On the latest version of Qubes, what is the process and any CLI command inputs needed to
- formate & download onto a USB drive (not while on Qubes btw, using a different computer)
- check the hash of the download (if supported)
- mount/dock, run/execute, installation of a BIOS/UEFI firmware update on my bare metal Qubes machine
I have a Star Labs StarBook that was sadly shipped to me a couple weeks ago with an extremely outdated BIOS/UEFI version
(older than the time Star Labs has been in business ironically).
One laptop has Coreboot.
The other has AMI (American MegaTrends).
Both require firmware BIOS/UEFI updates as both the AMI and the Coreboot are out of date (not the latest version)
My issue is,
I have NOT yet built out my LAN and gotten a new ISP connection to get back online, so other than my cellphone I lack internet access for the 2 laptops currently at this moment. I could however make a way to get access to a public computer or something akin so to load the BIOS/UEFI update(s) onto a USB stick and then insert that into my still currently offline StarBook so to finish hardening it before taking it online and only after I harden my LAN too (I am trying to harden it as much as I can before connecting to the internet).
Also, I know Coreboot provides Hash integrity checks but does AMI (American MegaTrends) have a Hash check or no?
UPDATE:
So despite me worrying over placing anything not up to par online, it sounds like it is still within context of QubesOS more risky to perform a firmware update through sneakernet than it is by just having sys-net handle the internet update install method to update American MegaTrends UEFI (AMI).
I found that AMI has its own verify tool:
source:
However, I am unsure if such a tool runs on QubesOS? Does anyone know if AMI has a tool for Qubes distro?
According to the instructions from that URL source I may have a hurtle to get over in that the BIOS doesn’t seem to list the serial number needed to perform the AMI update.
Merely says “Default String”
Is there any way around this?