this post was submitted on 10 Jun 2024
700 points (99.0% liked)

Technology

59329 readers
6112 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

On May 26, a user on HP's support forums reported that a forced, automatic BIOS update had bricked their HP ProBook 455 G7 into an unusable state. Subsequently, other users have joined the thread to sound off about experiencing the same issue.

This common knowledge regarding BIOS software would, then, seem to make automatic, forced BIOS updates a real issue, even if it weren't breaking anything. Allowing the user to manually install and prepare their systems for a BIOS update is key to preventing issues like this.

At the time of writing, HP has made no official comment on the matter — and since this battery update was forced on laptops originally released in 2020, this issue has also bricked hardware outside of the warranty window, when previously users could simply send in the laptop for a free repair.

Overall, this isn't a very good look for HP, particularly its BIOS update practices. The fragility of BIOS software should have tipped off the powers at be at HP about the lack of foresight in this release model, and now we're seeing it in full force with forced, bugged BIOS updates that kill laptops.

you are viewing a single comment's thread
view the rest of the comments
[–] Takios@discuss.tchncs.de 85 points 5 months ago (3 children)

I remember warning labels on BIOS updates that basically said that if nothing is broken, don't do the update because the risk of bricking the device did not outweigh any potential benefits. That vendors are now pushing mandatory BIOS updates through Windows Update is terrifying.

[–] vithigar@lemmy.ca 16 points 5 months ago

When I heard that BIOS updates were going out automatically via Windows update I had just assumed the devices in question must be using an A/B update scheme to prevent the risk of accidentally bricking the system, because obviously they should.

Absolutely insane that's not the case.

[–] far_university1990@feddit.de 15 points 5 months ago (2 children)

Why can even touch bios from system? That sound like horrible attack vector. If can infect bios, no reformat or reinstall will remove virus.

[–] Aux@lemmy.world 4 points 5 months ago

You're not touching BIOS from the system. The software just downloads a cryptographically singed binary and reboots into BIOS. Then BIOS checks if the file is ok and proceeds to flash itself.

[–] Vilian@lemmy.ca 1 points 5 months ago* (last edited 5 months ago) (1 children)

attack vetor if the person has physical access to your device, or the bios connect to the internet, at that point fuck it

[–] far_university1990@feddit.de 2 points 5 months ago

No meant like if can infect system, could touch bios and infect, so make virus stay forever.

Which sound horrible.

Also Intel ME can connect to internet and is below BIOS. Agree, fuck it.

[–] barsoap@lemm.ee 14 points 5 months ago (1 children)

They really, really, should be doing A/B systems. Or just have an absolutely minimum loader that can load from EPROM/flash or USB so when the system storage gets messed up, you can still launch the updater from USB. That bios loader doesn't need to know more than how to talk to storage and shovel bytes to the CPU, maybe blink a LED, it's simple enough to be able to be actual ROM, never needing to be updated.

Wait, no: SD cards can talk SPI... it's not going to be fast but it's only a few megs anyway. The EPROM or Flash you're using probably speaks SPI, already. You could literally make a system which can load the BIOS from SD card for the cost of a card cage and maybe a jumper. You could have gigabytes of bios storage for three bucks by using off the shelf cheap SD cards, forget A/B storage you could do the whole bloody alphabet and people could replace the thing easily.

[–] nickwitha_k@lemmy.sdf.org 4 points 5 months ago

Here's some extra fun: there's a decent chance that you only need a cable with JST or DuPont connectors. I've seen a fair number of laptop motherboards with unused SPI headers/connectors just hanging out. My understanding being that they're for possible accessories or, literally for flashing/debugging the bios.