Jump to content

Information about BIOS updates A07/A08 and higher for M14xR2, M17xR4 & M18xR2


svl7

Recommended Posts

.

So... Dell/Alienware managed to confuse a lot of users with their latest BIOS updates from last week. Version A08 of the M14x R2 as well as the M17x R4 and also A07 of the M18x R2 made a quick appearance on the Dell support site, only to vanish again shortly after - apparently to be replaced with A09 respectively A08.

To make the confusion perfect, Dellienware once more decided not to publish any change log, not even a tiny bit of useful information. (I already bothered some Dell reps with this, but no success so far... they're always telling that my emails will be forwarded to the proper people...). Anyway, even though severe, I don't want to discuss the change log problem at this place.

So what's up with those new BIOS?

It's hard to miss that some numbers are missing between the last bios update and the current releases. Anyone who's slightly familiar with software updates and naming will realize that this is already and indication that quite some changes have been made - obvious, right?

Huge parts of the firmware got revised and new modules were added as well. To keep it short, the bios (or UEFI to be more precise) is now officially Windows 8 ready. You may have already read that Microsoft requires the OEMs to have certain functions in the UEFI available (namely Secure Boot) in order get the systems 'Windows 8 certified'.

Just to quickly clarify something, you don't need a 'Windows 8 certified' machine in order to run Windows 8, neither do you require Secure Boot, but the OEMs are pretty keen on this certificate as customers seem to prefer systems with certain stickers on them.

What's this Secure Boot stuff? And how does this affect me?

Secure boot is a protocol, a part of the UEFI, designed to ensure that a system gets booted in a so-called trusted state. This means a state that is known to be secure, that the firmware code has not been tampered with and is a direct copy which comes from a trusted source (e.g. the manufacturer of the used UEFI variation).

Secure boot handles this with a system of different functions and interfaces as well as a key system. It makes sure that all external images have to pass a predefined authentication before they get executed. It is designed to prevent attacks which target the firmware to OS handoff.

What secure boot won't do is protecting the firmware from direct attacks, e.g. manipulated bios updates and similar ... and this is where we come to secure firmware updating.

Some of you may have noticed or read that coming from an 'old' bios version it is no longer possible aynmore to (easily) downgrade to an earlier version once you have flashed A08/A07 or later.

This is because Dellienware decided to implement a way to verify firmware updates, in the case of the Insyde UEFI it is 'secure flash'.

The UEFI image, the drivers which are required at boot etc. are all digitally signed. Now if you want to update your BIOS, this is what happens (simplified):

- Flash utility checks the firmware image for integrity.

- If ok, the image gets sent to the system

- System reboots, starts the pre-uefi environment and starts the authentication process on the file which is to be flashed

- If this check passes, and only then, the software environment for the flash gets launched, firmware gets updated.

I have to admit that secure boot without implementing a method for secure firmware updating makes pretty much no sense at all, so it's obvious that this would come sooner or later, especially with Microsofts requirement for the Win8 certification. The consequence of this is that the user gets locked out of his own system. A (hobbyist like me) is no longer able to tweak the firmware of his system in order to use hardware the way he wants. Same goes for benchers, power users, hardware enthusiasts etc. who like to flash a modified bios in order to get access to disabled settings or activate certain CPU extensions which the system manufacturer locked out.

The digital signing which gets used in UEFI is really sophisticated, so don't even ask about creating own signatures or revers engineering it. This is the end of bios modding (and especially easy flashing) as we know it.

While I have hope that it will be able to find some workarounds for the current AW systems, I have reasons to believe that it will be much more difficult to achieve this with a system which comes with the secure boot function implemented by stock. One thing is for sure, if you intend to use a modified firmware, secure boot needs to be disabled ...but it is obvious that the issue with the secure firmware update (in our case 'secure flash') persists, even with secure boot turned off (for the reasons mentioned above).

I don't want to read all this / To much technical details, what are the conclusions of all this for me?

Do you use / want to use a modified bios on a current AW system (M14xR2, M17x R4, M18xR2)?

If no - doesn't really matter for you, just go ahead and update to the latest bios which Dell provides for your system.

If yes... - If you're still on an 'old' BIOS (pre-A08/A07 when looking at the official releases) then you can for example stay there and flash forth and back between a modified and stock bios, as long as the stuff you flashes predates A08 respectively A07 (again, I'm only talking about public, official releases). If you want to update to the latest version, keep in mind that you won't be able to easily downgrade anymore once you're on one of those new bios. You won't be able to easily flash a modified version either, unless you directly flash a modified when coming from an 'old' bios. In this case the mod will flash fine, but the consequences are the same, you won't be able to downgrade anymore easily, neither will you be able to just flash a newer modified bios.

