cancel
Showing results for 
Search instead for 
Did you mean: 
michont
Level 1
15 7 0 1
Message 1 of 6
7,332
Flag Post

Solved!

How to update BIOS with drive encryption active

HP Recommended
Elitebook 850 G3
Microsoft Windows 7 (64-bit)

I have an Elitebook 850 G3 with drive encryption active.  I am not really familiar with the set up of this but am guessing that it must be suspended to update the BIOS.  Since I get a message about suspending Bitlocker DE before updating the BIOS (which we're not using), I'm guessing that I must suspend HP drive encryption for the BIOS upgrade to work also.  I have looked in HP Client Security for a suspend option but don't see anything and don't want to play around too much with it in fear of running into issues.  So, does encryption have to be suspended to do this and if so, where is this done?  Thanks,  Todd

1 ACCEPTED SOLUTION

Accepted Solutions
IT_WinSec
Level 15
Level 15
10,021 9,918 802 3,895
Message 2 of 6
Flag Post
HP Recommended

Hello Tood/ @michont

 

Thank you for posting in the HP Support forum. Welcome !

 

Trust me, you definitely don't want to or need to update your BIOS. Personally, I do not recommend you do it unless you experience some issues with your existing BIOS and you are sure that the new BIOS will fix it.

 

General recommendation I provide to users/customers is NOT to upgrade BIOS/UEFI unless they experience any kind of specific BIOS/UEFI issue. Updating just for updaing and just for using the latest verson is not solution. Any kind of update (no matter for what and who relesed it) can fix 2 issues but may introduce 10 more issues. Additionally, upgrading the BIOS (for any vendor) poses more risks because BIOS recovery is not that easy as compared to typical software updates IF something goes wrong.

 

Same applies for Windows Updates, OS update, drivers updates, etc - upgrade/update IF you have issues which you know are fixed in the newer version or for some severe security issues. Otherwise, keep the existing version as long as possible.

 

Additional opinion >> https://www.howtogeek.com/136881/htg-explains-do-you-need-to-update-your-computers-bios/

 

 

BitLocker has an option for suspend, but HP Drive Encryption software does not have such an option. It's either on or off (encrypted or decrypted disk).

 

 

Cheers!

>> Your FEEDBACK is important. Click below on Accept As Solution or ThumbUp+ buttons if my comments helped or to say thanks <<
*** I work for HP *** I express personal opinion only *** HP Expert - Volunteer since 2013

View solution in original post

0 Kudos
5 REPLIES 5
IT_WinSec
Level 15
Level 15
10,021 9,918 802 3,895
Message 2 of 6
Flag Post
HP Recommended

Hello Tood/ @michont

 

Thank you for posting in the HP Support forum. Welcome !

 

Trust me, you definitely don't want to or need to update your BIOS. Personally, I do not recommend you do it unless you experience some issues with your existing BIOS and you are sure that the new BIOS will fix it.

 

General recommendation I provide to users/customers is NOT to upgrade BIOS/UEFI unless they experience any kind of specific BIOS/UEFI issue. Updating just for updaing and just for using the latest verson is not solution. Any kind of update (no matter for what and who relesed it) can fix 2 issues but may introduce 10 more issues. Additionally, upgrading the BIOS (for any vendor) poses more risks because BIOS recovery is not that easy as compared to typical software updates IF something goes wrong.

 

Same applies for Windows Updates, OS update, drivers updates, etc - upgrade/update IF you have issues which you know are fixed in the newer version or for some severe security issues. Otherwise, keep the existing version as long as possible.

 

Additional opinion >> https://www.howtogeek.com/136881/htg-explains-do-you-need-to-update-your-computers-bios/

 

 

BitLocker has an option for suspend, but HP Drive Encryption software does not have such an option. It's either on or off (encrypted or decrypted disk).

 

 

Cheers!

>> Your FEEDBACK is important. Click below on Accept As Solution or ThumbUp+ buttons if my comments helped or to say thanks <<
*** I work for HP *** I express personal opinion only *** HP Expert - Volunteer since 2013

View solution in original post

0 Kudos
michont
Author
Level 1
15 7 0 1
Message 3 of 6
Flag Post
HP Recommended

OK, thanks, good to know.  Sounds like a real pain to deactivate encryption and get it going again so I will leave alone.

Gremio
New member
1 1 0 2
Message 4 of 6
Flag Post
HP Recommended

I disagree with the accepted solution here. I am concerned with Bitlocker in particular and updating BIOS -- I have personally experienced laptops losing TPM keys during BIOS upgrades. That said, now more than ever, it is important you update your BIOS to get the latest Intel microcode for Spectre/Meltdown issues that have been coming out (there's a new one as recent as June). If you're that determined to not keep your system updated, you should read through *all* the release notes between your version and the latest, which may itself be a pain if not impossible if they're not done well. Storage controller firmware upgrades for instance tend to fix issues with data corruption and loss. BIOS updates can fix different crash/reboot scenarios and I'm sure other things -- again, you'd just have to read the release notes.

 

There have been releases that caused issues, and that's typically why people delay applying them, but in my opninion you should not wait indefinitely.

 

-Gremio

rdb2
New member
1 1 0 1
Message 5 of 6
Flag Post
HP Recommended

I too would strongly dissagree with the solution posted, this kind of thinking is how the NHS ended up with cryptolocker. Too many in the IT industry are afraid of change and are too conservative in their approach.

 

We have a mixed network of around 500 bitlocker secured HP laptops and desktop all of which I keep as up to date as possible after thourough testing in the lab. I have never lost a machine to a bad windows update or BIOS update. you are more likely to have a bad experience of Windows updates if you are not up to date and suddenly have to deploy many updates at once.

IT_WinSec
Level 15
Level 15
10,021 9,918 802 3,895
Message 6 of 6
Flag Post
HP Recommended

@rdb2 wrote:

I too would strongly dissagree with the solution posted, this kind of thinking is how the NHS ended up with cryptolocker. Too many in the IT industry are afraid of change and are too conservative in their approach.


Hi @rdb2

 

I appreciate your feedback.

 

The solution posted above is primary for the BIOS updates. You cannot end up with a cryptolocker type of malware or similar only because your BIOS was outdated. However, the chance of having a bad experience is somewhat higher.

 

The Spectre/Meltdown is considered a security issue but is not something I'd rush to apply on Day1 after it has been announced because so far these attacks are not in the wild (at least what is public) and due to potential performance issues. However, I mentioned "severe security issues" above as a kind of "exception". There are way too many other ways to defend yourself and your network against threats, BIOS updates is something I'd consider last to update in these scenarios.

 

Software updates/Windows updates does not pose the same risk as a BIOS update, not that all of them are considered high risk to apply.

 

If you manage BIOS updates (and other updated) for 500 machines (or even more) and you never had a single issue, you must be a lucky guy and I suggest you get a lottery ticket.

 

My favourite article about the BIOS updates remains this one >> https://www.howtogeek.com/136881/htg-explains-do-you-need-to-update-your-computers-bios/

 

 

Cheers!

>> Your FEEDBACK is important. Click below on Accept As Solution or ThumbUp+ buttons if my comments helped or to say thanks <<
*** I work for HP *** I express personal opinion only *** HP Expert - Volunteer since 2013
0 Kudos
Warning Be alert for scammers posting fake support phone numbers and/or email addresses on the community. If you think you have received a fake HP Support message, please report it to us by clicking on "Flag Post".
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation