Hello.

I'm attempting to flash a new BIOS (ie. upgrade) and I am greeted by the BIOS 
with the following message:

"Important Notice!!!
Please back up your Bitlocker recovery key and suspend Bitlocker encryption in 
the operating system before updating your BIOS or ME firmware."

Is there something that I need to do in Qubes (R4.0) before updating BIOS 
assuming either of the following:
1. I don't have Anti Evil Maid installed
2. I do have AEM installed.

while Secure Boot is Enabled in BIOS and so is TPM (1.3) ?

In the case of point 2 the following info exists:

"Xen/kernel/BIOS/firmware upgrades
==================================

After Xen, kernel, BIOS, or firmware upgrades, you will need to reboot
and enter your disk decryption passphrase even though you can't see your
secret. Please note that you will see a `Freshness toekn unsealing failed!`
error. It (along with your AEM secrets) will be resealed again automatically
later in the boot process (see step 4.a).

Some additional things that can cause AEM secrets and freshness token to
fail to unseal (non-exhaustive list):

* changing the LUKS header of the encrypted root partition
* modifying the initrd (adding/removing files or just re-generating it)
* changing kernel commandline parameters in GRUB"

that is from 
https://github.com/QubesOS/qubes-antievilmaid/blob/af4f6160dfd89d126b923c183b5a9cea18b4b1b9/anti-evil-maid/README#L344-L358


In the case of point 1, what I want to know is whether or not I will still be 
able to boot my existing Qubes R4.0 installation after the BIOS update and if 
not how can it be fixed? This is the reason for this post.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e8dcafbf-8820-498b-b5b9-a0664ba083d7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to