edgecase
You are being lied to, by yourself.
~ The Last Psychiatrist
Author: StJohn Piano
Published: 2018-02-05
Datafeed Article 37
This article has been digitally signed by Edgecase Datafeed.
13585 words - 2916 lines - 73 pages



GOAL:



Find and/or construct a map of the BIOS on Kalkin.



CONTENTS:



- Goal
- Contents
- Downloadable Assets
- Kalkin BIOS Map
- Project Log



DOWNLOADABLE ASSETS



kalkin_bios_map.txt

hp_z210_cmt_workstation_maintenance_and_service_guide.pdf

hp_z210_workstation_series_user_guide.pdf

kalkin_bios_map.txt contains the text shown in the Kalkin BIOS Map section of this article.

The other two assets are workstation guides found from browsing HP's websites.



KALKIN BIOS MAP



BIOS MAP:

BIOS version: J51 v01.20
Computer system: HP Z210 Workstation
Name of particular computer system: Kalkin


The initial menu of the BIOS is Startup Menu. It can be accessed by holding Escape during boot.


Startup Menu
- Continue Startup (Exit)
- System Information
- Change Language
- Diagnostics (F2)
- Boot Menu (F9)
- Computer Setup (F10)
- System Recovery (F11)
- Network Boot (F12)
- Utilities
- Run UEFI Application...

Startup Menu / Continue Startup (Exit)
Leave BIOS and continue the default boot process.

Startup Menu / System Information
Displays the following system characteristics:
- Product Name
- SKU Number
- Processor Type
- Processor Speed
- Processor Stepping
- Cache Size (L1/L2/L3)
- Memory Size
- Integrated MAC
- System BIOS
- Chassis Serial Number
- Asset Tracking Number
- ME Firmware Version
- ME Management Mode

Startup Menu / Change Language
- English
- Français
- Español
- Deutsch
- Italiano
- Dansk
- Suomi
- Nederlands
- Norsk
- Portugês
- Svenska
- [East Asian symbol string. I think that in latin characters it is rendered as "Chonguoren", meaning "Chinese".]

Startup Menu / Diagnostics
- DPS Self-Test

Startup Menu / Boot Menu
Displays available boot choices.
Two main groups:
- EFI Boot Sources
- Legacy Boot Sources (includes CD/DVD Drive, Hard Drive, and network boot)

Startup Menu / Computer Setup
[See sub-map below.]

Startup Menu / System Recovery
[On selection of this option, Centos boots.]

Startup Menu / Network Boot
Attempts to perform a network boot. This option is no longer present in the menu since I disabled the network boot option in the Computer Setup utility.

Startup Menu / Utilities
- Set Time and Date
- Flash System ROM

Startup Menu / Run UEFI Application...
[Pressing Enter when this option is highlighted has no effect.]



SUB-MAP:


Computer Setup:
- File
- Storage
- Security
- Power
- Advanced


Computer Setup (F10) Utility menu descriptions:


File:
- System Information
- About
- Set Time and Date
- Flash System ROM
- Replicated Setup
- Default Setup
- Apply Defaults and Exit
- Ignore Changes and Exit
- Save Changes and Exit

File / System Information
Displays the following system characteristics:
- Product Name
- SKU Number
- Processor Type
- Processor Speed
- Processor Stepping (stepping designation and patch number)
- Cache Size (L1/L2/L3)
- Memory Size
- Integrated MAC (onboard NIC)
- System BIOS
- Chassis Serial Number
- Asset Tracking Number
- ME (Intel Management Engine) Firmware Version
- ME Management Mode

File / About
Displays copyright information.

File / Set Time and Date
Lets you set system time and date. Use the keyboard Tab and arrow keys to make changes.

File / Flash System ROM
Lets you upgrade the BIOS from a ROM image on optical media or USB.

File / Replicated Setup
Provides these options:
- Save to Removable Storage Device - Saves the computer configuration, including CMOS, to a USB storage device. The saved configuration file is named cpqsetup.txt.
- Restore from Removable Storage Device - Restores the computer configuration from a USB
storage device.

File / Default Setup
Provides these options:
- Save Current Settings as Default - Saves the current settings as default settings for the next operation.
- Restore Factory Settings as Default - Restores the factory settings as the default settings for the next operation.

File / Apply Defaults and Exit
Restores the default settings defined in Default Setup.

File / Ignore Changes and Exit
Exits computer setup without applying or saving changes.

File / Save Changes and Exit
Saves changes to system configuration and exits the computer setup.


Storage:
- Device Configuration
- Storage Options
- DPS Self-test
- Boot Order

Storage / Device Configuration
Lists installed SATA storage devices and provides specific information about each device:
- Hard Disk - Provides information about the hard disk drives.
- CD-ROM - Provides information about the optical disk drives.
- Default Values - Resets devices to their default configuration (SATA is the default).
-- Translation Mode [see note 2] - Enables the BIOS to determine the translation mode used to configure a formatted SATA or USB mass storage device. This prevents you from needing to know how the mass storage device was formatted. Options are Automatic (default), Bit Shift, LBA Assisted, User (Cylinders, Heads, Sectors), and Off.
Ordinarily, you should not change the translation mode selected by the BIOS. If the selected translation mode is not compatible with the translation mode that was active when the drive was partitioned and formatted, the data on the disk becomes inaccessible.

Storage / Storage Options
Provides these options:
- Removable Media Boot (Enabled/Disabled) - Enabling allows the workstation to boot from removable media, such as a USB flash drive.
- SATA Emulation - Sets the SATA emulation mode with the following options:
-- RAID + AHCI - both the RAID and AHCI OPROMs execute. This emulation mode is
the default and offers the best performance and most functionality.
-- IDE - offers standard SATA support. Some higher-numbered SATA ports may not be available in this mode.
- eSATA Port - Displays the internal SATA port(s) that are configured to operate as eSATA. Changing this to None provisions the port(s) as internal SATA.
- Max eSATA Speed - Configures eSATA port speeds:
-- Gen 2 (3.0 Gbps)
-- Gen 1 (1.5 Gbps)

Storage / DPS Self-test
Select a drive - Lets you execute self-tests on SATA hard drives capable of performing Drive Protection System (DPS) self-tests.
NOTE: This selection appears only when the system has one or more drives capable of performing the DPS self-tests.

Storage / Boot Order
Lets you configure the boot order by physically reordering the menu entries. The default boot order is:
- EFI Boot Sources
-- USB Floppy/CD
-- USB Hard Drive
-- ATAPI CD/DVD Drive
- Legacy Boot Sources
-- ATAPI CD/DVD Drive
-- USB Floppy/CD
-- Hard Drive
-- Network Controller - [This option is no longer present in the menu since I disabled the network boot option.]
You can take the following actions:
- Press Enter to drag a device with the arrow keys to a preferred place, then press Enter again to drop the device in place.
- Press F5 to remove the device from consideration as a bootable device.
- You must confirm changes by selecting File>Save Changes and Exit and then press Enter. The computer then stores boot order changes in the physical ROM.
To temporarily override the boot order and boot from a device other than the default device specified in Boot Order:
1. Restart the computer.
2. Press F9 when the F9=Boot Menu message appears on the screen.
3. Wait for POST to finish and for the list of bootable devices to display.
4. Use the arrow keys to select the preferred boot device.
5. Press Enter. The computer then starts from the selected nondefault device. (This does not change the default boot device.)


Security:
- Setup Password
- Power-On Password
- Password Options [currently not visible]
- Smart Cover [not present on Kalkin]
- Device Security
- USB Security
- Slot Security
- Network Boot
- System IDs
- System Security
- Drive Lock Security

Security / Setup Password
Lets you set and enable a setup password for the administrator.
If you create a setup password, you must use it to change computer setup options, to flash the ROM, and to make changes to certain Plug and Play settings under Windows.

Security / Power-On Password
Lets you set and enable the power-on password.

Security / Password Options
This option becomes available depending on the presence of setup or power-on passwords. It provides these options:
- Lock Legacy Resources (Enabled/Disabled) - Prevents the operating system from changing resources to serial, parallel, or diskette controller. (Appears if a setup password is set.)
- Setup Browse Mode (Enabled/Disabled) - Lets you view but not change the F10 Setup Options without having to enter the setup password. (Appears if a setup password is set.)
- Password prompt on F9, F11, and F12 (Enabled/Disabled) - Lets you access menus without entering the setup password.
- Network Server Mode (Disabled/Enabled) - Enables network server mode. (Appears if a power-on password is set.)

Security / Smart Cover
Lets you enable/disable the cover removal sensor [see note 1].
[Not present on Kalkin]

Security / Device Security
Makes the following devices available or hidden to the computer:
- Embedded Security Device (hidden by default)
- System Audio
- Network Controller
- SATA ports
With the exception of Embedded Security Device (TPM), Device Available is the default setting for all devices (allows the operating system to access the device). Device Hidden disables the device by the BIOS so that the operating system can no longer enable the device.
NOTE: An entry for enabling DriveLock appears in the setup menu if the computer has a DriveLock-compatible hard disk drive.

Security / USB Security
Set workstation USB ports to Enabled/Disabled:
- Front USB Ports
- Rear USB Ports
- Accessory USB Ports

Security / Slot Security
Lets you disable any PCI or PCI Express slot.

Security / Network Boot
Lets you enable/disable the ability to boot from the network using the F12 key or the boot order.

