On May 26, a user on HP’s support forums reported that a forced, automatic BIOS update had bricked their HP ProBook 455 G7 into an unusable state. Subsequently, other users have joined the thread to sound off about experiencing the same issue.

This common knowledge regarding BIOS software would, then, seem to make automatic, forced BIOS updates a real issue, even if it weren’t breaking anything. Allowing the user to manually install and prepare their systems for a BIOS update is key to preventing issues like this.

At the time of writing, HP has made no official comment on the matter — and since this battery update was forced on laptops originally released in 2020, this issue has also bricked hardware outside of the warranty window, when previously users could simply send in the laptop for a free repair.

Overall, this isn’t a very good look for HP, particularly its BIOS update practices. The fragility of BIOS software should have tipped off the powers at be at HP about the lack of foresight in this release model, and now we’re seeing it in full force with forced, bugged BIOS updates that kill laptops.

141 points

The idea of forced automatic BIOS update is dumb. BIOS only should initialize its required components and fuck off afterwards.

permalink
report
reply

seems like it should be an opt-in setting in BIOS;

  • HP might want to learn from the other OEM vendors what to do for BIOS/UEFI configuration
permalink
report
parent
reply
20 points
*

There is no BIOS anymore. It’s all UEFI, which is massively fatter and more complex. Being fat and complex, they have plenty of security vulnerabilities that need to be patched.

permalink
report
parent
reply
95 points

At the time of writing, HP has made no official comment on the matter — and since this battery update was forced on laptops originally released in 2020, this issue has also bricked hardware outside of the warranty window, when previously users could simply send in the laptop for a free repair.

I am not all that big on conspiracies, but this is HP, which is famous for screwing people over for as much money as possible and bricking perfectly usable technology, so if it turns out this was intentional, I won’t even be a little shocked.

permalink
report
reply
30 points

As the enshittification of everything gains momentum, I could also see this as an intentional “oops!”

But we are talking about HP. They are now and always have been completely incompetent PC makers. I had friends back in the early 2000s with broken HP desktop computers that I refused to work on because they were the hardest to get working again.

permalink
report
parent
reply
18 points

I’d go Hanlon’s Razor on this, because I’ve seen some stunning stupidity. It’s not all evil when some of it is just plain dumb, because of incomplete testing and oversight, because they cut costs to save money, so the CEO gets a bonus, and ohhhhhhhh I see it now.

It’s evil.

permalink
report
parent
reply
6 points

I wish we could get a dump of executive emails.

permalink
report
parent
reply
86 points

I remember warning labels on BIOS updates that basically said that if nothing is broken, don’t do the update because the risk of bricking the device did not outweigh any potential benefits. That vendors are now pushing mandatory BIOS updates through Windows Update is terrifying.

permalink
report
reply
17 points

When I heard that BIOS updates were going out automatically via Windows update I had just assumed the devices in question must be using an A/B update scheme to prevent the risk of accidentally bricking the system, because obviously they should.

Absolutely insane that’s not the case.

permalink
report
parent
reply
16 points

Why can even touch bios from system? That sound like horrible attack vector. If can infect bios, no reformat or reinstall will remove virus.

permalink
report
parent
reply
4 points

You’re not touching BIOS from the system. The software just downloads a cryptographically singed binary and reboots into BIOS. Then BIOS checks if the file is ok and proceeds to flash itself.

permalink
report
parent
reply
1 point
*

attack vetor if the person has physical access to your device, or the bios connect to the internet, at that point fuck it

permalink
report
parent
reply
2 points

No meant like if can infect system, could touch bios and infect, so make virus stay forever.

Which sound horrible.

Also Intel ME can connect to internet and is below BIOS. Agree, fuck it.

permalink
report
parent
reply
14 points

They really, really, should be doing A/B systems. Or just have an absolutely minimum loader that can load from EPROM/flash or USB so when the system storage gets messed up, you can still launch the updater from USB. That bios loader doesn’t need to know more than how to talk to storage and shovel bytes to the CPU, maybe blink a LED, it’s simple enough to be able to be actual ROM, never needing to be updated.

Wait, no: SD cards can talk SPI… it’s not going to be fast but it’s only a few megs anyway. The EPROM or Flash you’re using probably speaks SPI, already. You could literally make a system which can load the BIOS from SD card for the cost of a card cage and maybe a jumper. You could have gigabytes of bios storage for three bucks by using off the shelf cheap SD cards, forget A/B storage you could do the whole bloody alphabet and people could replace the thing easily.

permalink
report
parent
reply
4 points

Here’s some extra fun: there’s a decent chance that you only need a cable with JST or DuPont connectors. I’ve seen a fair number of laptop motherboards with unused SPI headers/connectors just hanging out. My understanding being that they’re for possible accessories or, literally for flashing/debugging the bios.

permalink
report
parent
reply
85 points

Are we sure it is the BIOS? Perhaps these people have run out of magenta subpixels or their printer ink subscription has lapsed.

permalink
report
reply
4 points

Heh. Same HP. Though? I forget which company got what in the divorce. I think this one is the “code built by revolving-door sweatshops and who has budget to validate it” and not the “standing over the corpse of Print and hoping lock-in will keep customers” one. The two sides may sound the same but I’m sure there are differences.

(Keeping score at home? A drunk sailor with a fist full of hundies still can’t buy anything off that horrendous website, so some things haven’t changed in the divorce)

permalink
report
parent
reply
65 points

No one should buy HP products anymore. Seriously everything they make is terrible and then they break it more when they get bored of you and want you to buy another one.

permalink
report
reply
11 points

Thing is, all the other major manufacturers are just as bad or worse.

As a PC technician, HP still somehow has the best service and support, which speaks volumes about how bad everyone else is. Dell’s support tools are a generation behind HP’s, and Lenovo’s build quality is atrocious. Not to mention Lenovo’s technician support is so badly fragmented and poorly run, they default to having the customer send the device in for repair and avoid sending an on-site technician just so they can avoid dealing with technician support. Speaking from personal experience, getting to the right person when I have a problem or need to order additional parts is like pulling teeth, and even if I manage to reach someone, they’re usually equal parts incompetent and unhelpful.

And Apple doesn’t even want to service their stuff.

These days, you have to pick your poison.

permalink
report
parent
reply

Technology

!technology@lemmy.world

Create post

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


Community stats

  • 16K

    Monthly active users

  • 13K

    Posts

  • 568K

    Comments