has any of you been able to do a BIOS update for Lenovo systems without using TVSU? TVSU is banned in our company 
I have been trying and it gets stuck in Running.
and when it completes im getting an Exit code 3
This is the last code I used. Running it from a different so I can keep a close look to the files.
dos xcopy /E /H /K /O {"__Download"} "C:\Users\Public\Downloads\repo\BIOS\*"
wait C:\Users\Public\Downloads\repo\BIOS\wflash2.exe /rsmb /quiet
restart 60What do you get if you run it manually?
It works. But I’m running CMD as an admin and typing the command manually not thru a .CMD like the BIOS update comes with.
And when I used the .CMD or changed it to a .bat it got stock in running as well
Try something like:
wait cmd /c /s "C:\Users\Public\Downloads\repo\BIOS\wflash2.exe /rsmb /quiet"I’ve tested so many different ways and they have all failed. This is the most current one I have tried:
prefetch 9e3275c76d020d413ce5d45b958563bd386e3696 sha1:9e3275c76d020d413ce5d45b958563bd386e3696 size:6826958 http://server:52311/Uploads/9e3275c76d020d413ce5d45b958563bd386e3696/HPQFlash.tmp sha256:6922b7d661c7cc19796623fa5189156f94a20a23032779f3bcc0befee8725980
extract 9e3275c76d020d413ce5d45b958563bd386e3696
waithidden "{pathname of system folder & "\cmd.exe"}" /Q /C "{(pathname of client folder of current site) & "\__Download\Hpqflash.exe -s -from.cab -a -pBIOS.bin"} TIMEOUT /t 600 /nobreak"
parameter "start" = "{now}"
I put the timeout in to let the processes run before BigFix tried rebooting but that hasn’t worked either.
Does that command line work when you run it manually?
Here’s what my fixlet is doing (after the download of sp_update.exe and my encoded bios password file)
// Extract the flash utilities to Windows Temp folder
// This extracts the archive without launching the install script or IE help page. Originally I did not know how to suppress the IE launch, so I was extracting it outside of the __Download folder to stop it from locking up the client download path. Extracting to \Windows\Temp may no longer be necessary.
waithidden "{pathname of download file "sp_update.exe"}" -pdf -f "{pathname of windows folder"}\temp\BIOSFlash" -s -e
// "password1" is an encoded password file built using the hpqpasswd utility that is also part of the sp_update.exe archive
waithidden "{pathname of windows folder}\Temp\BIOSFlash\HPQFlash\HPQFlash.exe" -s -p "{pathname of download file "password1"}"
continue if {exit code of action = 0}
action requires restart "BIOS_Flash"I’m a little confused by this part. Is this supposed to be for CMD or the BIOS update thing?
Try:
wait __Download\Hpqflash.exe -s -from.cab -a -pBIOS.bin
OR:
dos __Download\Hpqflash.exe -s -from.cab -a -pBIOS.bin
See if either of those options work.