Security / System IDs
Provides these options:
- Asset Tag - A user-editable, 16-byte string identifying the computer.
- Ownership Tag - A user-editable, 80-byte string identifying ownership of the computer. This tag appears on the screen during POST.
- Universal Unique Identifier (UUID) - An ID number set in the factory that uniquely identifies the computer.
- Keyboard - Lets you set the keyboard locale for System ID entry.

Security / System Security
With the exception of the first option, Data Execution Prevention, changing any of these system security settings and choosing File > Save Changes and Exit will result in the computer performing a global reset, automatically turning itself off and then back on. Note also that these options are hardware dependent and may not be available on some models:
- Data Execution Prevention (Enabled/Disabled) - Helps prevent operating system security breaches.
- Virtualization Technology (VTx) [see note 1] (Disabled/Enabled) - Controls the virtualization features of the processor.
- Virtualization Technology Directed I/O (VTd) [see note 1] (Disabled/Enabled) - Controls virtualization DMA remapping features of the chipset.
- Intel TXT(LT) Support [see note 1] (Enabled/Disabled) - Controls the underlying processor and chipset features needed to support a virtual appliance. To enable this feature you must enable:
-- Virtualization Technology (VTx)
-- Virtualization Technology Directed I/O (VTd)
-- Embedded Security Device
- Embedded Security Device [see note 1] (Disabled/Enabled) - Permits activation and deactivation of the Embedded Security Device.
NOTE: Embedded Security Device must be set to Device Available in the Device Security menu, and you must create a Setup Password, in order to configure the Embedded Security Device.
[not visible in Kalkin]
- Reset to Factory Settings [see note 1] (Do not reset/Reset) - Restores factory defaults and erases all security keys.
CAUTION: Choosing Reset to Factory Settings may result in significant data loss. The embedded security device is a critical component of many security schemes. Erasing the security keys prevent access to data protected by the Embedded Security Device.
[not visible in Kalkin]
- OS Management of Embedded Security Device [see note 1] (Disabled/Enabled) - Limits operating system control of the Embedded Security Device.
[not visible in Kalkin]
- Reset of Embedded Security Device through OS [see note 1] (Enabled/Disabled) - Limits the operating system ability to request a Reset to Factory Settings of the Embedded Security Device.
NOTE: You must create a Setup Password to use this option.
[not visible in Kalkin]

Security / Drive Lock Security
Lets you assign or modify a master password or user password for hard drives. When enabled, this feature prompts the user to provide one of the DriveLock passwords during POST. If the user does not successfully enter one of the passwords, the hard drive remains inaccessible until one of the passwords is successfully entered during a subsequent cold-boot sequence.
NOTE: This selection appears only when the system includes at least one drive that supports the DriveLock feature.


Power:
- OS Power Management
- Hardware Power Management
- Thermal

Power / OS Power Management
Enables or disables:
- Runtime Power Management
- Idle Power Savings: Extended (default) or Normal; extended mode reduces processor power consumption when the CPU is idle
- ACPI S3 PS2 Mouse Wakeup
- Unique Sleep State Blink Rates

Power / Hardware Power Management
Enables or disables:
- SATA Power Management
- S5 Maximum Power Savings

Power / Thermal
Lets you set the minimum speed of the system fan when the CPU is idle.


Advanced [see note 2]:
- Power-On Options
- BIOS Power-On
- Onboard Devices
- Bus Options
- Device Options
- Slot Settings
- AMT Configuration

Advanced / Power-On Options
Sets the following:
- POST Mode:
-- QuickBoot - Do not clear memory or perform a memory test.
-- FullBoot - Memory test (count) on cold boot. Clears memory on all boots.
-- Clear Memory - No memory test (count) on cold boot. Clears memory on all boots.
-- FullBoot Every x Days - Memory count on first cold boot on or after the Xth day and no more memory counts until that boot occurs. Clears memory on all boots.
- POST Messages (Enabled/Disabled)
- Press the ESC key for Startup Menu (Enabled/Disabled)
- Option ROM Prompt (Enabled/Disabled) - Enabling this feature causes the computer to display a message before loading option ROMs.
- After Power Loss - Lets you specify computer behavior after a power loss:
-- Power Off - Computer remains powered off when power is restored (default).
-- Power On - Computer automatically powers on when power is restored. (This lets you power on the computer using a power strip switch, if the computer is connected to an electric power strip.)
-- Previous state - Computer powers on automatically when power is restored only if computer was on when power was lost.
NOTE: If you turn off power to the computer using a power strip, you cannot use the suspend/sleep feature or the Remote Management features.
- POST Delay (None (default), 5, 10, 15, 20 seconds) - Delays start of the POST process. You might need a delay to:
-- Allow time for some hard disk drives to spin up before POST is finished
-- Give yourself more time to select F10 to enter the Computer Setup (F10) Utility.
- Remote Wakeup Boot Source (Local Hard Drive/Remote Server). Sets the boot device for the workstation when it is started using Remote Wakeup (takes precedence over the Boot Order menu setting) .
- System Recovery Boot Support (Enabled/Disabled). Enabling this feature displays an additional prompt, F11=Recovery, during POST on systems with HP Backup and Recovery software installed and configured with a recovery partition on the boot hard drive. Pressing F11 causes the system to boot to the recovery partition and launch HP Backup and Recovery. You can hide the F11=Recovery prompt by using the F11 prompt option described above.
- Bypass F1 Prompt on Confirmation Changes (Enabled/Disabled) - Prevents display of a confirmation prompt when you make changes to the system.

Advanced / BIOS Power-On
Lets you disable or specify a weekday and time for BIOS power-on.

Advanced / Onboard Devices
Lets you disable or set resources (IRQ, DMA, I/O Rate) for onboard system devices such as the serial port and parallel ports. Operating system parameters generally override Onboard Devices settings.

Advanced / Bus Options
Enable/disable these options:
- PCI SERR# Generation (Enabled/Disabled) - Controls PCI SERR# generation for ill-behaved PCI add-in cards (that can generate SERR# spuriously)
- PCI VGA Palette Snooping (Disabled/Enabled) - Controls PCI VGA Palette Snooping for compatibility purposes
- PCI Latency Timer (32/64/128/160/192/224/248). 128 PCI Clocks is the default.

Advanced / Device Options
Enable/disable the following device options:
- S5 Wake-on-LAN (Enabled/Disabled)
- Turbo Mode (Enabled/Disabled)
- Printer Mode (EPP+ECP, Output Only, Bi-Directional).
- Num Lock State at Power-On (On/Off)
- Integrated Video [see note 1] (Enabled/Disabled)
- IGD (Integrated Graphics Device) Memory - Displayed when Integrated Video is Enabled. Sets the maximum amount of system memory that can be allocated as graphics memory (32, 64 (default), 128, 256, 512 MB) [see note 1]
- Internal Speaker (Enabled/Disabled)
- NIC Option ROM [see note 2] Download (PXE/Disabled)
- SATA RAID Option ROM [see note 2] Download (Enabled/Disabled)
- Multi-Processor (Enabled/Disabled)
- Hyperthreading [see note 1] (Disabled/Enabled)

Advanced / Slot Settings
Lets you Enable/Disable Option ROM Download for each slot. Selective disabling of Option ROM downloads can help manage limited Option ROM space.

Advanced / AMT Configuration
Lets you set the following AMT (Intel Active Management Technology) configuration options:
- AMT (Enabled/Disabled) - Allows for remote discovery, repair and protection of networked workstations. Enabling the AMT function also enables the Network Controller (required for AMT to function correctly).
- Unconfigure AMT/ME (Disabled/Enabled) [see note 2] - Restores AMT/ME defaults. When you save and exit after enabling this option, you will be prompted to complete the process upon restart. A Setup Password (even if one is set) does not need to be entered to complete the process.
NOTE: Information about Intel AMT can be found at www.intel.com.
- WatchDog Timer (Enabled/Disabled) - OS and BIOS WatchDog Timers can be set independently (in minutes):
-- OS WatchDog Timer - Sets the OS WatchDog Timer
-- BIOS WatchDog Timer - Sets the BIOS WatchDog Timer.



Note 1: Available on selected models.
Note 2: These options should be used by advanced users only.




PROJECT LOG



In the course of examining a boot problem on Kalkin, I had to find and change a couple of settings in the BIOS in order to solve the problem.

I found one by reading an Intel article about the relevant error messages which mentioned that disabling PXE boot in the BIOS might help. PXE (Preboot eXecution Environment) is a boot environment that allows an Intel Desktop Board to boot up using a network interface. I couldn't find a "PXE Boot" setting but I did find and disable "Network Boot" (BIOS / Computer Setup / Security / Network Boot), which was one-half of the solution.

I only found the other setting (BIOS / Computer Setup / Storage / Storage Options / SATA Emulation) through some exploration. I didn't know it was there beforehand. When I saw it, I recognised that it might be relevant to the problem I was trying to solve. It turned out that changing the value of SATA Emulation from "RAID+AHCI Mode" to "IDE Mode" was the other half of the solution.

I would like to have a map of the BIOS. It would have been useful while trying to solve the boot problem and it might be useful in future.


I'll do some research to see if such a map has already been made and published. If I can't find one, I'll have to construct it myself.


While installing Centos 6.9 Minimal on Kalkin, I learned that a likely source for a guide to a BIOS would be the motherboard manufacturer.


What is Kalkin's motherboard type?