And if you already flashed a unmodified new bios and want to get a modified one... shit happens. Contact me in the corresponding thread of your model and we might be able figure out something.

Let me know if you have any questions, some explanations might not be sufficient if you're not a bit familiar with all this stuff.

  • Thumbs Up 13
Link to comment
Share on other sites

I know this is wishful thinking. But do u think this new bios might have helped with the gtx680m throttling issues? Or is it just purely to lock out bios flashing and Windows 8 certification crap. I'm guessing just the latter. But a boy can dream that one day his dell card can jump up to msi levels.

Link to comment
Share on other sites

Wow, those are pretty bad news. My only hope is for talented individuals such as svl7 to discover a viable workaround.

Thats about the only hope if any there is left. Its like censorship and prohibition :/

Paranoid Galaxy S3 on Tapatalk 2

Link to comment
Share on other sites

Wow, those are pretty bad news. My only hope is for talented individuals such as svl7 to discover a viable workaround.

It is possible to use the firmware recovery procedure to load a firmware prior to the new versions with signature checks. This procedure bypasses the signature checks that the InsydeFlash tool performs against the UEFI. I am now running stock A04 on my M14xR2 that shipped with A08 (signed). In principle, then, it should be possible to load any unsigned, unlocked versions of these newer firmware releases using this procedure.

Whether or not OEM editions of Windows 8 will still boot after doing so remains to be seen. Windows 7 and other operating systems shouldn't care.

  • Thumbs Up 1
Link to comment
Share on other sites

Thanks svl7! Logically, there is hence no point to update, what you can always do when there is another update bringing changes this time worth 'locking' yourself out of modified bioses (what changes would this exactly be? that's discussable). Of course dell is paying attention to commercial bullshit issues instead of fixing what truly needs to be fixed there, e.g. finally introducing working boost for nvidia cards.

How safe is going from A03 to anything higher? There's been a decent number of people screwing things up while trying to do that, as it seems judging by the number of posts in the NBR forums with complains about the issue.

  • Thumbs Up 1
Link to comment
Share on other sites

hi

i just bought an alienware m18x r2 (i7 3610qm and dual gtx675m).i will get it next week and i want to ask if its worth it to flash the modded bios probably mine will be on A08 so is there a risk to flash the unlocked A08 ?

Link to comment
Share on other sites

hi

i just bought an alienware m18x r2 (i7 3610qm and dual gtx675m).i will get it next week and i want to ask if its worth it to flash the modded bios probably mine will be on A08 so is there a risk to flash the unlocked A08 ?

The risk is everything above and its hard to say there is any benefit to having bioa over A03 as Darkskies posted above.

Link to comment
Share on other sites

A lot of people had success with this, but not all... not sure why some boards bricked, maybe bad luck, mabye not enough patient... What I think is that step 2 is not really necessary ;)

Link to comment
Share on other sites

A lot of people had success with this, but not all... not sure why some boards bricked, maybe bad luck, mabye not enough patient... What I think is that step 2 is not really necessary ;)

That sounds logical. Maybe if enough people read the majority of your words of wisdom they would be on A05 and just flash the unlocked version. Maybe some people waiting long enough for the entire process. Do you know if you've seen a pattern of bricked machines more on windows 8 than windows 7? Some people are on the beta.

Paranoid Galaxy S3 on Tapatalk 2

Link to comment
Share on other sites

so i got the new system...did a repaste, partially took off the dustcover from the screen (it came with major crap in there and i cleaned it instead of having dellienware come over right away once more...), put it back on...and decided to stick with everything that came with the new one (not exchanging mobo etc.). so now i'm stuck on A09 not being able to downgrade anymore :( daium! used to get up to 14000+ in vantage, now the max i get outta my 14inch baby is around 12400. but still happy with the performance of this little monster :D

Link to comment
Share on other sites

so now i'm stuck on A09 not being able to downgrade anymore :( daium!

I found a new way to flash the bios, it worked for my Asus Ultrabook, it might work as well for the AW line. If done properly it's as safe as a normal bios update, unlike the recovery procedure. If you're interested let me know, it would require you to dump some files for me so that I can check whether it should work.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use. We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.