powershell -ExecutionPolicy Bypass -command "(Get-AuthenticodeSignature \"C:\Temp\CatalogPC.cab\").Status -eq 'Valid'"
powershell -ExecutionPolicy Bypass -command "(Get-AuthenticodeSignature \"C:\Temp\E7440A25.exe\").Status -eq 'Valid'"
number of selects "/Manifest/SoftwareComponent/ComponentType[@value='BIOS']" of xml documents of files "C:\Temp\DellCatalogPC\CatalogPC.XML"
( ("https://downloads.dell.com/" & it) of node values of selects "@path/text()" of it ) of parent nodes of selects "/Manifest/SoftwareComponent/ComponentType[@value='BIOS']" of xml documents of files "C:\Temp\DellCatalogPC\CatalogPC.XML"
( concatenations ", " of (item 0 of it & " " & item 1 of it) of (node values of selects "Display/text()" of it, node values of selects "Model/Display/text()" of it) of selects "SupportedSystems/Brand" of it ) of parent nodes of selects "/Manifest/SoftwareComponent/ComponentType[@value='BIOS']" of xml documents of files "C:\Temp\DellCatalogPC\CatalogPC.XML"
( ( concatenations ", " of (item 0 of it & " " & item 1 of it) of (node values of selects "Display/text()" of it, node values of selects "Model/Display/text()" of it) of selects "SupportedSystems/Brand" of it ), ( ("https://downloads.dell.com/" & it) of node values of selects "@path/text()" of it ) ) of parent nodes of selects "/Manifest/SoftwareComponent/ComponentType[@value='BIOS']" of xml documents of files "C:\Temp\DellCatalogPC\CatalogPC.XML"
Q: ( node values of selects "@size/text()" of it, node values of selects "@vendorVersion/text()" of it, node values of selects "@dateTime/text()" of it ) of parent nodes of selects "/Manifest/SoftwareComponent/ComponentType[@value='BIOS']" of xml documents of files "C:\Temp\DellCatalogPC\CatalogPC.XML"
A: 4026384, A19, 2018-03-26T04:59:06+00:00
A: 10392776, 1.2.8, 2018-03-16T14:36:57+00:00
(multiplicity of it, it) of unique values of ( node values of selects "Criticality/@value/text()" of it ) of parent nodes of selects "/Manifest/SoftwareComponent/ComponentType[@value='BIOS']" of xml documents of files "C:\Temp\DellCatalogPC\CatalogPC.XML"
Q: (multiplicity of it, it) of unique values of preceding texts of firsts "-" of ( node values of selects "Criticality/Display/text()" of it ) of parent nodes of selects "/Manifest/SoftwareComponent/ComponentType" of xml documents of files "C:\Temp\DellCatalogPC\CatalogPC.XML"
A: 126, Optional
A: 2342, Recommended
A: 248, Urgent
T: 5530.308 ms
“hpqflash -s -from.cab” exits immediately with exit code 0 on a machine needing a bios update but then takes 5 or 6 minutes to actually finish the update. With the /t 600, maybe the OP was trying to get bigfix to wait to let it finish. This is a snippet from the log file generated in silent mode. Return code 0xbc2 has been returned on the three machines I’ve tested successful bios updates on (HP elitedesk 800 G1 SFF)
I’m looking for a better way to detect success so bigfix can reboot at the right time.
2018/07/30 10:35:45.062|00001650|Information|CCpqCIMIntf::FlashRom|***** Start FLASHING *****
2018/07/30 10:35:45.078|00001650|Information|CCpqCIMIntf::FlashRom|Start Saving Original BIOS Contents
2018/07/30 10:39:30.614|00001650|Information|CCpqCIMIntf::FlashRom|End Saving Original BIOS Contents
2018/07/30 10:39:30.614|00001650|Information|CCpqCIMIntf::FlashRom|Start flashing (Write) Attempt #1
2018/07/30 10:39:30.614|00001650|Information|CCpqCIMIntf::FlashRomImage|Start Flash Rom Image (Write)
2018/07/30 10:40:24.786|00001650|Information|CCpqCIMIntf::FlashRomImage|End Flash Rom Image (Write), bStatus = 1
2018/07/30 10:40:24.786|00001650|Information|CCpqCIMIntf::FlashRom|End flashing (Write) Attempt #1
2018/07/30 10:40:24.801|00001650|Information|CCpqCIMIntf::FlashRom|***** END FLASHING PROCESS *****
2018/07/30 10:40:24.801|00001650|Information|ChpqFlashApp::hpqFlashInSilentMode|Return from Flashing in silent mode, bStatus = 1
2018/07/30 10:40:24.801|00001650|Information|ChpqFlashApp::hpqFlashInSilentMode|Exit hpqFlashInSilentMode, bStatus = 1
2018/07/30 10:40:24.801|00001650|Information|ChpqFlashApp::ExitInstance|Exit hpqFlash: Return Code = 0xbc2
2018/07/30 10:40:24.801|00001650|Information|ChpqFlashApp::ExitInstance|--- END HPQFLASH SESSION ---I’m currently testing a fixlet for Dell computers, using Dell Command Update that runs an automated install/reboot process, for up to three cycles of installing updates and reboots, including a /driverRestore if the task has never ever been run before. Works pretty well on desktops and older laptops.
