Tema: Insyde secure BIOS update/flash
Data: 2021-05-28 22:32:52
Sveiki, Turiu čia tokį Fujitsu Lifebook'ą (E557) ir maga jam atnaujinti firmware'ą, tačiau WTF, gamintojo duodami BIOS'o update'ai su utėlėm to negali padaryti plikam notebook'ui, nebent tik iš jau pilnavertės Windows aplinkos/instaliacijos (kurios ten nėra ir neplanuojama, o ir tai jau pradėjau abejoti, kad suveiks)... Ką bandžiau: 1. Gamintojo DOS'inis atnaujinimo būdas (h2offt-d); atsisako flash'int, net ir readme parašyta: „If Secure BIOS is enabled there is no possibility to flash the BIOS in DOS environment. Please use the Windows based flash procedures instead of.“ Retorinis klausimas: tai nafiga gamintojas siūlo tokią opciją, katra yra tiesiog visiškai neveiksni? Beje, jei tai kaip nors susiję, tai BIOS'e secure boot opcija – išjungta. 2. Užkroviau Win10PE ir bandau jau windows'inę h2offt-w, katra lygiai taip pat atsisako: It only supports to flash secure BIOS on current platform. 3. Dar turiu gamintojo BIOS'o ./Windows/*.bup failą, katras skirtas windows'iniam updater'iui, katras Win10PE, aišku, atsisako veikti (not compatible with the version of Windows you're running); be pilnavertės OS jam veikiausiai trūk-sta(tų) Fujitsu BIOS driver'io ir dar keleto OEM pričindalų. Pff... Klausimas nr.1: ar kas nors yra susidūręs su panašia problema, o konkrečiai Insyde suknisto secure BIOS'o flash'u ne iš Windows'ų, nes įtariu, kad yra būdas ir utėlės, kaip ir koks nors hack'as? O gal yra idėjų/pasiūlymų, ką dar galima būtų pabandyti, be Windows OS instaliavimo...? Klausimas nr.2: o man to reikia...? (diegsiu ten Linuksą) Changelog'as nuo paskiausios iki pradinės/įsiūtos versijos (kaip ir nemažai esmingesnių fix'ų...): Current BIOS V. 1.16: Solved problems: - Updated MCU to MC0806E9_000000D5_000000D6. (2020.1 IPU: CVE-2020-0543,CVE-2020-0548, CVE-2020-0549) - Updated MEFW to v11.8.77.3664 (2020.1 IPU: CVE-2020-0536, CVE-2020-0545, CVE-2020-0539) Known errors, problems and restrictions: - None Additional information: - Changed BIOS Version Display. (Version 1.16) _______________________________________________________________________________________ BIOS Version History: _______________________________________________________________________________________ BIOS V. 1.15: Solved problems: - Updated CPU microcode. (MC0806E9_000000C9_000000CA (KBL-U/Y)) (Vulnerability fix CVE-2019-0117, CVE-2019-0123, CVE-2019-11157, CVE-2019-14607, (additional fix)CVE-2017-5715) - Updated H2OFFT to 2.01.01 for WEB update tool. (CVE-2019-12532) - Updated ME firmware to 11.8.70.3626. (Vulnerability fix CVE-2019-0168, CVE-2019-0169, CVE-2019-11087, CVE-2019-11090, CVE-2019-11101, CVE-2019-11102, CVE-2019-11104, CVE-2019-11106, CVE-2019-11110, CVE-2019-11147, CVE-2019-0131, CVE-2019-0166, CVE-2019-11088, CVE-2019-11100, CVE-2019-11131, CVE-2019-11132) - Bug fix: CLEARSURE SMS will be corrupted if forced power-off is performed while replying SMS. - Bug fix: Corrupted SMS is sent if forced power-off is performed while CLEARSURE Lock or Erase sequence. - Bug fix: Modified restoring sequence of some index registers when exiting SMM. - Bug fix: Setting HDD password of 33 characters with BiosSet tool is not an error. Known errors, problems and restrictions: - None Additional information: - Changed BIOS Version Display. (Version 1.15) - Changed to remove "TIM" of SMBIOS type 12 after initialize Absolute Computrace. - Supported to issue HDD Freeze Lock while POST. - Vulnerability fix. (CVE-2019-0154, CVE-2019-0185) - BIOS Version 1.14 was not released for customer download. _______________________________________________________________________________________ BIOS V. 1.13: Solved problems: - Updated Insyde iFdPacker to V2.5.3.0. (Supported Win10 19H1 with BIOS update utility for web update). - Updated ME firmware to V11.8.65.3590. (Intel 2019.1 QSR) - Updated CPU microcode to MC0806E9_000000B3_000000B4.TXT (Intel 2019.1 QSR) - Bug fix: BIOS update fails if Windows user account name has symbols. - Bug fix: UDK2018 based EFI shell does not boot when BIOS setup language is set to Japanese. - Bug fix: After restore GABI archive data, the device state of Boot Priority Order in BIOS Setup is not preserved. - Bug fix: Password of NVMe SSD can be changed with SIID for factory