Framework Laptop TGL

Updating the firmware on your Framework Laptop device improves performance and adds new features.

Atom Feed

Version 0.0.3.6 — not be suitable for production systems
2021-11-22 22:48:38

New Features and Changes

  • Support hardware changes on mainboards with new audio codec.
  • Add BIOS menu option to adjust power LED brightness.
  • Initial support for booting without battery.
  • Change power button force shutdown time from 20 seconds to 8 seconds.
  • Update Realtek EFI UNDI driver to version V2.035.
  • Show detected PCIe NVME and USB storage list on BIOS boot page.

Fixes in this release

  • Fix TPM Event log table resource pointer.
  • Fix ACPI ECDT table EC ID field had wrong EC ACPI object.
  • Enable the fan in modern standby.
  • Increase the retry time before enabling PS2 mouse fallback mode..
  • Fix UCSI driver hang on right side ports causing UCSI updates to stop notifying the OS until a restart.

Known Issues

  • Battery cutoff through BIOS or by holding down the mainboard power button needs to be performed on AC.

Urgency high
Reported Success 73% (low confidence)
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 0.0.3.17 — not be suitable for production systems
2022-11-29 09:20:40

Due to an incompatibility between our BIOS and recent versions of fwupdmgr please set DisableCapsuleUpdateOnDisk=true in /etc/fwupd/uefi_capsule.conf before applying this update.

Updating the BIOS firmware will erase NVRAM boot variables.Press F3 during boot to manually select a desired boot entry after the update has completed if you run into this issue.

Changes in this release

  • Add setup menu option in advanced tab to enable standalone operation mode.This will modify onboard LED behavior to skip presence checks for chassis open, display, battery and C cover.
  • Change low battery power LED behavior from red to white.

Fixes in this release

  • Improve battery life when HDMI/DP expansion cards are attached but no display is connected.
  • Add support for Capsule on Disk for future updates to improve LVFS compatibility.
  • Fix pressing F12 key during boot will system hang when BIOS quiet boot is disabled.
  • Correct BIOS setup item TPM availability missing word.

Urgency high
Reported Success 93% (high confidence)
Fixed issues:
  • CVE-2022-35893

    An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM memory corruption vulnerability in the FvbServicesRuntimeDxe driver allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

  • CVE-2022-35896

    An issue SMM memory leak vulnerability in SMM driver (SMRAM was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An attacker can dump SMRAM contents via the software SMI provided by the FvbServicesRuntimeDxe driver to read the contents of SMRAM, leading to information disclosure.

  • CVE-2022-35408

    An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver in UsbLegacyControlSmm leads to possible arbitrary code execution in SMM and escalation of privileges. An attacker could overwrite the function pointers in the EFI_BOOT_SERVICES table before the USB SMI handler triggers. (This is not exploitable from code running in the operating system.)
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 0.0.3.10 — not be suitable for production systems
2022-07-22 11:03:59

Due to an incompatibility between our BIOS and recent versions of fwupdmgr please set DisableCapsuleUpdateOnDisk=true in /etc/fwupd/uefi_capsule.conf before applying this update.

Warning! Update may cause your system to lose boot entries.

  • Updating the BIOS firmware will erase NVRAM boot variables.Press F3 during boot to manually select a desired boot entry after the update has completed if you run into this issue.

Fixes in this release

  • Fix issue where the battery will not charge when system is off.
  • Fix typo in bios setup menu.8254 clock gate help text.

Urgency high
Reported Success 18% (high confidence)
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 0.0.3.9 — not be suitable for production systems
2022-07-09 10:11:05

Due to an incompatibility between our BIOS and recent versions of fwupdmgr please set DisableCapsuleUpdateOnDisk=true in /etc/fwupd/uefi_capsule.conf before applying this update.

Warning! Update may cause your system to lose boot entries.

  • Updating the BIOS firmware will erase NVRAM boot variables.Press F3 during boot to manually select a desired boot entry after the update has completed it you run into this issue.

Fixes in this release

  • This update fixes a number of important CVEs impacting the BIOS.with the highest base score of 9.8.
  • Fix battery cycle count is not valid.
  • Fix audio output polarity is inverted from the headphone jack on Tempo audio codec mainboards.
  • Fix abnormal shutdown.
  • Fix charging led behavior.
  • Reduce main battery drain in off state.
  • Fix keyboard function keycodes being incorrect or missing.
  • Disable support for 14V-16V charging.
  • Improve recognition of HDMI/DP dongles or adapters when going though power cycles.
  • Improve compatibility with some USB-A devices.

New Features and changes

  • Added boot from file menu by pressing F3 on boot to access the boot from file menu.
  • Added option to control the 8254 clock gate in bios advanced setting page to support memtest86++.

Known Issues

  • Thunderbolt devices may not be recognized on S4 resume in some cases, but can be recognized after replugging the device.
  • Touchpad PS2 fallback mode may not work if the user is in an OS that supports the SerialIO driver, and then restarts to an OS that does not support the SerialIO driver.

Urgency critical
Reported Success 80% (low confidence)
Fixed issues:
  • CVE-2021-41839

    A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated table variable EFI_BOOT_SERVICES. This can be used by an attacker to overwrite address location of any of the functions (FreePool,LocateHandleBuffer,HandleProtocol) to the address location of arbitrary code controlled by the attacker. On system call to SWSMI handler, the arbitrary code can be triggered to execute . See further details in attachment BRLY-2021-017.md.

