On Sat, Aug 11, 2018 at 09:52:16PM -0700, Marcus Linsner wrote: > Hello. > > I'm attempting to flash a new BIOS (ie. upgrade) and I am greeted by the BIOS > with the following message: > > "Important Notice!!! > Please back up your Bitlocker recovery key and suspend Bitlocker encryption > in the operating system before updating your BIOS or ME firmware." > > Is there something that I need to do in Qubes (R4.0) before updating BIOS > assuming either of the following: > 1. I don't have Anti Evil Maid installed > 2. I do have AEM installed. > > while Secure Boot is Enabled in BIOS and so is TPM (1.3) ? > > In the case of point 2 the following info exists: > > "Xen/kernel/BIOS/firmware upgrades > ================================== > > After Xen, kernel, BIOS, or firmware upgrades, you will need to reboot > and enter your disk decryption passphrase even though you can't see your > secret. Please note that you will see a `Freshness toekn unsealing failed!` > error. It (along with your AEM secrets) will be resealed again automatically > later in the boot process (see step 4.a). > > Some additional things that can cause AEM secrets and freshness token to > fail to unseal (non-exhaustive list): > > * changing the LUKS header of the encrypted root partition > * modifying the initrd (adding/removing files or just re-generating it) > * changing kernel commandline parameters in GRUB" > > that is from > https://github.com/QubesOS/qubes-antievilmaid/blob/af4f6160dfd89d126b923c183b5a9cea18b4b1b9/anti-evil-maid/README#L344-L358 > > > In the case of point 1, what I want to know is whether or not I will still be > able to boot my existing Qubes R4.0 installation after the BIOS update and if > not how can it be fixed? This is the reason for this post. >
If you have replaced your windows installation completely then I dont think you need to do anything in case 1. At least, I have flashed BIOS a number of times and not encounterd problems in that situation. ymmv. Obviously you should take full backup before doing this. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180812153615.zjkfq3n7edkzmxko%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
