Slashdot Mirror
What To Do When an Advised BIOS Upgrade Is Bad?
Bomarc writes "Twice now I've been advised to 'flash the BIOS to the latest,' once by a (major) hard drive controller maker (RAID); once by an OEM (who listed the update as 'critical,' and has removed older versions of the BIOS). Both times, the update has bricked an expensive piece of equipment. Both times, the response after the failed flash was 'It's not our problem, it's out of warranty.' Given that they recommended / advised that the unit be upgraded, shouldn't they shoulder the responsibility of BIOS upgrade failure? Also, if their design had sockets rather than soldering on parts, one could R/R the faulty part (BIOS chip), rather than going to eBay and praying. Am I the only one that has experienced this type of problem? Have you been advised to upgrade a BIOS (firmware); and the upgrade bricked the part or system? If so, what did you do? Should I name the companies?"
You should name the companies.
I found updating a motherboard's BIOS from Windows is as safe as Russian roulette. I found most motherboards have a SPI bus connector. You can make a parallel port to SPI adapter and save a bad flash.
is what the legal status of their "recommendations" is and whether you ought to sue them.
The tried-and-true andwer to that is: Ask a lawyer. I'm quite sure it can and does swing either way depending on local laws and any number of details you haven't provided.
http://whatif.xkcd.com/16/
Name the products, which will of course also tell us the companies. However, it is very hard to evaluate this in general terms. A flash operation can always go wrong. If the updated code expliclitly recommended by the vendor was in fact incompatible, then I think they are at fault to some extent even for out-of-warranty hardware. But that's the only case.
I generally exercise some degree of distrust towards computer manufacturer recommendations when my product is no longer under warranty and their legal team likely has them relatively well protected against your situation, but I'd definitely name names. Send a note to the Consumerist, find a few execs and contact them directly. It may be legal, but it's a dishonest approach for those companies to take. It doesn't cost you much time and energy to bring unwanted attention to the companies and that attention is sometimes enough to suddenly get your components replaced. It won't cause systematic change, but at least you're better off.
Not one to miss an opportunity for a car analogy: if a critical recall fix bricked your ride, I think most everyone would agree it is the manufacturer's responsibility to make things right even if the vehicle is out of warranty. Of course, there's obviously more regulation involved and a more direct correlation to physical safety in the case of cars (i.e., you are putting yourself at risk of bodily harm if you choose to disregard the recall fix).
It's been almost 4 years since I built my last box. I'm planning on building another desktop this summer and would like to know who to avoid as I'm intending to purchase a motherboot that's supported by coreboot so I don't have to deal with UEFI. If there's a motherboard vendor doing evil stuff and they're listed I would like to avoid them if I can. Here's the link for supported motherboards: http://www.coreboot.org/Supported_Motherboards
If it is working, then an "upgrade" cannot make it better. It can only be the same or worse.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
It's you. I've flashed firmwares of hundreds of devices - motherboards, phones, video cards, embedded systems, routers, etc, and I have never once had one of them brick.
That's not a fair statement, because the specific devices and firmware versions have not yet been stated, so your statement is completely based on an assumption based solely on your experiences, which may nor may not have any relevance to this hardware in question. Thus what you're doing is known as "blaming the victim".
Since you listed the update as "critical", you need to balance the pros and cons of doing this type of update. While updating the OS is a requirement against vulnerabilities, updating a BIOS isn't like that(most of the time). Sometime, you just need to tell the boss, "listen, if we don't update the firmware, it's possible that we'll get that bug that will destroy our data, and if we update the firmware, it's possible that we'll get some other problem, I suggest "this" and "this" but you need to be aware of the risks."
For BIOS and firmware, generally the update isn't critical no matter what a manufacturer says, especially on equipment that's been running for years. I would't update any server hardware firmware after a year in service unless I was experiencing problems, as those servers will generally not see any operations that are not already happening - IOW, their purpose is set and they are operating fine as is. No change needed. I might monitor them more closely after such a bulletin though, and perhaps plan an earlier than expected replacement.
The cesspool just got a check and balance.
Sockets are expensive and would add considerably to the height of the component. Everything is surface mount now.
I have a Lenovo Thinkpad T500 brick that I made this way three months ago. I was running into a few weird Windows problems--everything was fine on Linux--and "upgrade the BIOS" was a stock troubleshooting suggestion. After a decade of happy Thinkpad ownership I didn't think this was risky. On the first reboot the update did something to fry the TPM chip. It worked fine before, never again afterward. Boots hung for about 10 minutes as the BIOS tried to talk to it, I stopped that only by disabling it there. And then the next week the computer stopped POST altogether. The laptop had been running fine for 3 years at that point. I've seen a few similar reports at the Lenovo forums; it's not just me. The only people who resolved this were still under warranty, the rest of us haven't considered it cost effective to pay for a fix.
