Firmware

Update Firmware via EFI Shell

Updating your firmware using the EFI Shell is straightforward and safe when done carefully. Follow this step-by-step guide to prepare your USB drive, enter the EFI Shell, and complete the update. ⚠️ Note: You’ll need a USB Flash Drive with at least 8 MB of free space to perform this update. Make sure your laptop is plugged into its charger before starting. 1) Download the Firmware Download the firmware file for your specific model from here. Firmware files are stored in folders named according to the model. For example, for the StarBook Mk IV, the files are in StarBook/MkVI-Intel/, ITE updates in /ite, and the file you need is efi-B6-I.zip. Download 2) Extract the Firmware Files After downloading the file, right-click it and select Extract Here. Extract Open the extracted folder, select all files and folders using the mouse or by pressing Ctrl and A. Right-click and select Copy. 3) Prepare the USB Flash Drive Your USB drive must be formatted in FAT32 format. Open your distribution's disk manager. You can typically find it by searching for disks. The process is similar across most distributions. In Ubuntu, select your USB drive and click the - sign to remove the current partition. This action will delete all data on the drive. After removing the original partition, the - sign will disappear and a + sign will appear. Click the + and set the Type to FAT. You can choose any name for the Volume Name. Once complete, locate your USB drive. Open it, right-click, and select Paste. The contents should resemble the image below. Files 4) Boot into the EFI Shell 1. Keep the USB drive connected. 2. Connect your laptop charger. 3. Shut down your laptop completely. 4. Power it back on and enter the EFI Shell: - For AMI firmware: Press F2 (or Fn + F2 if Function Lock is enabled) repeatedly until you see a blue boot menu. Use the arrow keys to select EFI Shell and press Enter. - For coreboot firmware: Press the key shown on-screen to open Boot Manager, then select EFI Shell. 5) Run the Update Once you’re in the EFI Shell, the update will start automatically. The process usually takes 10 seconds to 5 minutes. ⚠️ Do not turn off or restart your laptop during this process. Interrupting the update could make your device inoperable and require physical repair. When the update finishes, your laptop will either reboot automatically or shut down - this is normal. 💡 Tip: Some BIOS updates may require multiple reboots. If prompted, repeat the steps above to boot into the EFI Shell again.

Updating your firmware

Keeping your firmware up to date helps your system stay secure, stable, and compatible with new hardware and software. This guide shows how to update firmware safely using LVFS (Linux Vendor Firmware Service). Important notes - Please use LVFS for firmware updates. - If you are using Qubes OS, follow their documentation. - For current firmware releases, Secure Boot and BIOS Lock can stay enabled during the update. - The legacy 26.02 requirement only applies to StarBook and StarLite systems. StarFighter and StarBook Horizon can use the normal LVFS update flow. Check your current version Open a terminal (for example, Ctrl + Alt + T), then run: cat /sys/class/dmi/id/bios_version If you are using a StarFighter or StarBook Horizon, follow Update your firmware. If you are using a StarBook or StarLite and your BIOS version is 26.02 or newer, follow Update your firmware. If you are using a StarBook or StarLite and your BIOS version is older than 26.02, follow Older than 26.02. Update your firmware If your system uses the normal LVFS update flow, firmware updates should appear in your usual update tool. elementary OS From version 6 onward, firmware updates appear in System Settings → System → Firmware. elementarySystem You can view the current firmware information and install updates by clicking on each component. elementaryDetails GNOME Software Firmware updates appear alongside your normal software updates in the GNOME Software app. KDE Discover Firmware updates appear in Discover, just like normal app updates. KDEDiscover GNOME Firmware If your distro does not integrate firmware updates into a software centre, you can use the standalone GNOME Firmware app. You can check for updates via the menu → Check for Updates. Terminal You can also check for and install updates manually: fwupdmgr refresh fwupdmgr get-updates fwupdmgr update If fwupdmgr asks you to reboot, reboot when prompted. Updating the EC The EC update is applied automatically from the G3 state after the firmware update completes. To enter G3: - Shut down the computer (not a reboot) - Disconnect the charger - Wait 12 seconds until the LEDs flicker - Reconnect the charger Older than 26.02 This only applies to StarBook and StarLite systems with a BIOS version older than 26.02. - Disable Secure Boot and BIOS Lock before starting. - Ensure the charger is connected and the battery is charged to at least 30%. - Copy this command: sudo apt install flashrom -y && bash <(curl -s https://raw.githubusercontent.com/StarLabsLtd/firmware/refs/heads/main/updater.sh) - Open a terminal window, either from the launcher or by pressing Ctrl + Alt + T - Paste in the command, either by right-clicking or pressing Ctrl + Shift + V Once you are on 26.02 or newer, future updates should appear in your normal update tool or through fwupdmgr.

