I've recently taken a little time to automate the Updates of our HP Laptops. I've found that HP Has different Bios Update programs based on the age of the machine. Documentation was a bit lacking as well. I'm assuming that other HP machines will fall into one of these two methods I'm using. I'm creating this using the Application Model instead of a package, however you can easily change this into a package with minimal changes.
AppModel Pros: Application Catalog, Detection Methods, Works in a TS
AppModel Cons: Can't use in WinPE
Package Pros: Simple, less time to setup, works in WinPE in a TS.
Package Cons: Simple, no detection, can't make available via Catalog.
Here is a run down of things we'll cover
- Create your Content Folder Structure. (or download mine HERE)
- Download & Extract Bios from HP
- Create Bios Password File
- Create Bios Update batch File
- Suspend Bitlocker
- Add runonce regkey to enable bitlocker after reboot
- Apply Bios Update
- Restart Machine with 2 Minute User Notification Popup.
- Deploy
- Add to TS Info
- Create your Package Content Structure.
![image]( "image")
- HP Revolve 810 G1\G2\G3- Get the Bios HERE.
- Save it to your 810G1 folder and Extract with 7zip
![image]( "image")
- It should now look like this:
![image]( "image")
- Repeat for the G2 and G3 Models, your folders should now look like:
![image]( "image")
- Time To create the Password File.
- from the 810G2 folder, launch HpqPswd64.exe
![image]( "image")
- Type in your Bios Password and Save the BIN file to your Password File Folder
- Copy that file from the Password File folder into each Bios Folder like so:
![image]( "image")
Always keep a copy on hand, if you ever run the process manually, the bios update will delete the password file from the folder. A security feature I'm sure. - Lets write a simple batch file that will repair the bitlocker mof, suspend bit locker, add a Run once key to turn it back on after restart, update the bios and give a two minute warning for reboot.
----------
- -s = Silent
- -p = Calls Password File
- -l = Log File (You can remove this or add your own logfile path)
- Ok, lets do one for the 810 G2\G3, as it's a little different, as they've added some features and changed syntax.
- -s = Silent
- -r = NO Reboot
- -b = Suspend Bitlocker
- -p = Password file
- -l = logfile
- Time to Create an Application to deploy the Bios
![image]( "image")
![image]( "image")
![image]( "image")
- Deployment Types
![image]( "image")
Name your Deployment, I do Model & Bios Version![image]( "image")
Point to your Source Content![image]( "image")
Program = your Script File![image]( "image")
Detection = Registry Setting for the Bios Version![image]( "image")
Set to Install for System - Whether or not![image]( "image")
Set your Requirements to Computer Model (Blogged here)![image]( "image")
Set 0 to Hard Reboot, so it will reboot, then run detection.
If you want to add more return codes, you can find a list here... I have not tested them.- It's pretty much identical for the other two systems, just change the content to the correct folder, and the detection to the bios version. - Tip: Update one, then point to that when you're getting your detection method.
- Deploy, seeing it in action. I've deployed mine to "all users" so it shows up in the Catalog
- Installing from the Application Catalog:
![image]( "image")
- Once it finishes the process, it give the 2 minute reboot warning. The software center will say "Requires restart"
![image]( "image")
- You can also deploy to a Computer collection you've created. This is how I typically do pushes, send out communications, then push to a collection. But for awhile during testing, I like to make it available so I can run it from the catalog.
- Adding to Task Sequence. So I was excited that HP bios support being updated in WinPE... but yet I was having it fail, saying it needed a full OS. I thought "LAIR", I've tested the script in PE and it worked fine! Then I realized, I was running it as an application, not a package... and that's what wouldn't work in PE. So... I had to add this Bios Update Step later in my TS, after it was in Windows, just like I do with my Dell Bios Updates. - I've tried to leave some steps around it for Context as to where I've added the HP Bios Update Step.
- Note, in the script I call shudown.exe, which gives a two minute delay. In the TS, there is a restart right after it the Application Runs, which will restart the system right away instead of waiting for the two minute timeout. If you do decide to make this into a package, remove the shutdown.exe part of out if, as that is not available in WinPE.
![image]( "image")
REM Fix Bitlocker MOF if needed
mofcomp.exe c:\windows\system32\wbem\win32_encryptablevolume.mof
REM Suspend Bitlocker
Manage-bde.exe -protectors -disable c:
REM Add RunOnce key to Enable Bitlocker after Restart if it doesn't automatically via GPO / MBAM
reg.exe ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /v EnableBitlocker /T REG_SZ /D "Manage-bde.exe -protectors -enable c:" /F
REM Update Bios
hpqFlash64.exe -s -pHPBiosPassword.bin -lc:\Cabs\InstallLogs\HPBiosUpdate.log
REM Reboot Computer (Does not affect WinPE, as it can't use shutdown.exe)
shutdown.exe /r /f /t 120 /c "Updating Bios, please save your work, Computer will reboot in 2 minutes"
----------
REM Fix Bitlocker MOF if needed
mofcomp.exe c:\windows\system32\wbem\win32_encryptablevolume.mof
REM Suspend Bitlocker (Not needed on the G2 / G3 Models, they have the "-b" option to disable bitlocker)
REM Manage-bde.exe -protectors -disable c:
REM Add RunOnce key to Enable Bitlocker after Restart if it doesn't automatically via GPO / MBAM
reg.exe ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /v EnableBitlocker /T REG_SZ /D "Manage-bde.exe -protectors -enable c:" /F
REM Update Bios
HPBIOSUPDREC64.exe -s -r -b -pHPBiosPassword.bin -lc:\Cabs\InstallLogs\HPBiosUpdate.log
REM Reboot Computer (Does not affect WinPE, as it can't use shutdown.exe)
shutdown.exe /r /f /t 120 /c "Updating Bios, please save your work, Computer will reboot in 2 minutes"
----------------
As always, I welcome comments and feedback. I only set this up a few days ago, and tested on a couple machines, so there might be scenarios that need tweaking. I'll update this if I find anything. - @gwblok