Community
cancel
Showing results for 
Search instead for 
Did you mean: 
dpostolov
Novice
14,824 Views

Intel NUC7PJYH2 BIOS Upgrade to 0058 causes boot failure Linux and Unix-like operating systems

Hi! Sorry for my bad English...

Intel NUC7PJYH2 BIOS Upgrade to 0058 causes boot failure Linux and Unix-like operating systems

Intel BOXNUC7PJYH2 Version #: J67992-404, Date of Manufacture: 22 May 2020.

With previous BIOS 0057 all OK with Linux, Unix-like OSes and Windows. After upgrading the BIOS by F7 to version 0058 and F9 - Load defaults and configure Bios (with Linux or Windows boot profile and disable Secure Boot), Windows 10 installer is loading successfully from USB stick, but Linux and Unix-like (FreeBSD and NetBSD) are not loaded.

Linux Mint 20.1 Xfce edition -> blank screen when loading and system stops
FreeBSD 12.2 Screenshot -> https://yadi.sk/i/OvWKz7XfLH_EGA
NetBSD 9.1_STABLE Screenshot -> https://yadi.sk/i/-uSPJoVtqTr0gA

1. Please remove Intel NUC7PJYH Bios 0058 from Download Center to avoid problems with Linux and Unix-like users.
2. Please fix this Bios bug for Linux users

Probably this is a problem with ACPI BIOS settings for Linux and Unix-like OSes.

144 Replies
Animal666
Beginner
2,391 Views

Bit of a shame if you have a dual boot system,
I suppose it’s Bye Bye Windows OS License if it’s a non-retail version?
mvignol
Novice
2,391 Views

i've been offered the same solution -- send mine in and wait till they send me a replacement.  or pay $25 for them to ship me one overnight and w/ a return label.  frankly, since this was their mess up, it seems that $25 should be waived.  spending $25 to get back up and running is what happens when you install ransomware, not official bios updates.

 

tomb31
New Contributor I
2,357 Views

Just beware that Intel MAY send you a refurbished replacement unit. I had to exchange a brand new defective NUC about 2 years ago and luckily they sent me (I'm in the US) a brand new one. But at no point were they able to guarantee me that I would receive a brand new unit. I was quite annoyed because it was literally only a month or so old. I guess I got lucky. I did however pay the $25 because I needed a replacement asap, and it really was a very, very quick process. They did place a temporary charge for the full retail price on my credit card that was dropped once they received the defective unit.

OM-1
Beginner
2,270 Views

I have the exact same problem, after going through this thread, looks like it's a BUG with the 0058 version. Whats the solution, we wait for them until they release a patch? My unit is only a month old. Lesson learned, never upgrade the bios if the system if running fine.

tomb31
New Contributor I
2,263 Views

That's how security is achieved. Security that you don't end up with a paper weight. Never touch a working system, especially if the manufacturer doesn't allow to roll back updates when they create problems.

Luckily I missed the 58 update, usually I jump on them right away. But 57 was the last update I will ever install on my NUC, it's just not worth the risk going forward.

Animal666
Beginner
2,262 Views

They're not sure when the BIOS fix will be out, so I think they're replacing them? 

open a live chat with support, and message them?

Mine is being picked up by courier tomorrow.

OM-1
Beginner
2,248 Views

As a work around, I installed Hyper-V Core 2019 (free) and then installed Ubuntu on the top of it. It's holding up pretty good. But you need 8GB of ram.
LeCaNo
New Contributor I
2,195 Views

Today i got my replacement NUC7PJYH from Amazon Germany.

 

In the future i will wait with the BIOS updates. Or i let my new NUC7PJYH at BIOS 0057.

Moto-Bro
Beginner
2,164 Views

OM-1: Open up a support request with Intel. They will replace your NUC, turnaround could be up to 2 weeks including shipping times.

pleasefixthis
New Contributor I
2,135 Views

To  be honest, I don't understand why it would be against security policies to "downgrade" the BIOS for affected users, but it's acceptable to send users a new unit with a lower BIOS version. Makes little sense to me and the environmental impact is not good at all.

Now my unit will be picked up soon, which is another bummer: I have to be available over a six hour timeframe, in case the parcel service rings my bell. I wasn't allowed to just bring the package to the post office myself. And I'll only get a replacement once my unit was received by Intel. Guess they handle it different here in Europe than in the US.

While I'm happy that some of the Intel staff have answered here, I feel the whole process is really everything but customer friendly. No time frame for a fix, a tedious process of shipping that requires time and effort (put documents in, write a number on the package, print package label) and not knowing when or even whether my "new" NUC will get the security update.

n_scott_pearson
Super User Retired Employee
2,119 Views

A unit with an older BIOS can always be upgraded if the included mitigations are considered a requirement. A unit that can be downgraded can be abused by bad actors; if they downgrade the BIOS, they can then use the vulnerabilities that had been mitigated to do the nefarious. Frankly, I don't get why you folks don't understand this.