The specs don't seem to have a direct answer.
Some information from the specs:
- Product: HP Z210 Convertible Mini Tower
- Processor (CPU): Intel Xeon E3-1230 Quad Core 3.20GHz


From the record of a previous project, I can see that the BIOS version is "J51 v01.20".
However, the BIOS window also contains this text: "Version 2.10.1208. Copyright (C) 2011 American Megatrends, Inc."
I'm not sure what the American Megatrends version number refers to.


Google "how to tell the motherboard model linux".


Excerpt from:
askubuntu.com/questions/179958/how-do-i-find-out-my-motherboard-model

Q: How do I find out my motherboard model?

[...]

edited Feb 17 '14 at 0:49
Braiam

asked Aug 24 '12 at 16:48
Ederico


A:

[...]

sudo dmidecode | grep -A4 '^Base Board Information'


[...]

edited Jan 27 '15 at 13:58
answered Jan 27 '15 at 13:53
Hastur




I already ran the
dmidecode
command while checking Kalkin's hardware details using Centos 6.9.
Its output is stored as a text file asset associated with the article.

Browse to the article and download output_dmidecode.txt to my Downloads directory.


aineko:Downloads stjohnpiano$ grep -A4 '^Base Board Information' output_dmidecode.txt

Base Board Information Manufacturer: Hewlett-Packard Product Name: 1587h Version: Not Specified Serial Number: 2UA2041C49



Reading output_dmidecode.txt in a text editor, I find that the entire Base Board section is:
Handle 0x0002, DMI type 2, 15 bytes Base Board Information Manufacturer: Hewlett-Packard Product Name: 1587h Version: Not Specified Serial Number: 2UA2041C49 Asset Tag: 2UA20327LX Features: Board is a hosting board Board is removable Board is replaceable Location In Chassis: Not Specified Chassis Handle: 0x0003 Type: Motherboard Contained Object Handles: 0



Hm. If "Base Board" is another term for motherboard, then it would seem that the name of Kalkin's motherboard is "1587h", manufactured by HP.


Google "base board motherboard".


Excerpt from:
www.computerhope.com/jargon/m/mothboar.htm

Motherboard
Updated: 10/30/2017 by Computer Hope

Alternatively referred to as the mb, mainboard, mboard, mobo, mobd, backplane board, base board, main circuit board, planar board, system board, or a logic board on Apple computers. The motherboard is a printed circuit board that is the foundation of a computer, located on the back side or at the bottom of the computer chassis. It allocates power and allows communication to the CPU, RAM, and all other computer hardware components.



Yup.



In the article Checking Kalkin's hardware details using Centos 6.9, I see some more information about the BIOS, also from output_dmidecode.txt:

BIOS Information
- Vendor: Hewlett-Packard
- Version: J51 v01.20
- Release Date: 09/16/2011
- Address: 0xF0000
- Runtime Size: 64 kB
- ROM Size: 1024 kB

[...]

- BIOS Revision: 1.20



There is also a little more information about the computer itself:

System Information
- Manufacturer: Hewlett-Packard
- Product Name: HP Z210 Workstation
- Version: Not Specified
- Serial Number: 2UA2041C49
- UUID: 7C0CF580-43F8-11E1-A1D0-082E5F25D726




Google "Hewlett-Packard 1587h".


Can't see any really useful results (i.e. documentation of the motherboard and/or BIOS).


This page
browser.geekbench.com/geekbench2/1693682
does confirm the names for the system model, motherboard, and BIOS:
Model: Hewlett-Packard HP Z210 Workstation
Motherboard: Hewlett-Packard 1587h
BIOS: Hewlett-Packard J51 v01.20


Fifth result:
support.hp.com/gb-en/document/c00007682

Excerpt:

HP Desktop PCs - Updating the BIOS

This document includes the steps for finding, downloading, and installing updates to the BIOS (Basic Input Output System) for your HP or Compaq computer.

Updating the BIOS, also known as "flashing the BIOS", replaces the BIOS firmware. When completed successfully, a BIOS update can fix or enhance aspects of a computer's performance, or provide support for newly installed hardware. However, if an incorrect update is installed or if the update process is interrupted, the motherboard can be permanently damaged, leaving the computer unable to boot.

[...]

Caution: Only install BIOS updates from HP. Do not install BIOS updates from the motherboard manufacturer's Web site. Doing so might prevent the computer from accepting an HP System Recovery.

[...]

Before you begin

Note: When updating the BIOS in your HP Desktop computer, it is very important to identify the correct ROM Family SSID for the motherboard in your PC.

The following tools and information are needed to perform the steps in this document:

- Model number (located on the nameplate and/or on a sticker attached to the computer).

[...]

Step 1: Verify the current BIOS version installed and the correct ROM Family SSID for your PC

[...]

[In the BIOS], in the File menu, select System Information.

Find the System Board ID (SSID).

[Another term for "ROM Family SSID" appears to be "System Board ID".]

Write down the System Board ID (SSID) and continue with the next step to find and download the BIOS update.


Step 2: Find the BIOS updates

To find and download the BIOS updates for your computer, find the specific product number of your computer.

1. Go to the HP Customer Support page
[ http://www8.hp.com/us/en/drivers.html ]

2. Type the product number or complete product name of your computer in the Find my product field, and then click Go.

3. If you are presented with a list of several links to product support sites, click the link that matches your computer's model number.

4. Click Go under Option 2: Go directly to the software and driver results.

5. On the Drivers page for your computer, use the drop-down menu to select the original operating system that came with your computer, and then click Next.

6. If a BIOS category is listed, click the plus sign (+) to expand the category.
- If a BIOS category is not listed on the web page, the original BIOS version already on the computer might be the latest available.
- If there are several BIOS updates available for different ROM Family SSIDs, select the correct update using the SSID you noted in Step 1.

7. Click the Download link for the BIOS update file for your computer to go to the HP software and driver downloads page.

Caution: Read the Details section to verify that the BIOS update is more recent then the one installed and that it applies to your computer. Installing a BIOS that is not designed for your computer could cause the computer to stop working.

Continue to the next section to download and install the BIOS update.


Step 3: Download and install the BIOS update

[contents of step 3 not included in this excerpt]




The Product Name of the computer is "HP Z210 Workstation", so the model number is presumably "Z210".

This section: "Only install BIOS updates from HP. Do not install BIOS updates from the motherboard manufacturer's Web site."
indicates that perhaps HP did not make Kalkin's motherboard itself, but instead bought it from another company.

There's nothing in the linked article about obtaining a map of a BIOS.



Excerpt from:
support.hp.com/us-en/document/c00042629

Some computer models have more than one kind of processor over the course of their manufacturing lifetime. A different processor might require a different BIOS. Verify which processor is installed in your computer and compare it to the documentation in your BIOS download before installing the BIOS update.



Go to:
www8.hp.com/us/en/drivers.html
"Enter your HP product name, product number or serial number" + search field.

Search for "1587h": No results.
Search for "1587h motherboard": No results.
Search for "J51 v01.20". No results.
Search for "J51 v01.20 bios". No results.
Search for "z210". 2 results:
- HP Z210 Convertible Minitower Workstation
- HP Z210 Small Form Factor Workstation

Click "HP Z210 Convertible Minitower Workstation", which leads to:
support.hp.com/us-en/drivers/selfservice/hp-z210-convertible-minitower-workstation/5053199

In the drop-down menus, choose:
- Operating system = Linux
- Version = Linux
Click Change.

List of available software contains many results.

Only 1 result under BIOS category:
- "HP Z210 Series Workstations System BIOS for Linux"
-- Version = 1.52 Rev. A
-- File size = 5.1 MB
-- Release date = Feb 25 2015.

Further details of "HP Z210 Series Workstations System BIOS for Linux":

Description:

This package contains the System BIOS image and flash utilities for the HP Z210 CMT (Convertible MiniTower) and SFF (Small Form Factor) Workstations. These utilities can be used to restore or update the System BIOS. System BIOS is independent of the operating system. To determine the BIOS family and BIOS date, press F10 on the target workstation during Power On to run the Computer Setup Utility, and then select File/"System Information". This information can be saved into a text file on a USB flash media device by selecting File/"Save to Removable Storage Device".

For a USB flash media device to be recognized by the workstation, the device must be attached before the workstation is Powered On.

SPECIAL NOTE: When updating to this BIOS version from a BIOS prior to v1.20, you must Apply Defaults or clear CMOS for the USB hard drive placeholder in the F9-Boot Menu to properly initialize.

To Apply Defaults:
1. Press the ESC key as the system is first booting to enter the Startup Menu.
2. Select "Computer Setup (F10)" or press the F10 key.
3. Highlight and select the option "Apply Defaults and Exit" under the File menu in the Setup utility.

Fix and enhancements:
- Fixes an issue where the system would hang during large file transfers with AMT enabled.
- Fixes an issue where an incorrect Feature Byte entry could be saved which would prohibit the user from restoring the operating system using HP restore media.
- Fixes an issue where the system would intermittently hang during POST with certain USB devices attached.
- Fixes security vulnerabilities that could potentially lead to the execution of arbitrary code (CERT VU#552286).
- Fixes a security vulnerability where UEFI variables could be overwritten which could potentially lead to bypass of security features or denial of service (CERT VU#758382).
- Fixes a security vulnerability that could potentially lead to bypass of flash protection features (CERT VU#766164).



I note the acronyms CMT for "Convertible MiniTower" and SSF for "Small Form Factor".

In the description of the BIOS software item, I see no mention of a map or documentation of the BIOS.

