Intel Seamless Update to enable BIOS/UEFI firmware updates without a reboot

Updating the BIOS/UEFI binary usually requires a reboot, but Intel is working on changing that, at least on Linux servers for now, with the Intel Seamless Update aiming to carry out system firmware updates (e.g. UEFI) at run-time without having to reboot, a bit like what Canonical does with the Ubuntu Livepatch service, but at a lower level in the software stack.

Intel submitted a patch that “Introduces Platform Firmware Runtime Update and Telemetry drivers” to the Linux kernel mailing list a couple of days ago with the description reading in part:

High Service Level Agreements (SLAs) requires that the system runs without service interruptions. Generally, system firmware provides runtime services such as RAS (Reliability, Availability and Serviceability) features, UEFI runtime services and ACPI services. Currently if there is any firmware code changes in these code area, the system firmware update and reboot is required. Example of bug fix could be wrong register size or location of the register. This means customer services are not available during the firmware upgrade, which could approach several minutes, resulting in not able to meet SLAs.

Intel provides a mechanism named Management Mode Runtime Update to help the users update the firmware without having to reboot.

More details can be found in an accompanying document entitled “Intel Management Mode Firmware Runtime Update – OS Interface” that explains how Intel Seamless Update work.

Intel Seamless Update - MM Runtime Update System

The new code submitted to the Linux kernel provides the following functionalities:

  1. Perform a runtime firmware driver update and activate.
  2. Ability to inject firmware code at runtime, for dynamic instrumentation.
  3. Facility to retrieve logs from runtime firmware update and activate telemetry.

As mentioned in the commit message, Intel Seamless Update mainly targets Linux servers that require close to 100% uptime due to legal requirements, so it may not necessarily be enabled by default in Linux Desktop distributions anytime soon, but at least if you have an Intel-based gateway or another system that needs to run with minimal interruption there should soon be an option to avoid downtime even during critical firmware (BIOS/UEFI) updates.

Via Liliputing and Phoronix

 

Share this:

Support CNX Software! Donate via PayPal or cryptocurrencies, become a Patron on Patreon, or buy review samples

Subscribe
Notify of
guest
The comment form collects your name, email and content to allow us keep track of the comments placed on the website. Please read and accept our website Terms and Privacy Policy to post a comment.
4 Comments
oldest
newest
Marcin Dąbrowski (@marcin_dabrowski)
2 months ago

And of course, this is another way that is unable to update IME Minix, so it is quite pointless.

Sander
Sander
2 months ago

Cool feature. I’m wondering: Does this make BIOS upgrade less or more risky?

and.elf
and.elf
2 months ago

Runtime code injection is always risky.. of something happens to the raid, you’d be sh*t or of luck no matter if it’s hot och cold update 🙂
I’m pretty sure this reboot downtime could mitigated with another machine… Like, you’re probably using kubernetes anyway, so the load would just be higher on the other machine while it’s rebooting.

domih
domih
2 months ago

Thankfully this will be as secure as the rest of the INTEL security and remote stack.

*&^%$#@?!

Attackers are rejoicing all over the world.

Advertisement