top of page
churchcomputers logo with text extra small.png

Your PC Might Urgently Need a BIOS Update!

TDLR: The article emphasizes the importance of updating your computer's BIOS, explaining its role in the boot process and how Secure Boot protects against unauthorized access and corrupted files. It clarifies key terms such as firmware and provides insight into the importance of maintaining BIOS security for overall computer performance. 


  • What is a BIOS? 

  • Why you need a BIOS update 

  • Tips for updating your BIOS 

  • Getting the right computer for your church


BIOS update” is among the few terms and concepts that can easily cause the typical computer user to skip over, ignore, or otherwise not engage with them because they are perceived as too confusing or unimportant. 


But as we’ll explain here, that is very important to your computer use experience, and it can be explained in a way that is quite understandable. 


And most importantly, many computer users may need to update their BIOS in the coming weeks and months for a specific reason we’ll explain below.


What is a BIOS?

Before we dive into the importance of your computer’s BIOS update, we should explain what BIOS actually is. That not-very-helpful name is an acronym for Basic Input Output System—clear as mud, right? Essentially, the BIOS is what your computer uses when it first powers on to figure out what it’s supposed to do and where to get further instructions to do it. 


On its own, that doesn’t sound very interesting until you understand that anything that compromises the security or integrity of that system can either completely bypass your computer’s security or cause the computer not to function at all. And that sounds a lot more ‘interesting’ and important!


When your PC is powered on, it knows absolutely nothing except one address where it is supposed to go to load the BIOS (the instruction software), which contains the instructions for how the system can use and connect to all of its built-in components and the outside world (through displays, keyboards, and mice, the network, etc.). This happens before any part of the operating system (Windows in this case) or any security software that you have added is loaded. 


Because of this, computer makers realized many years ago that a better system needed to be implemented to ensure the safety and security of the computer boot process, so they created a standard called Secure Boot which defines a very specific method of ensuring that the BIOS which is loaded has not be altered in any way by a malicious actor who is attempting to gain unauthorized access to your computer, and this also helps by preventing BIOS update files that were corrupted during download from being installed as well. So this Secure Boot system helps ensure the security of the files that are used to start up a computer. 


[Note: Secure Boot is part of the UEFI standard, which has replaced older, traditional BIOS systems, but in common vernacular, the term BIOS is often used colloquially to describe any firmware system that boots a computer. So while we understand that it's technically incorrect to use the term BIOS, we will perpetuate that inconsistency here for the sake of simplicity.]


Is a BIOS update enough? Now is a smart time to equip your ministry with a new computer.

For the Computer Nerds

The BIOS is often referred to as Firmware, which can be a confusing term, so here is how you can think of the differences between these common terms:


Hardware:

A physical device that can have actions permanently ‘built into it’ or store instructions that are provided externally. In most cases, hardware chips take input and always process it in a specific way before sending it somewhere as output. There are also a few types of hardware memory chips—such as RAM, which stores information only as long as power is applied, and EPROMs, which can be erased and overwritten but retain their contents with no power applied—that are used to store information in computer systems. These are still considered ‘hardware’. Memory hardware is initially a blank slate that can store software instructions rather than have functions permanently encoded into the chip's structure.


Firmware:

This term refers to software stored in a computer's EPROM chip or other storage device that retains its contents even when the computer is powered off. It is called ‘firmware’ because it can be updated rather than permanently etched into a chip's structure, but it is not stored in a way that is easily changed. So instead of being ‘hard’ encoded or completely ‘soft’ (as in ‘easily changed’), it is called ‘firmware’—which is somewhere in the middle. Nearly every complex electronic device uses some form of firmware to tell the hardware what to do when powered on.


Software:

This refers to operating systems, applications, and other programs that run while the computer is powered on, but are lost and need to be reloaded after a reboot. Software is what an operator uses to perform useful actions on a computer, while the computer hardware primarily uses Firmware to configure itself for use.


How Does Secure Boot Protect the BIOS?

