This is great to hear. Thanks @nrp. It will be a really good example to show how FW has strengthened the BIOS maintenance approach.
Figured as much. Thanks for acknowledging. My research with Recorded Future’s threat intel platform suggests this is already beginning to be exploited in the wild with bad logos being implemented. Glad to see Framework and Insyde are on it and keeping our computers safe.
@nrp Can you please provide some insights here? I guess the original logo is measured into PCR0, so this could detect an attack (since the framework logo is not protected by intel boot guard). Would a changed image via the ESP change e.g. PCR1?
@nrp: Is there a way to skip the image parsing process? Let’s say I press F2 at boot to enter the BIOS, is a custom logo not parsed? If so, if I then continue to boot, do I skip an attack?
Especially if it will take longer to release BIOS updates, please investigate some possible “mitigations”.
The only time anyone has ever preferred having a Chromebook
coreboot is one of the things why Id like a chromebook. if only I could have bought one. (europe, none availeble when I ordered my 12th gen)
Hello,
As you may know, a vulnerability in the UEFI of x86 and ARM processors has been found. Since this affects the UEFI, it can infect both Linux and Windows.
I assume Framework will issue a UEFI update to address the issue. Until now, be careful.
There is already a thread here about this subject, into which FW have replied with details of what is happening about it.
It may make sense to pin this thread for a bit to avoid someone starting a new one every couple minutes.
Looks like it’s supported by mrchromebox alternative coreboot firmware too according to the Chrultrabook device support table
The chromebook version of Framework’s laptop is, Framework | Choose Framework Laptop Chromebook Edition (12th Gen (if this page doesnt work, try set your region to US. exactly exposing my issue, I cannot order a Chromebook edition in europe)
The hardware is confirmed to be different in such a way, doubt its firmware will be able to be flashed and functional on a non-chromebook 12th gen FW13
Most Chromebooks would likely be built this way. It’s part of the spec Google requires for a device to be considered a Chromebook. While the Framework Chromebooks are out of stock, so I’m unable to help test alternative Coreboot firmware, my Lenovo C13 Yoga is successfully running openSUSE Tumbleweed under custom firmware currently so that’s fun.
I’d just love to change the logo
Hey you know what would be great… the ability to upgrade the bios with Linux… the bios page still shows as “coming soon” for Linux since September…
Which page are you looking at? I updated my bios seamlessly via LVFS, and this is also mentioned here:
Just to expand on what herodot said, Framework has also published LVFS instructions here:
bios update went smoothly for me on a linux a while back with default instructions given for the lvfs system.
Any Updates for the Gen 13th Intel Laptops?
I wanted to find out if the Logo is included in the Boot Guard section (Gen12). According to UefiTool LogoPcx is included in the boot guard section.
1FD0BACE-6F0A-4085-901E-F6210385CB6F > 20BC8AC9 > LzmaCustomDecompressGuid > Volume image section > EfiFirmwareFileSzstem2Guid > LogoPcx).
Offset: EFD070h
Name: LogoPcx
File GUID: 6F0CF054-AE6A-418C-A7CE-3C7A7CD74EC0
I extracted the logo and it is just a black image (1024*768 pixels). I have not found another logo. Does anybody know where the framework logo is stored? Does the code draw the logo itself?