Laimis, permalink
Sveiki,
Turiu čia tokį Fujitsu Lifebook'ą (E557) ir maga jam atnaujinti
firmware'ą, tačiau WTF, gamintojo duodami BIOS'o update'ai su utėlėm to
negali padaryti plikam notebook'ui, nebent tik iš jau pilnavertės
Windows aplinkos/instaliacijos (kurios ten nėra ir neplanuojama, o ir
tai jau pradėjau abejoti, kad suveiks)...
Ką bandžiau:
1. Gamintojo DOS'inis atnaujinimo būdas (h2offt-d); atsisako flash'int,
net ir readme parašyta:
„If Secure BIOS is enabled there is no possibility to flash the BIOS in
DOS environment. Please use the Windows based flash procedures instead of.“
Retorinis klausimas: tai nafiga gamintojas siūlo tokią opciją, katra yra
tiesiog visiškai neveiksni?
Beje, jei tai kaip nors susiję, tai BIOS'e secure boot opcija – išjungta.
Užkroviau Win10PE ir bandau jau windows'inę h2offt-w, katra lygiai
taip pat atsisako: It only supports to flash secure BIOS on current
platform.Dar turiu gamintojo BIOS'o ./Windows/*.bup failą, katras skirtas
windows'iniam updater'iui, katras Win10PE, aišku, atsisako veikti (not
compatible with the version of Windows you're running); be pilnavertės
OS jam veikiausiai trūk-sta(tų) Fujitsu BIOS driver'io ir dar keleto OEM
pričindalų.
Pff...
Klausimas nr.1: ar kas nors yra susidūręs su panašia problema, o
konkrečiai Insyde suknisto secure BIOS'o flash'u ne iš Windows'ų, nes
įtariu, kad yra būdas ir utėlės, kaip ir koks nors hack'as? O gal yra
idėjų/pasiūlymų, ką dar galima būtų pabandyti, be Windows OS
instaliavimo...?
Klausimas nr.2: o man to reikia...? (diegsiu ten Linuksą)
Changelog'as nuo paskiausios iki pradinės/įsiūtos versijos (kaip ir
nemažai esmingesnių fix'ų...):
Current BIOS V. 1.16:
Solved problems:
- Updated MCU to MC0806E9_000000D5_000000D6. (2020.1 IPU:
CVE-2020-0543,CVE-2020-0548, CVE-2020-0549)
- Updated MEFW to v11.8.77.3664 (2020.1 IPU: CVE-2020-0536,
CVE-2020-0545, CVE-2020-0539)
Known errors, problems and restrictions:
- None
Additional information:
- Changed BIOS Version Display. (Version 1.16)
BIOS Version History:
BIOS V. 1.15:
Solved problems:
- Updated CPU microcode. (MC0806E9_000000C9_000000CA (KBL-U/Y))
(Vulnerability fix CVE-2019-0117, CVE-2019-0123, CVE-2019-11157,
CVE-2019-14607, (additional fix)CVE-2017-5715)
- Updated H2OFFT to 2.01.01 for WEB update tool. (CVE-2019-12532)
- Updated ME firmware to 11.8.70.3626. (Vulnerability fix CVE-2019-0168,
CVE-2019-0169, CVE-2019-11087, CVE-2019-11090, CVE-2019-11101,
CVE-2019-11102, CVE-2019-11104, CVE-2019-11106, CVE-2019-11110,
CVE-2019-11147, CVE-2019-0131, CVE-2019-0166, CVE-2019-11088,
CVE-2019-11100, CVE-2019-11131, CVE-2019-11132)
- Bug fix: CLEARSURE SMS will be corrupted if forced power-off is
performed while replying SMS.
- Bug fix: Corrupted SMS is sent if forced power-off is performed while
CLEARSURE Lock or Erase sequence.
- Bug fix: Modified restoring sequence of some index registers when
exiting SMM.
- Bug fix: Setting HDD password of 33 characters with BiosSet tool is
not an error.
Known errors, problems and restrictions:
- None
Additional information:
- Changed BIOS Version Display. (Version 1.15)
- Changed to remove "TIM" of SMBIOS type 12 after initialize Absolute
Computrace.
- Supported to issue HDD Freeze Lock while POST.
- Vulnerability fix. (CVE-2019-0154, CVE-2019-0185)
- BIOS Version 1.14 was not released for customer download.
BIOS V. 1.13:
Solved problems:
- Updated Insyde iFdPacker to V2.5.3.0. (Supported Win10 19H1 with BIOS
update utility for web update).
- Updated ME firmware to V11.8.65.3590. (Intel 2019.1 QSR)
- Updated CPU microcode to MC0806E9_000000B3_000000B4.TXT (Intel 2019.1 QSR)
- Bug fix: BIOS update fails if Windows user account name has symbols.
- Bug fix: UDK2018 based EFI shell does not boot when BIOS setup
language is set to Japanese.
- Bug fix: After restore GABI archive data, the device state of Boot
Priority Order in BIOS Setup is not preserved.
- Bug fix: Password of NVMe SSD can be changed with SIID for factory
even if password is already set.
- Bug fix: The setting of "Password on Boot" item is returned to former
setting after CMOS is cleared if the item has been changed by SIID $C.
- Bug fix: Some setup items remain the former value after clearing
Supervisor password and rebooting without Save Changes.
Known errors, problems and restrictions:
- None
Additional information:
- Changed BIOS Version Display. (Version 1.13)
- Improved keyboard matrix initialization.
- Added 'Password Severity' option into BIOS setup screen (SIID KA:FTS).
