11th Gen Intel Core BIOS 3.19 release

Same question. Framework positions themselves as supporting Linux really well… but there are a lot of edge cases of poor support. I love the Framework hardware goals, but I’m starting to lean towards switching to System76 given their better Linux support.

I choose Framework, because they support secure-boot and measured boot. I was happy with Gen11, so I also bought Gen12 (also because I did not want to have my chassis intrusion settings reset on an empty RTC battery).
Since 2023-04-03 system76 supports secure boot and measured boot (https://github.com/system76/firmware-open/blob/master/FEATURES.md#measured-boot).
I have the impression they care a lot more about security and updates, so my next system will probably also be a system76.

I’m sure we’ll see something soon, I don’t see a reason to jump ship just because a minor bios update has been slow to reach linux users

Is there any update to this 4 months later? What was the purpose of not just releasing the EFI Shell Update file first, a version everyone can use, instead of picking the most popular OS specific mechanism. Truely perplexing, though the update is appreciated even if I have to install a completely seperate OS just to apply it.

Hi folks, just a friendly reminder that we hear you and while we do not have an update, I do have a workaround I will explain below shortly.

What you already know

The BIOS is available for Windows and as soon as we have the EFI Shell Update file ready to be posted, it will be mentioned here. I get it, this isn’t ideal, but I will share the workaround I used personally.

My own personal workaround as a Linux user

As a fellow full time Linux user, what I did with my own 11th gen laptop was to pop in another drive, create a USB installer image, install Windows. Then update the BIOS, remove the drive for the previous one that had my Fedora install on it, called it a day.

Ideal? No. But it is doable to get your BIOS up to date. It’s worth noting that this approach allowed me to focus on making sure the 11th gen laptop was fully updated with the latest BIOS until we have the cycles to get the EFI image out.

Being clear. This is simply a post offering a workaround I used as I needed to get my own 11th gen updated.

Again, I appreciate your patience.

Matt Hartley
Linux Support Lead for Framework

It is not like this is the only issue, e.g. Gen12 hasn’t received a stable bios update at all (only a unstable update one year ago: 12th Gen Intel Core BIOS 3.06 Beta )

Do you mean replacing the internal NVMe drive? Unlike USB drives, this is not something people generally have lying around unless they are involved in hardware maintenance. It also requires operating a screw driver and handling electronic components that aren’t designed for regular handling. I’m not sure if your proposed workaround is less risky than the experiments with extracting the updates and manually packaging them into the EFI shell solution.

I don’t disagree, but this topic is about the 11th gen bios which has had a pretty good history of support. The only reason I’m even watching this thread is because I want to add a few Wh to my battery life, it’s not an imminent issue.

If system76 is really doing everything you want better, then fine. But it’s clear to me that the framework firmware team still cares about long term linux support. They just have a small team and a rapidly growing product stack.

Probably, yes. Some folks have also had luck with a USB solution outlined earlier in this thread.

This is a guide on how to update to BIOS 3.19 from Linux using only
files provided by Framework and Microsoft, without needing a Windows-To-Go drive or Windows installation. This worked for me and I cannot guarantee it will work for you. Attempt at your own risk.

You will need:

1. Windows 11 ISO
2. Framework Windows BIOS 3.19 update exe
3. Framework Windows 11 drivers exe
4. EFI Shell BIOS 3.17 update zip
5. USB Drive

Install wimlib, cabextract, and cdrkit (cdrtools) if you do not already have them installed.

Using an archive manager of your choice, extract the 3.19 BIOS update exe to a new directory (e.g. bios319/)
Then from the driver bundle, extract:
/IntelCSME_TGL-U_15.0.35.1951_V6.2_Corporate/SetupME.exe
Then from SetupME.exe extract ME_MEI_Drivers_x64.msi
Now run cabextract ME_MEI_Drivers_x64.msi and take note of the directory HECI_REL/win10

Create a directory (e.g. csme_patch) with the following structure:

csme_patch
└── FRAMEWORK_LAPTOP
    ├── bios319
    │   ├── Ding.wav
    │   ├── FlsHook.exe
    │   ├── FWUpdate.bin
    │   ├── FWUpdLcl.exe
    │   ├── H2OFFT64.sys
    │   ├── H2OFFT.cat
    │   ├── H2OFFT.inf
    │   ├── H2OFFT-W.exe
    │   ├── isflash.bin
    │   ├── mfc90u.dll
    │   ├── Microsoft.VC90.CRT.manifest
    │   ├── Microsoft.VC90.MFC.manifest
    │   ├── msvcp90.dll
    │   ├── msvcr90.dll
    │   └── platform.ini
    └── win10
        ├── heci.cat
        ├── heci.inf
        ├── x64
        │   └── TEEDriverW10x64.sys
        └── x86
            └── TEEDriverW10.sys

Now mount your Windows 11 iso and run:
mkwinpeimg --iso --windows-dir=/path/to/win11/mount --overlay=csme_patch winpe.iso
Create a new GPT partition table on a USB drive and create exactly 1 FAT32 partition with the esp flag set.
Mount your USB drive and mount your winepe.iso
Now run cp -vr /path/to/winpe/mount/* /path/to/USB/mount/ && sync
And then run cp -vr /path/to/win11/mount/efi /path/to/USB/mount && sync
You can now unmount everything you just mounted

Boot from your USB drive into the Windows PE environment you have created. Your touchpad will not work. The backslash key was not working for me either. It should drop you right into a command prompt, but if not use the tab/enter keys to navigate to the “repair my computer” menu and run a command prompt from there.