AMI Aptio V vs coreboot

What's the difference? AMI (American Megatrends Inc.) Aptio V and coreboot are both firmware. These exist to provide an interface between your Operating System and hardware so the OS know's what devices there are and how to control them. There are two main parts of that firmware, the bootloader and the payload. The bootloader initialises the hardware, and the payload provides a UEFI platform. UEFI was a direct replacement for BIOS, and whilst UEFI has been standard for over a decade, it's commonly referred to as BIOS. Both coreboot and AMI use edk II as a payload; AMIs version is about 10 years old and highly modified. coreboot uses a standard but bleeding-edge version. Since day one, we've used AMI Aptio V firmware for our laptops, and now, we're making a second option available - coreboot. We're making both available because there isn't a definite answer to which one is "better". Which one is better for you depends on your priorities and how you use your laptop. AMI is an industry-standard firmware, alongside Insyde and Pheonix. It offers many features, including a graphical interface that allows various settings to be changed. coreboot, on the other hand, is an open-source project that has only been made available for a finite number of devices (the majority of these being Chromebooks). The version of edk II it uses has no dedicated interface apart from a simple boot menu. Configurable options can be changed using our coreboot configurator program, which is available for Linux. You can find all the details of this here. So which is better? AMI is more capable, but one of the significant coreboot appeals is that it's open-source, so all of the source code is public - you can find it here. It means you can see everything inside it; if you know how you can change anything you like. It suits Linux, as it uses the same licensing (GPLv2) as the Linux kernel. Due to how lightweight coreboot is, it will offer better performance and lower power consumption. For example, the LabTop Mk IV combined with coreboot will deliver approximately 8% more performance and around 20% longer battery life (with a record of 13 hours and 42 minutes for general use). Is coreboot more secure? The jury is out on this one; it depends on who you speak to and how it's configured. From now on, we'll be talking about the version of coreboot that we build, as, for example, Google's configuration is very different. The main difference in security is the way that they update, as this is the primary method used in an attempt to compromise firmware. Both receive updates via the LVFS but differ in the plugin they use. AMI uses EFI capsules, you can send any EFI capsule to the firmware as an update, but before it is installed, the firmware will check the signature to ensure that the vendor writes it. If it's not, it will be rejected. This is widely considered one of the most reliable and secure ways of delivering updates. coreboot uses flashrom, which runs from the userspace (outside the kernel) and writes directly to the SPI (a small chip where the firmware is stored). Instead of verifying the update, it will allow anything using user id 0 (aka "sudo", "root" or "admin") to write to it. Whilst this may sound less secure, and arguably it is, if user id 0 is compromised, then the vast majority of security measures are null and void. One advantage of seeing the source code is that as the contents are public - there's no chance of anything being there that shouldn't, such as spyware or keyloggers. Whilst our development team have full access to the AMI source code, we aren't allowed to share this due to the licensing - so you have to take our word for it that there is nothing terrible inside! Advantages of AMI: * Graphical interface that allows all settings to be changed * Uses EFI capsules to update Advantages of coreboot: * Incredibly lightweight, which results in better performance and battery life * Open-source * coreboot-configurator allows all settings to be changed What do Star Labs recommend? If security isn't your number one concern, we recommend coreboot as the laptop will perform better. If security is imperative, as there is no definite answer, then you are the only person who can decide which is best for you.

Switching Branch (Installing coreboot)

Available on: - Star Labtop Mk III - Star Labtop Mk IV - StarBook Mk V - StarLite Mk IV - StarLite Mk III (Beta) Requirements: - fwupd version 1.5.6 or later - The battery must be charged to at least 30% - The charger must be connected (either USB-C or DC Jack) - BIOS Lock must be disabled - Supported Linux distribution (Ubuntu 20.04 +, Linux Mint 20.1 + elementaryOS 6 +, Manjaro 21+) Notes: On the StarLite Mk II and Mk III, to switch back to AMI, this must be done with a hardware programmer. Setup Follow the steps in this guide for how to install the pre-requisites. If you are not using one of the distributions listed above, it is possible to install coreboot using a Live USB. Disable BIOS Lock BIOS Lock must be disabled when switching from the standard AMI (American Megatrends Inc.) firmware to Coreboot. BIOS Lock is only available in later versions of the firmware, so if you don't see it, please update the AMI firmware first. To disable BIOS Lock: 1. Start with your LabTop turned off. Turn it on whilst holding the F2 key to access the BIOS settings. 2. When the BIOS settings load, use the arrow keys to navigate to the advanced tab. Here you will see BIOS Lock. 3. Press Enter to change this setting from Enabled to Disabled Disable BIOS Lock 4. Next, press the F10 key to Save & Exit and then Enter to confirm. Switching Branch Switching branch refers to changing from AMI firmware to Coreboot, or vice versa. First, check for new firmware files with the below terminal command: fwupdmgr refresh --force Then, to change branch, enter the below terminal command: fwupdmgr switch-branch You can then select which branch you would like to use, by typing in the corresponding number: Switch Branch You will be prompted to confirm, press y to continue or n to cancel. If you see a message Message recipient disconnected from message bus without replying, you'll need to add the iomem=relaxed kernel parameter. The two below commands will do this for you: sudo sed -i 's/quiet/quiet iomem=relaxed/g' /etc/default/grub sudo update-grub Once the switch has been completed, you will be prompted to restart. Installed Coreboot The next reboot can take up to 10 minutes, do not disconnect the charger. This reboot can occasionally stall, so if it's been longer than 5 minutes and the screen is blank, press and hold Ctrl + Alt + Delete and Power for 30 seconds. Once the reboot is complete, that's it - you'll continue to receive updates for whichever branch you are using. You can switch branch at any time.