Framework Laptop 13 - 11th Gen Intel Core BIOS 3.24 Release STABLE

Highlights

  1. Added Framework’s dbx key and updated the default CA of Windows Secure Boot.
  2. Introduced Battery Charge Limiting status functionality.
  3. Fixed an issue where hardware encryption on OPAL drives could cause a missing boot drive on subsequent reboots.
  4. Security Fixed - CVE-2024-45332, CVE-2025-4275

NOTE

This BIOS update is a multi-part update, meaning you will need to update to 3.23, and then update to 3.24. This is due to an issue that cannot update the new Microsoft secure boot CA if you update the BIOS from the previous version to 3.24 directly.

You can check your current BIOS version following the steps here to determine if you are on the latest release.

Subscribing to release notifications

If you want to subscribe to new release notifications you can now opt in through this link to receive an email when we release a new BIOS or driver update for your Framework Laptop.

Battery Extender functionality

With the high energy density on the 61Wh battery, leaving it at 100% state of charge for an extended period of time can shorten the lifetime of the battery. To prevent this, we have added a new feature that automatically limits the maximum state of charge if the system is left plugged into power for more than 5 days. The timer is reset after the system is disconnected from a power adapter for more than 30 minutes.

Battery Extender Duration Battery State of Charge
0-5< Days 99% → 100%
5-7 Days 90% → 95%
>7+ Days 85% → 87%

This functionality also reduces cycling of the battery by allowing the battery to discharge by several percent before charging again. Note that in addition to this automatic setting, you can also manually set a lower charge limit on your battery in BIOS to further preserve battery longevity.

This feature can be disabled or enabled in the BIOS Advanced menu.

Battery Extender: This option is enabled by default. If disabled, the system will always keep the battery fully charged.

Battery Extender Trigger: This option sets the number of days that must pass before the battery state of charge is reduced automatically to extend the battery life.

Battery Extender Reset: This option sets the number of minutes that the system is running on battery before the extender is reset, causing the system to charge to 100% when attached to power again.

Battery Charge Limit Functionality

This release modifies the battery charge limit functionality to add a 5% float range. This allows us to reduce the number of microcycles on the battery when the CPU turbos.
Previously to the change in 3.07, the battery would be held at the target state of charge, so if a large power draw happened for a short time, such as when the CPU turbos, the battery would drain slightly and then charge again.
Introduced in this version, the battery will not start to charge until the battery has dropped 5% below the charge limit.

As an example, if the user sets the battery charge limit to 80%, the battery will maintain a state of charge between 80% and 75%. And will not charge up to 80% until it has discharged to 75% while the system is on.
If this is activated while the battery state of charge is above the limit, the battery will discharge without drawing power from the adapter until the upper limit is reached.

Downloads

Windows

Download Link SHA256
Framework_Laptop_13_11th_Gen_Intel_Core_BIOS_2Steps_3.23_3.24.zip 5B9E88AEE52EE0C740168C00F5091706166B482C51B830B4EBEC9D64BB1EE33A

Instructions for Windows Installer:

  1. Ensure your system is plugged into power and your battery is charged.
  2. Extract the contents of the zip.
  3. Run the following updates in sequence. After each file is run your system will automatically restart.
  4. Step1_Framework_Laptop_13_11th_Gen_Intel_Core_BIOS_3.23.exe
  5. Step2_Framework_Laptop_13_11th_Gen_Intel_Core_BIOS_3.24.exe

Please note that you must update with a charger attached.

Linux/LVFS

There will not be an LVFS update for this specific release because it has an Intel CSME update, which can’t be delivered through LVFS. Use the UEFI Shell update method instead for this release.

Linux/Other/UEFI Shell update

Please note, you need to update to 3.17 or later to update using EFI, as this is needed to support capsule on disk.

We have finished the beta period, and consider this release stable. You can download the release below, please follow the update instructions below.

Download Link SHA256
Framework_Laptop_13_11th_Gen_Intel_Core_BIOS_3.23_3.24_EFI.zip 7AE770818E37121F4BC84B8CA6B7E4583C65F8F438633C88168B87E09F67F821

We have rewritten the update process for EFI. This new version will stage the bios onto your internal SSD and run them all together in sequence. This is to avoid issues with usb devices disconnecting and disappearing during subsequent updates during the update process, which would cause partial updates to be applied.
Troubleshooting:
If you experience ports not working after your update. Please shutdown, unplug all power sources, wait 90 seconds, and then power on again.

Note that if you use the EFI shell update with Windows, you should suspend Bitlocker if enabled before updating using the EFI updater.

Instructions for EFI shell update:

  1. Extract contents of zip folder to a FAT32 formatted USB drive. Cleanly unmount the drive before physically removing it, otherwise the BIOS update may not function correctly.
  2. Attach a charger to your device while updating.
  3. Boot your system while pressing F12 and boot from the thumb drive.
  4. Let startup.nsh run automatically.
  5. This will update to 3.23. The system will reboot several times and apply 4 updates.
  6. After applying the first update and rebooting restart and press F12 and boot from the thumb drive a second time.
  7. Let startup.nsh run automatically.
  8. This will update from 3.23 to 3.24.

