Security related BIOS updates

I have an AMD 13 on order, but am getting a bit concerned about the posts related to slow/non-existent BIOS updates.

Whilst I can understand that Framework is a small company and so non-critical changes, such as adding BIOS features, may not be a priority, security updates are super important to me, especially as I will use the laptop for business.

Has Framework made any public statement about their commitment to support life and lead time for issuing critical security updates for the BIOS?

Welcome to the forum.

I do recall Framework saying that they were working with their partners to have them dedicate more staff to work on it. Can’t locate the thread where I saw it though. If anyone happens to know maybe they can link.

Don’t recall anything on specific lead times.
I could be wrong, but I didn’t think other companies give that either. Maybe a large enough business purchasing a huge number of units could get some private assurance from Lenovo or Dell.

Thanks for the welcome and the feedback :slight_smile:

Good to learn that this is a focus area. You are right that lead times are rarely committed to externally, but I would hope for an internal prioritisation approach based on the severity of the CVE. Will be interesting to see how frequent the AMD board updates are.

1 Like
1 Like

Over on 12th gen Intel boards, there has not been a stable bios update since release. There has been a beta since December 2022.

Some forum members have gotten grumpy and that thread was closed, but unfortunately there have been no further updates since.

2 Likes

Drivers updates is another. The 11th gen driver bundle hasn’t been updated since 12/15/21.

I’m not sure the bios is one of those things that needs to be updated a lot. Every once in awhile at most When an issue is discovered.

The current BIOS that Framework ships has 9 known software vulnerabilities.

2 Likes

While you are free to make any decision you want, I would generally not recommend this laptop as your only business computer. Framework is committed to making the user experience as good as they can, but they are still a small team, and cannot commit to the same level of support as a bigger company, so you may be disappointed.

That said, I have used an 11th gen system as my personal laptop since the day I got it in one of the early batches, and have been very happy with it. I do have a Desktop and other laptops that I can use alongside it to negate many of it’s downsides, but I think it’s great hardware, especially for a first gen product.

The only statement Framework has really made on this is that their core focus is fixing the repairability issues with the consumer electronics industry, and have been doing a fairly good job managing their current products. It’s not perfect by any means, but they are trying their best despite many hiccups with their hardware and firmware partners (that they have little to no control over).

The Drivers that Framework has on their website are for getting up and running on Windows. These will not be updated unless there are future hardware changes that cause incompatibility, as it is recommended that once your system is running on the current bundle that you update your drivers further through Windows Update.

1 Like

Did anyone get updated Intel graphics / wifi / bluetooth drivers via Windows Update? Haven’t seen any audio device driver updates from Windows Update either.

Thanks for all the responses on this.

It does seem that Framework need to improve their BIOS change management. The mission of reducing ewaste on one hand means being able to upgrade or repair hardware, but on the other hand it also means that perfectly functional hardware should be secure and reliable to use. If critical firmware updates are not provided in a reasonably timely manner then this is not the case. And so the rest of Framework’s work to meet its mission is redundant.

I would love to see a statement from Framework on their commitment around updates and support life. Despite being a small, scaling company, it does seem absolutely core to their mission that they do so.

Well, just a few hours later, @nrp shared quite some detail on another thread. Thanks!

I know I’ve seen all three of these in Windows Update, though they are usually done in the background with no notification to me.