even if password is already set. - Bug fix: The setting of "Password on Boot" item is returned to former setting after CMOS is cleared if the item has been changed by SIID $C. - Bug fix: Some setup items remain the former value after clearing Supervisor password and rebooting without Save Changes. Known errors, problems and restrictions: - None Additional information: - Changed BIOS Version Display. (Version 1.13) - Improved keyboard matrix initialization. - Added 'Password Severity' option into BIOS setup screen (SIID KA:FTS). - Reserved physical memory address 0x40000000 to 0x403FFFFF (BIOS W/A for Intel CPU Erratum KBL121) - Enabled 20Kohm pull-up of GPIO PWRBTN#. - Added a warning message when "Password Severity" item is changed to [Stringent]. - EDKII vulnerability (CVE-2018-12180, CVE-2018-12181, CVE-2018-12182). - Supported Multi-Core disabling by manufacturing SIID. (Added SIID !A:MULTICORED.) - DDR4 DQ Tx Voltage Margin Enhancement (Intel TA) _______________________________________________________________________________________ BIOS V. 1.12: Solved problems: - MCU: MC0806E9_0000008E.TXT (CVE-2018-3639,3640) - ME F/W: 11.8.55.3510 Corporate (Intel QSR Q2'18) - Bug Fix:Boot Priority Order is not correct order when GABI Load default is executed. - Bug Fix:The Hard Disk protected by password after Winmagic Securedoc 75 installation - Bug Fix:The user password of less than "Minimum User Password Length" can be set by user authority. - Bug Fix:The EVTE language can't change when the setting of the language is changed by GABI settings API. - Bug Fix:BitLocker Network Unlock with IPv4 does not work. - Bug Fix:If USB Port option in BIOS setup is changed to "Enabled" by using GABI settings API, booting Windows fails. - Bug Fix:Resuming from Standby may fail if HDD which password has been set on other motherboards. - Bug Fix:BIOS update fails if Windows user account name has symbols. - Bug Fix:Unexpected Pop-up may be displayed during BIOS update if certain conditions are met. - Bug Fix:TPM2.0 with yellow bang may appear on Windows device manager if certain operations in BIOS setup screen are performed. Known errors, problems and restrictions: - None Additional information: - None _______________________________________________________________________________________ BIOS V. 1.11: Solved problems: - Update MCU (Spectre & Meltdown issue). - Bug Fix: Fujitsu logo resolution is not the same between POST and BGRT if the logo is displayed to the external display and CSM is enabled. - Bug Fix: System may not boot up anymore if the system power is turned off during Device Firmware Update process. Known errors, problems and restrictions: - None Additional information: - BIOS Version 1.10 has been skipped for customer download. ______________________________________________________________________________ BIOS V. 1.10: Solved problems: - If "Intel(R) PTT" is enabled and "Security Chip" is disabled, "TPM2.0" is shown on "Security Chip Device". Known errors, problems and restrictions: - None Additional information: - none ______________________________________________________________________________ BIOS V. 1.09: Solved problems: - Resuming from Standby may fail if HDD which password has been set on other system. - Booting from HDD which password has been set on other motherboards may fail if "Password Entry on Boot" is disabled. - OS does not reflect a change of "System Firmware Update" option immediately after resume from hybrid shutdown. - Force shutdown log is recorded when reset command is executed under EFI shell. - Vulnerability Fix: PSIRT-TA-201708-001. - Bug Fix: UEFI PXE boot may fails. Known errors, problems and restrictions: - None Additional information: - Changed BIOS Version Display (Version 1.09) - Update ME F/W: 11.8.50.3399 Consumer. - Update MCU. - Added ME version information into BIOS setup screen. - BIOS Version 1.08 have been skipped for customer download. ______________________________________________________________________________ BIOS V. 1.07 Solved problems: - After Intel(R) PTT and Intel(R) TXT are set to enabled at the same time in BIOS setup, system keeps rebooting during POST. - Screen corruption of external display may occur when boot Windows RE with CSM and Optimus are enabled. - Some