SkillAgentSearch skills...

BiosSledgehammer

Automated BIOS, ME, TPM firmware update and BIOS settings for HP devices

GenerateConvertImprove

Install / Use

/learn @texhex/BiosSledgehammer
About this skill

Quality Score

0/100

Category

Operations

Supported Platforms

Universal

README

BIOS Sledgehammer

Automated BIOS, ME, TPM firmware update and BIOS settings for HP devices.

            _
    jgs   ./ |    
         /  /    BIOS Sledgehammer  
       /'  /     Copyright © 2015-2019 Michael 'Tex' Hex  
      /   /      
     /    \      https://github.com/texhex/BiosSledgehammer
    |      ``\     
    |        |                                ___________________
    |        |___________________...-------'''- - -  =- - =  - = `.
   /|        |                   \-  =  = -  -= - =  - =-   =  - =|
  ( |        |                    |= -= - = - = - = - =--= = - = =|
   \|        |___________________/- = - -= =_- =_-=_- -=_=-=_=_= -|
    |        |                   `` -------...___________________.'
    |________|      
      \    /     This is *NOT* sponsored/endorsed by HP or Intel.
      |    |     This is *NOT* an official HP or Intel tool.
    ,-'    `-,   
    |        |   Use at your own risk. 
    `--------'

ASCII banner from: http://chris.com/ascii/index.php?art=objects/tools

Disclaimer

  • BIOS Sledgehammer is NOT an official HP or Intel tool.
  • This is NOT sponsored or endorsed by HP or Intel.
  • HP or Intel were NOT involved in developing BIOS Sledgehammer.
  • The device can become FUBAR in the process.

About

Suppose you get a workitem like this:

For the Windows 10 rollout, we need you to support ten different hardware models and all of them need to be updated to the newest BIOS version. Some devices require a TPM firmware update to use the security features that depend on TPM 2.0. You also need to update the BIOS settings for all devices (Secure Boot, Fast Boot etc.) to meet Microsoft recommendations. And while you are at it, please also make sure to patch the Management Engine firmware security issue. Oh, and a new BIOS password would be a big plus because we currently have twenty different passwords in use.

You can now waste precious life time to try to script this, or you can just use BIOS Sledgehammer:

  • You can support several BIOS passwords for your devices, it will simply try all passwords you specify until the correct one is found.
  • You define which BIOS version the devices should have. Devices with newer versions will not trigger a downgrade.
  • The BIOS version parsing works from rather old devices like 6300 Pro up to a modern device.
  • Define which Management Engine (ME) firmware a device should have and if the current firmware is older, an update if applied.
  • Configure which TPM firmware and/or specification version (1.2 or 2.0) a device should have - if any of those do not match, an update is started.
  • The BIOS password can be set individual per model or you just set all devices to the same password. All passwords are stored encrypted (using HPQPswd64.exe).
  • The log files from the update tools are automatically appended to the BIOS Sledgehammer log, so you have one log with all details.
  • Configure the BIOS settings for a device by using a simple Name==Value format. They are changed individual so if there is any issue, you know exactly which setting is to blame.
  • Shared configurations are supported, so device families (e.g. the EliteBook 8x0 series) can use a single configuration folder.
  • You can use it directly from MDT/SCCM, it will detect if a OSD is active and store the log(s) in the same path the task sequence uses. If desired, it can also be executed visible to see what it does.
  • It offers a command line switch to be used during an in-place BIOS to UEFI boot mode conversion (Windows 10 1703 using MBR2GPT.exe), so the computer will start in UEFI mode (requires Windows 10 1703 or later).

If this sounds good to you, see Process how BIOS Sledgehammer works, view how to use it in MDT or SCCM or download it directly from Releases.

System requirements

:information_source: Note: Several BIOS, TPM and ME files for the example models that are included can be downloaded automatically - see Installation.

Process

When starting BiosSledgehammer.ps1, the following will happen:

  • A log file BiosSledgehammer.ps1.log-XX.txt is created, where XX is sequentially increased value with each run. See Logfile for details.
  • It checks if the environment is ready (64-bit OS, required folders found, device is from HP etc.).
  • A check is made if communication between BCU (BiosConfigUtility64.exe) and the BIOS through WMI is possible by reading the value of the setting Universally Unique Identifier (UUID) or Serial Number from the BIOS.
  • A search is performed below the Models folder to locate the matching folder for the current model. First, a folder named exactly as the SKU of the current device is searched. If this folder does not exist, an exact match for the model name is performed. For example, if the current model is a HP EliteBook Folio 1040 G1, a folder named HP EliteBook Folio 1040 G1 is expected. If this also yields no result, a partially search is performed - a sub folder named 1040 G1 will match. All configuration is then read from this folder only.
  • It tries to figure out the password the device is using by going through all files in the PwdFiles folder and trying to change the value of Asset Tracking Number to a random value (it will be reverted to the original value at the end). An empty password is always tried first.
  • If the file BIOS-Update.txt is found, it is read and checked if a BIOS update is required. If so, the BIOS update files are locally copied and the update is performed. Any *.log file generated by the update tool is attached to the BIOS Sledgehammer log file. Finally, a restart is requested because the actual update is performed during POST. See BIOS Update for more details.
  • If the file ME-Update.txt is found, it is read and checked if a Management Engine (ME) firmware update is required. If so, the ME firmware files are locally copied and an update is performed. Any *.log file generated by the update tool is attached to the BIOS Sledgehammer log file. Finally, a restart is requested because the actual update is performed during POST. See ME Update for more details.
  • If the file TPM-Update.txt exists, it is read and checked if a TPM update is required. This happens by checking if the TPM specification version (1.2 or 2.0) or the TPM firmware are below the configured versions. If so, the TPM updates files are locally copied and executed. Any *.log file generated by the update tool is attached to the BIOS Sledgehammer log file. Finally, a restart is requested because the actual update is performed during POST. See TPM Update for more details.
  • If the file BIOS-Password.txt is found, it is checked if the device is already set to use this password. The password is not specified directly (clear), but by using a *.bin file name that stores the password encrypted. If the passwords differ, the configured *.bin file is read from the PwdFiles folder and the password is changed. See BIOS Password for more details.
  • If the file BIOS-Settings.txt exists, it is read and each entry is the name of a BIOS setting that needs to be changed. Each entry will be executed as a single change in the exact order they are defined; this makes detecting faulty settings (if any) easy. See BIOS Settings for more details.

For both BIOS Update and TPM Update, BIOS Sledeghammer can change BIOS settings just before an update happens. This is often required since both updates will not work if certain BIOS settings are in place. Please see BIOS Settings for BIOS update and TPM BIOS Settings.

Starting with Windows 10 1703, you can in-place convert from BIOS legacy (MBR) to UEFI boot mode (GPT); this is supported by B

texhex

View profile

View on GitHub
GitHub Stars142
CategoryOperations
Updated12d ago
Forks19
texhex/BiosSledgehammer

Languages

PowerShell

Security Score

100/100

Audited on Mar 20, 2026

No findings