I tried to jump two major point releases at once here, from 1.20 to 3.24. My guess is that QA wasn't done on this much of a jump at once. Maybe 1.X->2.X->3.X or some other two step sequence would have worked. The Thinkpads have been disappointing is several ways recently, so I can't really say this surprised me.
No, actually, the people who have issues with BIOS/firmware updates are in the vast minority. Updates don't remain on a support site for long if the update itself has an issue. The vast majority of "bricks" caused by firmware flashing are either the fault of the person doing it, or the hardware already had a failure somewhere that was exacerbated by the flash.
Considering that IT departments flash hundreds/thousands of systems regularly, the handful of gripes you see on forums are just that - a handful.
I have some Thinkpads around here and it seems there's a firmware update every few months. But if you read the 'what's new' it's usually something stupid like "Old version updated to support new model xxxxxx" which I don't even have. Or worse "Corrected typo in BIOS menu."
Before I flash anything I'd like to know why and under what scenario, if any, it's necessary.
For the Dell system - Windows exe (for the BMC upgrade, listed by Dell as "critical")
For the LSI it was a boot disk
However: the question is about the failure -- when advised to upgrade, and the upgrade fails what to do then.
If the only two times the "victim" flashed a bios he bricked a device I suspect a loose nut behind the keyboard.
That is not at all the case. BIOS/firmware/driver updates/upgrades can potentially do four things for a working system:
1) Add new features. Many products get new features as their life goes on. My desktop board, an Intel, has gotten a number of new BIOS features during its life. When you update the code that runs something, no surprise that code can add features.
2) Improve performance. Sometimes, a faster/more efficient way of doing something is discovered. It takes an update to make that happen. I remember a big one back in the day with 3com switches. A firmware update provided a major improvement in through put and CPU usage.
3) Fix a bug that you haven't hit yet, but could. This is why you'll see updates tagged as urgent. Just because you never hit a bug that got discovered, doesn't mean the bug isn't there. So you want to get it fixed, BEFORE you hit it. There have been firmware updates that fixed some nasty ones, like data corruption with SSDs. Some people never got hit, but that doesn't mean the update wasn't a good idea.
4) Security issues. Same deal as with the bugs, just a different kind of bug. If a security issue is discovered, it'll take a patch to fix it and the system will be working before the patch.
The "Don't fix it if it ain't broke," really is not a valid ideology for systems administration.
These really aren't hard to do. I can take one off in under a minute, and I'm not even that good at it. SMT stuff is nowhere near as scary as people make it out to be.
Yeah, that's fair. But these devices aren't out of the box, they're out of warranty.
There is a degree of truth in what you're saying. He does shoulder responsibility here.
On the other hand, what the vendors have done is childish, at best. They have suggested he do something to the hardware, they participated (wrote the update), and when the metaphorical window broke, they ran like miscreants. Their mothers should really give them a firm talking to and send them to apologize.
I won't join Slashcott. OTOH, If Beta goes live, I just won't be back until it's fixed. Sorry Dice.
The failure rate on many computer related things floats at some fraction of a percent. If you've only done a few hundred of them, it wouldn't surprise me that you haven't seen a BIOS failure. It's not that unlikely from a statistics standpoint, just like two bad updates in a row is unlikely--but it's surely happening to some unlucky soul.
I got a shipment of 500 motherboards once that turned out to need an update before they could be deployed, to add support for the CPUs purchased. A bit under 1% of those BIOS updates didn't work out and the boards had to be RMAd. It was less of a problem than ones that were DOA though, where the system wouldn't even boot far enough to do the update. (These were Asus board in 2003, and I dream of DOA rates this low now)
I think the most 'robust' anti-brick motherboard I've ever seen had two bios chips - and a hardware switch selecting which one was active. The active one was rendered read-only, you could only flash the inactive one.
To update the machine you'd flash the inactive, power down the system, flip the switch, power back on and hope it worked*. If it worked, generally you just trucked on on 'B' instead of 'A', in case there was something hidden borked that you didn't find for a while. If the update was borked you simply powered down again and flipped the switch back.
*Like with any bios update...
I don't read AC A human right
Logic would dictate that if the piece is no longer functioning as desired you flash anyways as replacement is inevitable.
In other words, stop being a whingey bitch, recognise the inevitable, make informed decisions, and accept responsibility for them.
Don't complain about syntax, grammar, or spelling. There is no.hell like input on android.
Exactly. There is no excuse for any product that could be called "expensive" to be accidentally brickable.
