On May 26, a user on HP’s support forums reported that a forced, automatic BIOS update had bricked their HP ProBook 455 G7 into an unusable state. Subsequently, other users have joined the thread to sound off about experiencing the same issue.
This common knowledge regarding BIOS software would, then, seem to make automatic, forced BIOS updates a real issue, even if it weren’t breaking anything. Allowing the user to manually install and prepare their systems for a BIOS update is key to preventing issues like this.
At the time of writing, HP has made no official comment on the matter — and since this battery update was forced on laptops originally released in 2020, this issue has also bricked hardware outside of the warranty window, when previously users could simply send in the laptop for a free repair.
Overall, this isn’t a very good look for HP, particularly its BIOS update practices. The fragility of BIOS software should have tipped off the powers at be at HP about the lack of foresight in this release model, and now we’re seeing it in full force with forced, bugged BIOS updates that kill laptops.
The idea of forced automatic BIOS update is dumb. BIOS only should initialize its required components and fuck off afterwards.
seems like it should be an opt-in setting in BIOS;
- HP might want to learn from the other OEM vendors what to do for BIOS/UEFI configuration
There is no BIOS anymore. It’s all UEFI, which is massively fatter and more complex. Being fat and complex, they have plenty of security vulnerabilities that need to be patched.
At the time of writing, HP has made no official comment on the matter — and since this battery update was forced on laptops originally released in 2020, this issue has also bricked hardware outside of the warranty window, when previously users could simply send in the laptop for a free repair.
I am not all that big on conspiracies, but this is HP, which is famous for screwing people over for as much money as possible and bricking perfectly usable technology, so if it turns out this was intentional, I won’t even be a little shocked.
As the enshittification of everything gains momentum, I could also see this as an intentional “oops!”
But we are talking about HP. They are now and always have been completely incompetent PC makers. I had friends back in the early 2000s with broken HP desktop computers that I refused to work on because they were the hardest to get working again.
I’d go Hanlon’s Razor on this, because I’ve seen some stunning stupidity. It’s not all evil when some of it is just plain dumb, because of incomplete testing and oversight, because they cut costs to save money, so the CEO gets a bonus, and ohhhhhhhh I see it now.
It’s evil.
I wish we could get a dump of executive emails.
I remember warning labels on BIOS updates that basically said that if nothing is broken, don’t do the update because the risk of bricking the device did not outweigh any potential benefits. That vendors are now pushing mandatory BIOS updates through Windows Update is terrifying.
When I heard that BIOS updates were going out automatically via Windows update I had just assumed the devices in question must be using an A/B update scheme to prevent the risk of accidentally bricking the system, because obviously they should.
Absolutely insane that’s not the case.
Why can even touch bios from system? That sound like horrible attack vector. If can infect bios, no reformat or reinstall will remove virus.
You’re not touching BIOS from the system. The software just downloads a cryptographically singed binary and reboots into BIOS. Then BIOS checks if the file is ok and proceeds to flash itself.
attack vetor if the person has physical access to your device, or the bios connect to the internet, at that point fuck it
No meant like if can infect system, could touch bios and infect, so make virus stay forever.
Which sound horrible.
Also Intel ME can connect to internet and is below BIOS. Agree, fuck it.
They really, really, should be doing A/B systems. Or just have an absolutely minimum loader that can load from EPROM/flash or USB so when the system storage gets messed up, you can still launch the updater from USB. That bios loader doesn’t need to know more than how to talk to storage and shovel bytes to the CPU, maybe blink a LED, it’s simple enough to be able to be actual ROM, never needing to be updated.
Wait, no: SD cards can talk SPI… it’s not going to be fast but it’s only a few megs anyway. The EPROM or Flash you’re using probably speaks SPI, already. You could literally make a system which can load the BIOS from SD card for the cost of a card cage and maybe a jumper. You could have gigabytes of bios storage for three bucks by using off the shelf cheap SD cards, forget A/B storage you could do the whole bloody alphabet and people could replace the thing easily.
Here’s some extra fun: there’s a decent chance that you only need a cable with JST or DuPont connectors. I’ve seen a fair number of laptop motherboards with unused SPI headers/connectors just hanging out. My understanding being that they’re for possible accessories or, literally for flashing/debugging the bios.
Are we sure it is the BIOS? Perhaps these people have run out of magenta subpixels or their printer ink subscription has lapsed.
Heh. Same HP. Though? I forget which company got what in the divorce. I think this one is the “code built by revolving-door sweatshops and who has budget to validate it” and not the “standing over the corpse of Print and hoping lock-in will keep customers” one. The two sides may sound the same but I’m sure there are differences.
