iflash 16 bit application? Need to update bios via cmd line. nuc5i5myhe

eedwa6 · ‎03-15-2018

nuc5i5myhe

Need to update bios via cmd line

Preparation for windows 10

secure boot enabled

Before someone ask me what i am trying to do -

I need to apply the same bios settings to multiple machines either via cmd line or during SCCM imaging.

I have read all of the guides, i have downloaded several express bios installers and "os independent iflash"

I had tried the integrator toolkit efi shell, - but i need to have secure boot turned on and this is a problem with ITK

Im fine with applying a stock bios but need to do it via command line - i can only find once switch "-s" which is apparently silent, but reboots the machine immediately. ( this is a problem for sccm imaging or an application package ) - need to apply on next boot like other vendors

I am testing creating a .bio file and need to apply this to several machines. Per the instructions i need to use the iflash2.exe utility however this is a 16bit app, that will not run in my winpe or dos. Is there a version compatible with modern day x64 windows or dos?

Example - I download the latest bios fro the support website - MYBDWi5v.86A.0040.BI - in the zip file is a iflash.exe from 2012

Link is below.

https://downloadcenter.intel.com/download/27363/BIOS-Update-MYBDWi5v-86A-?product=84861 Download BIOS Update [MYBDWi5v.86A]

MYBDWi5v.86A.0040.BI

What i would need to fix this

an iflash utility that will work with nuc5i5myhe in x64 winpe, or x64 windows

or

command line switches for the stock bios installers, to not reboot immediately so bios is applied on next boot

idata · ‎03-15-2018

Hello cpuadmin,

Thank you for joining the Intel Community Support.

I understand that you need help updating the BIOS for multiple Intel NUC kits.

Intel does not provide assistance for these update methods. The support for your product would be stand-alone installations.

Please consider the following information posted by different peers on the community.

-/thread/122138 Intel NUC BIOS Update via command line

Regarding the iflash utility compatible with 64-bit versions of Windows, I will consult the appropriate department to know if such application is available.

Wanner G.

eedwa6 · ‎03-15-2018

i read that form post and almost every post related to the bios. I have tried to interrogate the exe to see if there are any addiitonal switches. So far i only have a -force it applying over the same bios. However there have to be additional switches for this application, which is the question i am asking.

idata · ‎03-16-2018

Hello cpuadmin,

According to the following https://www.intel.com/content/www/us/en/support/articles/000006640/mini-pcs.html instructions, the method you are using is not supported by Windows for Intel NUC kits.

Regarding the command line switches, there is no additional support rather than the information posted so far. However, I am still trying to find a feasible way of doing it.

I will get back to you soon

Wanner G.

idata · ‎03-21-2018

Hello cpuadmin,

I am afraid iflash is only 16 bit. And all BIOS updates not only Intel requires a reboot.

Another option will be to image the system and then push the BIOS update.

I hope this information helps.

If there is anything else we can help please feel free to ask.

Best regards,

Henry A.

idata · ‎03-24-2018

Hello cpuadmin,

I just will like to follow up on your original question on BIOS update with out reboot.

If there is anything else we can help please feel free to ask.

Best regards,

Henry A.

idata · ‎03-29-2018

Hello cpuadmin,

We have not received any additional updates from your side related to your question on BIOS update questions.

I will proceed to close the case.

If there is anything else we can help please feel free to ask.

Best regards,

Henry A.

n_scott_pearson · ‎03-30-2018

I wanted to respond to this one to improve everyone's understanding of the firmware (including BIOS) update process...

There are three methods for updating the firmware:

An Express BIOS Update (EBU) package is executed on windows. The firmware update package (i.e. the contents of a .BIO file) is embedded in this executable.
The iFlash2 executable is invoked from a DOS (MSDOS, PCDOS, FreeDOS, etc.) command line which specifies the name of a locally-stored .BIO file.
During POST, the user hits the F7 key, which brings up a browser used to select the .BIO file.

Regardless of the method whereby the process is started, the process for performing a firmware update is the same:

The .BIO file's Update Capsules are loaded into a memory buffer.
The system is restarted.
The BIOS, seeing the Update Capsules sitting in memory, verifies these Capsules and, if all are valid, decrypts, decompresses and then installs them.

The restart in the middle of this process cannot be avoided. It ensures that the BIOS is in control of the update process and that this update can be performed in a fully secured environment.

Now my notes on Ed's other questions:

I was somewhat confused by Ed's assertions that the iFlash2 tool, being a 16-bit DOS executable, could not be used in a "modern" DOS environment. DOS, regardless of the implementation used (MSDOS, PCDOS, FreeDOS, etc.), *is* a 16-bit environment, so no issues exist (yes, it does has the ability to load and run 32-bit applications, but only by having a 16-bit "wrapper" around the 32-bit application). I think that what Ed is talking about is a DOS CLI running under another O/S (Windows, WinPE, etc.). It is certainly true that the 16-bit iFlash2 executable cannot be loaded on a 64-bit system; such a system can only support 64- and 32-bit executables. The important thing is that iFlash2 is designed for the true DOS environment, namely a standalone O/S.
Ed asked whether there was a method to perform a BIOS update from Windows or WinPE. Yes, both 32- and 64-bit EBU executables are provided to support this. Unfortunately, it seems that no support is provided for generating new EBU executables that contain customized .BIO files. I am looking into this issue with the NUC development team...

Hope this helps,

...S

eedwa6 · ‎03-30-2018

Mr Pearson

Thanks for the response

My ultimate goal is to have this all done during imaging, so that on imaging the bios is updated, os drive encrypted and all setup on the build of the machine. If an application forces a reboot outside of sccm control then it will fail imaging. Unfortunately intel is the only manufacturer i have, that i has this limitation with for the BIOS as Dell, hp and lenovo all apply their bios settings return exit code 0 or 3010 then apply the bios update on the next reboot, which keeps sccm imaging happy. If there is something i can run in powershell to get around this if possibly im all ears. If not i am planning to push out the bios update, during the 4am+ hours. But it is still a risk if someone is in the office working. I am in an industry where IT cannot reboot machines if someone is working.

n_scott_pearson · ‎03-30-2018

Sorry, but, as I said, this reboot cannot be avoided nor can it be delayed. As I also said, it is done this way to secure the process. Intel has been doing it this way for a very long time (close to 15 years); it isn't going to change now. Any process that allows a delay before the reboot is open to attack.

...S

Mitchell_R_Intel · ‎04-02-2018

One thing with the current BIOSs on the NUC is you can't run EFI Shell with Secure Boot Enabled. This is because EFI Shell is not signed so Secure Boot will not allow booting to it. Even with the Built-in EFI Shell in Visual BIOS.

Also, As Scott said, iFlash2.exe requires a true copy of DOS to use. Not the sudo-DOS that is part of Windows. If you need to flash from Windows, use the EBU BIOS updater. These will also run from a WinPE environment too.