Framework Laptop 16 Ryzen 7040 BIOS 3.03 Release and Driver Bundle

Framework Laptop 16
1

Updated: Apr 4, 2024

You can check your current BIOS version following the steps here to determine if you are on the latest release.

Downloads

Windows Driver Bundle

Download Link SHA256
https://downloads.frame.work/driver/Framework_Laptop_13_and_16_AMD_Ryzen_7040_driver_bundle_W11__2024_04_02.exe 6e08a1080668b0d20e90483adb79ed76d83d376c26bea438030f40038d4a60f8

Note: We have migrated to a new EV code signing certificate with the subject β€œFramework Computer Inc”.

Driver bundle release notes

Driver Version Notes
AMD Chipset Driver 5.06.29.310
AMD Graphics Driver 23.40.18.02 Add support for AMD AFMF. https://www.amd.com/en/products/software/adrenalin/afmf.html
Realtek Audio Driver 6.0.9622.1
Realtek Audio Console 1.49.318.0
RZ616 WiFi Driver 3.3.0.908
RZ616 Bluetooth Driver 1.1037.0.395
Goodix Fingerprint Driver 3.12804.0.240 Fix firmware security issue in fingerprint reader. More information here: A Touch of Pwn - Part I

Windows BIOS

Download Link SHA256
https://downloads.frame.work/bios/Framework_Laptop_16_Amd_Ryzen7040_BIOS_3.03.exe 0483dd511ce3c6644613d723f57cf88f8e04053c27c0103f9aed2b939bf9c955

Note: We have migrated to a new EV code signing certificate with the subject β€œFramework Computer Inc”.

Instructions for Windows Installer:

  1. Run the .exe.
  2. Click yes to reboot.
  3. Wait for the firmware progress bar to complete, and then the system will reboot.

Linux/LVFS

We are waiting for metadata to rebuild in 4 hours before this is available

Updating via LVFS is available in the testing channel during the beta period.

You can enable updates from testing by running

fwupdmgr enable-remote lvfs-testing

LVFS may not update if the battery is 100% charged. LVFS uses the battery status to determine if it is safe to apply updates. However if our battery is at 100% and the charger is off, we set the battery charging status to false. In this case you can discharge your battery a few percent, then plug in AC again and run fwupdmgr update.

Linux/Other/UEFI Shell update

Download Link SHA256
https://downloads.frame.work/bios/Framework_Laptop_16_Amd_Ryzen7040_BIOS_3.03_efi.zip 8bfc3cb0db76b760fbb068a9fc2b62b4499d6feba92e563d437e251812f56a65

Note that if you use the EFI shell update with Windows, you should suspend Bitlocker if enabled before updating using the EFI updater.

Instructions for EFI shell update:

  1. Extract contents of zip folder to a FAT32 formatted USB drive. Cleanly unmount the drive before physically removing it, otherwise the BIOS update may not function correctly.
  2. Disable secure boot in BIOS.
  3. Boot your system while pressing F12 and boot from the thumb drive.
  4. Let startup.nsh run automatically.
  5. Follow the instructions to install the update.

Updating a Mainboard outside of a laptop

This release supports standalone updates without a battery attached. After rebooting, please follow the onscreen instructions to update your BIOS when in standalone mode, which will require moving the power source between both sides of the Mainboard to allow PD firmware to update correctly if a PD firmware update is necessary.

Security Fixes

Module Name Vulnerability Score
A8DAFB9B-3529-4E87-8584-ECDB6A5B78B6 BRLY-2022-118 4.9

Enhancements

  • Modify EC MMIO region definition to allow debug logging support.
  • Add EC support for a full width expansion module. For potential future community developed projects.

Fixes

  • Fixed issue with 2280 SSD disappearing after resuming from sleep in DC mode. This issue is present when the OS is installed on the 2230 SSD.
  • Change the BIOS password to remove password expiry after one month.
  • Modify the BIOS password complexity requirements to only require a minimum length.
  • Fix several UCSI error messages on Linux when attaching/removing expansion cards.
  • Fix battery cutoff behavior.

Component Versions

This BIOS update is a bundle of updates to multiple embedded components in the system.

Not all of them use the same version number.

BIOS 3.03 updated
EC b4c1fb updated
PD 0.0.1E same
AMD PI 1.1.0.2a updated
Insyde Core 05.53.47.0017 updated

Known Issues

Known Vulnerabilities

The following vulnerabilities were not detected by our scanner during the development of this release. However they are currently flagged during our release testing window. These will be resolved in the next release.
These are part of the following advisory:

And further documented here.

https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
The network stack is not enabled by default in our BIOS, so the default configuration should not be exploitable.
We suggest disabling the network stack in the BIOS setup menu under boot options to mitigate this if you have enabled it.