Intel first shipped a (chipset-based) Management Engine (ME) in the 965 chipset. That was 14 chipset generations ago. Every single one of those Management Engines has enforced this rule; once an update is installed, it cannot be uninstalled (downgraded). The NUC team cannot do anything about this; the ME team sets the rules.

Not customer friendly? Obvious you don't deal with many companies' support services (I use that term loosely). I consider Intel Customer Support one of the best around. Unfortunately, that's not saying much.

Fact is, Intel Customer Support (and volunteers like me who are under NDA) simply cannot provide any information regarding features, schedule or availability. It simply isn't allowed. Intel had to inject this rule because people treated guesstimates as hard and fast commitments and sued Intel if they were late. If you want someone to blame, blame the trolls taking advantage of this.

As for the returns, you don't have to do it. You can always just wait for the fix...

...S

tomb31
New Contributor I
2,111 Views

That's such a lame excuse.

If Intel was serious about security they wouldn't implement the backdoor security nightmare called Management Engine in the first place. Who knows what unauthorized stuff may be running in the ME already that Intel knows nothing about. As long as ME is there, a "bad actor" rolling back my bios is the least of my worries.

Put a simple physical jumper on the board to allow downgrades then. If you have physical address to the box a bad actor can do anything anyway. Like swap the board, memory chip, whatever, add bad stuff...

I get it, they have their silly rules. Whatever. I just know that I will no longer upgrade the firmware unless I really don't have another choice. The risk is simply not worth it.

pleasefixthis
New Contributor I
2,109 Views

@n_scott_pearson I should have explained why I put the "downgrade" in quotes. I was referring to the idea posted by another user, that Intel could simply release a higher version of the previous bios as a hotfix, until a solution is available. This way no malicious downgrade could take place, since the version got incremented (although the code would be that of a previous version).

I'd love to not return my NUC, but since no one puts any kind of estimate here (I somewhat understand your explanation here) and I don't know if this will take days, weeks or even months, I can't. I need my NUC to work properly.

tomb31
New Contributor I
2,100 Views

And not to mention the risk of having to ship back a unit for an exchange. That assumes that the new unit isn't intercepted and manipulated in transit. Rolling back yourself may be the more secure option. Maybe it's a little far fetched, but who knows. All depends on who you are. Maybe ME saves my encryption keys? Maybe it even sends them out to interested parties if it's connected to the internet. Would you send back a harddrive with sensitive data for warranty? I wouldn't. I'd destroy it. There's no 100% security. To me, being able to roll back software if it causes issue is one of those basic things that I just take for granted. IT admins do it every day. And sometime that means re-introducing known security issues. Booo

Balazs
Novice
2,078 Views

I was a bit lucky when I discovered this topic about 2 weeks ago.  I purchased the NUC a day before in an online webshop as a private person. By the (EU) law, I have 14 days to return the device and the seller have to accept the return without any question and give full refund.

When the NUC became a brick, I returned it and purchased exact same device, same day.

If the same law exist in your country, I would initiate the RMA to Intel ASAP and purchase an other NUC temporarly. Yes, you need to invest a bit, but you will get back your money at the end, on the other hand you will have a working device during the RMA process.

n_scott_pearson
Super User Retired Employee
2,033 Views

@pleasefixthis asked a question and then deleted it, but I will answer it anyway since it was asked more than once.

You cannot downgrade by installing an older version over top of a newer one. This would be possible only if every pertinent firmware capsule in the package was regenerated with a new 'hotfix' version number. Since the NUC BIOS team does not own all of these capsules - and thus cannot regenerate them - this can't be done.

Sorry,

...S

 

tomb31
New Contributor I
2,024 Views

Intel owns it. I don't think customers should be expected to care about the internal (dysfunctional) organization of their teams and how they operate. Sometimes managers need to go up a few levels to make things happen. It *can* be done, they just don't want to. Probably not enough people being screwed right now. Can you imagine if firmware updates happened automatically? I don't see them asking thousands or millions of customers to send in their device for a replacement...

robimo
Novice
1,214 Views

no news of a new BIOS?

n_scott_pearson
Super User Retired Employee
1,142 Views

I haven't heard anything. Pinging the team...

...S

n_scott_pearson
Super User Retired Employee
1,061 Views

No, sorry, supporting a downgrade capability is simply not possible. This has been explained ad nauseum; I won't discuss it any further. When the fix clears validation, it will be released. When it is released, you will be notified.

If you want to have your unit replaced, this is certainly possible. I am willing to bet that the fix will be here before that process could be completed, however.

Your other option is to install Windows 10 Pro and run your Linux distro in a Hyper-V VM. Remember that you can (still) install Windows 10 Pro essentially for free if you have an old, unused license for Windows 7 Pro, Windows 7 Ultimate, Windows 8 Pro or Windows 8.1 Pro.

...S

 

Reply