Can Win 10 Perform BIOS Upgrades?

[V.T. Eric Layton]

Hey Windows pros,

 

I have a pal on Diaspora (@Joseph Teller, you may know him, Josh) who just posted that a Win 10 BIOS upgrade bricked his wife's computer. Is this really possible? Is Win 10 actually futzing with BIOS on systems these days? This is new to me. I always understood that BIOS had to be upgraded manually via software and instructions from the computer manufacture or the mobo manufacturer. Has this changed in Win 10? If so, that's SCARY!

 

I have Win 10 on my main system. It's crippled (no Networking), but I would still be nervous because I do turn on Networking occasionally to get updates. I would NOT want Windows to be upgrading the BIOS on this machine.

 

Please elaborate on this, Window folks. This GNU/Linux user isn't that will versed in MS these days. Thanks.

[raymac46]

Yes on some of the newest PCs you can update the firmware through Windows 10. But I don't think its an automatic thing. There are optional driver updates where that can be done as far as I know.

 

https://docs.microsoft.com/en-us/windows-hardware/drivers/bringup/windows-uefi-firmware-update-platform

[V.T. Eric Layton]

Hmmm... I wouldn't think it's a good idea for an operating system to be upgrading BIOSes, but that's just me.

[goretsky]

Hello,

This actually started during the Windows 8 era, where Microsoft added the capability of performing UEFI (BIOS) firmware updates without the user having to rely on vendor-provided ones.  The article at https://docs.microsoft.com/en-us/windows-hardware/drivers/bringup/windows-uefi-firmware-update-platform gives an overview of how it works, and this presentation from the UEFI Forum provides a more detailed technical overview: https://uefi.org/sites/default/files/resources/UEFI Fall 2018 Intel UEFI Capsules.pdf [PDF]

Basically, this was introduced for a couple of reasons:

1. To allow customers to get security vulnerabilities and bugs fixed without having to reply on running vendor-provided firmware update tools, which may not be present on a computer or not run by the user; and
2. To provide a better OOBE (out-of-box experience) when Windows is run for the first time computer, by downloading all of the latest firmware, device drivers and operating system updates at once during during the installation cycle—or at least at the very beginning after Windows is installed.

 

There have been some problems in the past with this technology, such as UEFI firmware capsule being updated while the companion SMBIOS (System Management BIOS, the part which monitors temperatures, controls fans, lighting, etc.) was left on an older version, but those early problems have been dealt with and the technology works more or less as it should.

I am still not a huge proponent of this mechanism, I feel that computers should have their manufacturer-specific software for managing the computer's specific features and updating the drivers and firmware installed on them, and that users should be regularly running those programs to check for updates.  However, I realize there are a lot of people who end up deleting those tools and never reinstalling them on the grounds that they think they are "bloatware" and remove them without understanding what they do and why they are present.  This kind of forced Microsoft and device manufacturers with a need to come up with a mechanism to keep those users secure.

Regards,

Aryeh Goretsky

[raymac46]

Even with old legacy PCs you sometimes need Windows to update the BIOS. On my old Dell Inspiron 520 I had to update the BIOS to allow for 8GB of RAM. The only BIOS update I could find was an .exe file that had to be run within Windows. This was a problem since I had been running Linux on this machine for years. I solved it by running mini-Windows XP from Hiren's boot disk and executing the BIOS upgrade from the file on a USB key. The old way of booting from DOS on a floppy was not possible.

[Digerati]

Whoa! Windows is not doing the BIOS upgrades. Windows is supporting running the BIOS upgrade provided by the chipset/motherboard maker. And it is that hardware maker/upgrade developer who is responsible to ensure the upgrade is compatible with the OS.

[raymac46]

Yes in fact there is an optional UEFI upgrade through Windows 10 right now that is clearly marked as a Dell software item.

[Digerati]

Right. But "through" Windows is not Windows (or Microsoft) initiating the update. Big difference. 

 

The BIOS/UEFI update for the motherboard would be controlled by the motherboard maker. You might have Joseph check whatever the upgrade program his mobo uses to make sure there is not a setting for automatic upgrading. 

 

For the record, I never upgrade a BIOS unless the upgrade addresses a specific problem I am having, or addresses a critical security flaw - which is very rare. 

 

Most BIOS upgrades - especially for boards that have been out for awhile - simply add support for new CPUs or RAM or other hardware that was released after the board left the factory. If I am not upgrading my CPU to one of those new CPUs, no need to upgrade the BIOS. 

[goretsky]

Hello,

Computer manufacturers upload device firmware through the WHQL/WHCK certification path, where they end up in the Microsoft Update Catalog, just like a device driver for a video card, sound card, network card, etc.  On the computer running Windows, the Windows Update subsystem queries the version of the UEFI firmware just as it would do for a device driver.  If there is a higher version number in the Microsoft Update Catalog, the firmware update gets downloaded and installed, just like a device driver update does through Windows Update.  If you do a search in the catalog, you'll see they now have a large library of firmware: https://www.catalog.update.microsoft.com/Search.aspx?q=firmware (they only show 1,000 entries max, but try searching for 'Dell firmware', 'HP firmware', 'Lenovo firmware', etc. and you'll see manufacturer-specific entries).

 

Regards,

Aryeh Goretsky
 

 

[crp]

I've encountered disconnects between version number being higher but date of creation being earlier. 

Then the vendor software and MSFT Updates get into a "tug-of-war" about the issue.