I note this piece of information:
- The system information available in BIOS / Computer Setup / File / System Information can be saved into a text file on a USB flash media device by selecting BIOS / Computer Setup / File / Save to Removable Storage Device.
However, by checking the BIOS / Computer Setup / File menu recorded in the article Examining a boot problem on Kalkin, I can see that on Kalkin no such option is available.



I'll get the system information from BIOS / Computer Setup / File / System Information. I'd like to find out the ROM Family SSID / System Board ID, in case I ever need to update the BIOS.



Kalkin is powered off.

Press the power button to boot Kalkin. Hold Escape as it boots.


Screen:

Version 2.10.1208. Copyright (C) 2011 American Megatrends, Inc.
16384 MB

Startup Menu
- Continue Startup (Exit)
- System Information
- Change Language
- Diagnostics (F2)
- Boot Menu (F9)
- Computer Setup (F10)
- System Recovery (F11)
- Utilities
- Run UEFI Application...

J51 v01.20
HP Z210 Workstation Startup Menu
Press the ESC key for Startup Menu



Continue Startup (Exit)
is highlighted.

Press F10.

Screen:

HEWLETT-PACKARD COMPUTER SETUP
File | Storage | Security | Power | Advanced
- System Information
- About
- Set Time and Date
- Flash System ROM
- Replicated Setup
- Default Setup
- Apply Defaults and Exit
- Ignore Changes and Exit
- Save Changes and Exit

Aptio Setup Utility - Version 2.10.1208. Copyright (C) 2011 American Megatrends, Inc.


I have used a vertical bar (|) to represent the elements of a horizontal menu.

File
and
System Information
are highlighted.


Press Enter.

System Information

Product NameHP Z210 Workstation
SKU NumberXM856AV
Processor TypeIntel(R) Xeon(R) CPU E31230 @ 3.20GHz
Processor Speed3200 MHz
Processor Stepping000206A7 00000017
Cache Size (L1/L2/L3)64KBx4 / 256KBx4 / 8192KBx1
Memory Size16384 MB DDR3 / 1333 MHz
- Channel A- DIMM1 4096 MB / DIMM2 4096 MB
- Channel B- DIMM3 4096 MB / DIMM4 4096 MB
Integrated MAC082E5F25D726
System BIOSJ51 v01.20
Chassis Serial Number2UA2041C49
Asset Tracking Number2UA20327LX
ME Firmware Version7.1.13.1088
ME Management ModeAMT


Press any key to continue




This matches the information found in the article Exploring the BIOS boot options on Kalkin, by choosing System Information directly from the initial BIOS menu.


Nothing in the system information seems to mean either of these:
- ROM Family SSID
- System Board ID


From an earlier excerpt, I know that "system board" is another term for "motherboard".



Hm.

Chassis Serial Number = 2UA2041C49
Asset Tracking Number = 2UA20327LX


These two sequences also appear in the output of
dmidecode
.


2UA2041C49 appears in the following three sections of the output of
dmidecode
. 2UA20327LX appears in the last two of these sections.

Handle 0x0001, DMI type 1, 27 bytes
System Information
Manufacturer: Hewlett-Packard
Product Name: HP Z210 Workstation
Version: Not Specified
Serial Number: 2UA2041C49
UUID: 7C0CF580-43F8-11E1-A1D0-082E5F25D726
Wake-up Type: Power Switch
SKU Number: XM856AV
Family: 103C_53335X G=D

Handle 0x0002, DMI type 2, 15 bytes
Base Board Information
Manufacturer: Hewlett-Packard
Product Name: 1587h
Version: Not Specified
Serial Number: 2UA2041C49
Asset Tag: 2UA20327LX
Features:
Board is a hosting board
Board is removable
Board is replaceable
Location In Chassis: Not Specified
Chassis Handle: 0x0003
Type: Motherboard
Contained Object Handles: 0

Handle 0x0003, DMI type 3, 22 bytes
Chassis Information
Manufacturer: Hewlett-Packard
Type: Mini Tower
Lock: Not Present
Version:
Serial Number: 2UA2041C49
Asset Tag: 2UA20327LX
Boot-up State: Safe
Power Supply State: Safe
Thermal State: Safe
Security Status: None
OEM Information: 0x00000000
Height: Unspecified
Number Of Power Cords: 1
Contained Elements: 0
SKU Number: <BAD INDEX>




From the third section, I see that "Chassis" definitely signifies the physical metal structure of a computer.

I deduce that the Chassis Serial Number, 2UA2041C49, is a number within HP's information systems that indicates a particular design of a computer's physical structure. This is therefore not the ROM Family SSID / System Board ID.

I note that "Chassis Serial Number" in the BIOS System Information appears in the dmidecode output simply as "Serial Number".

I note that the SKU Number (XM856AV) appears in the BIOS System Information and in the System Information section of the dmidecode output. SKU = Stock Keeping Unit. It appears in the System Information section of the dmidecode output, but not in the Base Board section, so I deduce that it refers to the whole system and not to the motherboard. It is therefore not the ROM Family SSID / System Board ID.

I note that "Asset Tracking Number" in the BIOS System Information is "Asset Tag" within the dmidecode output. Both are 2UA20327LX.

The only sequence that is unique within the Base Board Information section of the dmidecode output is the Product Name (1587h).

I tentatively conclude that a) ROM Family SSID / System Board ID == Base Board Product Name and b) this information does not appear in the BIOS System Information.


Excerpt from an HP motherboard specification at
support.hp.com/us-en/product/hp-envy-700-300-desktop-pc-series/6886619/model/6988376/document/c03924124

Manufacturer name: Pegatron
HP/Compaq name: Memphis-B
SSID: 2AF7



I see that the SSID refers to the motherboard specifically.

I also see that its length (4 characters) is more similar (but not identical) to the length of my Base Board Product Name (5 characters) than to the lengths of either the Chassis Serial Number (10 characters) or the Asset Tracking Number (10 characters).

On the page linked above there is a "Search all support" text field.

Search for "1587h". 1 result:

support.hp.com/us-en/product/HP-ENVY-700-300-Desktop-PC-series/6886619/model/6988376

This is a computer (HP ENVY 700-327c Desktop PC), not a motherboard.




Hm.


Browse to
http://support.hp.com
which leads to
http://support.hp.com/us-en


Click the Products tab.

Search for "z210". 2 results.
- HP Z210 Convertible Minitower Workstation
- HP Z210 Small Form Factor Workstation


Click "HP Z210 Convertible Minitower Workstation".
It leads to
support.hp.com/us-en/product/HP-Z210-Convertible-Minitower-Workstation/5053199

In the User Guides section, I find "HP Z210 CMT Workstation Maintenance and Service Guide".
Right-click "HP Z210 CMT Workstation Maintenance and Service Guide" and choose Save Link As....
Suggested filename is "c02787107". Download it and change name to "hp_z210_cmt_workstation_maintenance_and_service_guide.pdf".
Right-click the link again and choose Copy Link Address.
The file is stored at:
h10032.www1.hp.com/ctg/Manual/c02787107

I also see "HP Z210 Workstation Series User Guide" in the User Guides section.
Right-click "HP Z210 Workstation Series User Guide" and choose Save Link As....
Suggested filename is "c2784417". Download it and change name to "hp_z210_workstation_series_user_guide.pdf".
Right-click the link again and choose Copy Link Address.
The file is stored at:
h10032.www1.hp.com/ctg/Manual/c02784417


[some reading occurs here]


In hp_z210_cmt_workstation_maintenance_and_service_guide.pdf, starting on page 37 (page 25 in the internal page numbering), there are 11 pages that detail the Computer Setup section in the BIOS.


I'd like to copy the text of these pages into this article.

The PDF document is not a scan, so the text information is encoded in it directly.


In the PDF viewer application (Preview) on my work computer, I can select and copy the text. Some editing is required after copying. I'm not going to try to completely preserve the original formatting.


Excerpt (pages 37-47) from:
hp_z210_cmt_workstation_maintenance_and_service_guide.pdf



Section 4: System management

This section describes the tools and utilities that provide system management for the workstation. It includes these topics:
- BIOS ROM on page 25
- The Computer Setup (F10) Utility on page 25
- Desktop management on page 36


BIOS ROM:

The BIOS ROM is a collection of machine language applications stored as firmware in ROM. It includes functions such as Power on Self Test (POST), PCI device initialization, Plug and Play support, power management, and the Computer Setup (F10) Utility. The BIOS ROM is an 8MB Serial Peripheral Interface (SPI) port.
See
http://www.hp.com/go/quickspecs
to review the latest BIOS ROM specifications.


The Computer Setup (F10) Utility:

This section contains these topics:
- Computer Setup (F10) functionality on page 25
- Accessing the Computer Setup (F10) Utility on page 27
- The Computer Setup (F10) Utility menu on page 28



Computer Setup (F10) functionality:


The Computer Setup (F10) Utility enables you to:

- Change factory default settings and set or change the workstation configuration, which might be necessary when you add or remove hardware.

- Determine if all devices installed on the workstation are recognized by the system and functioning.

- Determine information about the operating environment of the workstation.

- Solve system configuration errors that are detected but not fixed during the Power-On Self-Test (POST).

- Establish and manage passwords and other security features.

- Establish and manage energy-saving time-outs (not supported on Linux platforms).

- Modify or restore factory default settings.

- Set the computer date and time.

- Set, view, change or verify the computer configuration, including settings for CPU, graphics, memory, audio, storage, communications and input devices.

- Modify the boot order of installed mass storage devices such as SATA, optical disk drives, network drives, and USB boot devices.