  • CVE-2021-41837

    An unsafe pointer vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler. An attacker can use this unsafe pointer "current_ptr" to read or write or manipulate data into SMRAM. Exploitation of this vulnerability can lead to escalation of privileges reserved only for SMM using the SwSMI handler. See further details in attachment BRLY-2021-009.md.

  • CVE-2021-33627

    A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(CommBuffer). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution. See further details in attachment BRLY-2021-011.md.

  • CVE-2021-33626

    A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution. See further details in attachment BRLY-2021-013.md.

  • CVE-2021-45971

    A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(CommBufferData). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution. See further details in attachment BRLY-2021-012.md.

  • CVE-2021-45970

    A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(status code saved at CommBuffer+4 location). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution. See further details in attachment BRLY-2021-015.md.

  • CVE-2021-45969

    A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(CommBuffer + 8 location). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution. See further details in attachment BRLY-2021-016.md.

  • CVE-2021-43323

    SMM callout vulnerability in combined DXE/SMM driver on BullSequana Edge server. The vulnerability exists in SW SMI handler registered with number `0xFD` and located at offset `0x291C` in the driver. See BRLY-2021-031.md for details.

  • CVE-2021-43615

    SMM callout vulnerability in combined DXE/SMM driver on BullSequana Edge server. The vulnerability exists in SW SMI handler registered with GUID `9c28be0c-ee32-43d8-a223-e7c1614ef7ca` and located at offset `0x23B0` in the driver. See BRLY-2021-028.md for further details.

  • CVE-2021-33625

    SMM memory corruption vulnerability in combined DXE/SMM driver on BullSequana Edge server. The vulnerability exists in SW SMI handler registered with GUID `9c28be0c-ee32-43d8-a223-e7c1614ef7ca` and located at offset `0x23B0` in the driver. See BRLY-2021-029.md for details.

  • CVE-2021-42554

    SMM memory corruption vulnerability in combined DXE/SMM driver on BullSequana Edge server. The vulnerability exists in SW SMI handler registered with number `0x16` and located at offset `0x3DBC` in the driver. See BRLY-2021-027.md for details.

  • CVE-2021-42060

    SMM callout vulnerability in combined DXE/SMM driver on BullSequana Edge server. The vulnerability exists in SW SMI handler registered with number 0xF9 and located at offset 0x06F0 in the driver. See BRLY-2021-022.md for further details.

  • CVE-2021-42059

    The stack buffer overflow vulnerability leads to arbitrary code execution in UEFI DXE driver on BullSequana Edge server. See BRLY-2021-021.md for further details.

  • CVE-2021-41842

    An issue was discovered in AtaLegacySmm in the kernel 5.0 before 05.08.46, 5.1 before 05.16.46, 5.2 before 05.26.46, 5.3 before 05.35.46, 5.4 before 05.43.46, and 5.5 before 05.51.45 in Insyde InsydeH2O. Code execution can occur because the SMI handler lacks a CommBuffer check.

  • CVE-2021-41838

    An unsafe pointer vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler. An attacker can use this unsafe pointer "ptr" to read or write or manipulate data in the SMRAM. Exploitation of this vulnerability can lead to escalation of privileges reserved only for SMM using the SwSMI handler. See further details in attachment BRLY-2021-010.md.

  • VU#796611

    SMM callout vulnerability in SMM driver on Fujitsu device (SMM arbitrary code execution). Vulnerability exists in software System Management Interrupt (SWSMI) handler located at offset `0x474` in module `AsfSecureBootSmm`. SWSMI handler with number `0x56` dereferences gRT (EFI_RUNTIME_SERVICES) pointer to call a `GetVariable` service, which is located outside of SMRAM.Hence, this can result in code execution in SMM (escalating privilege from ring 0 to ring -2).

  • CVE-2021-41840

    A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated table variable EFI_BOOT_SERVICES. This allows an attacker who is capable of executing code in DXE phase to exploit this vulnerability to escalate privileges to SMM. The attacker can overwrite the LocateProtocol or Freepool memory address location to execute unwanted code . See further details in attachment BRLY-2021-019.md.

  • CVE-2021-41841

    A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated table variables EFI_BOOT_SERVICES and EFI_RUNTIME_SERVICES. This can be used by an attacker to overwrite address location of the function (LocateHandleBuffer) to the address location of arbitrary code controlled by the attacker. On system call to SWSMI handler, the arbitrary code can be triggered to execute . See further details in attachment BRLY-2021-018.md.

  • CVE-2020-27339

    A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated table EFI_BOOT_SERVICES. This can be used by an attacker to overwrite service EFI_BOOT_SERVICES address location to the address location of arbitrary code controlled by the attacker. On system call to SWSMI handler, the arbitrary code can be triggered to execute the unwanted code. See further details in attachment BRLY-2021-020.md.

  • INTEL-SA-0562
  • INTEL-SA-00527
Licenses
Security
Release Gating
Download Archive Firmware Details

LVFS © 2015 Richard Hughes with icons from Font Awesome and GeoIP data from IP2Location.

Linux Vendor Firmware Service Project a Series of LF Projects, LLC :: Charter