Will disk protected with passphrase and encryption cause an issue if I attempt to update BIOS?

I have a Dell T5810 with Intel Xeon E5-1650 v3 processor (6 core, 12 thread) and Nvidia 1060 6 GB GPU. I am interested in upgrading the CPU to the Xeon E5-2687W v4 (12 core, 24 thred) to look at improving performance in games. The processor is only about $40. I suspect that upgrading the gpu will also be needed, but I would like to see how the performance does after each step. Anyway, in reading about this, it was recommended to updated the bios before the cpu is changed. I found instructions for this on linux Dell systems: Update the Dell BIOS in a Linux or Ubuntu environment | Dell US . In other reading, I noted that there were comments about the need to turn off Bitlocker (I gather this is disk encryption in Windows systems) before updating or there might be problems in booting after BIOS updating (disk not identified, etc). Since I have two drives (one bootable for the Garuda OS, the other only data–no dual booting) that are both passphrase protected and encrypted, I wondered if there would be issues with doing a BIOS update in Garuda OS/linux. Does anyone have experience with BIOS updating with protected encrypted drives in Garuda OS? Thanks in advance.

System:
Kernel: 6.9.8-zen1-1-zen arch: x86_64 bits: 64 compiler: gcc v: 14.1.1
clocksource: tsc avail: hpet,acpi_pm
parameters: BOOT_IMAGE=/@/boot/vmlinuz-linux-zen
root=UUID=73b3631e-3dec-4209-9c71-4928bd70fb46 rw rootflags=subvol=@
quiet rd.luks.uuid=a8e40cc9-41be-4434-8bf9-423936703f72
rd.luks.uuid=f79a930f-07d4-4043-878d-b926518407cc
resume=/dev/mapper/luks-f79a930f-07d4-4043-878d-b926518407cc loglevel=3
ibt=off
Desktop: KDE Plasma v: 6.1.2 tk: Qt v: N/A info: frameworks v: 6.3.0
wm: kwin_wayland vt: 1 dm: SDDM Distro: Garuda base: Arch Linux
Machine:
Type: Desktop System: Dell product: Precision Tower 5810 v: 01
serial: <superuser required> Chassis: type: 7 serial: <superuser required>
Mobo: Dell model: 0K240Y v: A01 serial: <superuser required>
part-nu: Precision Tower 5810 uuid: <superuser required> UEFI-[Legacy]: Dell
v: A02 date: 09/05/2014
CPU:
Info: model: Intel Xeon E5-1650 v3 bits: 64 type: MT MCP arch: Haswell
level: v3 note: check built: 2013-15 process: Intel 22nm family: 6
model-id: 0x3F (63) stepping: 2 microcode: 0x49
Topology: cpus: 1x cores: 6 tpc: 2 threads: 12 smt: enabled cache:
L1: 384 KiB desc: d-6x32 KiB; i-6x32 KiB L2: 1.5 MiB desc: 6x256 KiB
L3: 15 MiB desc: 1x15 MiB
Speed (MHz): avg: 3441 high: 3800 min/max: 1200/3800 scaling:
driver: intel_cpufreq governor: performance cores: 1: 3800 2: 3800 3: 3800
4: 3800 5: 3800 6: 1950 7: 3800 8: 3800 9: 3800 10: 1348 11: 3800 12: 3800
bogomips: 83804
Flags: avx avx2 ht lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx
Vulnerabilities: <filter>
Graphics:
Device-1: NVIDIA GP106 [GeForce GTX 1060 6GB] vendor: eVga.com.
driver: nvidia v: 555.58.02 alternate: nouveau,nvidia_drm non-free: 545.xx+
status: current (as of 2024-06; EOL~2026-12-xx) arch: Pascal code: GP10x
process: TSMC 16nm built: 2016-2021 pcie: gen: 3 speed: 8 GT/s lanes: 16
ports: active: none off: HDMI-A-1 empty: DP-1, DP-2, DP-3, DVI-D-1
bus-ID: 02:00.0 chip-ID: 10de:1c03 class-ID: 0300
Display: wayland server: X.org v: 1.21.1.13 with: Xwayland v: 24.1.0
compositor: kwin_wayland driver: X: loaded: nvidia unloaded: modesetting
alternate: fbdev,nouveau,nv,vesa gpu: nvidia display-ID: 0
Monitor-1: HDMI-A-1 res: 3440x1440 size: N/A modes: N/A
API: EGL v: 1.5 hw: drv: nvidia platforms: device: 0 drv: nvidia device: 2
drv: swrast gbm: drv: nvidia surfaceless: drv: nvidia wayland: drv: nvidia
x11: drv: zink inactive: device-1
API: OpenGL v: 4.6.0 compat-v: 4.5 vendor: nvidia mesa v: 555.58.02
glx-v: 1.4 direct-render: yes renderer: NVIDIA GeForce GTX 1060
6GB/PCIe/SSE2 memory: 5.86 GiB display-ID: :1.0
API: Vulkan v: 1.3.279 layers: 11 device: 0 type: discrete-gpu name: NVIDIA
GeForce GTX 1060 6GB driver: nvidia v: 555.58.02 device-ID: 10de:1c03
surfaces: xcb,xlib,wayland
Audio:
Device-1: Intel C610/X99 series HD Audio vendor: Dell driver: snd_hda_intel
