BIOS guide

In general, there is no (and there should not be a) way to disable secure boot from within the operating system. That would somewhat defeat the purpose of secure boot, as a rootkit could just turn off the security features before it installed itself. :slightly_smiling_face:


I just updated this thread’s first comment with the info about Framework Laptop Chromebook Edition based on what we know.


Updated about a month ago, but having major issues with eGPU and Thunderbolt Hub (Windows 11, i7-1280P, 64GB, 4TB), which I didn’t have with 3.05. Can someone provide the link for 3.05, so I can go back?

1 Like

@Danny_Goff You can’t go back with 12th gen or it screws your left ports. They will only operate at USB 3 speeds if you downgrade.

So going back to 3.05 causes USB3 speeds on USB4/TB4 hardware? DEFINITELY a gap/concern there…

1 Like

@Danny_Goff Tbf, they did warn you about that in the initial post. And it looks like I was wrong…its USB 2.0 speeds.

Just to be clear, 11th gen can still downgrade. Only 12th gen gets borked doing so as far as I know.


It seems that InsydeH2O BIOS is used for both Framework 13 Intel 13 Gen and AMD -

Disappointing but not unexpected, maybe us software turbonerds will get some love next time around.

Is there any reason to update to 3.10 now? I just checked and found they have released 3.10 UEFI update. What are the improvements and reasons to update.
I am currently on 3.07 with Windows 10, my CPU is 11th gen. I am planning on going to Windows 11 with a clean install soon.

@R_P Just take a look at the thread for the change log, here is the very first thing written on the post.

1 Like

What are the security vulnerabilities? How serious it? People want to know.

The BIOS vendor Inside Software’s CVE list is below. The link is also in the first comment on this page. Then you see CVSS v3 numbers. As on the page, it’s not easy to search by CVE such as e.g. “CVE-2021-41842” by browser search, but you can open Inspect menu or the HTML source, and search by “CVE-2021-41842”. And you see the CVSS v3 number of this CVE is 8.2. In my impression, if the number is more than “high”, it’s better to apply it.

High 7.0-8.9
Critical 9.0-10.0

See the list of CVEs here:

It’s been a while since it was discussed, maybe there’s news:

  • Will there eventually be a charging hysteresis for all OSes, i.e. in BIOS? “Start charging at or below…” and “Stop charging at…”?

Other wishes:

  • Power button sleep indicator to work with all sleep states.

  • Device charge through usb can be turned off for sleeping/hibernating/powered down state.
    Even better: turn on/off separately for each port. That way, disks can spin down (and stop blinkenlights) that are on port A while the phone on port B is still charged.

  • A similarly differentiated wake on usb. Useful eg, to wake only when the keyboard sends a key but not when someone bumps against the table and jerks the mouse. (Needs them to be not on the same port via hub, of course.)


I have some specific question regarding the BIOS for the 13th gen Framework.

A) Intel Trusted Execution Technology

  1. Should I activate it or not?
  2. What does it do exactly to my system?
  3. What is the DPR Memory size and which value should I use, if question 1. is “yes”?

B) Standalone operation/detection

  1. What are those options?
  2. Standalone Operation is disabled and Standalone Detection is enabled. Is that okay?


  1. TPM Availability is enabled > okay but…
  2. TPM Operation is “no operation”. Should I change it?
  3. If 2. is “yes”, to what? I use Bitlocker with a PIN currently.

D) Supervisor Password

  1. Is that the BIOS password?

E) Chassis intrusion detection

  1. What is it and should I activate it?

Thanks in advance

1 Like

I’d like to sum myself to the ask for better control over battery charging thresholds, and also echo the message @Odin just left.

It is currently hard to know what are the possibilities of the current firmware with regards to build-in security, and probably not documented (or not easy to find). For example, I’d like to reproduce what I could do with other laptops’ UEFI, to enable a storage device password (e.g.: Self-Encrypting Disks) and, in addition, enable unlocking it with a fingerprint at boot (by storing the disk password on the TPM). The TPM menu presents the options in a way that makes it really hard to understand, to the point that I simply don’t know whether it could be possible at all.

Because no one could give some information, I searched on my own. Long story short:

  • Intel TXT: Dont use it. It’s useful for IT administration for devices like servers and workstations and not for normal use cases
  • Standalone Operation: same.
  • Supervisor Password: can be used as BIOS only or Pre-Boot
  • Chassis Intrusion Detection: same as above. Only useful for IT administration, servers and Workstations where multiple people have access to. Just keep it off.

But the TPM Option… man there are some long snaky options to select and no further explanation. Here, a further explanation by the Framework guys or any expert would be great.

1 Like

TPM operation is a bit confusing. It’s more like a button (where selecting something performs an action) rather than a configuration setting.

You can think of it more like, “what will be done to the TPM when I hit save?” Things like “reset it” or “disable SHA1”. You don’t need to perform these actions unless you are having a specific issue with the TPM.


There are some technical terms in the operation menu, but I wouldn’t call them sneaky. What are you referring to?

EDIT: oh, you said “snaky”. Sorry!

I added the section of the Framework Laptop 13 Intel 13th Gen.

Does anyone who bought the Framework Laptop 13 Intel 13th Gen, could you run the following commands, and share the result on Linux? I want to know the BIOS vendor and the initial BIOS version just in case.

$ sudo dmidecode -s bios-vendor
$ sudo dmidecode -s bios-version
1 Like

There you go:

$ sudo dmidecode -s bios-vendor
$ sudo dmidecode -s bios-version