You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
On HP Elitebook 27X0P convertible notebook series laptops it is necessary to boot clover via pressing 7 right after selecting the clover-boot-media.
While it is possible to boot clover (and comparable bootloaders) via the builtin HP UEFI, it is prone to error and especially on the editions/models with Intel vPro or enabled AMT and/or Intel AntiTheft (which can not be disabled if not deactivated, before resetting the firmware to defaults on some models) it prevents some of clovers abilities regarding ACPI/SMBIOS/DSDT/SSDT.
Additional info specific to this series:
In some case the misconfigured security problems can be hardreset by fully disassembling the notebook and remove/unplug WWAN, SmartCard Reader and the Firmware-Chip (next to the Wifi-module) and completely draw the power. Then coldboot it without the formerly removed components. Power off, then add the firmware-chip and coldboot again, wait until the changes are registered in the firmware (might take up to 3 automatical reboots and up to 12 minutes as the firmware restores itself and reiterates all hardware). Instead flashing/overwriting the firmware freshly does not work and does not replace this procedure. Once it is done and the laptop boots normal, either do a clover boot for a minimal setup and later on add the hardware and necessary additions/changes or add the hardware, let the components register (again up to 3 reboots, e.g. when attaching wwan as it contains a separate GPS which will be translated to be accessible as a serial device, whereas the WWAN module in some cases is translated as USB device, depending on the hardware and elitebook-model).
The safest way on this series is to disable AMT and any builtin-security, unregister the tpm and disable it and disable the builtin UEFI.
The UEFI in this series is not a genuine UEFI with a CSM. It is the other way around, a true BIOS that chainloads a EDK based UEFI stored in firmware via INT_13, which is why chainloading Clover from the elitebook-builtin UEFI does not allow clover to address all changes it is configured to do, as it basically operates on a shadowcopy that prevents access to the firmware and attached hardware, which is due to the firmware being prepared for Intel TXT, which can not be fully deactivated, disabling it in bios just disallows configuration and prevents it from being applied on boot.
Another sideeffect of this behaviour in some models is the inability to boot from gpt-formatted drives from the bios (e.g.: FreeBSD bootloader/Grub with EF02), whereas clover legacy boots fine, also the SDCard-boot option can not be used to boot EFI executables via the builtin UEFI.
It is possible though to prepare a SDCard with Clover and remove the default 6_ and rename the 7_ file to 6 in place, this allows to boot clover from sdcard, which prevents for example Windows from overwriting the EFI or allows to specify multiple efi partitions for a multibootinstall on the internal drive, for os specific setups that do not interfere with each other, as the bootloaders are referring to these (similar to masking all others out) when chainloaded from the SDCard clover legacy. (Normally the OS will try to find a default partition and depending on the OS use different rulesets which affects other setups.
So do not use the builtin UEFI, instead use Clover with legacy boot option 7, accessible via pressing 7 right after selection of clover-boot-media OR install clover legacy to a SDCard and boot from that in case of a multiboot setup on gpt on internal drive or for example to be able to try out different images/setups by switching the SDCard without changing content on the main internal drive which can be seen as malicious changes depending on the OS and/or the builtin firmware.
This was tested reproducible on HP Elitebook:
2730p
2740p
2760p
.. in multiple variants with/without vPro, different prebuilt and manual configurations with all the HP allowed (whitelisted) Wifi and WWAN modules, with/without SmartCard, on different CPU models/steppings (including ULV variants), in all possible bios-configurations.
The possibility to boot clover legacy is also verified for model 2710p.
It is also possible to boot clover legacy by replacing the optical drive in the ultraslim-docks with a sata to pata caddy (hdd/sshd/ssd/m2-to-sata) and boot via the IDE-Boot-Redirection, which allows to testbuild systems, as the drive can simply be swapped into the internal drivebay later if clover legacy is on it or the variant of clover legacy on sdcard was used.
Hope it helps.
(Feel free to move/copy this information wherever you think it might be most helpful.)
