ASUS 3990x in the Zentih ii alpha extreme running bios 1502.
Windows update seems to have attempted to update the bios to 1603 but pbo/2 was on and the bios had several settings customized.
This bios update failed and bricked the motherboard. Thanks windows update. Well the motherboard isn’t completely bricked but pcie is not working as it should anymore.
Has anyone else experienced a similar issue??
I am sure the board had an older bios on it, for specific reasons, so it’s a mystery what happened here.
Updating the bios from the OS level should never exist! imho
Despite the great convenience and in some situations even the possibility to update the remote equipment and not be able to update it.
Nevertheless, I consider such a solution an extreme mistake. Anything from the OS level that could break the hardware is idiocy.
Once upon a time there was this virus that messed with the cpu timing and now even incorrect background updates running without the user’s explicit consent and knowledge can kill your hardware. Absurd!
At least every motherboard should have the ability to physically block access to the bios from the OS level. There is no need to mention a spare, mandatory bios in case of a problem.
If it where me I’d definitively investigate if windows borked my bios by reading the bios chip directly and then comparing the read in binary to one of the bios binary files downloaded from ASUS.
Its actually fairly easy to do, you’d just need an soic test clip and one of the XGecu universal programmers (other programmers would work fine but the xgecu stuff seems to have the widest compatibility).
you’d just look for the bios flash chip on the board (any winbond branded chip is a dead giveaway)
then just checksum the read in binary file with one of the .CAP files (which are actually just binary files) downloaded from the ASUS site to see if it matches.
Ah I know the pain @wendell. Apple once bricked my old Macbook pro via system update that also updated EUFI. The people at the Apple store kept telling me that motherboard died, after I kept insisting that their update bricked my laptop.
They wanted 600 bucks for repair to replace the motherboard. Other less official places told me that they would have to buy a dead motherboard, unsolder that chip and solder it to my motherboard so that it has “legal” serial number. facepalm . I was like “look I’ll bring my receipts for the laptop, can you just reflash the EUFI chip on it?”
In the end I ended up buying the reverse connector for the SPI port on the macbrook pro mobo and built my own EUFI firmware from someone else’s dump. I edited it to have correct serial number and mac addresses(I think) and fixed the checksum.
That Macbook still works well to this day. Thankfully I learned a lot from that experience. There is a program on Linux that can work with programmers for flashing EUFI chip, but it can also make a backup while the system is running. I believe the only limitation was writing back to the chip as some of the sectors on it are protected by Intel ME. The program was called “flashrom”.
One fundamental problem in the design of PC BIOS/UEFI is settings from previous version cannot be automatically re-applied to the new version.
How does Windows Update determine which machine/motherboard’s BIOS can be automatically updated? Does Windows Update upgrade the BIOS but simply leave all settings to default?
I would think it’s another example that would work very well in Apple land but not in the PC world.
In this case I think that was the bug. Whatever Asus’ process was “from windows” it did not properly reset the settings and All Hell Broke Loose between these two bios versions.
At minimum this would have (should have) reset xmp defaults, and more. It is foolish for this to be updated in this way for DIY hardware.
I’ve used a RPI to flash bioses several times, chip still mounted on the board using jump wires piggyback style.
I had a customer that ultimately had a bad flash drive that caused a bad flash. dumped board with flashrom, then pushed newest bios from asus. then i used binwalk to dump/analyze the dumped bad bios, and compared to the original.
Turns out there was something messed up with the customers flash drive. Looking through the dump with binwalk, parts of it looked right, some segments were right, but some of the offsets were off. Turns out there was a PDF embedded in what was flashed onto the flash chip. I used photorec to dump the PDF within the bios image.
it was some sort of datasheet on stepper motors, I mentioned it to the customer, turns out it was homework/stuff for a project for a class he was in last year.
I’m guessing it was fragmentation/bad block on the flash drive used for the flash?
He was using the “no cpu” push button bios flash that basically has the PCH/some embedded micro controller to do the dirty work. Ryzen 3000 to 5000 update. I’m guessing it doesn’t have the resources to do checksumming/etc compared to flash in windows or even the EFI utility and just sends it if it finds a valid filename and magic number.
if you dumped the bad flash, maybe poke at it with binwalk/photorec. You might get some kind of spicy internal docs from microsoft
I really don’t like that windows update is pushing out bios updates.
go to LGPE/ gpedit.msc
Computer Configuration > Administrative Templates > Windows Components >Windows Update > Manage updates offered from Windows Updates → double click on the “Do not include drivers with Windows Updates”
The other registry or powershell ways seem to just do a sort of stop all updates in general completely, like i can not find one where you can individually prevent specifically BIOS updates being pushed either by m$ or vendors (like hp, asus etc) through their utilities and stuff.
plz double check before doing anything i said. Am newb and have barely used microsoft stuff…and i am very, very good at breaking things
I’ve seen some information, that even a windows upgrade from 10 → 11 bricked a computer. IIRC Techsource from YouTube had an issue lately with Windows Update killing a machine.
Sorry if I’ll state some things, that already have been said in this topic (brain is quite meh today to do those fancy reading every post things, my apologies).
As for the “Update mobo’s bios from Windows”, been there (it’s been 7-8 years ago, but I still remember like it was yesterday). My case was with MSI - the damn thing simply froze in the middle, and the “oh f…ascinating!” kicked in.
I saw post about the programmator and stuff, but at first, you could try googling if there are other recovery options (I don’t think that MSI’s the only one with such practice). In my case there was that “last hope manual”, where the board could be launched in a special way (no dual bios ofc) with a fat 32 (or was it even fat 16) usb 2.0 stick (with a light indicator for IO operations), having a bios flash file on it. It took me a while to get it running (I do believe it took me 6-8 hours), but I succeeded.
Interesting thing I’ve found is that Microsoft will ignore this on surface laptops. There are yet more undocumented registry entries that have to be set.
I don’t think registry hackery works well for scenarios like this
It may even be a threat vector in the case of penetration of the update provider. Not so long ago, the world was dealing with a similar matter…
If the source is poisoned and is able to deliver new versions that are modified then we have a beautiful vector to attack and survive even after a complete cleanup of the hdd.
It could even be worse than that: poisoned EUFI update could modify firmware on other system components in a system like SSD controller. Thankfully those often require a cryptographic signature.