Current issues include:
That is odd. Might need to file a bug with Dell on that.
That is interesting. Might also want to bug dell about that, but I think DCU is generally focused around the computer model, so that might be why that is missing.
Is the WD15 firmware info in the Dell Catalog?
In continuing the work on automating the creation of BIOS Update fixlets and tasks with BigFix, I came up with a Task to Suspend BitLocker, which is an important part of doing BIOS updates in cases where BitLocker is enabled.
I looked at some existing content as a reference for this, but while testing this on one of my systems, I figured out that you need to not just handle the case in which BitLocker Protection is fully enabled but ALSO the case in which BitLocker is being enabled but is not fully enabled yet. It should be rare, but the potential issue occurs in which BitLocker was just enabled for the first time, but has not finished encrypting the drive for some reason. In this case, most other content that suspends BitLocker would not handle this case, then the BIOS update would be applied, then BitLocker finishes encryption and becomes fully enabled, then the reboot for the BIOS update occurs. If this rare circumstance were to happen, then BitLocker would likely be put in recovery mode, unless the BIOS Update process itself from the vender handles this case specifically, which could be, but I wouldn’t rely on it.
I intend to use the actionscript within the above Task within any BIOS update content. See here: https://github.com/jgstew/bigfix-content/issues/7#issuecomment-629689306
Note that only Windows 10 has the reboot count indicator. In Windows 7 it’s either on/off.
My Dell Command Update automation uses client settings for tracking breadcrumbs across reboots. If it’s Windows 7 and I disable BitLocker, I plant a breadcrumb; if it’s there when the fixlet runs again, I reenable it. (The automation uses the breadcrumbs and action execution locks so that it reboots a maximum of three times.)
Well, that sucks. That is much more complicated. Does Win8 have the reboot thing? I hope so.
You might be able to use the RunOnce key to Resume BitLocker on Windows 7 so that it can happen after the reboot has completed without requiring another action.
I haven’t fully tested this yet:
// Handle BitLocker Resume after reboot for Win7 and Win2008R2
if {version of operating system < "6.2.0.0"}
regset64 "[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]" "ResumeBitLocker"="manage-bde -protectors -enable C:"
endif
Here is a work in progress, untested mustache template for BigFix BIOS Update Tasks:
values "product_name" of structures "system_information" of smbiosvalues "vendor" of structures "bios_information" of smbiosvalues "bios_version" of structures "bios_information" of smbiosmanage-bde.wsf)
I’m not currently handling encrypting the BIOS password, but I released 300+ BIOS update tasks here: https://github.com/jgstew/bigfix-content/tree/master/fixlet/BIOS/Dell
These have NOT been tested except for on the 1 model I happen to have, and even then, not all cases. Please test them out carefully and provide me feedback on if they work, if they don’t, and any suggestions for improvement.
You can follow along my process of doing this here: https://github.com/jgstew/bigfix-content/issues/7
I used this python script:
I used this template:
These also make use of:
Someone has already found edge case issues with the way the models are in the Catalog vs Reported by SMBIOS, which I’m tracking in a new issue here: https://github.com/jgstew/bigfix-content/issues/25
Would be helpful to have the unique set of results from:
(it as string as trimmed string) of values "product_name" of structures "system_information" of smbios
from as many Dell / HP / Lenovo models as possible to find and resolve some of these edge cases.
seems like there is a tool for linux for installing firmware from multiple vendors that could be automated with bigfix, as well as a possible source for generating fixlets from:
were you ever able to detect out of date dell docks with relevance?