application's boot order restoring feature does not work correctly. - BIOS Version string in BIOS setup intermittently has extra space characters. - When CSM is enabled, EVTE (Diagnostic Program) screen of an external monitor does not display properly. - UEFI PXE boot may fail. - "HT Technology" option is shown even if CPU does not have HT Technology capability. - When CSM is enabled, Windows may locks up if a USB device is hot-plugged or unplugged during OS boot. - On WWAN supported model, when CSM is enabled, Windows may locks up during OS boot. - Yellow bang error may appear on xHCI controller when "USB port" item in BIOS setup is disabled. - System does not transition from S4 sleep state to G3 state if "LAN Controller" option in BIOS setup is disabled. - If "Auto Save To Disk" is disabled, system may wake up from S3 when battery remaining capacity reaches 0%. - The wording of USB FDD on Boot menu is not correct. - System may locks up in the middle of entering BIOS setup if CSM is [Enabled] and two or more Windows Boot Manager (WBM) are registered to Boot Priority Order. - Windows PE screen resolution is low (640x480) if UEFI PXE boot. - System boot may fail when booting from a WinMagic SecureDoc encrypted hard drive. - When CSM is disabled, display output on POST is not switch to external monitor automatically even if lid is closed. - Activation of BIOS Biometric PBA takes long time to complete. - Vulnerability fix: Disabling DCI on Intel SKL/KBL/SKX platforms (INTEL-TA-201701-002). Known errors, problems and restrictions: - None Additional information: - BIOS Version 1.05 and 1.06 have been skipped. - Changed BIOS Version Display (Version 1.07). - Supported WPP PBA for a system which equips both fingerprint sensor and palm vein sensor. - Fixed a latent issue of UEFI Firmware Update. - Updated Intel LAN I219 PXE UEFI Driver E0016X7.EFI. - Updated CPU microcode. - Supported TPM1.2 - Certain system may locks up when F2 or F12 key is pressed during POST if CSM is [Enabled].
3Dastronomyagricultureaudioautosautos.audiautos.audioautos.binariesautos.bmwautos.clubautos.fordautos.hondacrxautos.japanautos.mercedesautos.opelautos.sportautos.volvoautos.vwaviaavia.binariesbankcardsbinariesbooksbuildingcinemacommercecomp.hardwarecomp.softwarecomp.lietuvinimascomp.networksculturedarbas.ieskaudarbas.siulaudesigneconomicselectronicsfaunafauna.aquafauna.binariesfishingflorafotofoto.binariesgamesgames.csgames.onlinegsmgurmanaihumourhumour.binariesinternetlawmicrosoftmotomusicmusic.binariesmusic.instrumentsmusic.LT.binariesnavigacijaphppoliticsprogrammingrpgsportstudyingsveikatatalktesttranslationtransportationtraveltravel.binariestvunixvideovideo.binarieswatersportswwwwww.flashpdaautos.supermama.ltmobiledarbasretro.3Dretro.agricultureretro.astronomyretro.audioretro.autosretro.autos.audiretro.autos.audioretro.autos.binariesretro.autos.bmwretro.autos.clubretro.autos.fordretro.autos.hondacrxretro.autos.japanretro.autos.mercedesretro.autos.opelretro.autos.sportretro.autos.supermamaretro.autos.supermama.ltretro.autos.volvoretro.autos.vwretro.aviaretro.avia.binariesretro.bankcardsretro.beosretro.binariesretro.booksretro.buildingretro.cinemaretro.commerceretro.compretro.comp.hardwareretro.comp.lietuvinimasretro.comp.networksretro.comp.softwareretro.cultureretro.darbasretro.darbas.ieskauretro.darbas.siulauretro.designretro.economicsretro.electronicsretro.e-vejasretro.faunaretro.fauna.aquaretro.fauna.binariesretro.fishingretro.floraretro.fotoretro.foto.binariesretro.gamesretro.games.csretro.games.onlineretro.games.rpgretro.genealogijaretro.gsmretro.gurmanairetro.humourretro.humour.binariesretro.internetretro.YZFretro.YZF.nebukretro.YZF.nebuk.netikintisretro.YZF.nebuk.netikintis.bukretro.YZF.nebuk.netikintis.buk.tikintisretro.lawretro.microsoftretro.mobileretro.motoretro.musicretro.music.binariesretro.music.instrumentsretro.music.LTretro.music.LT.binariesretro.navigacijaretro.newsretro.news.taisyklesretro.newuserretro.pdaretro.phpretro.politicsretro.programmingretro.rpgretro.sportretro.studyingretro.sveikataretro.talkretro.translationretro.transportationretro.travelretro.travel.binariesretro.tvretro.unixretro.videoretro.video.binariesretro.watersportsretro.wwwretro.www.flashdiylt.rkm.news.announcelt.rkm.news.newuser