v: kernel bus-ID: 00:1b.0 chip-ID: 8086:8d20 class-ID: 0403
Device-2: Creative Labs CA0132 Sound Core3D [Sound Blaster Recon3D /
Z-Series BlasterX AE-5 Plus] driver: snd_hda_intel v: kernel pcie: gen: 1
speed: 2.5 GT/s lanes: 1 bus-ID: 01:00.0 chip-ID: 1102:0012 class-ID: 0403
Device-3: NVIDIA GP106 High Definition Audio vendor: eVga.com.
driver: snd_hda_intel v: kernel pcie: gen: 3 speed: 8 GT/s lanes: 16
bus-ID: 02:00.1 chip-ID: 10de:10f1 class-ID: 0403
API: ALSA v: k6.9.8-zen1-1-zen status: kernel-api with: aoss
type: oss-emulator tools: N/A
Server-1: PipeWire v: 1.2.0 status: active with: 1: pipewire-pulse
status: active 2: wireplumber status: active 3: pipewire-alsa type: plugin
4: pw-jack type: plugin tools: pactl,pw-cat,pw-cli,wpctl
Network:
Device-1: Intel Ethernet I217-LM vendor: Dell driver: e1000e v: kernel
port: f020 bus-ID: 00:19.0 chip-ID: 8086:153a class-ID: 0200
IF: enp0s25 state: up speed: 1000 Mbps duplex: full mac: <filter>
Device-2: Intel Wi-Fi 6 AX200 driver: iwlwifi v: kernel pcie: gen: 2
speed: 5 GT/s lanes: 1 bus-ID: 07:00.0 chip-ID: 8086:2723 class-ID: 0280
IF: wlp7s0 state: up mac: <filter>
Info: services: NetworkManager, smbd, systemd-timesyncd, wpa_supplicant
Bluetooth:
Device-1: Intel AX200 Bluetooth driver: btusb v: 0.8 type: USB rev: 2.0
speed: 12 Mb/s lanes: 1 mode: 1.1 bus-ID: 3-9:4 chip-ID: 8087:0029
class-ID: e001
Report: btmgmt ID: hci0 rfk-id: 0 state: up address: <filter> bt-v: 5.2
lmp-v: 11 status: discoverable: no pairing: no class-ID: 6c0104
RAID:
Hardware-1: Intel SATA Controller [RAID Mode] driver: ahci v: 3.0 port: f000
bus-ID: 00:1f.2 chip-ID: 8086:2826 rev: N/A class-ID: 0104
Drives:
Local Storage: total: 1.03 TiB used: 951.57 GiB (90.6%)
SMART Message: Unable to run smartctl. Root privileges required.
ID-1: /dev/sda maj-min: 8:0 vendor: Toshiba model: THNSNJ128GCSU
size: 119.24 GiB block-size: physical: 512 B logical: 512 B speed: 6.0 Gb/s
tech: SSD serial: <filter> fw-rev: 0101 scheme: MBR
ID-2: /dev/sdb maj-min: 8:16 vendor: Hitachi model: HDS721010KLA330
size: 931.51 GiB block-size: physical: 512 B logical: 512 B speed: 3.0 Gb/s
tech: N/A serial: <filter> fw-rev: A9CA scheme: GPT
Partition:
ID-1: / raw-size: 84.84 GiB size: 84.84 GiB (100.00%) used: 27.8 GiB (32.8%)
fs: btrfs dev: /dev/dm-0 maj-min: 254:0
mapped: luks-a8e40cc9-41be-4434-8bf9-423936703f72
ID-2: /home raw-size: 84.84 GiB size: 84.84 GiB (100.00%)
used: 27.8 GiB (32.8%) fs: btrfs dev: /dev/dm-0 maj-min: 254:0
mapped: luks-a8e40cc9-41be-4434-8bf9-423936703f72
ID-3: /var/log raw-size: 84.84 GiB size: 84.84 GiB (100.00%)
used: 27.8 GiB (32.8%) fs: btrfs dev: /dev/dm-0 maj-min: 254:0
mapped: luks-a8e40cc9-41be-4434-8bf9-423936703f72
ID-4: /var/tmp raw-size: 84.84 GiB size: 84.84 GiB (100.00%)
used: 27.8 GiB (32.8%) fs: btrfs dev: /dev/dm-0 maj-min: 254:0
mapped: luks-a8e40cc9-41be-4434-8bf9-423936703f72
Swap:
Kernel: swappiness: 133 (default 60) cache-pressure: 100 (default) zswap: no
ID-1: swap-1 type: partition size: 34.4 GiB used: 0 KiB (0.0%)
priority: -2 dev: /dev/dm-1 maj-min: 254:1
mapped: luks-f79a930f-07d4-4043-878d-b926518407cc
ID-2: swap-2 type: zram size: 31.27 GiB used: 0 KiB (0.0%) priority: 100
comp: zstd avail: lzo,lzo-rle,lz4,lz4hc,842 max-streams: 12 dev: /dev/zram0
Sensors:
System Temperatures: cpu: 39.0 C mobo: N/A
Fan Speeds (rpm): cpu: 1015
Info:
Memory: total: 32 GiB available: 31.27 GiB used: 4.44 GiB (14.2%)
Processes: 402 Power: uptime: 3h 0m states: freeze,mem,disk suspend: deep
avail: s2idle wakeups: 0 hibernate: platform avail: shutdown, reboot,
suspend, test_resume image: 12.46 GiB services: org_kde_powerdevil,
power-profiles-daemon, upowerd Init: systemd v: 256 default: graphical
tool: systemctl
Packages: pm: pacman pkgs: 2114 libs: 600
tools: gnome-software,octopi,paru Compilers: clang: 18.1.8 gcc: 14.1.1
Shell: garuda-inxi default: fish v: 3.7.1 running-in: konsole inxi: 3.3.35
Garuda (2.6.26-1):
System install date:     2024-07-08
Last full system update: 2024-07-09
Is partially upgraded:   No
Relevant software:       snapper NetworkManager dracut nvidia-dkms
Windows dual boot:       <superuser required>
Failed units:
1 Like

