I’ve been nothing but positive about Framework since I heard about their mission and received my laptop back in 2022. I’ve written an article raving about it, I’ve promoted it on countless forums and social media sites, and I’ve preached the company’s mission to anyone who will listen.
Heck, I even convinced my brother and a friend purchase them.
That’s why I’m so disappointed that I feel I have to write this post. My 12th gen Framework 13 has been all but abandoned by Framework. There has been a gross lack of transparency and communication as well as security updates.
Like many others, I purchased my Framework with the intention of it being a ‘forever laptop’. A device that I will be able to tweak, modify, repair, and upgrade as years pass. Physically, it fits those requirements. I’ve already been inside it many times to tinker and switch out components.
In terms of software though? It’s a dud. The current BIOS is from 2022. It has unpatched vulnerabilities such as LogoFail and others that the public is likely not aware of.
They’ve tested some beta BIOS solutions, but as they state, they are betas. They aren’t equipped for use by the general populous and haven’t seen much progress. A new beta is announced and communication is present, leading to users testing it and leaving feedback, but, inevitably, progress slows down and communication fails. At this point, it’s been months since any official communication on the 3.08 Beta Release thread.
I understand that they’re working with a third party on the BIOS, but that doesn’t excuse the lack of communication. These are expensive devices, and promises have been made to users.
I feel this issue will only manifest further as time progresses and Framework’s plate gets fuller with more products and generations.
I would like an official comment from @Matt_Hartley, who seems to be the single point of public communication with respect to the BIOS, to explain the current situation. I also expect a comment from the company’s founder, @nrp, regarding exactly how long we can expect to see software support, how frequent it will be, and how communications in the future will be handled for the better.
As always, thank you for taking these considerations to heart. I hope we can see a resolution soon.
Nice post but it could have been added to one of the kind and this could just have been a private message to those you name. ?
The title is a bit off as it is You that is unhappy with the BIOS. The laptop is as fine as other 12Gen, it’s not a You thing, that’s a personal gripe. Is that fitting for a whole topic ?? when there are other topics that refer to such
Firstly, I’m not in a position to private message the individuals I named.
You call it a ‘me thing’ but this isn’t isolated. It impacts all 12th Gen laptops and users. These are real security vulnerabilities that can and have been exploited and the lack of communication is inexcusable. Beyond that, these issues could easily manifest outside the 12th gen Laptop 13.
The reason I chose to post this as a topic, rather then another comment, is because I feel the message is relevant to all Framework customers, not just 12th Gen users interested in the BIOS.
Ummmm - I am not disagreeing with your view at all. I have been singularly unimpressed with the support of this very expensive bit of kit. They have had to be led kicking and screaming for everything. Having said that…
Reading through it, it does seem they’ve updated the version at the top of that page. However, this release wasn’t publicised and it’s still not released for Linux. Nothing further was discussed regarding 3.08 in the beta thread either…
Another disappointing communication blunder by the seems. I really hope they see these complaints and take action to improve.
Yeah I couldn’t agree more. Its an Apple level of customer care. Its so sad, I love the concept and their ideas, I was willing to forgive some ‘quirkiness’ and even some lack of fitment etc. I wanted this to be my as-long-as-possible laptop and now I’ll be damned if they ever see another penny from me.
I appreciate new products make money and support and/or re-engineering cost A LOT of money but you cant immediately abandon the sort of people who buy these sorts of niche products. It might cost money to do all the support but at least some of your customers are going to be coming from your existing user base.
I am also suffering from a 250GB module that cant maintain any sort of performance, even with the community suggested thermal pads in. The deafening sound of silence from Framework on that issue is amazing.
Believe it or not, apple actually provides very timely security updates for many years after a product launch. So do dell, toshiba, lenovo etc.
And its not just big companies, smaller linux-specific vendors give timely security updates too (librem, malibal, system76, etc). Hell, my raspberry pi even gets timely firmware updates (often within days of a vulnerability being discovered!).
This is just a framework problem. Makes it all the more frustrating.
But in there, and in the recent FW post Enabling software longevity there are signs of some hope. Going to have to see if they make good and show real progress, so we’ll see.
I feel the same way, but with my 13th gen laptop, there aren’t any more bios updates that i can install out, and my laptop has a bios related(framework support said they are working on a fix for it) problem, where non of the IO works
I’ve read several posts now where people are upset about the lack of firmware updates, but I’m really not understanding why it is a big deal in the short-run.
