Can I forcibly reinstall the BIOS on an 11th-gen mainboard?

Community Support
,
1

Hello all,

I am having an issue where my UEFI is not detected by the OS after clearing the secure boot variables.

System Information:

  • i7-1185G7 standalone mainboard
  • Arch Linux (Zen kernel 6.16.5)

I was able to perform the BIOS update to 3.22, which the system confirmed after it completed. After doing so, I attempted to clear the secure boot variables to put it into setup mode for user key enrollment, and upon booting into my OS, efibootmgr, bootctl, and sbctl all reported that the system wasn’t booted using a UEFI and I couldn’t interact with the firmware to change the boot entries, enroll keys, or even reboot into the firmware directly.

I checked efivar as well, and compared it to my FW16, and there are significantly fewer entries, and some notable ones, such as the LoaderFirmwareInfo were entirely missing.

I tried using the clearvars version of the BIOS update files and attempt to re-update the BIOS, but it seems to check the current version before proceeding, and as a result, doesn’t proceed but skips directly to the green, “complete” screen.

I have reached out to customer support, but I haven’t gotten a way from them to either write the default values to the correct EFI variables (which I suspect is the underlying issue) or forcibly reinstall the BIOS to restore the settings.

Additionally, the mainboard reset procedure (disconnecting all batteries/power for a couple minutes, then connecting external power) doesn’t work for my system. I do not get the blinking red LED, and the BIOS is not reset.

As part of the troubleshooting process, I also attempted similar steps with a Live USB running Ubuntu 22.04, and I got the same errors with efibootmgr, bootctl, and sbctl, and efivar showed the same variables (missing ones were still missing).

Also, the OS still boots fine even though I installed the UKI to a non-default location (\EFI\Linux\arch-linux-zen.efi rather than \EFI\BOOT\BOOTX64.EFI), so something interesting is happening.

I really want to try and fix this board rather than replace it, so if there is a way to attempt either reinstalling the BIOS or fixing the broken entries in the NVRAM, I would like to give that a shot.

Thanks!

2

I believe that you can do so using the allowsv flag. This thread gets into it a bit: 12th Gen Intel Core BIOS 3.08 Release

3

From what I could find there, that flag only works with the Intel ME updates, not BIOS

4

Does the top part of the thread on 3.22 not apply? Because it sounds like it applies. Also, can you attempt a rollback of the BIOS update?

5

If you look at what the shell script is actually calling to do the updates you should be able to figure out the command for the bios update, then query it to determine the force reinstall flag.

6

It does (though my “User Customized Security” is “NO” rather than “YES”), but I attempted to use the ClearVar version of the updater without success. I can’t get it to actually attempt the update since the version number now matches with the update version.

The BIOS update page for this version indicates that rollback is not possible.

1 Like
7

Could you provide any additional insight into how? I’m no expert in deconstructing EFI files…

8

Keeping in mind that I am just some dufus on the internet, not the author of the script, here’s what it looks like to me.

Ok, here are the contents of the startup.nsh script:

echo -off

for %i in 0 1 2 3 4 5 6 7 8 9 A B C D E F

if exist FS%i:\EFI\Boot\Startup.nsh then
FS%i:
endif

endfor

FwUpdlcl.efi -F FWupdate.bin -Y

framework_tool.efi --compare-version 03.22 --device bios
if "%lasterror%" == "1" then
    echo "Loading BIOS updates in 4 seconds"
    stall 4000000
    CapsuleApp.efi winux.bin firmware.cap
    stall 10000000
endif

set -v standalone 0
framework_tool.efi --power
if "%lasterror%" == "1"  then 
	set -v standalone 1
	# Test to see if the device is writable
	echo > rwtest.tag

	if not exist rwtest.tag then
	    cls 4 0
	    echo "ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR "
	    echo "ERROR                                                                                     ERROR "
	    echo "ERROR               The update drive is not writable.                                     ERROR "
	    echo "ERROR           Try cleanly unmounting this drive in your operating                       ERROR "
	    echo "ERROR           system before running the installer again                                 ERROR "
	    echo "ERROR                                                                                     ERROR "
	    echo "ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR "
	    stall 10000000
	    exit 1
	endif

	rm rwtest.tag


	echo "No battery is detected. Updating PD controllers before BIOS update"
	framework_tool.efi --compare-version 3.4.0.2576 --device pd0
	if "%lasterror%" == "1" then 
		if not exist bootentry.tag then
		    echo > bootentry.tag
		    bcfg boot add 0 efi\boot\bootx64.efi "BIOS Updater"
		endif
		cls 0 15
		echo "PD UPDATE PD UPDATE PD UPDATE PD UPDATE PD UPDATE PD UPDATE PD UPDATE PD UPDATE PD UPDATE PD UPDATE"
		echo "PD UPDATE              NO BATTERY DETECTED: CONFIRM POWER INPUT ON LEFT SIDE             PD UPDATE "
		echo "PD UPDATE                        _______________                                         PD UPDATE "
		echo "PD UPDATE                       /              /                                         PD UPDATE "
		echo "PD UPDATE                      /              /                                          PD UPDATE "
		echo "PD UPDATE                      --------------                                            PD UPDATE "
		echo "PD UPDATE      POWER IN------ ^|            ^|                                           PD UPDATE "
		echo "PD UPDATE      USB DRIVE ---- ^|            ^|                                           PD UPDATE "
		echo "PD UPDATE                     ^|            ^|                                           PD UPDATE "
		echo "PD UPDATE                      ---------------                                           PD UPDATE "
		echo "PD UPDATE                                                                                PD UPDATE "
		echo "PD UPDATE PD UPDATE PD UPDATE PD UPDATE PD UPDATE PD UPDATE PD UPDATE PD UPDATE PD UPDATE PD UPDATE "

		pause 
		echo "Updating Right PD"
		stall 2000000
		CyPD12_2.efi -P pd01.rom
		echo "reboot in 5 seconds"
		stall 5000000
		framework_tool.efi --reboot-ec reboot
	endif

	framework_tool.efi --compare-version 3.4.0.2576 --device pd1
	if "%lasterror%" == "1" then 
		if not exist bootentry.tag then
		    echo > bootentry.tag
		    bcfg boot add 0 efi\boot\bootx64.efi "BIOS Updater"
		endif
		cls 0 15
		echo "PD UPDATE PD UPDATE PD UPDATE PD UPDATE PD UPDATE PD UPDATE PD UPDATE PD UPDATE PD UPDATE PD UPDATE"
		echo "PD UPDATE              NO BATTERY DETECTED: CONFIRM POWER INPUT ON RIGHT SIDE            PD UPDATE "
		echo "PD UPDATE                        _______________                                         PD UPDATE "
		echo "PD UPDATE                       /              /                                         PD UPDATE "
		echo "PD UPDATE                      /              /                                          PD UPDATE "
		echo "PD UPDATE                      ---------------                                           PD UPDATE "
		echo "PD UPDATE                     ^|            ^| ---POWER IN                               PD UPDATE "
		echo "PD UPDATE                     ^|            ^| ---USB DRIVE                              PD UPDATE "
		echo "PD UPDATE                     ^|            ^|                                           PD UPDATE "
		echo "PD UPDATE                      ---------------                                           PD UPDATE "
		echo "PD UPDATE PD UPDATE PD UPDATE PD UPDATE PD UPDATE PD UPDATE PD UPDATE PD UPDATE PD UPDATE PD UPDATE "
		pause
		echo "Running PD23 update, waiting 2s"
		stall 2000000
		CyPD12_2.efi -P23 pd23.rom
		echo "reboot in 5 seconds"
		stall 5000000
		framework_tool.efi --reboot-ec reboot
	endif
	if exist bootentry.tag then
		bcfg boot rm 0
		rm bootentry.tag
	endif
	
endif

cls 2 0
echo "COMPLETE COMPLETE COMPLETE COMPLETE COMPLETE COMPLETE COMPLETE COMPLETE COMPLETE COMPLETE COMPLETE "
echo "COMPLETE                                                                                  COMPLETE "
echo "COMPLETE                           Your BIOS is up to date!                               COMPLETE "
echo "COMPLETE           Press the power button to shutdown and remove your update drive        COMPLETE "
echo "COMPLETE                                                                                  COMPLETE "
echo "COMPLETE                                                                                  COMPLETE "
echo "COMPLETE COMPLETE COMPLETE COMPLETE COMPLETE COMPLETE COMPLETE COMPLETE COMPLETE COMPLETE COMPLETE "
framework_tool.efi --versions
stall 999000000

You can see a check early in the script for version 3.22. If the version does not match, then it runs

CapsuleApp.efi winux.bin firmware.cap

So if you boot from the usb stick and stop the script from autoexecuting, I believe that you should be able to run that command and have it update to 3.22

3 Likes
9

You know what, I just realized I was mistaken about something.

I had seen an output with a countdown from 4 seconds, so I thought it was proceeding to the line containing echo "Loading BIOS updates in 4 seconds" and so while I saw that in the script, I didn’t think removing it would have an effect.

I just looked at the video I took and I realized that I was a seeing a countdown to startup.nsh automatically running within the EFI shell… I completely mistook the countdown I was seeing! I’ll modify the script to remove the check and allow it to run the rest of the process normally.

Thanks for helping catch that oversight! I thought you were indicating to query CapsuleApp.efi for some flag like --force, which I certainly don’t have enough info to attempt safely

10

No, you were right, I was thinking that there could be a flag to force the bios to update. But, looking at the script, it’s just wrapped in the check. So I think that running it will cause the update to happen.

I was thinking that you could have tested the command with something like “CapsuleApp.efi –help”, but to be honest, I don’t know if that would output anything useful, and since it looks like you can just run the command from the efi shell if you need to, then it’s a moot point.

I’m glad that you were able to determine the path that you want to take, I hope that you are able to get the bios flashed again and that you get the uefi stuff going. If not, you may wind up diving into setting efi variables. I have an 11th gen here if you need any info about what’s in the efi variables on it.

Best of luck, please reply back with how things go. I learn a lot from this community, and will be interested to learn how you wind up resolving the issue.

3 Likes
11

Solution marked!

Commenting out the BIOS version check and proceeding straight to the update restored all the EFI variables! As a result, sbctl was able to immediately recognize the databases and enroll my user keys along with the default vendor keys.

I did use the ClearVar version of the updater, in case anyone needs this in the future

PXL_20250914_225247023
PXL_20250914_2252470231920Ă—1440 169 KB

5 Likes
12

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.