After bricking three successive broadband routers using firmware upgrades recommended by their respective manufacturers, my position on firmware upgrades is simple: NEVER do them, unless you have nothing to lose (i.e. if your device is working so badly that you would need to replace it anyway).
My main concern is this: If the manufacturer gets punished for failing to properly support out of warranty hardware, they'll just stop altogether. Too many manufacturers will already refuse to talk to you about out of warranty equipment.
Since they tried to help, I'd prefer not to see them punished for this mistake. Think of it like good samaritan laws: They protect a person who stops to offer aid to the injured, from being sued.
My other thought is that perhaps there was some hidden problem that something in the update triggered. Updates often have new functionality, or may write to memory not used before, so it isn't too hard to imagine them tickling an existing bug. For a car analogy, imagine you bought a used car from a friend and complained that it shook horribly at 75, but since your friend never went over 65 he never noticed when the tires and alignment deteriorated to that point.
Finally, I'm appalled that they don't make old firmware versions available. That would be the appropriate response to your problem. Hopefully you can find someone helpful who has the old firmware around, either inside or outside the companies. Definitely appropriate for people to be warned that these updates can cause problems.
Assembly is the reverse of disassembly.
I'm too far down for this comment to really matter, but in general, it is possible to unbrick a failed BIOS flash. The reason is that already for some time all (or maybe almost all) manufacturers have two parts of the BIOS - one that gets updated, and a second part that never does, or maybe can't. The second part (actually it is the first), only has very rudimentary software. It can read floppy disks, but not much more than that. The idea is exactly that you can recover from a failed flash.
That means that to recover, you need to get the right program into a floppy, with the right BIOS on it. You then boot into this special flash mode, which often means pressing some key combination. I've done it on an LE1700 that I bought of e-bay, and I'm pretty sure you can do it on almost any computer.
In some more modern BIOSes you don't need a floppy, but can do it with a USB stick.
I'm too lazy to do a thorough search for the exact procedure, but here are two good links that I found:
http://www.mydellmini.com/forum/dell-mini-10v/18080-how-unbrick-mini-10v-using-floppy-drive.html (this will work also on other computers, I think)
http://www.wikihow.com/Reflash-BIOS
On top of that make an internet research about the upgrade.
Honestly: if you are in a corporate environment there is no reason _inside_ to upgrade stuff, regardless what reason is given by the vendors, except in very rare cases. (E.g. girewalls etc. are protecting you, so how should a security flaw _inside_ be a _serious_ problem?)
With inside I mean the computers/hardware inside of your corporate network.
What I want to say: judge if an upgrade is so serious you need to install it immediately.
Make a google/internet research what others say about it. If possible wait until you get enough google hits. Likely you only get hits if something went bad with the upgrade. So chose your timeframe.
German companies, I mean big ones, but its true for smaller ones as well, e.g. never upgrade to a new Windows version until the one they are currently running is _failing_ (not no longer supported, but: _failing_).
Of course this approach does not work, e.g. if a BIOS or firmware upgrade needs to be done for your gateways (routers to the outside) or similar.
In such cases obviously you need a backup. A replacement router from a different vendor, another RAID controller or another set of harddrives, what ever you do.
I remember an online game where suddenly there was a new TeamSpeak client available. Lots of people upgraded, with the result that the server rejected the connections, as the server was old and outdated. I keep my TS client as it is and only upgrade when the server rejects me because my client is to old (and I install the new version into a new folder so I can run both at the same time)
Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
You are thinking of Gigabyte motherboards. Dual-BIOS has been standard for over a decade on those.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
I flashed hundreds of BIOS in my lifetime, never once had this broke something.
I'm an IT pro, and I have flashed thousands of devices in my career. Hundreds of MB'a and countless HDs, cd-roms, RAID controllers, and amd network devices like WAPs. The only time I have bricked a device is when I lost power in the process. Even then, I was able to recover the device with some googling.
Maybe I've been lucky or maybe just buy H/W from good manufactures like Cisco, Dell, and HP.
...unless you're experiencing a problem expressly fixed by a BIOS patch - do NOT update your BIOS.
As much as I like to upgrade like the next guy - I've experienced far more problems than fixes with most bios updates. The only time I update now is when they specifically fix a problem I'm having.
In the case of your 'really expensive' stuff or essential hardware - if it's just a security patch - get a nice $50 router with firewall and plug your device into that. No use risking or destroying a piece of essential hardware on a BIOS update that is ALWAYS a risky operation.
And shame them. Shame them publicly on reviews and on their forums. Be courteous by not using foul language or being irate - but state the facts and how they treated you. If they don't realize this is super-bad PR, then these guys likely don't deserve your business.