- Reserved physical memory address 0x40000000 to 0x403FFFFF (BIOS W/A
for Intel CPU Erratum KBL121)
- Enabled 20Kohm pull-up of GPIO PWRBTN#.
- Added a warning message when "Password Severity" item is changed to
[Stringent].
- EDKII vulnerability (CVE-2018-12180, CVE-2018-12181, CVE-2018-12182).
- Supported Multi-Core disabling by manufacturing SIID. (Added SIID
!A:MULTICORED.)
- DDR4 DQ Tx Voltage Margin Enhancement (Intel TA)
BIOS V. 1.12:
Solved problems:
- MCU: MC0806E9_0000008E.TXT (CVE-2018-3639,3640)
- ME F/W: 11.8.55.3510 Corporate (Intel QSR Q2'18)
- Bug Fix:Boot Priority Order is not correct order when GABI Load
default is executed.
- Bug Fix:The Hard Disk protected by password after Winmagic Securedoc
75 installation
- Bug Fix:The user password of less than "Minimum User Password Length"
can be set by user authority.
- Bug Fix:The EVTE language can't change when the setting of the
language is changed by GABI settings API.
- Bug Fix:BitLocker Network Unlock with IPv4 does not work.
- Bug Fix:If USB Port option in BIOS setup is changed to "Enabled" by
using GABI settings API, booting Windows fails.
- Bug Fix:Resuming from Standby may fail if HDD which password has been
set on other motherboards.
- Bug Fix:BIOS update fails if Windows user account name has symbols.
- Bug Fix:Unexpected Pop-up may be displayed during BIOS update if
certain conditions are met.
- Bug Fix:TPM2.0 with yellow bang may appear on Windows device manager
if certain operations in BIOS setup screen are performed.
Known errors, problems and restrictions:
- None
Additional information:
- None
BIOS V. 1.11:
Solved problems:
- Update MCU (Spectre & Meltdown issue).
- Bug Fix: Fujitsu logo resolution is not the same between POST and BGRT
if the logo is displayed to the
external display and CSM is enabled.
- Bug Fix: System may not boot up anymore if the system power is turned
off during Device Firmware Update
process.
Known errors, problems and restrictions:
- None
Additional information:
- BIOS Version 1.10 has been skipped for customer download.
BIOS V. 1.10:
Solved problems:
- If "Intel(R) PTT" is enabled and "Security Chip" is disabled, "TPM2.0"
is shown on "Security Chip Device".
Known errors, problems and restrictions:
- None
Additional information:
- none
BIOS V. 1.09:
Solved problems:
- Resuming from Standby may fail if HDD which password has been set on
other system.
- Booting from HDD which password has been set on other motherboards may
fail if "Password Entry on Boot" is disabled.
- OS does not reflect a change of "System Firmware Update" option
immediately after resume from hybrid shutdown.
- Force shutdown log is recorded when reset command is executed under
EFI shell.
- Vulnerability Fix: PSIRT-TA-201708-001.
- Bug Fix: UEFI PXE boot may fails.
Known errors, problems and restrictions:
- None
Additional information:
- Changed BIOS Version Display (Version 1.09)
- Update ME F/W: 11.8.50.3399 Consumer.
- Update MCU.
- Added ME version information into BIOS setup screen.
- BIOS Version 1.08 have been skipped for customer download.
BIOS V. 1.07
Solved problems:
- After Intel(R) PTT and Intel(R) TXT are set to enabled at the same
time in BIOS setup, system keeps rebooting during POST.
- Screen corruption of external display may occur when boot Windows RE
with CSM and Optimus are enabled.
- Some application's boot order restoring feature does not work correctly.
- BIOS Version string in BIOS setup intermittently has extra space
characters.
- When CSM is enabled, EVTE (Diagnostic Program) screen of an external
monitor does not display properly.
- UEFI PXE boot may fail.
- "HT Technology" option is shown even if CPU does not have HT
Technology capability.
- When CSM is enabled, Windows may locks up if a USB device is
hot-plugged or unplugged during OS boot.
- On WWAN supported model, when CSM is enabled, Windows may locks up
during OS boot.
- Yellow bang error may appear on xHCI controller when "USB port" item
in BIOS setup is disabled.
- System does not transition from S4 sleep state to G3 state if "LAN
Controller" option in BIOS setup is disabled.
- If "Auto Save To Disk" is disabled, system may wake up from S3 when
battery remaining capacity reaches 0%.
- The wording of USB FDD on Boot menu is not correct.
- System may locks up in the middle of entering BIOS setup if CSM is
[Enabled] and two or more Windows Boot Manager (WBM) are registered to
Boot Priority Order.
- Windows PE screen resolution is low (640x480) if UEFI PXE boot.
- System boot may fail when booting from a WinMagic SecureDoc encrypted
hard drive.
- When CSM is disabled, display output on POST is not switch to external
monitor automatically even if lid is closed.
- Activation of BIOS Biometric PBA takes long time to complete.
- Vulnerability fix: Disabling DCI on Intel SKL/KBL/SKX platforms
(INTEL-TA-201701-002).
Known errors, problems and restrictions:
- None
Additional information:
- BIOS Version 1.05 and 1.06 have been skipped.
- Changed BIOS Version Display (Version 1.07).
- Supported WPP PBA for a system which equips both fingerprint sensor
and palm vein sensor.
- Fixed a latent issue of UEFI Firmware Update.
- Updated Intel LAN I219 PXE UEFI Driver E0016X7.EFI.
- Updated CPU microcode.
- Supported TPM1.2
- Certain system may locks up when F2 or F12 key is pressed during POST
if CSM is [Enabled].