Enabling signed BIOS update feature through CCTK

OK thanks Warren. I wish it had been enabled by default. In the meantime, if you could find out the token value for this setting, then I could just set it that way.

Hi Clint, Give this token a try. Token Details 0325h Signed Firmware Update Enable

Some of this thread was cut off due to being posted after the migration date to the new forum. I saved the thread just in case. Anyway, I've noticed a number of issues.

On OptiPlex 960s, it looks like the feature was added starting with the A13 BIOS according to the release notes. I tried --istokenactive=0x0325 to see if the feature was reported correctly. Unfortunately this froze the OS almost immediately. I also tried --token=0x0325 and that resulted in the same freeze/hang/lock up behavior. After rebooting and checking the BIOS, I can see the feature was not enabled. I've tested this with CCTK 2.0.1 on Vista SP2 x86 and Windows 7 SP1 x86 and x64 so I don't think the OS matters. I tested on A11, A13, and A14 BIOSes. Since the feature was not present in A11, the command run as expected reporting the state byte is not available. A13 and A14 BIOSes result in an OS freeze when using CCTK though. I'm not sure if this is a BIOS issue or CCTK issue but since this mostly works for other models I've tested, I think it is probably a BIOS issue. 

The second issue is with the Latitude E6420. It looks like the feature was added in the A05 version of the BIOS according to the release notes. Unfortunately --istokenactive and --token don't detect 0x0325 as being a valid token. I manually checked the BIOS dialog and the feature is there. Once I installed A06, then CCTK reported the token as being valid. Seems like a weird issue. My guess is that the Latitude E5420 and Latitude E5320 also have this same problem because their A05 and A06 BIOSes were released at the exact same time as the E6420. Unfortunately I don't have the hardware to test those two models but I'm trying to find someone who can confirm if the problem exists on those specific models too.

I just did some testing with a Latitude D630. CCTK can enable the setting successfully. I checked the BIOS setup dialog to confirm it. Unfortunately the istokenactive command does not detect the token as being active. This seems like an issue with CCTK. Perhaps it is  the same bug that is affecting the Latitude E6420. I think the 960 issue is probably with the BIOS though.

Warren, can the CCTK team duplicate these issues?

I don't think that the D630 BIOS supports it, but I'm checking.

Sorry, mis-read your post.  I checked with the CCTK team and they stated that some of the desktop BIOS's don't have support for the token for CCTK but can be set manually.

The D630 has the token in A18. CCTK can enable the feature with the token. The problem is that istokenactive does not work correctly with that token. If the token was missing then --token would also not work. I'm still convinced there's a bug with the D630. I can double check the SMBIOS tables for the one that appears to have token number in it.

The Latitude E6420 is missing the token until a later version. --token and --istokenactive both don't work for A05 because the token is missing. They both work in A06 because the token exists. There's not much to do for this other than having it documented so people know this behavior.

The Dev team wasn't able to test on a D630.  The tested it on an E6420 with the following process.

1. Flash latest  BIOS

2. Install latest CCTK 2.1.1.

3. Open cctk in CLI mode.

4. To see the status of sfuenabled give cmd.

cctk.exe –sfuenabled

5. Set the sfuenabled

cctk.exe --sfuenabled=yes.

6. Sfuenabled  is set  successfully

Note:-

Once Sfuenabled is enabled it cannot be disabled

New Whitepaper on "Dell Client BIOS: Signed Firmware Update" that probably explains many of the questions on this thread.  en.community.dell.com/.../20287278.aspx