Any significant change to the system’s hardware or firmware (including a BIOS update) can trigger BitLocker to enter recovery mode. From there you would need to manually enter the Bitlocker key to gain access to the disk.

I guess that is more or less the point of TPM, so: fair enough.

LUKS encryption on Linux can be made to work with TPM in a similar way, but it is not the default. You would have to explicitly set it up to work like that. For the sake of your BIOS update, it’s something you don’t need to worry about.

Depending on the motherboard and the update process, there is always a chance you’ll run into little “gotchas”. For example, a couple years ago a Framework BIOS update wiped the EFI boot variables ([RESPONDED] Arch BIOS Update Guide - Linux - Framework Community). It was a very simple fix, but probably caused some panic for folks who were not expecting that.

In general though, these days a BIOS update is typically a fairly trivial process. Just follow the vendor’s instructions and be careful, and you should be fine.

6 Likes

Thanks!

Update: I updated the BIOS on the Dell t5810. All of the bios A12 and later for this machine will support the E5-2687w v4. No issues at all with encrypted disks, the grub loaded the OS normally after the bios update. Machine has 4x faster multithread geekbench6 after the CPU change. Now, a new GPU to follow!

3 Likes

Good for you, glad to hear that fixed things for you. So many people are resistant to updating their bios in Linux because it can be more complicated than the way it worked in Windows. So much troubleshooting effort is wasted on the forum trying to correct an issue that can can only be fixed by updating the bios.

Good on you for doing things properly and getting that bios updated.

2 Likes