One of the key ways Secure Boot protects the BIOS boot process is through digital signatures. Just as your own handwritten signature or fingerprints can be used to identify you, a digital signature uniquely and positively identifies a computer file. 

They consist of a standardized system of files that are extremely unique and can be traced to a verified source. The exact details of how they work are far too complex for the scope of this article, but they don’t need to be fully explained to understand the basics of what they are and how they operate. 


At its most basic level, a digital signature is a file that functions like an old-fashioned ‘decoder ring’ for encoding or decoding a secret message. In fact, one of the key terms used in digital signatures is ‘secret key’! Through the use of secret—or private—keys that only the end users keep to themselves, and a ‘public’ key that can be freely shared anywhere, a file can be verified to be exactly the way that it was originally constructed and transmitted. 


So Secure Boot uses a digital signature to evaluate and validate good update files, and to block any BIOS update whose signature does not exactly match or cannot be validated. As with other technologies, digital signatures are constantly evolving through different techniques and formats, so, in addition to protecting files like the BIOS, they are structured and used in many different ways. 


An important aspect of digital signatures is that they can expire, which brings us back to the original topic of this article, BIOS updates.


Why You Need a BIOS Update

Way back when Secure Boot was first implemented in Windows computers (around 2011), the files were signed with a Microsoft digital signature that expires in June of 2026. While this expiration will not cause computers using those BIOS and driver files signed by the old signature to stop working completely, it will create a situation where the latest security updates for those important files may not be able to be verified and installed. The long-term effect of this will be that systems using outdated BIOS and driver files will very likely become vulnerable to future threats and attacks. That is a situation that no one wants to have happen to their system.


The good news is that Microsoft and computer manufacturers have been working on this problem for some time and have been releasing updates that install a more recent digital signature from 2023. In fact, your system may already be using the updated signature if it was built in the past couple of years or if you regularly install updates for Windows and/or your computer’s BIOS. 


But if you typically avoid installing updates, or your computer is older and never connected to the internet, it can’t detect those updates or download and install them. It may be vulnerable and need to be updated right away. 


BIOS Updating Tips

Here are some helpful tips to keep in mind when installing updates to ensure that they go well:


  1. Make sure that you have a stable power supply while the updates are being installed. For desktop computers, this usually means you are using a UPS (uninterruptible power supply), or at least you are not installing updates during periods when your power is likely to go out unexpectedly (such as during high winds or storms). For laptop users, make sure your battery is fully charged before beginning the update process.

  2. Ensure you have a stable internet connection to download the update files reliably. Incomplete or corrupted files will typically be detected and not installed, but it is still worth paying attention to.

  3. Only download update files from Microsoft or your computer maker’s official site. This is usually an automatic process, so it's not often an issue, but don’t just Google search for ‘BIOS updates’ and download them from anywhere you find them. 

  4. Don’t interrupt the process! A BIOS update can take much longer than you anticipate, so please be patient and let it complete its full process without manually stopping it or turning off the system. You will want to run updates only when you have sufficient time for this process to complete. This could take as little as a few minutes to as long as an hour or more (in some rare cases). 


Interrupting the power or manually stopping an update in progress can sometimes be recovered from after the system reboots. Still, in many cases, this will cause sufficient damage to the file to make your system unusable without expert repair. So don’t be too afraid to install the updates, but do take these steps seriously, and you should be fine. 


Purpose-Built Computers for Churches

Purpose-Built Computers for Churches Make All the Difference

We always recommend keeping your computers up to date with operating system and software updates so you can take advantage of new features and fixes, but we also know that can be a hassle or a concern for some users. 


Not every computer is built with ministry in mind. Whether it’s running worship presentation software, managing livestreams, or handling everyday administrative work, the right hardware can be the difference between smooth Sundays and frustrating distractions. That’s why more ministries are turning to purpose-built computers for churches. 


This situation is serious enough to underscore the importance of ensuring your system is not vulnerable to security threats, so we have created this article to highlight the issue and ensure our user community is well-informed and aware. We hope that you find this information useful! 


Additional resources:



Comments

bottom of page