- Configure the boot priority of SATA hard-drive controllers.

- Enable or disable Network Server Mode, which enables the computer to start the operating system when the power-on password is enabled with or without a keyboard or mouse attached. When attached to the computer, the keyboard and mouse remain locked until the power-on password is entered.

- Enable or disable the display of POST messages. Disabling POST Messages suppresses most POST messages, such as memory count, product name, and other non-error text messages. If a POST error occurs, the error is displayed regardless of the mode selected. To manually switch to POST Messages Enabled during POST, press any key except F1 through F12.

- Specify an Ownership Tag, which appears when the computer is powered on or restarted.

- Specify the Asset Tag or property identification number assigned by the company to this computer.

- Enable power-on password prompts during system restarts (warm-starts) and power on.

- Hide or show the integrated I/O functionality, including serial, USB, or parallel ports, audio, or embedded NIC. Hidden devices are inaccessible, which increases system security.

- Enable or disable removable media boot ability.

- Enable or disable removable media write ability (if supported by hardware).

- Replicate the computer setup by saving system configuration information on USB removeable storage devices and restoring it on computers.

- Execute self-tests on specified SATA hard disk drives (if supported by the drive).




Accessing the Computer Setup (F10) Utility:


To access the Computer Setup (F10) Utility menu:

1. Power on or restart the computer.

2. As the display first becomes active, press F10.

If you do not press F10 quickly enough at the appropriate time, try again. Turn the computer off, then on, and press F10 again to access the utility. You can also press Ctrl + Alt + Delete before starting if you miss the opportunity to press F10.

3. Select the language from the list and press Enter.

In the Computer Setup (F10) Utility menu, five headings are displayed: File, Storage, Security, Power, and Advanced.

4. Use the left and right arrow keys to select the appropriate heading, use the up and down arrow keys to select an option, and then press Enter.

5. Choose from the following:

- To apply and save changes, select File > Save Changes, and then select F10=YES.

- To remove changes you have made, select Ignore Changes and then select F10=YES.

- To reset to factory settings, select File > Default Setup > Restore Factory Settings as Default. Press F10 to accept the changes, and then select Apply Defaults and Exit. This restores the original factory system defaults.

NOTE: Help screens (accessed by pressing F1) are available for many menus in the Computer Setup (F10) Utility.

CAUTION: Do not power off the computer while the ROM is saving the Computer Setup (F10) Utility changes to CMOS memory. A loss of power could corrupt the CMOS memory. After you exit the F10 Setup screen, you can disconnect power from the computer.




The Computer Setup (F10) Utility menu


The following tree describes the functions available in the Computer Setup (F10) utility menu.

NOTE: With new BIOS releases, the following content is subject to change, so the menu might be different than shown.

[The following data was originally structured as a table. I have converted it into a semi-tree. The first level of the tree was called "Heading" (e.g. File, Storage), the second was called "Option" (e.g. System Information, About), and everything in the third level was called "Description".]


Tree 4-1: Computer Setup (F10) Utility menu descriptions


File:

File / System Information
Displays the following system characteristics:
- Product Name
- SKU Number
- Processor Type
- Processor Speed
- Processor Stepping (stepping designation and patch number)
- Cache Size (L1/L2/L3)
- Memory Size
- Integrated MAC (onboard NIC)
- System BIOS
- Chassis Serial Number
- Asset Tracking Number
- ME (Intel Management Engine) Firmware Version
- ME Management Mode

File / About
Displays copyright information.

File / Set Time and Date
Lets you set system time and date. Use the keyboard Tab and arrow keys to make changes.

File / Flash System ROM
Lets you upgrade the BIOS from a ROM image on optical media or USB.

File / Replicated Setup
Provides these options:
- Save to Removable Media - Saves the computer configuration, including CMOS, to a USB storage device. The saved configuration file is named cpqsetup.txt.
- Restore from Removable Media - Restores the computer configuration from a USB
storage device.

File / Default Setup
Provides these options:
- Save Current Settings as Default - Saves the current settings as default settings for the next operation.
- Restore Factory Settings as Default - Restores the factory settings as the default settings for the next operation.

File / Apply Defaults and Exit
Restores the default settings defined in Default Setup.

File / Ignore Changes and Exit
Exits computer setup without applying or saving changes.

File / Save Changes and Exit
Saves changes to system configuration and exits the computer setup.


Storage:

Storage / Device Configuration
Lists installed SATA storage devices and provides specific information about each device:
- Hard Disk - Provides information about the hard disk drives.
- CD-ROM - Provides information about the optical disk drives.
- Default Values - Resets devices to their default configuration (SATA is the default).
-- Translation Mode [see note 2] - Enables the BIOS to determine the translation mode used to configure a formatted SATA or USB mass storage device. This prevents you from needing to know how the mass storage device was formatted. Options are Automatic (default), Bit Shift, LBA Assisted, User (Cylinders, Heads, Sectors), and Off.
Ordinarily, you should not change the translation mode selected by the BIOS. If the selected translation mode is not compatible with the translation mode that was active when the drive was partitioned and formatted, the data on the disk becomes inaccessible.

Storage / Storage Options
Provides these options:
- Removable Media Boot (Enabled/Disabled) - Enabling allows the workstation to boot from removable media, such as a USB flash drive.
- SATA Emulation - Sets the SATA emulation mode with the following options:
-- RAID + AHCI - both the RAID and AHCI OPROMs execute. This emulation mode is
the default and offers the best performance and most functionality.
-- IDE - offers standard SATA support. Some higher-numbered SATA ports may not be available in this mode.
- eSATA Port - Displays the internal SATA port(s) that are configured to operate as eSATA. Changing this to None provisions the port(s) as internal SATA.
- Max eSATA Speed - Configures eSATA port speeds:
-- Gen 2 (3.0 Gbps)
-- Gen 1 (1.5 Gbps)

Storage / DPS Self-test
Select a drive - Lets you execute self-tests on SATA hard drives capable of performing Drive Protection System (DPS) self-tests.
NOTE: This selection appears only when the system has one or more drives capable of performing the DPS self-tests.

Storage / Boot Order
Lets you configure the boot order by physically reordering the menu entries. The default boot order is:
- EFI Boot Sources
-- USB Floppy/CD
-- USB Hard Drive
-- ATAPI CD/DVD Drive
- Legacy Boot Sources
-- ATAPI CD/DVD Drive
-- USB Floppy/CD
-- Hard Drive
-- Network Controller
You can take the following actions:
- Press Enter to drag a device with the arrow keys to a preferred place, then press Enter again to drop the device in place.
- Press F5 to remove the device from consideration as a bootable device.
- You must confirm changes by selecting File>Save Changes and Exit and then press Enter. The computer then stores boot order changes in the physical ROM.
To temporarily override the boot order and boot from a device other than the default device specified in Boot Order:
1. Restart the computer.
2. Press F9 when the F9=Boot Menu message appears on the screen.
3. Wait for POST to finish and for the list of bootable devices to display.
4. Use the arrow keys to select the preferred boot device.
5. Press Enter. The computer then starts from the selected nondefault device. (This does not change the default boot device.)


Security:

Security / Setup Password
Lets you set and enable a setup password for the administrator.
If you create a setup password, you must use it to change computer setup options, to flash the ROM, and to make changes to certain Plug and Play settings under Windows.

Security / Power-On Password
Lets you set and enable the power-on password.

Security / Password Options
This option becomes available depending on the presence of setup or power-on passwords. It provides these options:
- Lock Legacy Resources (Enabled/Disabled) - Prevents the operating system from changing resources to serial, parallel, or diskette controller. (Appears if a setup password is set.)
- Setup Browse Mode (Enabled/Disabled) - Lets you view but not change the F10 Setup Options without having to enter the setup password. (Appears if a setup password is set.)
- Password prompt on F9, F11, and F12 (Enabled/Disabled) - Lets you access menus without entering the setup password.
- Network Server Mode (Disabled/Enabled) - Enables network server mode. (Appears if a power-on password is set.)

Security / Smart Cover
Lets you enable/disable the cover removal sensor [see note 1].

Security / Device Security
Makes the following devices available or hidden to the computer:
- Embedded Security Device (hidden by default)
- System Audio
- Network Controller
- SATA ports
With the exception of Embedded Security Device (TPM), Device Available is the default setting for all devices (allows the operating system to access the device). Device Hidden disables the device by the BIOS so that the operating system can no longer enable the device.
NOTE: An entry for enabling DriveLock appears in the setup menu if the computer has a DriveLock-compatible hard disk drive.

Security / USB Security
Set workstation USB ports to Enabled/Disabled:
- Front USB Ports
- Rear USB Ports
- Accessory USB Ports

Security / Slot Security
Lets you disable any PCI or PCI Express slot.

Security / Network Boot
Lets you enable/disable the ability to boot from the network using the F12 key or the boot order.

Security / System IDs
Provides these options:
- Asset Tag - A user-editable, 16-byte string identifying the computer.
- Ownership Tag - A user-editable, 80-byte string identifying ownership of the computer. This tag appears on the screen during POST.
- Universal Unique Identifier (UUID) - An ID number set in the factory that uniquely identifies the computer.
- Keyboard - Lets you set the keyboard locale for System ID entry.

