BIOS Updates & Configuration using BigFix

Well, that sucks. That is much more complicated. Does Win8 have the reboot thing? I hope so.

You might be able to use the RunOnce key to Resume BitLocker on Windows 7 so that it can happen after the reboot has completed without requiring another action.

• Configure a RunOnce task on Windows

I haven’t fully tested this yet:

// Handle BitLocker Resume after reboot for Win7 and Win2008R2
if {version of operating system < "6.2.0.0"}
regset64 "[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]" "ResumeBitLocker"="manage-bde -protectors -enable C:"
endif

Here is a work in progress, untested mustache template for BigFix BIOS Update Tasks:

• Can be used with any language, but I plan to use it with generate_bes_from_template
• Need example BIOS Update Tasks for vendors other than Dell. As well as example results for:
  • values "product_name" of structures "system_information" of smbios
  • values "vendor" of structures "bios_information" of smbios
  • values "bios_version" of structures "bios_information" of smbios
• Does not handle BIOS Passwords (yet)
• Does not handle BitLocker for WinVista or Win2008 (manage-bde.wsf)
  • should be usable as long as BitLocker is not enabled for these OSes.
  • I don’t personally plan to address this use case.
• Does NOW handle Resuming BitLocker for Win7 or Win2008R2

I’m not currently handling encrypting the BIOS password, but I released 300+ BIOS update tasks here: https://github.com/jgstew/bigfix-content/tree/master/fixlet/BIOS/Dell

These have NOT been tested except for on the 1 model I happen to have, and even then, not all cases. Please test them out carefully and provide me feedback on if they work, if they don’t, and any suggestions for improvement.

You can follow along my process of doing this here: https://github.com/jgstew/bigfix-content/issues/7

I used this python script:

• https://github.com/jgstew/generate_bes_from_template/blob/master/examples/BIOS_from_dell_catalog.py
  • not my prettiest work, and could use some future refinement, but it works. There are a few edge cases I need to resolve that prevents me from generating the tasks for about 18 models.

I used this template:

• https://github.com/jgstew/generate_bes_from_template/blob/master/examples/TEMPLATE_BIOS_Update.bes

These also make use of:

• https://github.com/jgstew/bigfix_prefetch
• https://github.com/jgstew/generate_bes_from_template

Related:

• ENDED: July 9 - Get More Done with BigFix – Your BigFix BIOS Update Questions Answered in Real Time

Someone has already found edge case issues with the way the models are in the Catalog vs Reported by SMBIOS, which I’m tracking in a new issue here: https://github.com/jgstew/bigfix-content/issues/25

Would be helpful to have the unique set of results from:

(it as string as trimmed string) of values "product_name" of structures "system_information" of smbios

from as many Dell / HP / Lenovo models as possible to find and resolve some of these edge cases.

seems like there is a tool for linux for installing firmware from multiple vendors that could be automated with bigfix, as well as a possible source for generating fixlets from:

• https://www.addictivetips.com/ubuntu-linux-tips/update-computer-firmware-in-linux/
• https://fwupd.org/lvfs/devices/

were you ever able to detect out of date dell docks with relevance?