Skip to content

Instantly share code, notes, and snippets.

@n3ddu8

n3ddu8/ms-surface-downgrade-fw.md

Last active November 23, 2024 17:58
Show Gist options
  • Save n3ddu8/59b47727fce722a469b0ca87e668c22e to your computer and use it in GitHub Desktop.
Save n3ddu8/59b47727fce722a469b0ca87e668c22e to your computer and use it in GitHub Desktop.
Download ZIP
Downgrade firmware on Microsoft Surface Devices
Raw
ms-surface-downgrade-fw.md

Downgrade firmware on Microsoft Surface Devices

Contents
  1. Prerequisites
  2. Device Table
  3. Instructions
  4. Contributing
  5. Acknowledgments

Around June 2023, Microsoft shipped a firmware update which caused freezing when booting into certain Linux distributions, such as Fedora. You can read more about this here, but the TLDR of it is: the firmware adds a security feature known as NX mode, which the Linux Kernel is not yet fully compatible with. Although applications can set a flag to indicate they aren't compatible with NX mode, Microsoft ignores this.

Until distributions such as Fedora are fully compatible with NX mode, the workaround to continue using Linux on our Microsoft Surface Device is to downgrade the firmware, which can be done using a Linux live CD and the Ventoy imaging utility. For the purposes of this guide we are using the Fedora Workstation Live image.

Prerequisites

  1. A USB stick with at least 8GB capacity.
  2. A copy of the Ventoy imaging utiltiy.
  3. A copy of the latest Fedora Workstation Live ISO image for Intel and AMD x86_64 systems.
    • You can just copy the ISO file to the USB stick, once it's been imaged with Ventoy.

(back to top)

Process

Device Table

    Device Table

    linux surface supported devices link to firmware firmware version tested
    Surface Book
    Surface Book 2 Download 392.178.768.0
    Surface Book 3
    Surface 3
    Surface Go
    Surface Go 2
    Surface Go 3 Download 9.103.143.0
    Surface Laptop
    Surface Laptop 2
    Surface Laptop 3
    Surface Laptop 4
    Surface Laptop 5
    Surface Laptop Go
    Surface Laptop Go 2
    Surface Laptop Studio
    Surface Pro 1
    Surface Pro 3
    Surface Pro 4
    Surface Pro 5 Download 238.167.768.0
    Surface Pro 6 Download 238.167.768.0
    Surface Pro 7
    Surface Pro 7+
    Surface Pro 8
    Surface Pro 9
    Surface Studio

    (back to top)

Instructions

  1. Boot into a Fedora Workstation Live image using Grub2 mode, make sure you are connected to either WiFi or using an ethernet cable.
  2. Run:
lsblk -f
  1. Identify paritions with "vfat" files systems on the Surface device.
  2. If there is more then one, run
sudo fdisk -l
  1. Identify the one that is >100MB but <500MB, for example nvme01p1.
  2. Run:
sudo mkdir -p /boot/EFI
  1. Run the following command, replacing <vfat-partition> with the the partition you identifed in steps 2 or 4.
sudo mount /dev/<vfat-partition> /boot/EFI`
  1. Verifiy by running the following command, there should be either an EFI or Microsoft directory.
ls /boot/EFI
  1. Run:
git clone https://github.com/linux-surface/surface-uefi-firmware.git
  1. Check the Device Table for your device, and click "Download".
  2. Move the cab file you just downloaded to the surface-uefi-firmware directory created in step 9.
  3. Run:
sudo dnf install msitools gcab dos2unix
  1. Navigate to the surface-uefi-firmware directory you created in step 7, then run the folloiwng command, replacing <cab-file> with the name of the file you downloaded in step 10, and <device-firmware> with the firmware for your device, found in the Device Table.
./repack.sh -f <cab-file> -o <device-firmware>/out
  1. Navigate into the sub-directory created in the last step, this will be:
cd <device-firmware>/out
  1. Run ls to verify you see a tmp.XXX file.
  2. Run the following command, replacing OnlyTrusted=true with OnlyTrusted=false, or just add it if the former line is missing.
sudo nano /etc/fwupd/fwupd.conf
  1. Run the following command, replacing tmp.XXX with the file name created in step 13:
sudo fwupdmgr install --allow-older --allow-reinstall --force tmp.XXX
  1. Reboot your device, you should see a Surface logo and a blue progress bar.
  2. DO NOT BOOT BACK INTO WINDOWS, there is a chance your devices firmware will be upgraded.
  3. You should now be able to use your Ventoy stick to install Fedora, this time choosing Normal mode.

(back to top)

Contributing

Contributions are what make the open source community such an amazing place to learn, inspire, and create. This is a living document and any contributions you can make are greatly appreciated. Just pop a comment below.

I'd be particularly interested in the anyones experiences with one of the untested devices (see Device Table), did it work, did it not work, did you have to do anything different from the existing instructions?

(back to top)

Acknowledgments

(back to top)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment