Re: Insyde secure BIOS update/flash [Diamondas @ 2021-05-29 07:19:37]

Tema: Re: Insyde secure BIOS update/flash
Autorius: Diamondas
Data: 2021-05-29 07:19:37
Rašytojas :) Gal dirbi... :)

Realiai - dar biškį paskaityk manual'us kol rasi vietą kur parašyta kur padėti BIOS FW, kad BIOS'as galėtų jį passimti ir susidėti. Dažniausiai tai būna USB, MMC (SD) ar HDD(SSD)

C:\imagenamepagalgamintoja.imagetipaspagalgamintoja *nix analogiškai. \\sda\bblab..\alblala\flashmg.imgexetension

Ir tada iš BIOS'o - update/flash/repair/etc BIOS from image_file_accesibble_from_bios.image_file_extensions

Maždaug taip jei trumpai, jei išsamiai... tam sektoriui dirbau trumpiausiai :)



On 2021-05-29 01:32, Laimis wrote:
> Sveiki,
> > Turiu čia tokį Fujitsu Lifebook'ą (E557) ir maga jam atnaujinti
> firmware'ą, tačiau WTF, gamintojo duodami BIOS'o update'ai su utėlėm to
> negali padaryti plikam notebook'ui, nebent tik iš jau pilnavertės
> Windows aplinkos/instaliacijos (kurios ten nėra ir neplanuojama, o ir
> tai jau pradėjau abejoti, kad suveiks)...
> > Ką bandžiau:
> 1. Gamintojo DOS'inis atnaujinimo būdas (h2offt-d); atsisako flash'int,
> net ir readme parašyta:
> „If Secure BIOS is enabled there is no possibility to flash the BIOS in
> DOS environment. Please use the Windows based flash procedures instead of.“
> > Retorinis klausimas: tai nafiga gamintojas siūlo tokią opciją, katra yra
> tiesiog visiškai neveiksni?
> > Beje, jei tai kaip nors susiję, tai BIOS'e secure boot opcija – išjungta.
> > 2. Užkroviau Win10PE ir bandau jau windows'inę h2offt-w, katra lygiai
> taip pat atsisako: It only supports to flash secure BIOS on current
> platform.
> > 3. Dar turiu gamintojo BIOS'o ./Windows/*.bup failą, katras skirtas
> windows'iniam updater'iui, katras Win10PE, aišku, atsisako veikti (not
> compatible with the version of Windows you're running); be pilnavertės
> OS jam veikiausiai trūk-sta(tų) Fujitsu BIOS driver'io ir dar keleto OEM
> pričindalų.
> > Pff...
> > Klausimas nr.1: ar kas nors yra susidūręs su panašia problema, o
> konkrečiai Insyde suknisto secure BIOS'o flash'u ne iš Windows'ų, nes
> įtariu, kad yra būdas ir utėlės, kaip ir koks nors hack'as? O gal yra
> idėjų/pasiūlymų, ką dar galima būtų pabandyti, be Windows OS
> instaliavimo...?
> > Klausimas nr.2: o man to reikia...? (diegsiu ten Linuksą)
> Changelog'as nuo paskiausios iki pradinės/įsiūtos versijos (kaip ir
> nemažai esmingesnių fix'ų...):
> > Current BIOS V. 1.16:
> > Solved problems:
> - Updated MCU to MC0806E9_000000D5_000000D6. (2020.1 IPU:
> CVE-2020-0543,CVE-2020-0548, CVE-2020-0549)
> - Updated MEFW to v11.8.77.3664 (2020.1 IPU: CVE-2020-0536,
> CVE-2020-0545, CVE-2020-0539)
> > Known errors, problems and restrictions:
> - None
> > Additional information:
> - Changed BIOS Version Display. (Version 1.16)
> > _______________________________________________________________________________________
> >   BIOS Version History:
> > _______________________________________________________________________________________
> >   BIOS V. 1.15:
> > Solved problems:
> - Updated CPU microcode. (MC0806E9_000000C9_000000CA (KBL-U/Y))
> (Vulnerability fix CVE-2019-0117, CVE-2019-0123, CVE-2019-11157,
> CVE-2019-14607, (additional fix)CVE-2017-5715)
> - Updated H2OFFT to 2.01.01 for WEB update tool. (CVE-2019-12532)
> - Updated ME firmware to 11.8.70.3626. (Vulnerability fix CVE-2019-0168,
> CVE-2019-0169, CVE-2019-11087, CVE-2019-11090, CVE-2019-11101,
> CVE-2019-11102, CVE-2019-11104, CVE-2019-11106, CVE-2019-11110,
> CVE-2019-11147, CVE-2019-0131, CVE-2019-0166, CVE-2019-11088,
> CVE-2019-11100, CVE-2019-11131, CVE-2019-11132)
> - Bug fix: CLEARSURE SMS will be corrupted if forced power-off is
> performed while replying SMS.
> - Bug fix: Corrupted SMS is sent if forced power-off is performed while
> CLEARSURE Lock or Erase sequence.
> - Bug fix: Modified restoring sequence of some index registers when
> exiting SMM.
> - Bug fix: Setting HDD password of 33 characters with BiosSet tool is
> not an error.
> > Known errors, problems and restrictions:
> - None
> > Additional information:
> - Changed BIOS Version Display. (Version 1.15)
> - Changed to remove "TIM" of SMBIOS type 12 after initialize Absolute
> Computrace.
> - Supported to issue HDD Freeze Lock while POST.
> - Vulnerability fix. (CVE-2019-0154, CVE-2019-0185)
> - BIOS Version 1.14 was not released for customer download.
> > _______________________________________________________________________________________
> >   BIOS V. 1.13:
> > Solved problems:
> - Updated Insyde iFdPacker to V2.5.3.0. (Supported Win10 19H1 with BIOS
> update utility for web update).
> - Updated ME firmware to V11.8.65.3590. (Intel 2019.1 QSR)
> - Updated CPU microcode to MC0806E9_000000B3_000000B4.TXT (Intel 2019.1 QSR)
> - Bug fix: BIOS update fails if Windows user account name has symbols.
> - Bug fix: UDK2018 based EFI shell does not boot when BIOS setup
> language is set to Japanese.
> - Bug fix: After restore GABI archive data, the device state of Boot
> Priority Order in BIOS Setup is not preserved.
> - Bug fix: Password of NVMe SSD can be changed with SIID for factory
> even if password is already set.
> - Bug fix: The setting of "Password on Boot" item is returned to former
> setting after CMOS is cleared if the item has been changed by SIID $C.
> - Bug fix: Some setup items remain the former value after clearing
> Supervisor password and rebooting without Save Changes.
> > Known errors, problems and restrictions:
> - None
> > Additional information:
> - Changed BIOS Version Display. (Version 1.13)
> - Improved keyboard matrix initialization.
> - Added 'Password Severity' option into BIOS setup screen (SIID KA:FTS).
> - Reserved physical memory address 0x40000000 to 0x403FFFFF (BIOS W/A
> for Intel CPU Erratum KBL121)
> - Enabled 20Kohm pull-up of GPIO PWRBTN#.
> - Added a warning message when "Password Severity" item is changed to
> [Stringent].
> - EDKII vulnerability (CVE-2018-12180, CVE-2018-12181, CVE-2018-12182).
> - Supported Multi-Core disabling by manufacturing SIID. (Added SIID
> !A:MULTICORED.)
> - DDR4 DQ Tx Voltage Margin Enhancement (Intel TA)
> > _______________________________________________________________________________________
> >   BIOS V. 1.12:
> > Solved problems:
> - MCU: MC0806E9_0000008E.TXT (CVE-2018-3639,3640)
> - ME F/W: 11.8.55.3510 Corporate (Intel QSR Q2'18)
> - Bug Fix:Boot Priority Order is not correct order when GABI Load
> default is executed.
> - Bug Fix:The Hard Disk protected by password after Winmagic Securedoc
> 75 installation
> - Bug Fix:The user password of less than "Minimum User Password Length"
> can be set by user authority.
> - Bug Fix:The EVTE language can't change when the setting of the
> language is changed by GABI settings API.
> - Bug Fix:BitLocker Network Unlock with IPv4 does not work.
> - Bug Fix:If USB Port option in BIOS setup is changed to "Enabled" by
> using GABI settings API, booting Windows fails.
> - Bug Fix:Resuming from Standby may fail if HDD which password has been
> set on other motherboards.
> - Bug Fix:BIOS update fails if Windows user account name has symbols.
> - Bug Fix:Unexpected Pop-up may be displayed during BIOS update if
> certain conditions are met.
> - Bug Fix:TPM2.0 with yellow bang may appear on Windows device manager
> if certain operations in BIOS setup screen are performed.
> > Known errors, problems and restrictions:
> - None
> > Additional information:
> - None
> > _______________________________________________________________________________________
> >   BIOS V. 1.11:
> > Solved problems:
> - Update MCU (Spectre & Meltdown issue).
> - Bug Fix: Fujitsu logo resolution is not the same between POST and BGRT
> if the logo is displayed to the
> external display and CSM is enabled.
> - Bug Fix: System may not boot up anymore if the system power is turned