In my experience, the risk/reward for a BIOS update is quite low, so I don’t really care to do so unless absolutely necessary.
AFAIK any attack trying to exploit that vulnerability will have to get access to the EFI partition. So either a physical attack or some sort of root exploit that will allow writing to that partition. So, essentially, you already have to be compromised for this to be effective.
That sucks. I know they’ve made some fixes for earlier gen HDMI ports, but that may be more of a thermal design-flaw rather than something that can be fixed with BIOS.
That also sucks, hopefully, they fix it soon, that really doesn’t seem normal.
I had a first gen HDMI which I think took 2 years to improve the battery life, but it didn’t affect me meaningfully. As long as any new hardware updates are functional, I think they have kept up their end of the bargain. For instance, the new 61W batteries require an update.
Regarding the word “abandon”, there are several types of failure, and I’m not sure BIOS updates can rank anywhere near the top.
Tier1 Fail:
supply chain problems. No more parts => abandoned.
putting out dud hardware. Going bankrupt => abandoned.
Tier2 Fail:
Bios hardware updates. If there aren’t any more and there is potential expansion cards, battery, etc. that won’t work without it…well, it’s a lower tier of fail, but still a fail.
Sucky, but not a fail:
Bios security updates…if this is actually important and you have bios attacks in your threat model, then you shouldn’t be using consumer routers either. Or windows 11. And probably not use a framework laptop even if they did put out timely bios updates.
Anyway, I don’t get it, but I hope everyone relaxes a bit and has a good weekend.
If this was a 900-dollar-throw-it-away-in-2-years-ASUS/ACER/pick a brand I would absolutely expect exactly the service, response and updates that we are all getting right now and I would be totally happy with that.
This is not about the lack of BIOS updates. The BIOS updates are an example of the larger systemic problem. Updates/changes.fixes etc are promised only after a lot of hassling, nagging and generally having to shame them on public forums. When they are finally promised they generally don’t deliver on time and we have to go back through the cycle again. As a customer, who Framework have to deal with or wait on is not my concern. If Dell, HP and Acer all have their laptops updated its obviously not impossible. I don’t think its unreasonable that my much more expensive and (supposedly) higher quality laptop is updated as well and within a similar time frame.
This is a high cost item. I suspect a lot of people buying these are like me and are willing to spend the extra to support a great ethos, a great idea and a great company. As I said earlier I was willing to put up with some oddness and not having apple levels of fitment. Have a look at the Ars article mentioned earlier and elevated systems (3 of them now I think) reviews on YouTube https://www.youtube.com/watch?v=_UzJRQwQze8. He returned his as it just wasn’t good enough.
In spending the extra money you do expect a higher level of service, care and response. Buy a Seiko and an Omega and see how the whole purchase and after care experience changes.
Remember laptops are used by non-tech people in the real coffee shops and cafes of the world. Physical access is total access and when the laptops owner goes to the loo and leaves their laptop on the table (I know, but you would not believe how often it happens) the sort of compromise you are talking about is a piece of cake for a professional. High end laptops are the ones that attract attackers, as they are usually owned by higher wealth individuals. Yes I know they could steal it. A pro will make a lot more money compromising your laptop and hacking your bank accounts
Part of my job is evaluating the security of laptop fleets for companies. One of the things I can tell you for sure is that if there was a low probability, high impact security flaw it would definitely hit a security teams “Red” line in their reports. If it was a large corporate they would definitely be hassling the manufacturers rep to get them to release a fix ASAP. They would do that even If it wasn’t viewed as a serious threat and was just needed to get a tick in an audit, because that audit maintains an ISO standard that the company operates under
So yes it is important.
For a sensible individual like you and me that sort of scenario is not a problem but if Framework want to be taken seriously by business (because like it or not that’s where Framework would make most of their money) they need to get their ducks in a row.
My 250GB SSD isn’t going to get fixed by a firmware upgrade, its maybe possible but completely not worth anyone’s time. Its just an example of a company that is not managing their supply chain properly, isn’t doing enough QA on products they are releasing, and are completely ignoring their customers when they complain about it.
FYI - I do this professionally, I rarely use consumer grade anything at home except for my Framework laptop. My network is all CISCO, servers are all Dell, my security is very enterprise-y. I have a full MS management suite running on VM’s. There is nothing wrong with Windows, Linux or anything else as long as it is managed, secured and configured properly.
BIOS updates are important in the long-term, but some of these arguments don’t have very much merit and seem very click-baity. So, at this point, I’m really not sure if we’re living in the same reality or not. For all I know, you asked ChatGPT to make your response.
