SecT0uch/arch-install
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
6 commits 1 branch 0 tags 36 KiB
Find a file
Exact
Jordan ERNST 3397d00079
 docs: Add info about BIOS bug
2026-02-02 20:05:58 +01:00
README.md docs: Add info about BIOS bug 2026-02-02 20:05:58 +01:00

README.md

CachyOS install

Hardware: HP ZBook Ultra G1A (AMD Ryzen AI Max+ PRO 395)

Maintenance and Service Guide

BIOS Settings

HP PC Commercial BIOS (UEFI) Setup: https://kaas.hpcloud.hp.com/pdf-public/pdf_12904670_en-US-1.pdf

As of today: BIOS 01.04.03 -> This version is bugged! See "Troubleshooting".

This is tested and works on BIOS 01.03.11:

  • Security
    • TPM
      • TPM device: Available
      • TPM State
      • TPM Activation Policy: No prompts (fwupd updates, LUKS)
    • BIOS Sure Start
      • Verify Boot Block on every boot
      • Sure start BIOS protection
      • Sure start Secure Boot Keys Protection
      • Enhanced HP Firmware Runtime Intrusion Prevention and Detection
      • Sure start event policy: Log and notify user
      • Event boot notification: Require acknowledgement
    • Secure Boot Configuration
      • Secure Boot: Enable after https://wiki.cachyos.org/configuration/secure_boot_setup/
      • Import Custom Secure Boot keys
      • Clear Secure Boot keys
      • Reset Secure Boot keys to factory default
      • Enable MS UEFI CA key (Almost all major Linux distributions use a bootloader called "Shim" that is signed by Microsoft.)
      • Ready BIOS for Device Guard use
    • Secure Platform Management (SPM): Disable all
    • Physical Presence Interface
    • Smart cover
      • Cover removal sensor: Administrator credential
      • Power off upon cover removal: Protects from Cold-boot attacks
      • Clear TPM on boot after cover removal
    • DRTM/SMM Protection
    • Pluton Security Processor
    • Hard Drive Utilities
      • Save Restore GPT
      • DriveLock > Disk > Disable
      • Allow disk OPAL Hard Drive SID Authentication
    • System Management Command (HP backdoor to reset security settings)
  • Advanced
    • Boot Options
      • Fast boot: Skips initialization of certain USB devices and hardware checks, so may break USB keyboards
    • HP Sure Recover: Disable all
    • System Options
      • SVM CPU Virtualization
      • Thunderbolt Mode
      • DMA Protection
      • Pre-Boot DMA protection: All PCIe devices
      • Measure additional DMA Settings: PCR1
      • Full encryption of main memory (DRAM)
      • Pre-boot WiFi
      • Fast charge
      • APMF
      • Motion sensing cool mode
      • AiMT (AMD integrated Management Technology): Some kind of remote access
      • HP Application Driver: Provides ACPI structure
      • Enhanced Sign-In Securiity: Windows centric, breaks fingerprint on Linux
    • Built-In Device Options
      • Boost converter
      • Quick connect
    • Power Management Options
      • Battery Health Manager: Let HP Manage My Battery Health
      • Power Control
      • PSPP (PCIe Speed Power Policy): Enabled
      • AMD Core Performance Boost
    • Dedicated Graphics Memory: 32 GB
    • Remote HP PC Hardware Diagnostics: Disable all

Order to proceed:

Troubleshooting

Fix for Black Screen on Boot (HP ZBook Ultra G1A / Ryzen AI Max+ PRO 395)

The problem

As of today there are bugs with either the BIOS or Kernel, using the Zbook Ultra G1A (AMD Ryzen AI Max+ PRO 395)

Status: BIOS 01.04.03 / Kernel 6.18.7

When booting any distribution, we get a black screen for long minutes after the systemd-boot menu and before the LUKS prompt.

The fix

This is a bug in BIOS 01.04.03. Downgrade to 01.03.11