Security / System Security
With the exception of the first option, Data Execution Prevention, changing any of these system security settings and choosing File > Save Changes and Exit will result in the computer performing a global reset, automatically turning itself off and then back on. Note also that these options are hardware dependent and may not be available on some models:
- Data Execution Prevention (Enabled/Disabled) - Helps prevent operating system security breaches.
- Virtualization Technology (VTx) [see note 1] (Disabled/Enabled) - Controls the virtualization features of the processor.
- Virtualization Technology Directed I/O (VTd) [see note 1] (Disabled/Enabled) - Controls virtualization DMA remapping features of the chipset.
- Intel TXT(LT) Support [see note 1] (Enabled/Disabled) - Controls the underlying processor and chipset features needed to support a virtual appliance. To enable this feature you must enable:
-- Virtualization Technology (VTx)
-- Virtualization Technology Directed I/O (VTd)
-- Embedded Security Device
- Embedded Security Device [see note 1] (Disabled/Enabled) - Permits activation and deactivation of the Embedded Security Device.
NOTE: Embedded Security Device must be set to Device Available in the Device Security menu, and you must create a Setup Password, in order to configure the Embedded Security Device.
- Reset to Factory Settings [see note 1] (Do not reset/Reset) - Restores factory defaults and erases all security keys.
CAUTION: Choosing Reset to Factory Settings may result in significant data loss. The embedded security device is a critical component of many security schemes. Erasing the security keys prevent access to data protected by the Embedded Security Device.
- OS Management of Embedded Security Device [see note 1] (Disabled/Enabled) - Limits operating system control of the Embedded Security Device.
- Reset of Embedded Security Device through OS [see note 1] (Enabled/Disabled) - Limits the operating system ability to request a Reset to Factory Settings of the Embedded Security Device.
NOTE: You must create a Setup Password to use this option.

Security / Drive Lock Security
Lets you assign or modify a master password or user password for hard drives. When enabled, this feature prompts the user to provide one of the DriveLock passwords during POST. If the user does not successfully enter one of the passwords, the hard drive remains inaccessible until one of the passwords is successfully entered during a subsequent cold-boot sequence.
NOTE: This selection appears only when the system includes at least one drive that supports the DriveLock feature.


Power:

Power / OS Power Management
Enables or disables:
- Runtime Power Management
- Idle Power Savings: Extended (default) or Normal; extended mode reduces processor power consumption when the CPU is idle
- ACPI S3 PS2 Mouse Wakeup
- Unique Sleep State Blink Rates

Power / Hardware Power Management
Enables or disables:
- SATA Power Management
- S5 Maximum Power Savings

Power / Thermal
Lets you set the minimum speed of the system fan when the CPU is idle.


Advanced [see note 2]:

Advanced / Power-On Options
Sets the following:
- POST Mode:
-- QuickBoot - Do not clear memory or perform a memory test.
-- FullBoot - Memory test (count) on cold boot. Clears memory on all boots.
-- Clear Memory - No memory test (count) on cold boot. Clears memory on all boots.
-- FullBoot Every x Days - Memory count on first cold boot on or after the Xth day and no more memory counts until that boot occurs. Clears memory on all boots.
- POST Messages (Enabled/Disabled)
- Press the ESC key for Startup Menu (Enabled/Disabled)
- Option ROM Prompt (Enabled/Disabled) - Enabling this feature causes the computer to display a message before loading option ROMs.
- After Power Loss - Lets you specify computer behavior after a power loss:
-- Power Off - Computer remains powered off when power is restored (default).
-- Power On - Computer automatically powers on when power is restored. (This lets you power on the computer using a power strip switch, if the computer is connected to an electric power strip.)
-- Previous state - Computer powers on automatically when power is restored only if computer was on when power was lost.
NOTE: If you turn off power to the computer using a power strip, you cannot use the suspend/sleep feature or the Remote Management features.
- POST Delay (None (default), 5, 10, 15, 20 seconds) - Delays start of the POST process. You might need a delay to:
-- Allow time for some hard disk drives to spin up before POST is finished
-- Give yourself more time to select F10 to enter the Computer Setup (F10) Utility.
- Remote Wakeup Boot Source (Local Hard Drive/Remote Server). Sets the boot device for the workstation when it is started using Remote Wakeup (takes precedence over the Boot Order menu setting) .
- System Recovery Boot Support (Enabled/Disabled). Enabling this feature displays an additional prompt, F11=Recovery, during POST on systems with HP Backup and Recovery software installed and configured with a recovery partition on the boot hard drive. Pressing F11 causes the system to boot to the recovery partition and launch HP Backup and Recovery. You can hide the F11=Recovery prompt by using the F11 prompt option described above.
- Bypass F1 Prompt on Confirmation Changes (Enabled/Disabled) - Prevents display of a confirmation prompt when you make changes to the system.

Advanced / BIOS Power-On
Lets you disable or specify a weekday and time for BIOS power-on.

Advanced / Onboard Devices
Lets you disable or set resources (IRQ, DMA, I/O Rate) for onboard system devices such as the serial port and parallel ports. Operating system parameters generally override Onboard Devices settings.

Advanced / Bus options
Enable/disable these options:
- PCI SERR# Generation (Enabled/Disabled) - Controls PCI SERR# generation for ill-behaved PCI add-in cards (that can generate SERR# spuriously)
- PCI VGA Palette Snooping (Disabled/Enabled) - Controls PCI VGA Palette Snooping for compatibility purposes
- PCI Latency Timer (32/64/128/160/192/224/248). 128 PCI Clocks is the default.

Advanced / Device Options
Enable/disable the following device options:
- S5 Wake-on-LAN (Enabled/Disabled)
- Turbo Mode (Enabled/Disabled)
- Printer Mode (EPP+ECP, Output Only, Bi-Directional).
- Num Lock State at Power-On (On/Off)
- Integrated Video [see note 1] (Enabled/Disabled)
- IGD (Integrated Graphics Device) Memory - Displayed when Integrated Video is Enabled. Sets the maximum amount of system memory that can be allocated as graphics memory (32, 64 (default), 128, 256, 512 MB) [see note 1]
- Internal Speaker (Enabled/Disabled)
- NIC Option ROM [see note 2] Download (PXE/Disabled)
- SATA RAID Option ROM [see note 2] Download (Enabled/Disabled)
- Multi-Processor (Enabled/Disabled)
- Hyperthreading [see note 1] (Disabled/Enabled)

Advanced / Slot Settings
Lets you Enable/Disable Option ROM Download for each slot. Selective disabling of Option ROM downloads can help manage limited Option ROM space.

Advanced / AMT Configuration
Lets you set the following AMT (Intel Active Management Technology) configuration options:
- AMT (Enabled/Disabled) - Allows for remote discovery, repair and protection of networked workstations. Enabling the AMT function also enables the Network Controller (required for AMT to function correctly).
- Unconfigure AMT/ME (Disabled/Enabled) [see note 2] - Restores AMT/ME defaults. When you save and exit after enabling this option, you will be prompted to complete the process upon restart. A Setup Password (even if one is set) does not need to be entered to complete the process.
NOTE: Information about Intel AMT can be found at www.intel.com.
- WatchDog Timer (Enabled/Disabled) - OS and BIOS WatchDog Timers can be set independently (in minutes):
-- OS WatchDog Timer - Sets the OS WatchDog Timer
-- BIOS WatchDog Timer - Sets the BIOS WatchDog Timer.



Note 1: Available on selected models.
Note 2: These options should be used by advanced users only.




Notes:
- Acronyms:
-- Power-On Self Test (POST)
-- Serial Peripheral Interface (SPI)
-- ME (Intel Management Engine)
-- AMT (Intel Active Management Technology)
- "Establish and manage passwords and other security features." There may be passwords / authentication systems that have nothing to do with the operating system.
- "Enable or disable Network Server Mode, which enables the computer to start the operating system when the power-on password is enabled with or without a keyboard or mouse attached. When attached to the computer, the keyboard and mouse remain locked until the power-on password is entered." I should investigate this and make sure that I have disabled every option that is related to remote boot/authentication.
- "With new BIOS releases, the following content is subject to change, so the menu might be different than shown." Evidently this is a sort of general map.
- Asset Tag and Ownership Tag are mutable.
- "File / Flash System ROM: Lets you upgrade the BIOS from a ROM image on optical media or USB." This section implies that the ROM can be rewritten, which surprises me, since ROM stands for Read-Only Memory, i.e. memory that can only be read, not rewritten.
- "AMT (Enabled/Disabled) - Allows for remote discovery, repair and protection of networked workstations. Enabling the AMT function also enables the Network Controller (required for AMT to function correctly)."


This section:
File / Replicated Setup
Provides these options:
- Save to Removable Media - Saves the computer configuration, including CMOS, to a USB storage device. The saved configuration file is named cpqsetup.txt.
- Restore from Removable Media - Restores the computer configuration from a USB
storage device.

shows me that the option to save the BIOS settings to a memory stick might be available, but will be under BIOS / Computer Setup / File / Replicated / Setup / Save to Removable Media, not BIOS / Computer Setup / File / Save to Removable Media, as suggested by an earlier excerpt from an HP site.
In the BIOS / Computer Setup / File menu screen recorded earlier, I can see the option "Replicated Setup".


I also note the various password options under the Security section. These, combined with the Network Boot option, suggest that these settings are designed to assist someone who has to manage a large fleet of computers/servers in a department of a large institution/company. This person's work would be much easier if he/she could use a single "master" computer to boot up each "slave" computer (if it is off), supply a password to confirm the right to access the slave, check/change/confirm various settings on the slave, and perhaps turn the slave off again. This process could be scripted and set to occur at a specific time and day (e.g. 4 am on Sunday in a university engineering department).