Run the following in the command prompt:

1. cd /
2. cd FRAMEWORK_LAPTOP
3. cd win10
4. drvload heci.inf
5. cd ..
6. cd bios319
7. drvload H2OFFT.inf
8. H2OFFT-W.exe

The BIOS update utility should start. Use tab/enter to confirm you want to flash. Your ME will update, but it is likely your BIOS will fail to update. If it worked for you, you are done. If not, to finish the BIOS update do the following after rebooting back into Linux:

1. Format your USB drive and follow Framework’s instructions for creating the USB for BIOS 3.17 EFI shell update.
2. Copy your isFlash.bin file from earlier onto the USB
3. Make a copy of H2OFFT-Sx64.efi and name it FwUpdLcl.efi (this is a hack which I explain later if you’re curious)
4. Modify startup.nsh to look like:
   H2OFFT-Sx64.efi isFlash.bin
5. Boot from this USB and your bios should update to 3.19

The reason for the copying of H2OFFT-Sx64.efi is because the update utility is looking for FwUpdLcl.efi to update the ME. There is currently no way to get this file from a credible source (and is why this whole guide exists in the first place), and the update will fail if it is not found. Using H2OFFT-Sx64.efi as a stand-in essentially no-ops the ME update portion of the BIOS update, as all that happens when the stand-in FwUpdLcl.efi file is executed is an error that the main utility cannot detect. This in turn allows the rest of the update to continue.

This has been answered before, but just to restate it for people who haven’t seen, the BIOS is released for Windows because Framework’s upstream BIOS supplier Insyde only sends them a Windows updater. They have to take that executable, and use it to make custom UEFI and LVFS update methods. The reason they haven’t been able to release that for 3.19 is that other projects had higher priority issues, and their small team still haven’t had the time to come back to this project. They are doing their best, and like Matt mentioned, they will update us here when they have more information to give.

It would be great to be able to upgrade the bios the 11th gen firmware… the bios upgrade page for linux has been coming soon since September… windows users have had the ability to upgrade to 3.19 since then…
BIOS 3.19 EFI Shell update (coming soon)
https://knowledgebase.frame.work/framework-laptop-bios-releases-S1dMQt6F

I know I can enable testing branches to get it via LVFS… but what the the holdup to stable? its been months… can we at least have the ability to manually flash it via usb ?

Correction:
so even via LVFS you can only get to 3.17 in testing… so as of right now 3.19 is still not available.
thanks!

This thread has answers to your questions, and will have updates when Framework are able to get the update out for Linux users.

As Azure points out, this is the thread with the details.

Is it safe to do that inside a Virtual Machine ?
Microsoft give to developers a free virtual machine Download a Windows virtual machine - Windows app development | Microsoft Developer
This could prevent to install Windows on a drive, but I don’t known if there is risks to upgrade the firmware like that?

I just successfully (partially) ran an update to 3.19 on a Linux machine, no Windows involved, using the following procedure:

1. Download Framework_Laptop_11th_gen_Intel_Core_BIOS_3.17_EFI.zip and Framework_Laptop_11th_Gen_Intel_Core_BIOS_3.19.exe from the official bios update page.
2. Install the 3.17 EFI updater to a fat32 formatted USB drive as normal
3. Extract isFlash.bin from Framework_Laptop_11th_Gen_Intel_Core_BIOS_3.19.exe (I used Gnome Archive Manager for this, but all sorts of tools work for this)
4. On the USB drive, replace hx20_capsule_3.17.bin with a renamed copy of the newer isFlash.bin
5. Copy the file H2OFFT-Sx64.efi to the filename FwUpdLcl.efi (see some other posts on this thread which mention about similar)
6. Boot off of the USB drive and proceed as normal.

NOTE: This process skips the ME update, but I’m personally willing to live with that when it gave me an easy way to get all the other BIOS/EC/etc updates from a Linux environment. This process is all at my own risk, etc, but it seemed like by far the simplest workaround for a lack of official method without Windows this far down the line. I’m not too fussed about updating the ME. My system seems to be running nicely like this. Fixes some issues I was having on 3.07

I did notice the battery charge limit of 80% that I had configured in the BIOS got cleared by the update, but not a big deal since I noticed it, I see some other posts around about certain version updates clearing settings.

yeah, this is why I wanted to document how to get the stuff out of the exe file to repackage. I also just make my EFI partition big enough that I can just stash these files there vs requiring a USB so can boot into them from grub

I came back here to check to see if there would be newer EFI/BIOS due to the PXE stuff.

You can grab the ME image out of the 3.19 exe as well

You can update your ME without a full windows installation. The Windows PE environment is just the Windows installer; it’s very lightweight. I’d recommend updating your ME since it is a critical update.

Does/Should the file from the Gen12 updater work?

When I was poking around, there were ones that didn’t work depending on the chipset. The linux updater is in the zip I posted before.

You can also find information about the intel updaters here:

https://wiki.archlinux.org/title/Flashing_BIOS_from_Linux#ASUS

Good luck, there should also be another ME update due to the PXE/UEFI issues here: New UEFI vulnerabilities send firmware devs industry wide scrambling | Ars Technica