Is there a place where you can download older versions of UEFI for SP 5?

[vasyah999]

In my recent attempt to make undervolting work for my SP5 I've found that existing UEFI versions on microsoft's site are locked for undervolting already. So is it possible to find somewhere a version of UEFI older than SurfacePro_Win10_17134_19.092.25297.0.msi?

[Aurareus]

Are you sure that the firmware downgrade is actually working for you at all?

I also have a Surface Pro 5 and am trying to downgrade the UEFI firmware in order to undervolt, and I do believe the firmware available on Microsoft's website do not have undervolting locked, including the one you mention.

The issue I am having (that perhaps you are also having?) is that the fwupd just isn't installing the UEFI firmware. When I install the UEFI firmware .cab file with fwupdmgr it tells me that the firmware has been installed and prompts for a restart. But upon restarting nothing has changed, which is confirmed by booting into the Surface Pro UEFI and checking the UEFI firmware version against the versions listed on Microsoft's website.

It just isn't installing the UEFI firmware on restart. I have Linux Firmware Updater at the top of the boot order too, so it isn't that.

I do have full disk encryption and a separate swap BTRFS partition, if that's at all relevant.

[qzed]

If I remember correctly, Microsoft blocked downgrades below some version. May have something to do with undervolting and some security bypass glitch that can be exploited via that. But don't quote me on this.

On Thu, Jun 29, 2023, 21:49 Aurareus @.***> wrote:

Are you sure that the firmware downgrade is actually working for you at all?

I also have a Surface Pro 5 and am trying to downgrade the UEFI firmware in order to undervolt, and I do believe the firmware available on Microsoft's website do not have undervolting locked, including the one you mention.

The issue I am having (that perhaps you are also having?) is that the fwupd just isn't installing the UEFI firmware. When I install the UEFI firmware .cab file with fwupdmgr it tells me that the firmware has been installed and prompts for a restart. But upon restarting nothing has changed, which is confirmed by booting into the Surface Pro UEFI and checking the UEFI firmware version against the versions listed on Microsoft's website.

It just isn't installing the UEFI firmware on restart. I have Linux Firmware Updater at the top of the boot order too, so it isn't that.

I do have full disk encryption and a separate swap BTRFS partition, if that's at all relevant.

— Reply to this email directly, view it on GitHub https://github.com/linux-surface/surface-uefi-firmware/issues/26#issuecomment-1613720161, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADG7W7SC6DISVWMCBSTPZETXNXL5VANCNFSM556A4GKA . You are receiving this because you are subscribed to this thread.Message ID: @.***>

[StollD]

I am not exactly sure what is happening in your case but here is what I know:

The version on the Microsoft website is always the latest one, excluding Windows Insider beta firmware. If you want older firmware, you need to find it in the Microsoft Update Catalog: https://www.catalog.update.microsoft.com/Home.aspx

Newer firmwares deem the versions that allowed undervolting as unsafe and will not install these versions. However, I believe that downgrades otherwise still work fine, you just need to downgrade to a safe version.

fwupd should print some text on the screen when it starts installing firmware, do you see that? Or does it not launch at all? What distro are you using? It could be a secureboot problem if you are on a distro that doesnt support secureboot, like Arch.

[Aurareus]

I'm on openSUSE Tumbleweed. fwupd does print a little installing progress bar which completes successfully, then prompts me for a restart, I'll screenshot it later this evening. I have secureboot enabled (openSUSE supports it), I'll try disabling secureboot.

The purpose of downgrading is to downgrade to a firmware version that allows undervolting. The security vulnerability (plundervolt) that was patched by locking the ability to undervolt requires direct local access to the machine and isn't a threat to most users depending on their use case, certainly not worth losing the ability to undervolt which the Surface Pro greatly benefits from. I am pretty certain that downgrading to firmware versions that have undervolting unlocked is possible as that is exactly what many users do.

[Aurareus]

Disabling secureboot fixed the issue of not being able to boot into the firmware updater. fwupd-efi actually does load and try to install the firmware update now.

Unfortunately, downgrading the firmware still does not work.

If I use fwupd to reinstall the firmware I'm already on, the whole process works as expected; on restart fwupd-efi runs, the Surface logo appears and a blue progress bar appears underneath it that slowly fills over about 30 seconds or so as it installs the firmware. However, when I attempt to downgrade to any firmware below the one that I'm already on, fwupd-efi runs and the Surface logo and blue progress bar appear but the progress bar just fills instantly, the firmware does not install.

Thinking, as suggested, that perhaps the most recent firmwares blocked downgrading to older firmwares that have undervolting enabled I tried installing the previous release from the one I have installed (which also has undervolting disabled) but that also refused to install.

You can see and download previous firmware releases for the SP5 on this page: https://www.microsoft.com/en-us/download/details.aspx?id=55484 Expand the "Details" section and scroll down to "Archive Section". 19041 is the firmware version I have installed, neither of the two releases before that will install (18362 and 17763), 17763 is the last firmware release that has undervolting enabled.

So the only conclusion I can draw from all this is that Microsoft disabled firmware downgrading in version 19041 and all the people who report successfully downgrading to 17763 in order to undervolt were on 18362.