Things to do in Qubes before a BIOS update
Marcus Linsner
I'm attempting to flash a new BIOS (ie. upgrade) and I am greeted by the BIOS with the following message:
"Important Notice!!!
Please back up your Bitlocker recovery key and suspend Bitlocker encryption in the operating system before updating your BIOS or ME firmware."
Is there something that I need to do in Qubes (R4.0) before updating BIOS assuming either of the following:
1. I don't have Anti Evil Maid installed
2. I do have AEM installed.
while Secure Boot is Enabled in BIOS and so is TPM (1.3) ?
In the case of point 2 the following info exists:
"Xen/kernel/BIOS/firmware upgrades
==================================
After Xen, kernel, BIOS, or firmware upgrades, you will need to reboot
and enter your disk decryption passphrase even though you can't see your
secret. Please note that you will see a `Freshness toekn unsealing failed!`
error. It (along with your AEM secrets) will be resealed again automatically
later in the boot process (see step 4.a).
Some additional things that can cause AEM secrets and freshness token to
fail to unseal (non-exhaustive list):
* changing the LUKS header of the encrypted root partition
* modifying the initrd (adding/removing files or just re-generating it)
* changing kernel commandline parameters in GRUB"
In the case of point 1, what I want to know is whether or not I will still be able to boot my existing Qubes R4.0 installation after the BIOS update and if not how can it be fixed? This is the reason for this post.
Unman
think you need to do anything in case 1. At least, I have flashed BIOS
a number of times and not encounterd problems in that situation. ymmv.
Obviously you should take full backup before doing this.
Marcus Linsner
Thanks Unman. I have upgraded BIOS successfully and there were no issues booting Qubes afterwards.