Hi i have a Beelink EQR5 Mini PC, Ryzen 5 5650U. Ii recently installed Ubuntu and it highlighted security issues in the bios including using a PK Test key. I’ve tried resetting it, but it appears the device was shipped with this non secure key. How do I update the bios and correct this? Bios version: FP656V507 Bios serial: B56504AG11187 Thanks

Jpringle4444 Your BIOS is already up to date and doesn’t need to be updated. May I ask what exactly does a security vulnerability refer to?

support13 The referred issue seems to be PKfail , as the UEFI BIOS includes AMI Test Key as SecureBoot Platform Key, which are insecure because their private key was leaked. This renders SecureBoot virtually useless and needs to be fixed. So I want to ask BeeLink to provide an updated UEFI with secure Platform Key and KEK.

Hello support13 , We need an updated UEFI BIOS for the exact same issue. We can’t deploy these EQR Mini PC as kiosks using Intune because the PKfail. servger and Jpringle4444 are correct in that the secure keys were either leaked or just test keys which our deployment processes do not recognize as valid anymore. We essentially have 90+ bricks until we update the BIOS on all off them. The last update I can find for the model we have is from 12/13/2024. https://dr.bee-link.cn/?dir=uploads%2FEQR%2FBios%2FEQR5 The model we have is EQR5_D4-L-32500SD0W64PRO-HD/XA CPU AMD Ryzen 7 5825U Processor One of the devices SN: B58255FG80020 This was reported almost 2 weeks ago, Has any progress been made for anyone on this issue?

Good Morning, @support1 , @support4 , @support6 , @support7 , @support9 , @support10 , @support11 , @support13 , @support16 Is there anyone that can support us with this?

EQR5 Bios

support13

FreckleEye
Sorry for the late reply. Our R&D personnel need to verify it. If it is a BIOS issue, the BIOS can be updated to solve it. Any updates will be notified to you

FreckleEye

Thank you for the update!

Are we able to get a timeline for R&D? Depending on turn around, our management may decide to return devices and go with a different model or vendor. Main reason for my push to get it resolved ASAP.

support13

FreckleEye
We are truly sorry. We have inquired with the R&D personnel and it is still under testing. We cannot determine the specific time of the test results either. Sorry again. We will inform you in time if there are any updates.

servger

FreckleEye @support13
Even though my knowledge about Secure Boot is limited, I think what Beelink needs to do is deploying their own Secure Boot keys. This steps can also be done by customers with the difference that the files are not integrated in a UEFI update image but installed via the UEFI settings.

The involved private keys must be stored in a way that ensures that they may never be leaked.
If Beelink ship their own keys, they then also are responsible for updating the DB and DBX files whenever it is necessary. These updates don’t have to be in form of UEFI updates and can be distributed as signed files.

Some useful documentation:

support13

servger
Thank you very much for your suggestions and the documents you provided.

We will give feedback on the suggestions you put forward to the relevant personnel.

FreckleEye

servger @support13,

We tried to do something similar to what you suggested, but with no luck.

support13

FreckleEye
I’m really sorry that this problem has bothered you for so long. The R&D personnel haven’t detected it yet. Thank you again for your patience in waiting.

support1

Hi there,

Update:

Now we have newer BIOS , version FP656V508 ，it can solve the Platform KEY issue, here is the BIOS https://url.bee-link.cn/meRy, here is the tutorial https://url.bee-link.cn/VfJN . Any questions, please do let us know.

FreckleEye

@support1,

Thank you for the update. I’m following the tutorial provided, but when I get to flash.nsh enter. I receive the following error:

1d - Error: Failed to load image into memory.

support13

FreckleEye
May I ask if the USB flash drive has been formatted and if the BIOS file is placed in the root directory?

Rahim

support13 The same error is present, even with a different USB drive.

support11

Hello there,

We will ask for thr technical personnel about that.

After getting any reply, we will contact you. Or you could contact our emai：support-pc@bee-link.com

support1

Hi there,

please change the command AfuEfix64.efi FP656V508.bin /p /b /n /k /x /l /r /capsule to AfuEfix64.efi FP656V508.bin /p /b /n /k /x /l /r

Image description