Module Name Vulnerability Score
Ip6Dxe CVE-2023-45232 7.5
Ip6Dxe CVE-2023-45233 7.5
Dhcp6Dxe CVE-2023-45230 8.3
UefiPxeBcDxe CVE-2023-45234 8.3
24 Likes
3

Thanks for the update!

Quick question for you FW people:
Would it be possible to have some sort of update newsletter which would inform about any new releases? I am sort of semi active here and would be interested to get an email notification for a new version of UEFI or drivers for my FW16.

Preferably as an opt-in service.

20 Likes
4

Does nothing so far on my side…

5

We are waiting for metadata to rebuild in 4 hours for LVFS.

2 Likes
6

quote from a previous topic

After installing BIOS 3.03 I can see all the UCSI errors have gone however now when I plug my power bank in ( trickle mode disabled ), I’m seeing different errors ( in comparison to BIOS 3.02 )

I’m still trying to work out if this is FW16 BIOS or Anker issue.

The errors I’m seeing are

[ 628.495156] ucsi_acpi USBC000:00: unknown error 0
[ 628.495172] ucsi_acpi USBC000:00: UCSI_GET_PDOS failed (-5)
[ 628.604752] ucsi_acpi USBC000:00: unknown error 0
[ 628.604764] ucsi_acpi USBC000:00: UCSI_GET_PDOS failed (-5)
[ 629.584933] ucsi_acpi USBC000:00: UCSI_GET_PDOS failed (-70)
[ 634.228740] ucsi_acpi USBC000:00: unknown error 0
[ 634.228755] ucsi_acpi USBC000:00: UCSI_GET_PDOS failed (-5)
[ 634.338189] ucsi_acpi USBC000:00: unknown error 0
[ 634.338196] ucsi_acpi USBC000:00: UCSI_GET_PDOS failed (-5)
[ 639.908480] ucsi_acpi USBC000:00: unknown error 0
[ 639.908487] ucsi_acpi USBC000:00: UCSI_GET_PDOS failed (-5)
[ 640.018414] ucsi_acpi USBC000:00: unknown error 0
[ 640.018422] ucsi_acpi USBC000:00: UCSI_GET_PDOS failed (-5)

but the effect is the same as before with BIOS 3.02

I’m using Arch Linux ( Linux 6.8.3 ) with KDE Plasma 6.0.3

1 Like
7

I’m going to be tracking this post too. I have an Anker 737 battery. I bought it on sale after being impressed by how handy it was when my boss and I were running a booth and giving talks at a conference. Its works very well for my FW13 (Intel i5 Gen11, batch 4, Fedora 39). Hoping these issues get resolved before my FW16 (batch 17) arrives. If not, I’ll give the battery bank to the same family member I’m giving my FW13 to.

1 Like
8

I’ve attempted 2x and the BIOS has not updated. Still on 3.02. Running latest public W11 build.

Also, I assume since no call out, there are no changes or bugfixes around USB4 and associated subcomponents @Kieran_Levin ?

9

Just doing it:

╔══════════════════════════════════════════════════════════════════════════════╗
β•‘ Upgrade System Firmware from 0.0.3.2 to 0.0.3.3?                             β•‘
╠══════════════════════════════════════════════════════════════════════════════╣
β•‘ Fixed issue with 2280 SSD disappearing after resuming from sleep in DC       β•‘
β•‘ mode.                                                                        β•‘
β•‘                                                                              β•‘
β•‘ Remove bios password expiry.                                                 β•‘
β•‘                                                                              β•‘
β•‘ Reduce bios password complexity requirements.                                β•‘
β•‘                                                                              β•‘
β•‘ UCSI fixes on device attach.                                                 β•‘
β•‘                                                                              β•‘
β•‘ Laptop 16 (AMD Ryzen 7040 Series) must remain plugged into a power source    β•‘
β•‘ for the duration of the update to avoid damage.                              β•‘
β•šβ•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•
Perform operation? [Y|n]: Y
Waiting...                 [===========================] Less than one minute remaining…
Successfully installed firmware
Do not turn off your computer or remove the AC adapter while the update is in progress.
 β€’ Thunderbolt controller in Dell dock
 β€’ UEFI dbx
An update requires a reboot to complete. Restart now? [y|N]:

Note - it takes around 5 minutes for the entire process after the first boot …
Patience required :slight_smile:

        Vendor: INSYDE Corp.
        Version: 03.03
        Release Date: 03/27/2024
        Address: 0xE0000
       product: AMD Ryzen 7 7840HS w/ Radeon 780M Graphics
       vendor: Advanced Micro Devices [AMD]
       physical id: 4
       bus info: cpu@0
       version: 25.116.1
4 Likes
10

Update:
Signing the firmware with sbctl sign -s /usr/lib/fwupd/efi/fwupdx64.efi -o /usr/lib/fwupd/efi/fwupdx64.efi.signed allowed the update to continue.

