D2617FFE3930E97CF8017BC3042C3D7EE5CD89

Version 2.06 - Microcode update to 0x5E for KabyLake CPU and 0xBA for SkyLake
CPU.
- Fixed issue where some USB2.0 keys cannot be detected in F10 Boot
Options on Intel platforms.
- Add enable/disable external ports in F10 setup menu separately on
Intel platforms.
- Add new Realtek WLAN support.
- Fixed issue where SMC key is not working when USB Storage Boot is
disabled in F10 setup.
- Improved security of UEFI code and variables. HP strongly recommends
promptly transitioning to these updated BIOS versions which supersede all previous
releases.
- Fixed issue where 90D CPU temperature POST ERROR reported by factory.
- Update SIO FW to 6.1.5.

PCR0(with TPM1.2) = 5D6B424757EDA913BC0462B9C4FC44B028C10EDA

PCR0(with TPM2.0 SHA1) = A14C9A5FE0ACD0552028AACB7B7FEAFAA4F56A87
PCR0(with TPM2.0 SHA256) =
A410D29CC77C68ABF25E2AFA47F7A52D7B2A5D443F695F8DBAB47C0CDC5417DF

Version 2.04 - Fixed issue where UEF PXE boot connection failure with two
different VLAN(subnet).
- Add DeviceGuard HSTI support.
- Fixed issue where system hangs during restart test on Device Guard
enabled system with SKL CPU.
 PCR0(with TPM1.2) = FCEFCBBFB9843353FA0C26680E0C6B7CB435E0AF
PCR0(with TPM2.0 SHA1) = ADB342DDA520170C96D958546C9D15A0195F74FF
PCR0(with TPM2.0 SHA256) =
39268D9F85C9D47843B532236988EBB8CE4EBF628A1FCDF225BA93099D1660A2

Version 2.02 - Initial release.

PCR0(with TPM1.2) = 9965647D794579402880028AA6420DE63B0F3F54

PCR0(with TPM2.0 SHA1) = 8E52CEE1B248F3DE7DA805F27F4563BE98FDCBF6
PCR0(with TPM2.0 SHA256) =
B455FAF676072F3D9B9381432B07D16D479A8F96035535DADE7E50C873F3B78D