> off during Device Firmware Update
> process.
> > Known errors, problems and restrictions:
> - None
> > Additional information:
> - BIOS Version 1.10 has been skipped for customer download.
> > ______________________________________________________________________________
> >   BIOS V. 1.10:
> > Solved problems:
> - If "Intel(R) PTT" is enabled and "Security Chip" is disabled, "TPM2.0"
> is shown on "Security Chip Device".
> > Known errors, problems and restrictions:
> - None
> > Additional information:
> - none
> > ______________________________________________________________________________
> >   BIOS V. 1.09:
> > Solved problems:
> - Resuming from Standby may fail if HDD which password has been set on
> other system.
> - Booting from HDD which password has been set on other motherboards may
> fail if "Password  Entry on Boot" is disabled.
> - OS does not reflect a change of "System Firmware Update" option
> immediately after resume from hybrid shutdown.
> - Force shutdown log is recorded when reset command is executed under
> EFI shell.
> - Vulnerability Fix: PSIRT-TA-201708-001.
> - Bug Fix: UEFI PXE boot may fails.
> > Known errors, problems and restrictions:
> - None
> > Additional information:
> - Changed BIOS Version Display (Version 1.09)
> - Update ME F/W: 11.8.50.3399 Consumer.
> - Update MCU.
> - Added ME version information into BIOS setup screen.
> - BIOS Version 1.08 have been skipped for customer download.
> > ______________________________________________________________________________
> >   BIOS V. 1.07
> > Solved problems:
> - After Intel(R) PTT and Intel(R) TXT are set to enabled at the same
> time in BIOS setup, system keeps rebooting during POST.
> - Screen corruption of external display may occur when boot Windows RE
> with CSM and Optimus are enabled.
> - Some application's boot order restoring feature does not work correctly.
> - BIOS Version string in BIOS setup intermittently has extra space
> characters.
> - When CSM is enabled, EVTE (Diagnostic Program) screen of an external
> monitor does not display properly.
> - UEFI PXE boot may fail.
> - "HT Technology" option is shown even if CPU does not have HT
> Technology capability.
> - When CSM is enabled, Windows may locks up if a USB device is
> hot-plugged or unplugged during OS boot.
> - On WWAN supported model, when CSM is enabled, Windows may locks up
> during OS boot.
> - Yellow bang error may appear on xHCI controller when "USB port" item
> in BIOS setup is disabled.
> - System does not transition from S4 sleep state to G3 state if "LAN
> Controller" option in BIOS setup is disabled.
> - If "Auto Save To Disk" is disabled, system may wake up from S3 when
> battery remaining capacity reaches 0%.
> - The wording of USB FDD on Boot menu is not correct.
> - System may locks up in the middle of entering BIOS setup if CSM is
> [Enabled] and two or more Windows Boot Manager (WBM) are registered to
> Boot Priority Order.
> - Windows PE screen resolution is low (640x480) if UEFI PXE boot.
> - System boot may fail when booting from a WinMagic SecureDoc encrypted
> hard drive.
> - When CSM is disabled, display output on POST is not switch to external
> monitor automatically even if lid is closed.
> - Activation of BIOS Biometric PBA takes long time to complete.
> - Vulnerability fix: Disabling DCI on Intel SKL/KBL/SKX platforms
> (INTEL-TA-201701-002).
> > Known errors, problems and restrictions:
> - None
> > Additional information:
> - BIOS Version 1.05 and 1.06 have been skipped.
> - Changed BIOS Version Display (Version 1.07).
> - Supported WPP PBA for a system which equips both fingerprint sensor
> and palm vein sensor.
> - Fixed a latent issue of UEFI Firmware Update.
> - Updated Intel LAN I219 PXE UEFI Driver E0016X7.EFI.
> - Updated CPU microcode.
> - Supported TPM1.2
> - Certain system may locks up when F2 or F12 key is pressed during POST
> if CSM is [Enabled].
> >