Quite frankly, I do think their support is hit and miss, but they are a young company. As such, I would expect some of their early designs to have flaws. The gen1 motherboard has a cmos battery charging issue, the top cover has lots of flex, the hinges were not very stiff, etc, etc. Even established companies screw up sometimes, IMO, the Thinkpad T42 was a dud for instance.
Right, so the laptop is slightly more expensive and the graphics performance wasn’t fit for purpose? What does that have to do with BIOS and long-term support?
Um, the markup on a Framework is not 10x-1000x of a regular watch. It’s cheaper than Apple. Again, I don’t understand the comparison.
The point about physical access is total access was my argument, you can’t use it. There are tons of other physical attacks (BadUSB, etc), so adding LogoFail is a big whatever.
Am I living in a different reality than you? There are various audit controls for access, logging, tracing. The reality is that large companies have to deal with stolen or compromised laptops in various ways. This is just another method of getting a laptop compromised. IMO, the badusb attacks are far more dangerous in practice.
The thermal throttling sucks. But again, I feel like I’m living in a different world than you. Are you saying that you have never bought a piece of electronics that didn’t live up to your expectations? Do you not remember the Apple butterfly keyboard?
Enterprise is a different type of suck. I’ve had bugs open with Cisco for years, but…at least you could file a bug? But at least it isn’t the utter tirefire that is consumer-tier routers.
Anyway, for those reading thru these threads, to summarize my thoughts:
Longterm bios updates are important for hardware updates / compatibility
There are plenty of reasons to not buy a framework laptop, but bios updates for security patches is not in the top 5.
If you think a 3-year old company should have it all figured out, you should reset your expectations. Be practical.
Apparently I didn’t explain my point very well. I got grumpier the more I wrote
This is about the support, attitude and responses of/from Framework. The BIOS updates and my particular SSD are examples to backup the points trying to be made. Its no good ranting about something if you cant back it up with examples, right?
“BIOS updates are important in the long-term, but some of these arguments don’t have very much merit and seem very click-baity. So, at this point, I’m really not sure if we’re living in the same reality or not. For all I know, you asked ChatGPT to make your response. ”
See above, but in case you missed the first sentence from my previous post here it is again…
‘This is not about the lack of BIOS updates’
As for reality, possibly we aren’t, I live in reality TK421E.R, you?
“Quite frankly, I do think their support is hit and miss,”
Got an example of it being a hit?
The T42 was a dud in your opinion. Well your entitled to that opinion of course. Heres my memory though. That 2004 (2006 maybe?) machine was made from a plastic case that bent when you picked it up improperly causing all sorts of track breaking and BGA desoldering. I think on the GPU? Manufacturers have all learnt from each other since then, being new isn’t an excuse not to understand the lessons of the past. The T42’s issues were not a manufacturing problem per se, not a support problem, not an update problem and most importantly not a problem with communication or help from IBM (Lenovo by then?). It was a user education problem.
I haven’t checked that info so I am happy to be reminded or corrected.
“Right, so the laptop is slightly more expensive and the graphics performance wasn’t fit for purpose? What does that have to do with BIOS and long-term support?”
A) Its a lot more expensive,
B) I agree it has nothing to do with the BIOS, very much like the very first sentence in my response makes abundantly clear. Its about the lack of support or response from Framework
C) Its a new machine how would you judge long term support on a 3-4 month old machine. I can judge longer term support on my laptop though, its been terrible. Actually no - Its been virtually non-existent. Which, again is the point that was originally made. Secondly if you watch the other two videos he did you will see that, that was his second Framework 16 - the first one had to go back as he was at risk of cutting himself from the blanking plates fitting so badly. That was a production unit.
"Um, the markup on a Framework is not 10x-1000x of a regular watch. It’s cheaper than Apple. Again, I don’t understand the comparison. "
The Seiko is about 1.5-2k AUD, the Omega is about 6-8K. So yes, ok, 3-4 times the price not 2.5 times the price the Framework is over an ACER. Its definitely not 2 orders of magnitude (I’m not picking on ACER they’re just first on my brains alphabetical sorting system of inexpensive laptops)
Second point, a new 16 inch M3 Mac Pro starts at 2400 in AU. The 16 inch self build Framework is pretty much the same price at 2320. I am sure you can argue the toss about some cheaper mac (I don’t really follow Apple stuff - I only took a brief look at the web site) but the pro seems to be the one that would be equivalent to the Framework 16 If I am off track here with the details, happy to be put right.
