Delet Admin-Password / Device: HP Elite x2 G4 / Firmware Stack • UEFI BIOS (Insyde, customized by HP)

[morethanyou]

Hello,

I have an Elite x2 as described, with an administrator BIOS password that I need to remove. I’ve created four dumps, all of which are consistent with each other. Can anyone help with this issue—is there a solution?

Thanks​

Target System​

• Device: HP Elite x2 G4
• Platform: Intel vPro / UEFI-based architecture
• Firmware: HP Commercial BIOS (UEFI)

Firmware Stack​

• UEFI BIOS (Insyde, customized by HP)
• Intel Firmware Stack:
  • Intel ME (Management Engine)
  • Intel Boot Guard (Root of Trust)
• Security Modules:
  • TPM 2.0
  • HP Sure Start (hardware-based)
  • Secure Boot (UEFI keychain)

1. HP Sure Start (Core Issue)​

• Hardware-based firmware protection solution
• Operates independently of the main CPU (dedicated controller)
• Verifies BIOS integrity at every boot and during runtime
• Automatically restores the original state if any deviation is detected

In practical terms:
Any manual modification to the SPI flash is detected and overwritten.

Additionally:

• Protection of critical BIOS settings stored in flash
• Runtime intrusion detection
• Backup copy stored in a protected region

---

2. Intel Boot Guard​

3. Flash Descriptor / SPI Locking​

4. NVRAM / UEFI Variables​

Specific Technical Issues​

1. Dump is incomplete and/or inconsistent
2. Dump ≠ usable firmware image
3. Self-healing mechanism interferes
4. BIOS password is not simply stored in the dump
5. Hardware-level protection mechanisms are in place

---

Conclusion (Professional Level)​

The system implements an enterprise-grade secure firmware stack consisting of:

• Hardware Root of Trust (Boot Guard)
• Firmware integrity monitoring (Sure Start)
• Redundant storage with self-healing capabilities
• Flash descriptor locking