I’m going to agree with @meehien. I want to love my Framework, and I keep debating on going ahead and pre-ordering the AMD motherboard or 13th gen one, but I keep circling on “… but the BIOS updates …” and getting worried. My new job has a Perks system that gets a sizable discount with Lenovo, and I’ve been considering switching to them or back to Dell.
While, yes, BIOS updates aren’t strictly necessary on an otherwise perfectly functioning system, the BIOS we’re waiting for the 12th gen board includes fully certified Thunderbolt support, but in my opinion the part I care about more is the patches for CVE’s. Before my Framework I had 2 XPS 13’s and an XPS 15, and getting BIOS updates at least once every couple months made me feel a lot safer knowing the security issues were getting fixed.
Recently some manufacturers have been having issues with firmware updates that are likely going to scare a lot of users, namely the recent HP “oh your printer doesn’t work now” problems. I imagine a lot of users are going to read this as “I guess I just don’t do updates anymore” but that’s the wrong take away. Instead of just not doing firmware updates for fear that they’ll break something, it’s better to focus on pressuring companies to do better about firmware updates so we don’t have such fears. In Framework’s case, I think they are appropriately cautionary, but this caution is showing that their firmware team isn’t large enough and/or stretched too thin. To some degree it’s easy enough to hand-wave that as “Well yeah, small start up, only so many resources,” but that does leave me worried about the future.
I generally apply updates, specifically security updates, as soon as feasibly possible, but I rarely go on beta tracks for firmware for the “it’ll probably break something” fear. However, having a device that is supposedly still receiving support, or being sold as new still, that has nearly 1 year old security flaws left unpatched? That’s when I start thinking of jumping ship.
Overall, I do not explicitly disagree with @Perry_Flaugh about wanting to give Framework some slack here, I also feel like it’s not enough to just say that’s the end of the conversation.
To me, I think this is a perfectly valid time to bring up the “What about Coreboot?” question again. If Framework is struggling to find the resources to maintain firmware for multiple boards, maybe it’s time to hand the reins over to the open source community. I do understand that’s an undertaking in and of itself, so maybe wrap up what is active, but if there are new hires happening for these firmware teams, maybe they need to be focused on transitioning what they can into an open source BIOS/firmware platform instead of just continuing the closed sourced firmware development. I vaguely recall some of the discussion around this specific topic in the past surrounded the difficulty is due to the current hardware limitations of switching to an open BIOS is caused by licensing agreements, which is understandable, but that doesn’t have to mean development stops in that regard.
Frankly, if there were inklings of a, “Well, sadly, you’d have to buy a new motherboard with new chipsets to get an open source BIOS, but that’s going to be available within X time,” I’d probably stick around on the Framework bandwagon thru that to try it out. As is, I’m definitely finding it hard to not switch back to a larger manufacturer, though. I really want Framework to succeed, I love the mission of sustainable, upgradable laptops, but I still want to daily drive thing without feeling like it’s a security risk.