Original Issue:

The LVFS firmware update process did not like my Secure Boot configuration:

Devices with no available firmware updates: 
 β€’ SSD 990 PRO 4TB
 β€’ USB2.1 Hub
Devices with the latest available firmware version:
 β€’ Fingerprint Sensor
╔══════════════════════════════════════════════════════════════════════════════╗
β•‘ Upgrade System Firmware from 0.0.3.2 to 0.0.3.3?                             β•‘
╠══════════════════════════════════════════════════════════════════════════════╣
β•‘ Fixed issue with 2280 SSD disappearing after resuming from sleep in DC       β•‘
β•‘ mode.                                                                        β•‘
β•‘                                                                              β•‘
β•‘ Remove bios password expiry.                                                 β•‘
β•‘                                                                              β•‘
β•‘ Reduce bios password complexity requirements.                                β•‘
β•‘                                                                              β•‘
β•‘ UCSI fixes on device attach.                                                 β•‘
β•‘                                                                              β•‘
β•‘ Laptop 16 (AMD Ryzen 7040 Series) must remain plugged into a power source    β•‘
β•‘ for the duration of the update to avoid damage.                              β•‘
β•šβ•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•
Perform operation? [Y|n]: y
Waiting…                 [   -                                   ] Less than one minute remaining…
missing signed bootloader for secure boot: /usr/lib/fwupd/efi/fwupdx64.efi.signed cannot be found
4 Likes
11

You need to sign the fwupd binary and place it in that location.

5 Likes
12

I thought there was a fingerprint sensor FW update? Or was that just a driver update? LVFS looked like it said the finger print sensor had the latest firmware in a post above.

13

If you are referring to my output log, the (unlogged) fingerprint firmware update was completed before the (logged) EFI update because I initially forgot to plug the laptop in before running the update command. This first update was a bit of a learning process for me - this is my first time using LVFS to update EFI firmware.

1 Like
14

Btw what version of fwupd? New enough fwupd I expect to use β€œcapsule on disk” for framework 16. You shouldn’t even need the EFI binary when that’s used.

1 Like
15

I second this! My activity on the forum will likely dwindle some time after I get my FW16. I’d love to make sure the system stays updated even if I’m not as active.

2 Likes
16

Just updated with LVFS (fwupd + GNOME firmware) as well. Worked fine using fwupd 1.9.15:

 motzky@framework ξ‚° ~ ξ‚° fwupdmgr --version  
compile   com.hughsie.libxmlb           0.3.15
compile   org.freedesktop.Passim        0.1.5
compile   com.hughsie.libjcat           0.2.1
compile   org.freedesktop.fwupd         1.9.15
runtime   org.freedesktop.fwupd-efi     1.5
compile   org.freedesktop.gusb          0.4.8
runtime   org.freedesktop.Passim        0.1.5
runtime   org.freedesktop.gusb          0.4.8
runtime   com.hughsie.libjcat           0.2.1
runtime   org.kernel                    6.8.2-arch2-1
runtime   org.freedesktop.fwupd         1.9.15
2 Likes
17

Does this driver bundle include whatever Microsoft is requiring to use the Windows Studio Effects (which relies on the NPU)?

Currently it doesn’t work on my Framework Laptop 16 and from what I’ve read it is likely due to Microsoft requiring additional driver support from the laptop manufacturer.

1 Like
18

Hola
@Kieran_Levin , a few follow up questions if you don’t mind:

  1. What is the typical turnaround time for the BIOS update and driver bundle move from Beta to Finalized? Weeks, months? Or is it more nuanced based on other factors?
  2. I would assume that once this BIOS update and driver bundle has been finalized, only then does it get pushed into the main production line. Until then the production line continues to use the last stable version. Is this correct?
19

My attempt to upgrade (that ran into the Secure Boot issues) used fwupdmgr version:

compile   com.hughsie.libxmlb           0.3.15
compile   org.freedesktop.Passim        0.1.5
compile   com.hughsie.libjcat           0.2.1
compile   org.freedesktop.fwupd         1.9.15
runtime   org.freedesktop.fwupd-efi     1.5
compile   org.freedesktop.gusb          0.4.8
runtime   org.freedesktop.Passim        0.1.5
runtime   org.freedesktop.gusb          0.4.8
runtime   com.hughsie.libjcat           0.2.1
runtime   org.kernel                    6.8.2-zen2-1-zen
runtime   org.freedesktop.fwupd         1.9.15
20

Hmm interesting. I’ll double check some code paths, that message is not expected to me on F16.

1 Like