I read somewhere on Reddit that people who use Linux should periodically, manually check for security updates to their computers’ BIOS from their motherboard manufacturers, because Linux apparently ends automatic updates once you leave Windows. I have no idea of where to look on the ASUS website for my Zenbook 14, or if that’s even the right place. Could anyone give any guidance on this matter? Is this a thing that we should indeed be doing semiannually or something?
And what else should I be doing on a schedule (even if annually), while I’m at it? Haha.
So, folks who responded are conflating BIOS with UEFI. It’s a common mistake - but they are very different things that serve the same purpose.
BIOS is older technology. It usually wasn’t risky unless the board was somehow faulty, but there was always some risk because you were directly reflashing the CMOS.
UEFI is the current technology. If your board is less than 10 years old, you almost definitely have UEFI and not BIOS. It’s stored in NOR flash memory on the motherboard.
UEFI’s nature and design make it much simpler and safer to update. UEFI can be updated automatically within Linux; BIOS requires the board manufacturer’s utility to reprogram the CMOS.
I’m simplifying some of this. But this should help explain the conflicting responses of what gets updated under Linux.
I don’t think my old Windows PC ever did an automatic update…
Asus seems to be supported by fwupd, at least they are listed on the vendors list, so I suppose (?) it can manage the update for you. Depending on your distro this might event be automatic by default, otherwise depending on your DE this might be available from the graphical software store or just from the cli.
They are supported, but they only push updates to a few models (typically server models).
For desktop motherboards, its better to go to ASUS’s support website, look up your board, download the latest BIOS, and install it per their instructions.
Also, if you have ANY custom settings in your BIOS, such as overclocked CPU, mem timings, IOMMU enabled, SecureBoot keys, etc, BE SURE TO BACK THEM UP before upgrading your BIOS. I have a notes.txt file of all my BIOS settings because I have to reapply everything after an update since it sets everything to default.
You just go to the support site and download and install them? Same as on Windows.
And no, you can get automatic firmware updates under Linux too, through fwupdmgr and similar tools.
I… Haven’t actually seen Windows ever push auto updates to my BIOS either except through enterprise utilities by companies like Dell. I have always had to manually update BIOS firmware.
Generally speaking though, BIOS is one of those things where if it is working, you don’t mess with it. Occasionally chipset security patches get pushed in BIOS updates but that’s about the only reason to update.
I was genuinely surprised to see my Dell laptop get firmware updates thru fwupd
fwupdmgr get-devices --show-allIf you see your bios/uefi firmware, piece of cake.
fwupdmgr update [device]However, fwupd generally runs at boot and as a daemon and will check automatically so you don’t have to do this.
But, if you don’t have it running for whatever reason, use those commands.
If that doesn’t work, you might have to use a usb formatted to fat32 and have freedos installed on it along with your bios.exe file and boot to the usb to flash your bios.
Depending on your motherboard, a BIOS update could either be completely painless or very painful. You could probably live without updating at all on a home PC. If you’re running a server with a WAN connection then you probably only need to look out for critical security updates, though I’ve never had anything pop up myself.
Search for your specific model, it may or may not be this link, but for a Zenbook 14 this came up after searching “ASUS Zenbook 14 support”.
https://www.asus.com/supportonly/ux3402za/helpdesk_bios/
You’ll need to format a flash drive and save the BIOS update to it, then boot into BIOS and run the update. For many laptops, instead of saving a BIOS update to the drive you may need to run a setup tool (usually a .exe, so may need compatibility tool) and boot to the USB.
As for frequency, just periodically check the notes for the BIOS releases and determine whether to update based on the features or patches in it. Not necessary to update for everyone one, and many security updates will be more for servers than general purpose personal computers, but that’s up to your own risk analysis.
First of all, don’t. Generally, if the BIOS is working fine, you don’t fuck with it. Attempting to update the BIOS can sometimes brick a motherboard if it goes wrong, so it’s a risk you only want to take if you actually need to.
Checking is relatively easy:
-
Boot into your BIOS and look for a version number. If it’s not already present in the corner somewhere, it will likely be in some ‘help’ or ‘about’ or ‘information’ menu. Make a note of what the version number is.
-
Go to your motherboard manufacturer’s website, find your model, go to their ‘downloads’ page, find the BIOS download and check the version on it. If the version number is higher than the one from Step 1, there’s an update available.
And if you think that update is worth the trouble and risk of installing, follow your motherboard manual’s instructions for installing the update.
I was so scared to update the BIOS, because in previous PC when I tried it, it went wrong and I had to replace the entire motherboard. Now with my current computer, I didn’t update the BIOS (until now). I had random crashes in a specific game, which the motherboard “could” be responsible for (I’m not going into details here). The original firmware is from 2022, almost 4 years old, and since there were dozens maybe 100 updates! Last one from this months. I think this will improve stability, compatibility and security, and with a little bit luck also performance. So everyone should theoretically do it, but make sure you do it right.
What’s cool on my ASUS board is, I could update from USB stick while PC is turned off. I just had to make sure file was named correctly, and just hold the button on the motherboard for 3 seconds to start the process and wait (maybe 3 minutes, felt like 3 hours). After rebooting the system I had to accept recovering the previous bios settings, on the prompt at boot, save the settings and reboot normally. Confirmed the new bios version is running with
inxi -M.Check the update change notes and fixes. If it is CVE patch stuff you want to update
-
You don’t need anything but a USB with the update files downloaded to them. Boot to BIOS, choose update, point to USB, done.
Definitely don’t reset or power off while it’s updating itself, though.
ASUS will have the steps and files for your mobo model on their site. It’s very simple.
Google something like “BIOS update Asus” plus your computer model, then download the file from the official Asus site if out of date.
