Delet Admin-Password / Device: HP Elite x2 G4 / Firmware Stack • UEFI BIOS (Insyde, customized by HP)

Thanks​

Target System​

• Device: HP Elite x2 G4
• Platform: Intel vPro / UEFI-based architecture
• Firmware: HP Commercial BIOS (UEFI)

Firmware Stack​

• UEFI BIOS (Insyde, customized by HP)
• Intel Firmware Stack:
  • Intel ME (Management Engine)
  • Intel Boot Guard (Root of Trust)
• Security Modules:
  • TPM 2.0
  • HP Sure Start (hardware-based)
  • Secure Boot (UEFI keychain)

1. HP Sure Start (Core Issue)​

• Hardware-based firmware protection solution
• Operates independently of the main CPU (dedicated controller)
• Verifies BIOS integrity at every boot and during runtime
• Automatically restores the original state if any deviation is detected

• Protection of critical BIOS settings stored in flash
• Runtime intrusion detection
• Backup copy stored in a protected region

2. Intel Boot Guard​

3. Flash Descriptor / SPI Locking​

4. NVRAM / UEFI Variables​

Specific Technical Issues​

1. Dump is incomplete and/or inconsistent
2. Dump ≠ usable firmware image
3. Self-healing mechanism interferes
4. BIOS password is not simply stored in the dump
5. Hardware-level protection mechanisms are in place

Conclusion (Professional Level)​

• Hardware Root of Trust (Boot Guard)
• Firmware integrity monitoring (Sure Start)
• Redundant storage with self-healing capabilities
• Flash descriptor locking