The obvious security problem is: What if a remote attacker figures out how to break/bypass the BIOS authentication systems?


Here is the strongest approach to remote computer management that I can think of:
- Use a random number generator (RNG) device (with no networking capability) to generate a private key.
- Physically connect this device to the master computer. Move the private key onto the master and wipe it from the RNG device.
- On the master, derive the public key from the private key. Copy the public key onto another device with no networking capability. Let's call it a "public-key" device or PK device.
- For each new slave computer in the fleet, perform this sequence of operations:
-- Use an RNG device to generate a private key.
-- Physically connect the RNG device to the new slave computer. Move the private key onto the slave and wipe it from the RNG device.
-- Physically connect the PK device to the new slave computer. Copy the master's public key onto the slave computer.
- The slave computer can now use public-private key cryptography to authenticate all commands from the master computer.

Note: The approach I have described is focused on protection against a remote attacker. An attacker with physical access to the slave computer could use another PK device to change the "master public key" stored on the slave, thereby transferring control of the slave to a different master computer. I will simply note that physical access control is a much older problem, with different solutions, mostly involving sentries, weapons, and identity documents (although perhaps in the future the notification of a physical visit and the relevant identity documents/photographs may be sent ahead beforehand, signed by a trusted public key).


A more complex master-public-key-swap physical attack would involve preserving the original master public key and carefully instructing the slave to pretend to still obey its original master (by e.g. sending unchanged reports in response to status queries).


In order to be able to receive a command over a network and boot, some parts of the computer must continue to draw some power and operate (e.g. listen for a boot-up command on the ethernet cable) while most of it is powered down. I wonder how much can be done on an attacker's machine via the network without e.g. audibly powering on the target machine and/or showing anything on the screen? Example: Extract data slowly but surely from the hard drive, stopping when the machine is powered on by a user (so as to avoid any sign of malicious activity), and restarting when it is turned off again.


I should have searched for these guides earlier. It wouldn't have helped me solve every problem I found while setting up Kalkin, but I think the extra information might have helped me to narrow down my searches/explorations.



Starting from this map of the Computer Setup utility, I'll map the BIOS on Kalkin, correcting the starting map if I find any differences.



Press the power button to boot Kalkin. Hold Escape as it boots.




### START MAP ###


BIOS MAP:

BIOS version: J51 v01.20
Computer system: HP Z210 Workstation
Name of particular computer system: Kalkin


The initial menu of the BIOS is Startup Menu. It can be accessed by holding Escape during boot.


Startup Menu
- Continue Startup (Exit)
- System Information
- Change Language
- Diagnostics (F2)
- Boot Menu (F9)
- Computer Setup (F10)
- System Recovery (F11)
- Network Boot (F12)
- Utilities
- Run UEFI Application...

Startup Menu / Continue Startup (Exit)
Leave BIOS and continue the default boot process.

Startup Menu / System Information
Displays the following system characteristics:
- Product Name
- SKU Number
- Processor Type
- Processor Speed
- Processor Stepping
- Cache Size (L1/L2/L3)
- Memory Size
- Integrated MAC
- System BIOS
- Chassis Serial Number
- Asset Tracking Number
- ME Firmware Version
- ME Management Mode

Startup Menu / Change Language
- English
- Français
- Español
- Deutsch
- Italiano
- Dansk
- Suomi
- Nederlands
- Norsk
- Portugês
- Svenska
- [East Asian symbol string. I think that in latin characters it is rendered as "Chonguoren", meaning "Chinese".]

Startup Menu / Diagnostics
- DPS Self-Test

Startup Menu / Boot Menu
Displays available boot choices.
Two main groups:
- EFI Boot Sources
- Legacy Boot Sources (includes CD/DVD Drive, Hard Drive, and network boot)

Startup Menu / Computer Setup
[See sub-map below.]

Startup Menu / System Recovery
[On selection of this option, Centos boots.]

Startup Menu / Network Boot
Attempts to perform a network boot. This option is no longer present in the menu since I disabled the network boot option in the Computer Setup utility.

Startup Menu / Utilities
- Set Time and Date
- Flash System ROM

Startup Menu / Run UEFI Application...
[Pressing Enter when this option is highlighted has no effect.]



SUB-MAP:


Computer Setup:
- File
- Storage
- Security
- Power
- Advanced


Computer Setup (F10) Utility menu descriptions:


File:
- System Information
- About
- Set Time and Date
- Flash System ROM
- Replicated Setup
- Default Setup
- Apply Defaults and Exit
- Ignore Changes and Exit
- Save Changes and Exit

File / System Information
Displays the following system characteristics:
- Product Name
- SKU Number
- Processor Type
- Processor Speed
- Processor Stepping (stepping designation and patch number)
- Cache Size (L1/L2/L3)
- Memory Size
- Integrated MAC (onboard NIC)
- System BIOS
- Chassis Serial Number
- Asset Tracking Number
- ME (Intel Management Engine) Firmware Version
- ME Management Mode

File / About
Displays copyright information.

File / Set Time and Date
Lets you set system time and date. Use the keyboard Tab and arrow keys to make changes.

File / Flash System ROM
Lets you upgrade the BIOS from a ROM image on optical media or USB.

File / Replicated Setup
Provides these options:
- Save to Removable Storage Device - Saves the computer configuration, including CMOS, to a USB storage device. The saved configuration file is named cpqsetup.txt.
- Restore from Removable Storage Device - Restores the computer configuration from a USB
storage device.

File / Default Setup
Provides these options:
- Save Current Settings as Default - Saves the current settings as default settings for the next operation.
- Restore Factory Settings as Default - Restores the factory settings as the default settings for the next operation.

File / Apply Defaults and Exit
Restores the default settings defined in Default Setup.

File / Ignore Changes and Exit
Exits computer setup without applying or saving changes.

File / Save Changes and Exit
Saves changes to system configuration and exits the computer setup.


Storage:
- Device Configuration
- Storage Options
- DPS Self-test
- Boot Order

Storage / Device Configuration
Lists installed SATA storage devices and provides specific information about each device:
- Hard Disk - Provides information about the hard disk drives.
- CD-ROM - Provides information about the optical disk drives.
- Default Values - Resets devices to their default configuration (SATA is the default).
-- Translation Mode [see note 2] - Enables the BIOS to determine the translation mode used to configure a formatted SATA or USB mass storage device. This prevents you from needing to know how the mass storage device was formatted. Options are Automatic (default), Bit Shift, LBA Assisted, User (Cylinders, Heads, Sectors), and Off.
Ordinarily, you should not change the translation mode selected by the BIOS. If the selected translation mode is not compatible with the translation mode that was active when the drive was partitioned and formatted, the data on the disk becomes inaccessible.

Storage / Storage Options
Provides these options:
- Removable Media Boot (Enabled/Disabled) - Enabling allows the workstation to boot from removable media, such as a USB flash drive.
- SATA Emulation - Sets the SATA emulation mode with the following options:
-- RAID + AHCI - both the RAID and AHCI OPROMs execute. This emulation mode is the default and offers the best performance and most functionality.
-- IDE - offers standard SATA support. Some higher-numbered SATA ports may not be available in this mode.
- eSATA Port - Displays the internal SATA port(s) that are configured to operate as eSATA. Changing this to None provisions the port(s) as internal SATA.
- Max eSATA Speed - Configures eSATA port speeds:
-- Gen 2 (3.0 Gbps)
-- Gen 1 (1.5 Gbps)

Storage / DPS Self-test
Select a drive - Lets you execute self-tests on SATA hard drives capable of performing Drive Protection System (DPS) self-tests.
NOTE: This selection appears only when the system has one or more drives capable of performing the DPS self-tests.

Storage / Boot Order
Lets you configure the boot order by physically reordering the menu entries. The default boot order is:
- EFI Boot Sources
-- USB Floppy/CD
-- USB Hard Drive
-- ATAPI CD/DVD Drive
- Legacy Boot Sources
-- ATAPI CD/DVD Drive
-- USB Floppy/CD
-- Hard Drive
-- Network Controller - [This option is no longer present in the menu since I disabled the network boot option.]
You can take the following actions:
- Press Enter to drag a device with the arrow keys to a preferred place, then press Enter again to drop the device in place.
- Press F5 to remove the device from consideration as a bootable device.
- You must confirm changes by selecting File>Save Changes and Exit and then press Enter. The computer then stores boot order changes in the physical ROM.
To temporarily override the boot order and boot from a device other than the default device specified in Boot Order:
1. Restart the computer.
2. Press F9 when the F9=Boot Menu message appears on the screen.
3. Wait for POST to finish and for the list of bootable devices to display.
4. Use the arrow keys to select the preferred boot device.
5. Press Enter. The computer then starts from the selected nondefault device. (This does not change the default boot device.)


Security:
- Setup Password
- Power-On Password
- Password Options [currently not visible]
- Smart Cover [not present on Kalkin]
- Device Security
- USB Security
- Slot Security
- Network Boot
- System IDs
- System Security
- Drive Lock Security

Security / Setup Password
Lets you set and enable a setup password for the administrator.
If you create a setup password, you must use it to change computer setup options, to flash the ROM, and to make changes to certain Plug and Play settings under Windows.

Security / Power-On Password
Lets you set and enable the power-on password.

