Question Is Bios Version 2806 Recent Enough for Future Windows Update?

[The Guy From The Thing]

not sure how to word this, but I was recently told that next year, in July, Microsoft is pushing out an update for revocations with Secure Boot that will patch the BlackLotus malware vulnerability


this is currently an optional, hands-on update but apparently Microsoft is going to make it mandatory and enforced in 2024 and I've been told that if your drivers and hardware are not updated to recent versions, your PC might not start properly with Secure Boot after the update rolls out


I have up-to-date chipsets for my 5800x (8/17/23 as of this post), my 3070 graphics driver is from early 2023, and my B550-F board runs on Version 2806 which is from late 2022


I know I should update but everything is super stable (with DOCP, Eco Mode 65w, etc.) and I likely won't end up updating before July rolls around


is 2806 "recent enough" by these standards or will I face trouble with this update? I don't necessarily want to disable Secure Boot either. of course it's hard to say, since the update is so far off but I figured I'd ask

should probably also mention I'm on Windows 10 22H2; all my hardware is pretty recent

 

[Colif]

I assume you mean this one

ROG STRIX B550-F GAMING | Motherboards | ROG Australia

rog.asus.com

I guess DOCP makes that obvious now.

Not sure about bios version as all B550 bios versions would have secure boot in them already.

You don't need secure boot yet anyway. Its optional.

Win 10 never enforced it.

WIn 11 PC need to be able to run it but they haven't forced it on. I haven't turned it on and been on win 11 3 years now.

any link to saying its going to be enforced? I can't find anything about it.

patch released in May - https://www.bleepingcomputer.com/ne...fix-for-secure-boot-zero-day-used-by-malware/

 

[The Guy From The Thing]

I assume you mean this one

ROG STRIX B550-F GAMING | Motherboards | ROG Australia

rog.asus.com

I guess DOCP makes that obvious now.

well, the latest BIOS is from October so its likely it doesn't have that patch in it.

You don't need secure boot yet anyway. Its optional. WIn 11 PC need to be able to run it but they haven't forced it on. I haven't turned it on and been on win 11 3 years now.

any link to saying its going to be enforced?

wdym "DOCP makes that obvious"? (didn't see the first sentence of your post, nvm)


latest Bios iirc is on October 30th although the BlackLotus patch update seems to be a Windows update, not a Bios one

How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932 - Microsoft Support

support.microsoft.com

here's the article, and here's the specific snippet;
When updates are released for the enforcement phase, they will add the following:

• The revocations (Code Integrity Boot policy and Secure Boot disallow list) will be programmatically enforced after installing updates for Windows to all affected systems with no option to be disabled.

Secure Boot isn't necessary but I'd prefer to have it enabled anyway

 

[Colif]

DOCP is what Asus call XMP. I wasn't sure what brand motherboard you had until I searched B550-F and found it had to be Asus.

You would think it is already in windows then.. iif it was announced in May

though, the OS it refers to include an odd version
Windows 10 Home and Pro, version 21H2
wonder why it would update 21H2 when 22H2 is current version

Your BIOS should be good enough.
If you don't have it on now, do you know if your Boot drive is GPT or MBR? It matters as MBR boot drives can't work with secure boot on.

its already in windows 11 - https://www.elevenforum.com/t/new-r...4932-black-lotus-not-working-correctly.16611/

I am not sure about windows 10.

 

[The Guy From The Thing]

DOCP is what Asus call XMP. I wasn't sure what brand motherboard you had until I searched B550-F and found it had to be Asus.

You would think it is already in windows then.. iif it was announced in May

though, the OS it refers to include an odd version
Windows 10 Home and Pro, version 21H2
wonder why it would update 21H2 when 22H2 is current version

Your BIOS should be good enough.
If you don't have it on now, do you know if your Boot drive is GPT or MBR? It matters as MBR boot drives can't work with secure boot on.

its already in windows 11 - https://www.elevenforum.com/t/new-r...4932-black-lotus-not-working-correctly.16611/

I am not sure about windows 10.

you can apply the patch on both Windows 10 and Windows 11 afaik, but it's a lot more hands on and it's a completely manual process. I'm pretty sure July 2024 is making it a mandatory update that'll be pushed out with the regular updates


at least that's how I've read their weirdly worded article. I believe it's not fully patched due to how complex the whole Secure Boot keys and malware interactions work, which is why it's basically taking 2 years to patch it


anyway, I'm not too sure if it's GPT or MBR; my PC works perfectly fine with Secure Boot rn, would I be able to check in Disk Management? never checked before

 

[Colif]

if its on now, you are using GPT so its fine.

just so you can look - https://www.tenforums.com/tutorials/84888-check-if-disk-mbr-gpt-windows.html