Is there any reason to update to 3.10 now? I just checked and found they have released 3.10 UEFI update. What are the improvements and reasons to update.
I am currently on 3.07 with Windows 10, my CPU is 11th gen. I am planning on going to Windows 11 with a clean install soon.
Thanks
@R_P Just take a look at the thread for the change log, here is the very first thing written on the post.
What are the security vulnerabilities? How serious it? People want to know.
Thanks
The BIOS vendor Inside Software’s CVE list is below. The link is also in the first comment on this page. Then you see CVSS v3 numbers. As on the page, it’s not easy to search by CVE such as e.g. “CVE-2021-41842” by browser search, but you can open Inspect menu or the HTML source, and search by “CVE-2021-41842”. And you see the CVSS v3 number of this CVE is 8.2. In my impression, if the number is more than “high”, it’s better to apply it.
https://nvd.nist.gov/vuln-metrics/cvss
High 7.0-8.9
Critical 9.0-10.0
See the list of CVEs here:
It’s been a while since it was discussed, maybe there’s news:
- Will there eventually be a charging hysteresis for all OSes, i.e. in BIOS? “Start charging at or below…” and “Stop charging at…”?
Other wishes:
-
Power button sleep indicator to work with all sleep states.
-
Device charge through usb can be turned off for sleeping/hibernating/powered down state.
Even better: turn on/off separately for each port. That way, disks can spin down (and stop blinkenlights) that are on port A while the phone on port B is still charged. -
A similarly differentiated wake on usb. Useful eg, to wake only when the keyboard sends a key but not when someone bumps against the table and jerks the mouse. (Needs them to be not on the same port via hub, of course.)
I have some specific question regarding the BIOS for the 13th gen Framework.
A) Intel Trusted Execution Technology
- Should I activate it or not?
- What does it do exactly to my system?
- What is the DPR Memory size and which value should I use, if question 1. is “yes”?
B) Standalone operation/detection
- What are those options?
- Standalone Operation is disabled and Standalone Detection is enabled. Is that okay?
C) TPM
- TPM Availability is enabled > okay but…
- TPM Operation is “no operation”. Should I change it?
- If 2. is “yes”, to what? I use Bitlocker with a PIN currently.
D) Supervisor Password
- Is that the BIOS password?
E) Chassis intrusion detection
- What is it and should I activate it?
Thanks in advance
I’d like to sum myself to the ask for better control over battery charging thresholds, and also echo the message @Odin just left.
It is currently hard to know what are the possibilities of the current firmware with regards to build-in security, and probably not documented (or not easy to find). For example, I’d like to reproduce what I could do with other laptops’ UEFI, to enable a storage device password (e.g.: Self-Encrypting Disks) and, in addition, enable unlocking it with a fingerprint at boot (by storing the disk password on the TPM). The TPM menu presents the options in a way that makes it really hard to understand, to the point that I simply don’t know whether it could be possible at all.
Because no one could give some information, I searched on my own. Long story short:
- Intel TXT: Dont use it. It’s useful for IT administration for devices like servers and workstations and not for normal use cases
- Standalone Operation: same.
- Supervisor Password: can be used as BIOS only or Pre-Boot
- Chassis Intrusion Detection: same as above. Only useful for IT administration, servers and Workstations where multiple people have access to. Just keep it off.
But the TPM Option… man there are some long snaky options to select and no further explanation. Here, a further explanation by the Framework guys or any expert would be great.
TPM operation is a bit confusing. It’s more like a button (where selecting something performs an action) rather than a configuration setting.
You can think of it more like, “what will be done to the TPM when I hit save?” Things like “reset it” or “disable SHA1”. You don’t need to perform these actions unless you are having a specific issue with the TPM.
sneaky
There are some technical terms in the operation menu, but I wouldn’t call them sneaky. What are you referring to?
EDIT: oh, you said “snaky”. Sorry!
I added the section of the Framework Laptop 13 Intel 13th Gen.
Does anyone who bought the Framework Laptop 13 Intel 13th Gen, could you run the following commands, and share the result on Linux? I want to know the BIOS vendor and the initial BIOS version just in case.
$ sudo dmidecode -s bios-vendor
$ sudo dmidecode -s bios-version
There you go:
$ sudo dmidecode -s bios-vendor
INSYDE Corp.
$ sudo dmidecode -s bios-version
03.03
Thanks!
Interesting. Thanks for sharing the information. The BIOS version 03.04 on Intel 13 gen is not documented in Framework’s BiOS page.
@junaruga another interesting thing: I got a modern GUI (not the grey/blue UI like in the screenshots in the first post) in the BIOS if I plug in an external screen.
@Jean-Marc_Le_Roux what do you mean with “if I plug an external screen?” I get a modern UI no matter what / nothing plugged in, in the integrated display:
All BIOS screens on the 13th gen appear like that. The 11th gen and 12th gen are the older type.
Note the same information is displayed.
Hell, I’d not complain if we could get that look backported to 11/12th gen BIOS screen. It looks rather nice. Is that a possibility?
I updated the Framework Laptop 13, 11 Gen Intel Core, the current latest version to 3.19 now.