In this post I want to note some quirks one needs to consider when updating the BIOS of a Gigabyte Mainboard while using Linux.
But first I want to appreciate the support that Gigabyte/ AMD provide. I still get BIOS updates in 2021 for the mid-range B350 chipset originally released in 2017. Also, the ability to update from within Linux was just added to the BIOS along the way. So Kudos for that!
Preparing the update
The easiest way to update the BIOS is doing so from within the UEFI using the Gigabyte Q-Flash utility. I dont recall when exactly it was added, but going through the changelog, it should have been at revision F30.
Having Q-Flash available, you can just download the BIOS update and copy the BIOS image (e.g. AB350NGW.51d
in my case) to /bin/efi
, which is the EFI partition readable by the BIOS. Next, just reboot into the BIOS and point the Q-Flash utility to that file.
Post-update quirks
Unfortunately, the BIOS update overwrites some important settings. Most notably your Machine Owner Keys (MOK) that are required for Secure Boot are lost.
So after update, change the following settings
- CSM Support: disabled
- Secure Boot: enabled
- Secure Boot Mode: standard
After this you have to re-enroll your MOK again. The easiest way is to re-install the nvidia-dkms-XXX
package which triggers the process.
Upon reboot you will be greeted by the EFI menu, where you should select “Enroll MOK” and and enter the code that you chose previously.
You can verify that everything went right by rebooting and running
mokutil --sb-state
Also, if you want to Docker or any kind of Virtualisation, you have to re-enable AMD Secure Virtual Machine (SVM), which is inconveniently buried under
- M.I.T > Advanced Frequency Settings > Advanced CPU Settings > SVM Mode: enabled