Security / Password Options
This option becomes available depending on the presence of setup or power-on passwords. It provides these options:
- Lock Legacy Resources (Enabled/Disabled) - Prevents the operating system from changing resources to serial, parallel, or diskette controller. (Appears if a setup password is set.)
- Setup Browse Mode (Enabled/Disabled) - Lets you view but not change the F10 Setup Options without having to enter the setup password. (Appears if a setup password is set.)
- Password prompt on F9, F11, and F12 (Enabled/Disabled) - Lets you access menus without entering the setup password.
- Network Server Mode (Disabled/Enabled) - Enables network server mode. (Appears if a power-on password is set.)

Security / Smart Cover
Lets you enable/disable the cover removal sensor [see note 1].
[Not present on Kalkin]

Security / Device Security
Makes the following devices available or hidden to the computer:
- Embedded Security Device (hidden by default)
- System Audio
- Network Controller
- SATA ports
With the exception of Embedded Security Device (TPM), Device Available is the default setting for all devices (allows the operating system to access the device). Device Hidden disables the device by the BIOS so that the operating system can no longer enable the device.
NOTE: An entry for enabling DriveLock appears in the setup menu if the computer has a DriveLock-compatible hard disk drive.

Security / USB Security
Set workstation USB ports to Enabled/Disabled:
- Front USB Ports
- Rear USB Ports
- Accessory USB Ports

Security / Slot Security
Lets you disable any PCI or PCI Express slot.

Security / Network Boot
Lets you enable/disable the ability to boot from the network using the F12 key or the boot order.

Security / System IDs
Provides these options:
- Asset Tag - A user-editable, 16-byte string identifying the computer.
- Ownership Tag - A user-editable, 80-byte string identifying ownership of the computer. This tag appears on the screen during POST.
- Universal Unique Identifier (UUID) - An ID number set in the factory that uniquely identifies the computer.
- Keyboard - Lets you set the keyboard locale for System ID entry.

Security / System Security
With the exception of the first option, Data Execution Prevention, changing any of these system security settings and choosing File > Save Changes and Exit will result in the computer performing a global reset, automatically turning itself off and then back on. Note also that these options are hardware dependent and may not be available on some models:
- Data Execution Prevention (Enabled/Disabled) - Helps prevent operating system security breaches.
- Virtualization Technology (VTx) [see note 1] (Disabled/Enabled) - Controls the virtualization features of the processor.
- Virtualization Technology Directed I/O (VTd) [see note 1] (Disabled/Enabled) - Controls virtualization DMA remapping features of the chipset.
- Intel TXT(LT) Support [see note 1] (Enabled/Disabled) - Controls the underlying processor and chipset features needed to support a virtual appliance. To enable this feature you must enable:
-- Virtualization Technology (VTx)
-- Virtualization Technology Directed I/O (VTd)
-- Embedded Security Device
- Embedded Security Device [see note 1] (Disabled/Enabled) - Permits activation and deactivation of the Embedded Security Device.
NOTE: Embedded Security Device must be set to Device Available in the Device Security menu, and you must create a Setup Password, in order to configure the Embedded Security Device.
[not visible in Kalkin]
- Reset to Factory Settings [see note 1] (Do not reset/Reset) - Restores factory defaults and erases all security keys.
CAUTION: Choosing Reset to Factory Settings may result in significant data loss. The embedded security device is a critical component of many security schemes. Erasing the security keys prevent access to data protected by the Embedded Security Device.
[not visible in Kalkin]
- OS Management of Embedded Security Device [see note 1] (Disabled/Enabled) - Limits operating system control of the Embedded Security Device.
[not visible in Kalkin]
- Reset of Embedded Security Device through OS [see note 1] (Enabled/Disabled) - Limits the operating system ability to request a Reset to Factory Settings of the Embedded Security Device.
NOTE: You must create a Setup Password to use this option.
[not visible in Kalkin]

Security / Drive Lock Security
Lets you assign or modify a master password or user password for hard drives. When enabled, this feature prompts the user to provide one of the DriveLock passwords during POST. If the user does not successfully enter one of the passwords, the hard drive remains inaccessible until one of the passwords is successfully entered during a subsequent cold-boot sequence.
NOTE: This selection appears only when the system includes at least one drive that supports the DriveLock feature.


Power:
- OS Power Management
- Hardware Power Management
- Thermal

Power / OS Power Management
Enables or disables:
- Runtime Power Management
- Idle Power Savings: Extended (default) or Normal; extended mode reduces processor power consumption when the CPU is idle
- ACPI S3 PS2 Mouse Wakeup
- Unique Sleep State Blink Rates

Power / Hardware Power Management
Enables or disables:
- SATA Power Management
- S5 Maximum Power Savings

Power / Thermal
Lets you set the minimum speed of the system fan when the CPU is idle.


Advanced [see note 2]:
- Power-On Options
- BIOS Power-On
- Onboard Devices
- Bus Options
- Device Options
- Slot Settings
- AMT Configuration

Advanced / Power-On Options
Sets the following:
- POST Mode:
-- QuickBoot - Do not clear memory or perform a memory test.
-- FullBoot - Memory test (count) on cold boot. Clears memory on all boots.
-- Clear Memory - No memory test (count) on cold boot. Clears memory on all boots.
-- FullBoot Every x Days - Memory count on first cold boot on or after the Xth day and no more memory counts until that boot occurs. Clears memory on all boots.
- POST Messages (Enabled/Disabled)
- Press the ESC key for Startup Menu (Enabled/Disabled)
- Option ROM Prompt (Enabled/Disabled) - Enabling this feature causes the computer to display a message before loading option ROMs.
- After Power Loss - Lets you specify computer behavior after a power loss:
-- Power Off - Computer remains powered off when power is restored (default).
-- Power On - Computer automatically powers on when power is restored. (This lets you power on the computer using a power strip switch, if the computer is connected to an electric power strip.)
-- Previous state - Computer powers on automatically when power is restored only if computer was on when power was lost.
NOTE: If you turn off power to the computer using a power strip, you cannot use the suspend/sleep feature or the Remote Management features.
- POST Delay (None (default), 5, 10, 15, 20 seconds) - Delays start of the POST process. You might need a delay to:
-- Allow time for some hard disk drives to spin up before POST is finished
-- Give yourself more time to select F10 to enter the Computer Setup (F10) Utility.
- Remote Wakeup Boot Source (Local Hard Drive/Remote Server). Sets the boot device for the workstation when it is started using Remote Wakeup (takes precedence over the Boot Order menu setting) .
- System Recovery Boot Support (Enabled/Disabled). Enabling this feature displays an additional prompt, F11=Recovery, during POST on systems with HP Backup and Recovery software installed and configured with a recovery partition on the boot hard drive. Pressing F11 causes the system to boot to the recovery partition and launch HP Backup and Recovery. You can hide the F11=Recovery prompt by using the F11 prompt option described above.
- Bypass F1 Prompt on Confirmation Changes (Enabled/Disabled) - Prevents display of a confirmation prompt when you make changes to the system.

Advanced / BIOS Power-On
Lets you disable or specify a weekday and time for BIOS power-on.

Advanced / Onboard Devices
Lets you disable or set resources (IRQ, DMA, I/O Rate) for onboard system devices such as the serial port and parallel ports. Operating system parameters generally override Onboard Devices settings.

Advanced / Bus Options
Enable/disable these options:
- PCI SERR# Generation (Enabled/Disabled) - Controls PCI SERR# generation for ill-behaved PCI add-in cards (that can generate SERR# spuriously)
- PCI VGA Palette Snooping (Disabled/Enabled) - Controls PCI VGA Palette Snooping for compatibility purposes
- PCI Latency Timer (32/64/128/160/192/224/248). 128 PCI Clocks is the default.

Advanced / Device Options
Enable/disable the following device options:
- S5 Wake-on-LAN (Enabled/Disabled)
- Turbo Mode (Enabled/Disabled)
- Printer Mode (EPP+ECP, Output Only, Bi-Directional).
- Num Lock State at Power-On (On/Off)
- Integrated Video [see note 1] (Enabled/Disabled)
- IGD (Integrated Graphics Device) Memory - Displayed when Integrated Video is Enabled. Sets the maximum amount of system memory that can be allocated as graphics memory (32, 64 (default), 128, 256, 512 MB) [see note 1]
- Internal Speaker (Enabled/Disabled)
- NIC Option ROM [see note 2] Download (PXE/Disabled)
- SATA RAID Option ROM [see note 2] Download (Enabled/Disabled)
- Multi-Processor (Enabled/Disabled)
- Hyperthreading [see note 1] (Disabled/Enabled)

Advanced / Slot Settings
Lets you Enable/Disable Option ROM Download for each slot. Selective disabling of Option ROM downloads can help manage limited Option ROM space.

Advanced / AMT Configuration
Lets you set the following AMT (Intel Active Management Technology) configuration options:
- AMT (Enabled/Disabled) - Allows for remote discovery, repair and protection of networked workstations. Enabling the AMT function also enables the Network Controller (required for AMT to function correctly).
- Unconfigure AMT/ME (Disabled/Enabled) [see note 2] - Restores AMT/ME defaults. When you save and exit after enabling this option, you will be prompted to complete the process upon restart. A Setup Password (even if one is set) does not need to be entered to complete the process.
NOTE: Information about Intel AMT can be found at www.intel.com.
- WatchDog Timer (Enabled/Disabled) - OS and BIOS WatchDog Timers can be set independently (in minutes):
-- OS WatchDog Timer - Sets the OS WatchDog Timer
-- BIOS WatchDog Timer - Sets the BIOS WatchDog Timer.



Note 1: Available on selected models.
Note 2: These options should be used by advanced users only.



### END MAP ###



Finished.