You can update your ME without a full windows installation. The Windows PE environment is just the Windows installer; it’s very lightweight. I’d recommend updating your ME since it is a critical update.
2 Likes
Does/Should the file from the Gen12 updater work?
When I was poking around, there were ones that didn’t work depending on the chipset. The linux updater is in the zip I posted before.
You can also find information about the intel updaters here:
https://wiki.archlinux.org/title/Flashing_BIOS_from_Linux#ASUS
Good luck, there should also be another ME update due to the PXE/UEFI issues here: New UEFI vulnerabilities send firmware devs industry wide scrambling | Ars Technica
1 Like
Agreed,
Just boot to windows installation media press f10 and you have a command prompt and navigate to a drive with the files and run the updater.
1 Like
Everything worked perfectly, thank you very much!
2 Likes
I’ve worked on a non-Windows updater as well and discovered the archive by @Jared_Mauch1 who did virtually the same, as well as @Shymon_Samsel and @AlexS tutorials. In order to make plucking the right files a bit less cumbersome, I wrote a script which you can find here:
It will download both 3.17 BIOS and 3.19 BIOS+CSME Updates, and repackage them to be useable. In order to also be able to flash the CSME (which is out-of-date since May '22!), I also included the FWUpdLcl.efi CSME flasher, originally from intel, but from questionable sources. But the shell script won’t download it for you, just give you the URL and will check the checksum. The pre-built ZIP files will contain those files though!
Either way, I hope it’s helpful to you!
Background Info
The firmware of the laptop consists of multiple parts, the BIOS/UEFI firmware proper, the Embedded Controller etc. by Insyde H20 and the CS/ME from intel. For everything related to the UEFI and EC, Insyde provides a Windows installer (up to 3.19) and an EFI Flashing Tool (up to 3.17) as well as, through Framework, LVFS Update capsules (up to 3.06?).
Using the UEFI Flashing Tool from 3.17, we can update our UEFI & EC to 3.19 with the firmware files from the 3.19 Windows release (with a few tricks such as stubbing the FWUpdLcl). Why Framework doesn’t release such an update for at least 3.19 without CSME is beyond me.
In order to update the CSME, we need the FWUpdLcl tool from intel. It comes in multiple forms such as a Windows binary (contained in the 3.19 Windows release), a UEFI updater (not contained in any Framework Firmware update yet, since the CSME was never updated) and a Linux updater (ditto). As such, we need to source this file from sketchy websites 0:-)
Luckily for us, someone has uploaded the CMSE ST for our system which contains both the Linux and the UEFI based CSME updater. We can use either to update our CSME to the latest firmware version provided by Framework.
8 Likes
Can we at least have checksums for the files hosted by framework? Currently the only difference I see between official files and communitly/random links is dns resolution.
1 Like
I’m still stuck/unable to update the CSME, and would appreciate some help.
I’ve tried running the Win10 installer from a USB stick, then shift+f10 to get a terminal, and finally running the installer.
That ran the BIOS update, but not the CSME update (as confirmed by fwupdmgr security)
Help?
P.S. The fact that it’s months, and months and months now is extremely disappointing. The only Framework-provided solution is “Install Windows” and that’s a non-starter.
6 Likes
Did you load the CSME driver? If not, follow my guide above and see if the updater will flash the ME. If it does not work, you may need to manually flash the ME from the Windows environment. If you need to do that let me know and I can provide instructions.
So I put off doing this update for months despite the security issues. A friend wanted to buy my FW13, and I could not in good conscience pass it off to them without the BIOS update done. Well, I have wasted most of the morning trying various methods in this thread without any luck.
Created Windows bootable USB, as a full installer image from a Win1123H2 iso, and booted into it. Tried to get into a text shell using F10, no luck.
Tried again to get just a PE environment using instructions here:
Windows PE - ArchWiki . Again, could not get to a text shell to be able to launch the updater .exe.
At this point I need to call a spade a spade. Your failure to support linux via UEFI shell update method for this security critical BIOS update is INEXCUSABLE at this point. Asking / expecting users to hack Windows based workarounds is NOT OKAY.
I have been a brand ambassador in a variety of places for FW to this point. But due to this failure to treat Linux users with respect, I am not going to be recommending Framework laptops to anyone else until this is remedied.
Sincerely disappointed,
David Haight
5 Likes
It’s Shift+F10.
3 Likes
Thanks.
Also thanks to @Shymon_Samsel’s instructions, I was able to finally get the winpe environment made just right to update the CSME on the laptop. However, it refused to load onto the batteryless mainboard I am using as a homelab. Anyone have any tricks to force it to load? Its behind a very good UPS, so I am not worried about power interruptions messing with the update. Or is temporarily transferring my battery from my laptop to do the update the only way?
I would suggest just using the linux binaries as posted above in my zip files, I know it’s not what any of us would like but it’s the right way. I’m as bummed out as you are, but sometimes you have to do it yourself or roll your own, which is why I packaged it up, similar to how I had to roll my own ISP and the early days of Linux kernels.
I received the following email from Framework on 14th March 2024 that may only sent to the users who bought Framework Laptop 13 11th Intel Core. But I don’t think the following part BIOS version 3.19 “to update on Linux using LVFS” is true. RIght?
Subject: Checking in on your Framework Laptop
…
Software and firmware
First, we’ve released an updated BIOS version 3.19 recently. This contains a number of security and bug fixes, so we recommend moving over to it. We have both an updater for Windows and instructions for how to update on Linux using LVFS.
…
1 Like
I ended up crafting a WinPE environment using @Shymon_Samsel 's instructions. I did save a tarball archive of all the final files in correct dir structure to place on a fat32 formatted flash drive if anyone needs it. This would provide the CSME update half, the BIOS 3.19 part is pretty easy using the second half of the same instructions.
Again, disappointed that end users are having to waste their time trial and erroring their way through this, when an official packaging of a UEFI Shell install for these updates from Framework would have saved us a lot of time and guesswork.
The fact that the advice from the Framework Linux Support guru about how to get this update is “Install Windows”… is stomach turning for many reasons.
4 Likes
I’d be interested in that tarball. I’ve been holding off on updating for these reasons.
I have posted the .tar here for the WinPE environment with the CSME update overlay: "Framework 11th Gen 3.19 CSME update" (winpe-csme-11th-3.19.tar) is available for download
I am just some random person on the internet that you do not know, sending the tarball through a site I do not control. I strongly recommend you check the contents of the files for tampering / checksum against the original unpacked FW download files.
That being said, expand those files onto a drive with a single GPT table, FAT32 partition marked esp. Boot from that drive, and follow the commands in Shymon_Samsel’s instructions a few posts back.
Let me know how it goes.
4 Likes
Same.
I finally gave in and installed windows on a spare nvme I had. I’m lucky enough to have spare nvmes around to make this doable.
Hey guys. Ended up using Windows PE environment on a flash drive and used the official Windows bios installer. I thought this was easy with a few details that I wanted to jot down for other newbies in the chat wanting to get 3.19 now. You will need a usb flash drive and that’s it.
-
Visit the USB installer guide Matt posted here. Use the step-by-step guide in this to download the Windows 11 iso and then get Ventoy installed on your flash drive using this guide. Once done move to Step 2.
-
Download the .exe for firmware 3.19 from Framework here. Place it on the “Ventoy” drive partition where you put the Windows 11 iso in Step 1.
-
Boot from your USB Drive. Restart your Framework: you will have to hit F2 during the Framework cog screen and adjust boot settings in BIOS so it prioritizes the USB drive. Save and restart.
-
Once you’ve booted the Windows 11 iso from your USB drive. Hit
Fn + Shift + F10if you’re using your Framework built-in keyboard. This will open the Windows Command Line. You can also get there by gong to “Repair your windows install” and then open the command line from UI. Either is fine. -
Once in command line, you’re going to have to find the drive letter for the usb. Type in
diskpartand then typelist volume. Note the drive letter for your flash drive. Then typeexit. In the main command prompt typedir C:\be sure to replace the letter “C” with whatever your drive letter was from the list volume step. Mine was C but yours may be different. Confirm the file name of the framework bios update in the results here. -
Lastly, type the full path of the filename to run the bios update similar to
C:\Framework_Laptop_11th_Gen_Intel_Core_BIOS_3.19.exe. The default file name for the file is pretty long so type it carefully. (You could also rename the file to something shorter in Step 2 to make your life easier). -
Your Framework will reboot into the Insyde Firmware updater. Wait until everything has finished. You might have a black screen for 30-ish seconds after it finishes, but just wait until it reboots again into your Linux OS.
That’s it. Hope this helps!
5 Likes