Updating a Mainboard outside of a laptop

This release supports standalone updates without a battery attached only when updating using the EFI shell method only. After rebooting, please follow the onscreen instructions to update your BIOS when in standalone mode, which will require moving the power source between both sides of the Mainboard to allow PD firmware to update correctly.

Please note that the power and display output must be connected to the same side during standalone updates. Failure to do this may result in no display output during the update process.

We recommend the following update flow for standalone updates:

Part 1

Ensure that standalone operation is enabled in the bios advanced setup menu.

Display connected to upper left port.
Power connected to the lower left port.
Run the updater from EFI shell. Please follow the “Instructions for EFI shell update” to run the updater.

Select the EFI USB Boot Device.

The Updater will update the PD controller from right side. Press any key to continue updating.


Part 2

Plug the AC to the left side, then boot to EFI updater. The Updater will update the PD controller from left side. Press any key to continue updating.


After PD updates, it will reboot automatically, then start the BIOS capsule update.

Then, the EC will update after BIOS section finishes.

Security Fixes

CVE Note Score (CVSS Version 3.x)
CVE-2025-4275 A vulnerability in the digital signature verification process does not properly validate variable attributes which allows an attacker to bypass signature verification by creating a non-authenticated NVRAM variable. 7.8
CVE-2024-45332 Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access. 5.6

Enhancements

  1. Update Microcode to 0xBC.
  2. Added Framework’s dbx key and updated the default CA of Windows Secure Boot to Microsoft UEFI CA 2023.
  3. Introduced Battery Charge Limiting status functionality to support Windows Smart Charging feature.

Fixes

  1. Fixed an issue where hardware encryption on OPAL drives could cause a missing boot drive on subsequent reboots.
  2. Security Fixed - CVE-2024-45332, CVE-2025-4275

Component Versions

This BIOS update is a bundle of updates to multiple embedded components in the system.

Not all of them use the same version number.

BIOS 3.24 Updated
EC ec_324_a3deac9 Updated
PD 3.4.0.2576 Same
Intel CSME 15.0.50.2633 Same
Microcode 0xBC Updated

Known Issues

  1. The EFI update will not work with filesystems that are formatted using MBR.
  2. If you get a security violation as part of the EFI update. Please disable secure boot.
  3. This update requires a battery present to complete the update.
  4. Linux users have reported that S3 sleep no longer works.
3 Likes

it looks like typo. it should be “and then update to 3.24”

1 Like

Thanks, correct it in post.

1 Like

Minor confusion:

“This release supports standalone updates without a battery”

vs.

“This update requires a battery present to complete the update.”

Also, the Windows section download is giving me this contents:

LoL…even the link / file itself is “BETA” (it’s the exact same content as the _EFI zip, but the actual SHA256 hash doesn’t match either one shown in the OP)

1 Like

Probably outta delete this part for now.

Also, you mention that it can’t be delivered via LVFS due to CSME update but you have marked that the CSME is to stay at the same revision?

I can’t find 3.23 in the BIOS pages or in the forum… the newest version in the BIOS page is 3.22

This 3.24 is a 2-in-1. It includes the 3.23 file in the zip.

(Look at one of the screenshots from my earlier post in this thread)

1 Like

Hi all,

am i just stupid or are there no exe-files inside the zip-file?!

1 Like

Nope, it’s not you. The release management in this thread is messed up.

Here are the links to [what I assume are] the files:

3.23: https://downloads.frame.work/bios/Framework_Laptop_13_11th_Gen_Intel_Core_BIOS_3.23.exe

3.24: https://downloads.frame.work/bios/Framework_Laptop_13_11th_Gen_Intel_Core_BIOS_3.24.exe

4 Likes

We’re keeping this information in case some users haven’t updated their BIOS. The version table only shows between this and previous version, so it shows the same.

2 Likes

Sorry for the mistake. Reupload the file.

2 Likes

Has there been any report bug(s) preventing this from reaching Release status? If it’s all good, this should now be non-Beta, right?

there was an official email for 3.24 today, but the official webpage where you can download the zip files don’t include the EXEs. That needs to be fixed. @Second_Coming thanks for the correct links.

The instructions at the top have an explicit note: Framework Laptop 13 - 11th Gen Intel Core BIOS 3.24 Release STABLE

that one needs to update to 3.23 prior to updating to 3.24. Are you sure about the 2-in-1?

I’m actually on 3.20, so I’d be interested in knowing if I need to do some further intermediate upgrades.

It’s a “2-in-1” regarding the “page” question. There’s no separate release note for 3.23.

i.e. 3.23 and 3.24 (2) are in the single Zip (1). –> 2-in-1.

Thanks! I see. The info is there but it takes a bit of decoding.

The note says “you will need to update to 3.23, and then update to 3.24” and describes how you get into trouble if you update to 3.24 directly.

The EFI shell update instructions actually say that you need to boot twice into the updater and that it will update first to 3.23 and then to 3.24.

So while the note led me to believe I had to separately update to 3.23 before, the instructions actually say that the same update will take care of that for you (and that in return you need to boot twice from it).