How to update BIOS to 3.20 from 3.07 using bootable USB with EFI shell

  • Which Linux distro are you using? Ubuntu
  • Which release version? 24.10
  • Which kernel are you using? 6.11
  • Which BIOS version are you using? 3.07
  • Which Framework Laptop 13 model are you using? 11th Gen Intel(R) Core™ i5-1135G7 @ 2.40GHz

How can I upgrade my BIOS? I don’t have Windows installed on this laptop or on any of my other laptops.

I wanted to upgrade my BIOS. I saw that there was (finally) a Linux option - Download BIOS 3.20 (EFI Shell update) on the BIOS download page - Cool! I don’t know how that works, however, so I head over to the Updating BIOS on Linux where I find “Linux/Other/UEFI Shell update”. I checked my BIOS versions from the command line using the instructions (and again to paste them above) - so far, so good. But after there things went south.

How do I make a bootable USB drive suitable for updating my BIOS using the EFI shell?

Simply extracting a zip file to an exfat USB drive does not make it bootable. (I tried that; didn’t work). I recalled that there was flag that needed to be flipped but I could not find in the Gnome Disks menu and I didn’t want to futz with fdisk so I downloaded Ventoy and reformatted the USB stick as a bootable Ventoy and then extracted the contents directly to the drive. I then rebooted and was presented with the USB drive as an option.

there was no automatic running of “startup.nsh”

This time I was able to boot to the USB but Ventoy presented more options than I expected. I picked one that seemed to make sense and a bunch of text zipped by and left me at a prompt that looked like startup.nsh> but I don’t remember. Typing help resulted in a whole lot more text but I could not find a pager like less or more and I couldn’t figure out how to scroll up. After trying quit and exit with no success I just pressed ctrl-alt-del and started up my PC.

What am I doing wrong here?

Thanks and regards

You need to use FAT32. :slight_smile:

2 Likes

Yes, as dhowett says. Exfat is not the same as fat32. It can only boot fat32 for efi.

1 Like

Thanks @James3 and @DHowett

I used Gnome Disks to delete all the partitions on the USB drive and created a new one using FAT32 as suggested. Then I unzipped the BIOS update to the drive:

unzip Framework_Laptop_13_11th_Gen_Intel_Core_BIOS_3.20_EFI.zip -d /media/user/BIOS_UPDATE/

I was able to boot from the drive and the BIOS update script start automatically and it appeared that it was working. However, it ultimately failed.

Output from running EFI shell update for 3.20 from 3.07 (OCR from photo of screen so some bits might be messed up or missing):

Press ESC in 1 seconds to skip startup.nsh or any other key to continue.
Shell echo off
Intel (R) FW Update Version: 15.0.47.2473
Copyright (C) 2005-2023, Intel Corporation. All rights reserved.
Checking firmware parameters...
Error 331: Fall F2 Update using same version is not allowed. Include -allowsy in command line to allow
CapsuleApp: creating capsule descriptors at 0x439E4B18
CapsuleApp: capsule data starts at Ox3EA5A018 with size 0xA5422
CapsuleApp: capsule block/size     Ox3EA5A018/0x45422
CapsuleApp: creating capsule descriptors at 0x439E4E98
CapsuleApp: capsule data starts at Ox3C7E4018 with size 0x2275E94
CapsuleApp: capsule block/size     Ox3C7E4018/0x2275E94
Get Boot Next Data Fail, Status Not Found
CapsuleApp: cannot find a valid file system on boot devices, Status Not Found
CapsuleApp: failed to update capsule Not Found
FS0:\>

It looked like the second part succeeded even if the first did not but the check using dmidecode and reviewing the BIOS settings after reboot indicated that I was still running 3.07.

After I tried running the EFI shell update for 3.20 I noticed that above the “Instructions for EFI shell update” for version 3.20 it reads “You must be running 3.17 or later to apply this update using EFI.” :grimacing: Ultimately the 3.20 EFI shell update appeared to have no adverse effects so crossing my fingers I looked for the most recent EFI shell update that I could use. I did not find one for version 3.19 but I did see one for 3.17 with no preconditions listed. I repeated the same process for creating a USB bios update that I used for 3.20 and ran it again. Still no joy.

The error as before was Error 331: Full FV Update using same version is not allowed. Include -allowsy in command line to allow it. and I was left at the EFI command prompt.

This time, however, after determining that the efi\boot\startup.nsh was to be run and the commands called by that I attempted to call the commands from the EFI REPL - but this time adding the missing -allowsy switch:

FS0:\> Fullpdicl.efi FFWupdate.bin -Y -allowsy
Intel (R) F Update Version: 15.0.47,2473
Copyright (C) 2005 - 2023, Intel Corporation, All rights reserved.
Checking firmware parameters,,,
Warning: Do not exit the process or power off the machine before the firmware update process ends.
Sending the update image to F for verification; [COMPLETE]
FW Update: [ 100% (7)] Do not Interrupt
FW Update completed successfully and a reboot will run the new FW.

So far so good. Now to run the second command:

FS0:\> CapsuleApp.efi winux.bin firmware.cap -OD 
CapsuleApp: capsule image (-00) is not found,
FS0:\>

Now it seemed that the first command succeeded but the second did not. However, I did not see any difference in the version reported in the BIOS nor from dmidecode.

Now what?

~ Justin

I just tried updating the BIOS via Linux Vendor Firmware Service (aka LVFS update) and that worked flawlessly. I do not understand why this method is not the preferred method for BIOS updates on Linux-based systems.

I gave the EFI shell update for 3.20 another try since “LVFS will not update the CSME firmware” and this time a progress screen popped up informing me that a BIOS update was occurring. Eventually the screen shut off and the system rebooted and at that time the BIOS and command line utility reported 3.20.

It should be noted that before the update GUI popped up I noticed a red error message on the terminal screen that looked an awful lot like the previous message `Error 331: Full FV Update using same version is not allowed. Include -allowsy in command line to allow it.’

In addition, I downloaded the Intel Python utility for displaying vulnerabilities in the CSME firmware. After updating to 3.17 it reported the following:

*** Intel(R) ME Information ***
Engine: Intel(R) Converged Security and Management Engine
Version: 15.0.47.2473

*** Risk Assessment ***
Based on the analysis performed by this tool: This system is vulnerable.
Explanation:
  The detected version of the Intel(R) Converged Security and Management Engine firmware
  has a vulnerability listed in one or more of the public Security Advisories.
  Contact your system manufacturer for support and remediation of this system.

After updating to 3.20 I still had the same version of CSME installed - which means that despite all of the hassle of using EFI Shell update instead of using LVFS I still did not get the CSME updated.

Another note for Framework and anyone else on this forum who may be in the know: I’d be happy to help update your documentation for this process and share my experience further.

1 Like