New BIOS Firmware for ThinkPad P1 G1 1.27

If you’re still running ThinkPad P1 Gen 1 (Type 20MD, 20ME) like me, there is an exciting news, at least to me. Lenovo just released a new BIOS/UEFI firmware updated at version 1.27 on Mar 20, 2020.

Changes in this releases:

CHANGES IN THIS RELEASE
  Version 1.27

[Important updates]
- Addresses CVE-2019-0185 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0185)
   Refer to Lenovo's Security Advisory page for additionalinformation about
   LEN-27714 "Multi-vendor BIOS Security Vulnerabilities".
   (https://support.lenovo.com/us/en/product_security/LEN-27714)
- Security fix addresses LEN-29406 "ST Microelectronics TPM Firmware ECDSA
   Signature Generation Vulnerability". 
   Refer to Lenovo's Security Advisory page for additionalinformation.
   (https://support.lenovo.com/us/en/solutions/LEN-29406)
- Addresses CVE-2019-14607 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14607)

[New functions or enhancements]
- Updated the CPU microcode.
- Supported BIOS password authentication before entering into MEBx.

[Problem fixes]
- Nothing.

On a Fedora (31/32) laptop, to update the firmware is very easy nowaday. Here are the 2 commands to run:

# fwupdmgr refresh
# fwupdmgr update

Here is the output when I ran those 2 above command:

# fwupmgr refresh
Firmware metadata last refresh: 13 minutes ago. Use --force to refresh again.
[root@benjo ~]# fwupdmgr update
• Thunderbolt Controller has the latest available firmware version
• INTEL SSDPEKKF512G8L has no available firmware updates
Upgrade available for System Firmware from 0.1.25 to 0.1.27
20MDCTO1WW must remain plugged into a power source for the duration of the update to avoid damage. Continue with update? [Y|n]: 
Downloading 0.1.27 for System Firmware...
Fetching firmware https://fwupd.org/downloads/35e456cf667db3a5248101b3e3ce5889fa32b3c4cae18bb782401a47f0ed6567-Lenovo-ThinkPad-P1X1Extreme-SystemFirmware-0.1.27.cab
Downloading…             [***************************************] Less than one minute remaining…g…
Decompressing…           [***************************************]
Authenticating…          [***************************************]
Updating System Firmware…[    \                                  ]
Scheduling…              [***************************************]
Successfully installed firmware
• UEFI Device Firmware has the latest available firmware version
• UEFI Device Firmware has the latest available firmware version

An update requires a reboot to complete. Restart now? [y|N]: y

Reboot the machine, and it’s done. Please note that, this is firmware can also be installed on ThinkPad X1 Extreme Gen 1.

ReferencesS:

• BIOS Update (Utility & Bootable CD) for Windows 10 (64-bit) and Linux - ThinkPad P1, X1 Extreme
• ReadMe for 1.27 BIOS