(Keeping score at home? A drunk sailor with a fist full of hundies still can’t buy anything off that horrendous website, so some things haven’t changed in the divorce)
No one should buy HP products anymore. Seriously everything they make is terrible and then they break it more when they get bored of you and want you to buy another one.
Thing is, all the other major manufacturers are just as bad or worse.
As a PC technician, HP still somehow has the best service and support, which speaks volumes about how bad everyone else is. Dell’s support tools are a generation behind HP’s, and Lenovo’s build quality is atrocious. Not to mention Lenovo’s technician support is so badly fragmented and poorly run, they default to having the customer send the device in for repair and avoid sending an on-site technician just so they can avoid dealing with technician support. Speaking from personal experience, getting to the right person when I have a problem or need to order additional parts is like pulling teeth, and even if I manage to reach someone, they’re usually equal parts incompetent and unhelpful.
And Apple doesn’t even want to service their stuff.
These days, you have to pick your poison.
How do these things not have unbrickable A/B firmware partitions by now? Even I have that on a $2 microcontroller. Self-test doesn’t pass after an update? Instant automatic rollback to the previous working partition.
It’s pretty ridiculous not to have a way of recovering from a failed update.
On my desktop, I just have to plug a flash drive with the BIOS image into a specific USB port and press a button on the motherboard. It doesn’t matter if the BIOS is broken and it doesn’t even require a CPU or RAM to be installed.
HP notebooks can do that too though
Gigabyte?
do they even use ‘dualbios’ anymore? all i’ve seen lately is ‘q flash’ (for updating bios without a cpu or video present) on their boards.
It’s an Asrock board.
Hate to be that guy, but I bet someone somewhere did the math of how much extra profit they can get from people having their device bricked and just getting a new one vs how many of them actually do the warranty claim
My motherboard legit does this. Though it’s probably more so it’s an industrial one with like 8 SATA ports than anything else.
Plenty of motherboards do that and plenty of laptops. It’s just HP sucks big time, not only their printers. Fuck HP.
This is a classical example of user error.
They made the easily preventable mistake of buying HP.
PEBCAHP
Problem between keyboard and wallet
using windows*
fwupd under Linux also pushes firmware updates, if you let it.
yeah, it couldn’t help with company stupidity
since this battery update was forced on laptops originally released in 2020, this issue has also bricked hardware outside of the warranty window, when previously users could simply send in the laptop for a free repair.
I hope HP aren’t surprised when they get accosted with bricked laptops through their execs’ windshields at random intervals…
If i knew of any execs near where i live they would be getting a front row seat to my reenactment of the Office Space printer scene.
It’s rare for me to viscerally hate someone just for existing, but if i met an HP exec I would have to exert quite a bit of self control to not beat them until I lost feeling in my hands
It’s rare for me to viscerally hate someone just for existing
Microsoft exec as well
After the first 4 words of the title I was assuming it was intentional - Glad it doesn’t seem to be, but HP’s reputation is just that bad.
HP expanding their bad practices from printers to PCs now?
Microsoft should also be to blame here. Sending BIOS updates via automatic windows updates should not be a thing.
deleted by creator
The alternative is that BIOS updates simply never get applied.
Which is better than bricking a machine
Not sure when the sentiment changed, but it used to be heavily recommended against updating the bios on any computer unless there was a specific feature or fix your computer needed.
Sentiment changed when the “BIOS” became a component for enforcing security architecture via “SecureBoot” and also Bitlocker sealed to PCRs only does so much if the BIOS code is vulnerable. Now they really badly want a “trusted” chain from some root of trust until the OS bootloader takes over. Problem is that the developers have historically enjoyed being in a trusted, single user context for decades and so the firmware has been full of holes when actually pushed.
That’s a better alternative…
Ugh. Microsoft really trying to advertise for Linux again
on these laptops you can update bios from bios, just needs to be connected via ethernet
But that’s not automatic or forced. Linux would never automatically update a BIOS.
Is it even possible to update BIOS on Linux? AFAIK, the installers are either for Windows or directly through the BIOS itself.
I think its highly manufacturer dependent but I install BIOS updates from Ubuntu on all my Dells.
yes, but the manufacturer need to support, thinkpads update bios fine under linux for example, usinf fwupd
Right, but so few do that. In general, updating BIOS through Linux isn’t really a thing.
Updates for my laptop show up in the ‘update’ view of Discover. I currently manually decide whether to proceed, but the ‘click to update all’ I suspect is close enough for most people to be fully automatic, and perhaps even is fully automated for some people.
HP did the damage.
My wife’s Elitebook was also bricked by the most recent forced BIOS update.
Why anyone buys HP shit these days is beyond me. So many better options.
I have a no HP policy because of their printers and a no Samsung policy because of their TVs.
I also have a no Samsung policy, because of their refrigerators.