Announcement

Collapse
No announcement yet.

Fwupd 1.8.4 Supports More Hardware, Starts Allowing To Make BIOS Changes From Linux

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Originally posted by anarki2 View Post
    Let us import specific settings into the BIOS after updates.
    Yup that should work now; see https://github.com/fwupd/fwupd/blob/...tting-policies

    Comment


    • #12
      Originally posted by Xake View Post

      This is actually totally on the vendor, and I _really_ hope more vendors start to do this right.
      I have a company-computer from Dell running Linux. Never problems with fwupd to upgrade the BIOS (has been done a couple of times on the two different models I have had the last 4 years). And every time all the settings are retained. No need to re apply anything.
      I think I also had upgrades for the BIOS in the HP I hade before that and that worked without problems with fwupdmgr.

      My current desktop have a X570-motherboard from Gigabyte that gets totally fsck every time I upgrade the BIOS on it. Running UEFI with secureboot and enrolled in a way so the nvidia binary blob driver is signed and loaded. So for me to get everything as I want it means nearly always two-three reboots to bios to re-apply all settings, and including reset the keys from the bios because it always fails to re-activate without any message why before I do that. Then boot with nouveau to ssetup and reboot to re-enroll keys in mokutils. Then if I am lucky everything works OK.
      And yes, I can save all my BIOS-settings as a profile to a USB-stick. But I cannot re-import those settings to a newer BIOS revision.

      My older desktop had a motherboard from Asus with a Intel processor. The same there when upgradeing.

      My HTPC has a B550 motherboard from MSI.
      Same thing there.

      So yes. This is how vendors like Dell vs Gigabyte implements stuff. Nothing to do with fwupd as far as I can see.

      I think generally computers meant for businesses where an IT-department are meant to be able to remotely upgrade BIOSes without having to be on site to re-apply the correct boot-drive-settings for the system to even boot the companies have to spend that extra it meant to develop and test upgrades so they do not break if it is not booted with factory-settings afterwards.
      For home desktops? Not so much.
      I've had almost the exact same experience, only the X570 motherboard is from MSI instead of Gigabyte. My Dell laptop retains its settings, keys, etc between firmware updates while the MSI AMD desktop board doesn't retain a damned thing, not even its memory timings. It's the biggest advertisement against internal firmware based TPM there is - and one reason Microsoft's insistence on TPM 2.0 is so bogus. Its key storage for many people's boards is broken - they may or may not retain any keys from one update to the next.

      Edit to add for clarity: This may or may not affect Windows booting because of Microsoft's position in the industry their keys and the OEM's keys will be in the update image. But it will effect any systems trying to use Bitlocker (and any other cryptographic service using a TPM store) since the Bitlocker key is supposed to be stored in the system's TPM. The end result is the volume won't boot because the Bitlocker key is not retained. It must be laboriously restored just like Xake's secure boot keys.
      Last edited by stormcrow; 30 August 2022, 04:00 PM.

      Comment


      • #13
        I wonder if people could mod support into a bios for this

        Comment


        • #14
          i love this so much. i just wish i had a single piece of hardware at least that was supported by it.
          >corsair 2tb mp600
          nope
          >hynix p31 2tb
          nope
          >three hynix 1tb ssd gold's
          nope
          >samsung 860 evo 2tb
          nope
          >msi b550 tomahawk
          nein
          >ducky one 2 tkl
          negative
          >ducky feather white and black with kailh switches
          non
          ‚Äč>my asus bluray drive
          nyet
          >my hp 27i monitor
          nope
          Last edited by middy; 31 August 2022, 12:01 AM.

          Comment


          • #15
            Originally posted by stormcrow View Post

            I've had almost the exact same experience, only the X570 motherboard is from MSI instead of Gigabyte. My Dell laptop retains its settings, keys, etc between firmware updates while the MSI AMD desktop board doesn't retain a damned thing, not even its memory timings. It's the biggest advertisement against internal firmware based TPM there is - and one reason Microsoft's insistence on TPM 2.0 is so bogus. Its key storage for many people's boards is broken - they may or may not retain any keys from one update to the next.

            Edit to add for clarity: This may or may not affect Windows booting because of Microsoft's position in the industry their keys and the OEM's keys will be in the update image. But it will effect any systems trying to use Bitlocker (and any other cryptographic service using a TPM store) since the Bitlocker key is supposed to be stored in the system's TPM. The end result is the volume won't boot because the Bitlocker key is not retained. It must be laboriously restored just like Xake's secure boot keys.
            Interesting, is it all settings or just keys? I ask because I haven't had this issue with bios settings on my msi meg x570 board, but I always have secure boot disabled.

            Comment


            • #16
              Originally posted by skeevy420 View Post
              We can only hope for decent Gigabyte support.
              I think Satan has a better chance of going to work on a snowplow.

              Comment


              • #17
                An here I thought we would get BIOS (in non-UEFI mode) updates from Linux...

                Comment


                • #18
                  Originally posted by baka0815 View Post
                  An here I thought we would get BIOS (in non-UEFI mode) updates from Linux...
                  It's highly likely you're running a UEFI firmware now; in CSM compatibility mode it's actually loading *extra* code compared to your normal boot process to emulate a simpler system. Vendors don't write "two firmwares" they just emulate the older one with the newer one. It's no more secure with CSM than UEFI, and in a lot of cases it's spectacularly less secure. Don't fear UEFI UpdateCapsule, embrace it.

                  Comment


                  • #19
                    Originally posted by middy View Post
                    i love this so much. i just wish i had a single piece of hardware at least that was supported by it.
                    This is the number of supported devices over time; we're getting there but it's going to take some time to get to 100%. Screenshot 2022-08-31 at 09-38-21 LVFS Analytics.png

                    Comment


                    • #20
                      Originally posted by hughsie View Post

                      It's highly likely you're running a UEFI firmware now; in CSM compatibility mode it's actually loading *extra* code compared to your normal boot process to emulate a simpler system. Vendors don't write "two firmwares" they just emulate the older one with the newer one. It's no more secure with CSM than UEFI, and in a lot of cases it's spectacularly less secure. Don't fear UEFI UpdateCapsule, embrace it.
                      I set up my system using BIOS mode because there were some problems with UEFI mode back then. Is there an easy way to switch to UEFI (without reinstalling the OS)?

                      Comment

                      Working...
                      X