The point I was trying, badly apparently, to make, was that if I buy something that’s much more expensive than the similarly specc’ed competition I expect better service, aftercare and support than I would get from the cheaper one
"The point about physical access is total access was my argument, you can’t use it. :laug`hing: There are tons of other physical attacks (BadUSB, etc), so adding LogoFail is a big whatever. "
OK OK Its all yours Yeah I went a bit off track there. I DID start making it about the BIOS, which was not the point.
“Am I living in a different reality than you? There are various audit controls for access, logging, tracing. The reality is that large companies have to deal with stolen or compromised laptops in various ways. This is just another method of getting a laptop compromised. IMO, the badusb attacks are far more dangerous in practice. BadUSB - Wikipedia”
BadUSB et al are all worse and a lot of them are virtually impossible to fully defend against. All of them though, are completely different to a known and public exploit that there are known and (comparatively) easy fixes available for on all other mainstream brands. I don’t want to get off track here, its not so much that they didn’t produce an update its the way that they ignored it, eventually said OK, didn’t deliver, eventually provided it as a beta, then released it and didn’t tell anyone, not even the beta testers.
The thermal throttling sucks. But again, I feel like I’m living in a different world than you. Are you saying that you have never bought a piece of electronics that didn’t live up to your expectations? Do you not remember the Apple butterfly keyboard?
I am definitely not expecting them to fix my SSD. Its not about the hardware.
It been my experience that you can screw up when you are the new guys and recover from it as long as you hold your hands up, admit and fix your mistake and communicate your screw up and what you are going to do about it clearly and without trying to blame someone or hide the facts.
I don’t really see Apple customers as being the same people as Framework customers, I could be totally wrong on that, just my view. Apple definitely suck at customer care, support etc etc. Framework are the complete polar opposite of the parts pairing, software locking, glue obsessed giants of the world, so maybe their support should be as well? Again it’s not about a particular product, its about the attitude, response, support and care. Could they have fixed it once it was released? No I don’t think so, not without going bankrupt. Do I blame them? Yes I do, but its a tiny stuff-up, it happens, no one is perfect. Do I blame them for handling it badly, sticking their heads in the sand, not responding to customers, not putting their hands up and saying “Ooops, sorry guys, we have seen our mistake and we wont do that again, here’s what we are going to do to assure you that we have that one fixed for the future”? Yes, Yes I do, and as was pointed out by Ars and the OP its not about my particular SSD, its about the response and support.
Enterprise is a different type of suck. I’ve had bugs open with Cisco for years, but…at least you could file a bug? ng: But at least it isn’t the utter tirefire that is consumer-tier routers.
Well that’s something we definitely agree on
Anyway, for those reading thru these threads, to summarize my thoughts:
Longterm bios updates are important for hardware updates / compatibility
There are plenty of reasons to not buy a framework laptop, but bios updates for security patches is not in the top 5.
If you think a 3-year old company should have it all figured out, you should reset your expectations. Be practical.
[/quote]
My thoughts
Framework are a company with a great idea trying to do good things. Currently, they are getting it wrong.
I am not sure if reality and finance or shareholders have started to erode the vision, or if they have just given up and don’t care or understand that the old models and existing customers need as much care and attention as the new ones do or what.
You can expect your laptop to be abandoned once the new shiny is available. they may eventually give you a date for a fix, but you can ignore it because they wont deliver by then. The BIOS issue absolutely bears this out. When they did finally stealth release it, (see the original post and my response) they didn’t even tell the beta testers (the beta testers are the people risking their expensive hardware and doing free work for the company) Why did they release it like that? You can draw your own conclusions. I know what my view is and its not a good sign for the future.
The ability to receive timely BIOS updates, especially security fixes is important. It’s significant to Framework’s overall goal of providing long lasting products. They’ve missed the mark here, admitted as much and are making an effort to improve. Communications have been poor, and while this is not uncommon for small companies it’s adding to the feeling that the products are being abandoned. I own a 12th gen and while the security fixes are important to me, I really just want support for the larger battery - battery life is my pet peeve about the product. It’s affordable enough that I’ll probably just buy the battery and hope it works now that I’ve updated my BIOS.
I really hope these are just growing pains; Time will tell. I’ll take a chance on the battery upgrade, but I did cancel my order for an AMD mainboard. Maybe I’ll upgrade sometime in the future if the company matures.
There are tons of other physical attacks (BadUSB, etc), so adding LogoFail is a big whatever.