The text was updated successfully, but these errors were encountered:
On HP Elitebook 27X0P convertible notebook series laptops it is necessary to boot clover via pressing 7 right after selecting the clover-boot-media.
While it is possible to boot clover (and comparable bootloaders) via the builtin HP UEFI, it is prone to error and especially on the editions/models with Intel vPro or enabled AMT and/or Intel AntiTheft (which can not be disabled if not deactivated, before resetting the firmware to defaults on some models) it prevents some of clovers abilities regarding ACPI/SMBIOS/DSDT/SSDT.
Additional info specific to this series:
In some case the misconfigured security problems can be hardreset by fully disassembling the notebook and remove/unplug WWAN, SmartCard Reader and the Firmware-Chip (next to the Wifi-module) and completely draw the power. Then coldboot it without the formerly removed components. Power off, then add the firmware-chip and coldboot again, wait until the changes are registered in the firmware (might take up to 3 automatical reboots and up to 12 minutes as the firmware restores itself and reiterates all hardware). Instead flashing/overwriting the firmware freshly does not work and does not replace this procedure. Once it is done and the laptop boots normal, either do a clover boot for a minimal setup and later on add the hardware and necessary additions/changes or add the hardware, let the components register (again up to 3 reboots, e.g. when attaching wwan as it contains a separate GPS which will be translated to be accessible as a serial device, whereas the WWAN module in some cases is translated as USB device, depending on the hardware and elitebook-model).
The safest way on this series is to disable AMT and any builtin-security, unregister the tpm and disable it and disable the builtin UEFI.
The UEFI in this series is not a genuine UEFI with a CSM. It is the other way around, a true BIOS that chainloads a EDK based UEFI stored in firmware via INT_13, which is why chainloading Clover from the elitebook-builtin UEFI does not allow clover to address all changes it is configured to do, as it basically operates on a shadowcopy that prevents access to the firmware and attached hardware, which is due to the firmware being prepared for Intel TXT, which can not be fully deactivated, disabling it in bios just disallows configuration and prevents it from being applied on boot.
Another sideeffect of this behaviour in some models is the inability to boot from gpt-formatted drives from the bios (e.g.: FreeBSD bootloader/Grub with EF02), whereas clover legacy boots fine, also the SDCard-boot option can not be used to boot EFI executables via the builtin UEFI.
It is possible though to prepare a SDCard with Clover and remove the default 6_ and rename the 7_ file to 6 in place, this allows to boot clover from sdcard, which prevents for example Windows from overwriting the EFI or allows to specify multiple efi partitions for a multibootinstall on the internal drive, for os specific setups that do not interfere with each other, as the bootloaders are referring to these (similar to masking all others out) when chainloaded from the SDCard clover legacy. (Normally the OS will try to find a default partition and depending on the OS use different rulesets which affects other setups.
So do not use the builtin UEFI, instead use Clover with legacy boot option 7, accessible via pressing 7 right after selection of clover-boot-media OR install clover legacy to a SDCard and boot from that in case of a multiboot setup on gpt on internal drive or for example to be able to try out different images/setups by switching the SDCard without changing content on the main internal drive which can be seen as malicious changes depending on the OS and/or the builtin firmware.
This was tested reproducible on HP Elitebook:
.. in multiple variants with/without vPro, different prebuilt and manual configurations with all the HP allowed (whitelisted) Wifi and WWAN modules, with/without SmartCard, on different CPU models/steppings (including ULV variants), in all possible bios-configurations.
The possibility to boot clover legacy is also verified for model 2710p.
It is also possible to boot clover legacy by replacing the optical drive in the ultraslim-docks with a sata to pata caddy (hdd/sshd/ssd/m2-to-sata) and boot via the IDE-Boot-Redirection, which allows to testbuild systems, as the drive can simply be swapped into the internal drivebay later if clover legacy is on it or the variant of clover legacy on sdcard was used.
Hope it helps.
(Feel free to move/copy this information wherever you think it might be most helpful.)
The text was updated successfully, but these errors were encountered: