Thank you for your info!
How did you confirm the fan was not detected, then the fan was detected after upgrading the BIOS to 3.04?
After updating the BIOS visa LVFS on Fedora Linux, I still see the bios version is 3.03, not 3.04.
The command log is below as a reference. I didn’t see the updater pages such as mentioned on this page to update BIOS and EC after rebooting.
$ which fwupdmgr
/bin/fwupdmgr
$ rpm -qf /bin/fwupdmgr
fwupd-2.0.12-1.fc42.x86_64
$ fwupdmgr refresh --force
Updating lvfs
Downloading… [***************************************]
Successfully downloaded new metadata: Updates have been published for 4 of 11 local devices
$ fwupdmgr get-updates
Devices with no available firmware updates:
• KEK CA
• Laptop 12 Webcam Module
• SBAT
• WD BLACK SN770M 2TB
• Windows UEFI CA
• frame.work-LaptopDB
• frame.work-LaptopKEK
Devices with the latest available firmware version:
• Intel Management Engine
• System Firmware
• UEFI CA
Framework Laptop 12 (13th Gen Intel Core)
│
└─UEFI dbx:
│ Device ID: 362301da643102b9f38477387e2193e57abaa590
│ Summary: UEFI revocation database
│ Current version: 20230501
│ Minimum Version: 20230501
│ Vendor: UEFI:Microsoft
│ Install Duration: 1 second
│ GUIDs: f8ba2887-9411-5c36-9cee-88995bb39731 ← UEFI\CRT_A1117F516A32CEFCBA3F2D1ACE10A87972FD6BBE8FE0D0B996E09E65D802A503&ARCH_X64
│ d07ff664-b0e1-5f4e-a723-d7fbcbfcb94f ← UEFI\CRT_3CD3F0309EDAE228767A976DD40D9F4AFFC4FBD5218F2E8CC3C9DD97E8AC6F9D&ARCH_X64
│ f6821e29-aadb-5553-afc5-52d527622fb7 ← UEFI\CRT_A54022CD89A063636FC7B3AFEE52106C2CEEC133C56A07E040DFABC90313B758&ARCH_X64
│ Device Flags: • Internal device
│ • Updatable
│ • Supported on remote server
│ • Needs a reboot after installation
│ • Device is usable for the duration of the update
│ • Only version upgrades are allowed
│ • Full disk encryption secrets may be invalidated when updating
│ • Signed Payload
│ • Can tag for emulation
│
├─Secure Boot dbx Configuration Update:
│ New version: 20250507
│ Remote ID: lvfs
│ Release ID: 115586
│ Summary: UEFI Secure Boot Forbidden Signature Database
│ Variant: x64
│ License: Proprietary
│ Size: 24.0 kB
│ Created: 2025-01-17
│ Urgency: High
│ Tested: 2025-06-11
│ Distribution: fedora 42 (workstation)
│ Old version: 20241101
│ Version[fwupd]: 2.0.11
│ Vendor: Linux Foundation
│ Duration: 1 second
│ Release Flags: • Trusted metadata
│ • Is upgrade
│ • Tested by trusted vendor
│ Description:
│ This updates the list of forbidden signatures (the "dbx") to the latest release from Microsoft.
│
│ Some insecure versions of BiosFlashShell and Dtbios by DT Research Inc were added, due to a security vulnerability that allowed an attacker to bypass UEFI Secure Boot.
│ Issues: 806555
│ CVE-2025-3052
│ Checksum: 3ebe1c9be68b6c559ed2831a0bfd891c84e6d6db9af7c61156230d79f6466648
│
└─Secure Boot dbx Configuration Update:
New version: 20241101
Remote ID: lvfs
Release ID: 105821
Summary: UEFI Secure Boot Forbidden Signature Database
Variant: x64
License: Proprietary
Size: 15.1 kB
Created: 2025-01-17
Urgency: High
Vendor: Linux Foundation
Duration: 1 second
Release Flags: • Trusted metadata
• Is upgrade
Description:
This updates the list of forbidden signatures (the "dbx") to the latest release from Microsoft.
An insecure version of Howyar's SysReturn software was added, due to a security vulnerability that allowed an attacker to bypass UEFI Secure Boot.
Issues: 529659
CVE-2024-7344
Checksum: 093e6913dfecefbdaa9374a2e1caee7bf7e74c7eda847624e456e344884ba5f6
$ fwupdmgr update
╔══════════════════════════════════════════════════════════════════════════════╗
║ Upgrade UEFI dbx from 20230501 to 20250507? ║
╠══════════════════════════════════════════════════════════════════════════════╣
║ This updates the list of forbidden signatures (the "dbx") to the latest ║
║ release from Microsoft. ║
║ ║
║ Some insecure versions of BiosFlashShell and Dtbios by DT Research Inc were ║
║ added, due to a security vulnerability that allowed an attacker to bypass ║
║ UEFI Secure Boot. ║
║ ║
╚══════════════════════════════════════════════════════════════════════════════╝
Perform operation? [Y|n]:
══════════════════════════════════════════════════════════════════════════════╗
║ Full Disk Encryption Detected ║
╠══════════════════════════════════════════════════════════════════════════════╣
║ Some of the platform secrets may be invalidated when updating this ║
║ firmware. Please ensure you have the volume recovery key before continuing. ║
║ ║
║ See https://github.com/fwupd/fwupd/wiki/Full-Disk-Encryption-Detected for ║
║ more details. ║
╚══════════════════════════════════════════════════════════════════════════════╝
Perform operation? [Y|n]:
Waiting… [***************************************]
Successfully installed firmware
Devices with the latest available firmware version:
• Intel Management Engine
• System Firmware
• UEFI CA
Devices with no available firmware updates:
• KEK CA
• Laptop 12 Webcam Module
• SBAT
• WD BLACK SN770M 2TB
• Windows UEFI CA
• frame.work-LaptopDB
• frame.work-LaptopKEK
An update requires a reboot to complete. Restart now? [y|N]:
My current BIOS version is below after updating the BIOS by the above commands. I picked up the command from this page. I am not sure if there are changes from the status before the updating BIOS.
$ sudo dmidecode | grep -A3 'Vendor:\|Product:' && sudo lshw -C cpu | grep -A3 'product:\|vendor:'
Vendor: INSYDE Corp.
Version: 03.03
Release Date: 06/05/2025
Address: 0xE0000
product: 13th Gen Intel(R) Core(TM) i5-1334U
vendor: Intel Corp.
physical id: 4
bus info: cpu@0
version: 6.186.3