12th Gen Intel Core BIOS 3.06 Beta

Not so happy ANNIVERSARY to us not so happy ANNIVERSARY to
us one year ago we were told this.

The cake is a lie

An anniversary that should have never happened . Very disappointing.

Well, let’s see if we also have to celebrate the anniversary of the release of this beta in three weeks… Personally, I hope not!

Is there an official update on whether they are working on this or making progress?

The latest update was that FW will get a dedicated team at Insyde.
But we have no idea, if that team is already set up and working.

My personal guess is, that they are currently not working on the 12th gen BIOS, because there are still issues with the FW16 BIOS, which is a priority for FW right now (see Second update on Framework Laptop 16 shipment timing - Framework Laptop 16 - Framework Community )

This is just speculation though…

Hi!
You are right, that they might have had to reallocate their limited resources again and it would be understandable (but frustrating, even though).

But as @nrp said on Oct. 12th:

The first project this team is working on will be 12th Gen BIOS. After that, they will be rotating between releases on 11th Gen, 12th Gen, 13th Gen, Ryzen 7040 Series, and future products as needed.

So it would be fair to provide an update here again after nearly two months of silence if the team is not currently working on the 12th Gen BIOS.

After all there should/might be a nearly complete bios with “only” installer problems if I got @Kieran_Levin correct in his post from June 30th:

We have another build that is completing validation. However it does have some issues when using the EFI shell updater. I am pushing to release the windows updater as soon as we finish validation, and we may have to release the EFI update later on.

So, without wanting to appear impatient: What about a small update for the community @nrp , @Kieran_Levin , @Matt_Hartley ? Anyone?

Well, I guess one of the earliest things they will work on will be this but i would think that would be higher up the dev chain than a manufacturer dedicated team.

I have encountered the issue with the FW 12th gen too. Up until now I thought it was a Samsung thing. Maybe Framework could look at the issue for both mainboards at the same time.

How about bi-monthly updates?

Especially as this project seems to be on a difficult track and is long overdue!

BIOS update to 3.06 failed on my 12th Gen Intel.

All seemed to be working fine. It went through several screens of updating and it seemed like it was working.

Then, after it said “Success”, I received this error:

Unable to redirect file
Script error status: invalid parameter (line number 116)

I rebooted and did this command (in Linux)

% sudo dmidecode -s bios-version

The output was: “3.05”

So, even though the screen said success, the error message seemed to be more correct. My BIOS did not update to 3.06.

I reported this via an active support ticket that had told me to update my BIOS.

% una

Do we know yet if our BIOS is vulnerable to LogoFAIL? If so, please add this to the list of reasons why we need a new update (preferably with a LogoFAIL fix, though I hesitate to ask for even more, since it seems like Framework is struggling to give us even basic updates). It is still unacceptable that we haven’t gotten security fixes for the BIOS since the factory.

The answer is “Yes”.

I posted a link to an article about this yesterday. As I understand it the attacker would need physical access to the device to change the logo, so the danger is pretty low, though not negligible.

There are also at least two other threads about this. A moderator probably needs to look at merging them before we have every other thread about this.

Yes, according to this list: Finding LogoFAIL: The Dangers of Image Parsing During System Boot | Binarly – AI -Powered Firmware Supply Chain Security Platform

So we know the bad parsers are in the BIOS. I don’t think we know yet, if the official logo is in a signed section of the BIOS or if it supports any of the hardcoded paths or NVars to silently load a new logo from the ESP.
So might still be similar to Dell’s vulnerability (Dell logo is signed, would require another vulnerability to even get to the bad parsers) or full-blown vulnerability from the ESP.
Somebody would have to look into the BIOS image to figure out about the builtin logo. Or follow those CWEs, which could possibly reveal the other prerequisites for exploits are present/not present.

Edit:
I was curious, so I tried to take a peek:
Yep, the various parser drivers are all present inside the 3.06 image for 12th gen. And if I am reading UefiTool correctly, the Framework Boot logo (in png format, GUID 67A75EF8-C454-45A0-A648-0A2B489F9BD6 in case anybody is interested) is in a section unprotected by Intel Boot Guard (although I have no idea if it is not protected by another signature / checksum transitively).
Curiously I also found the TianoCore logo in Bitmap format in there and network drivers. Did I miss that the FW can PXE boot with the official network adapter?

Edit2: AMD 3.03 image looks very much similar in that regard. Although it includes 3 more pngs, that seem to show some diagnostic info (like no display attached etc.)

Given there are genuine, known, public exploits that effect this computer this should be an absolute priority within the company. I understand that it is difficult working with with an outside partner but a year with no BIOS update for such a new device is unacceptable.

At the very least a transparent, and clear communication platform should be established. As suggested above, perhaps twice monthly status updates?

altho not cool to have a potential firmware attack, this one is clearly impacting most (except the chromebook) of frameworks products, lets hope they are able to give us a nice new update soon.
maybe this triggers some smaller fast updates for all of us 12th gen users.