XPS 17 9720 - Dell trusted device bios verificaton stopped working after last bios upgrade

Some extra information is that I learned about the update via service center, but it failed to download it for some reason, so I manually downloaded it to a USB drive and installed.via the f12 boot option.

Thank you!

backup and prepare a USB stick with windows to reinstall 

Thanks for the answer!

I would like to know if there is any chance my bios could be infected. It will take me a few weeks of work to reinstall my system, so I would like to avoid having to do it more than once.

There were some indicators of attack reported by trusted device after applying previous bios update 1.26.0 if I'm not mistaken (allow bios downgrade, allow capsule bios updates), and checking the forum here I got the impression these warnings didn't necessarily mean my bios got compromised, but rather that those settings represented a risk, but they could have been set like that before, although it wasn't me for sure because nobody else has had access to this computer.

I have checked the signatures of all executables in my EFI partition and all signature verifications were successful,

so if my secure boot is reported to be working successfully and the malware is not caught by my antivirus, could this mean my bios is compromised?

Was the firmware download from a Dell site, or from elsewhere?

The release date for that firmware is November 12, 2024 -- not September 26.

https://www.dell.com/support/home/en-us/product-support/product/xps-17-9720-laptop/drivers

Yes, I downloaded it from that link, and on a different device in case the xps was compromised. The date on the file effectively was 12th of November, but the date reported on the system properties is 26th of Seprember. I assumed the 26th of September is probably the build date of the firmware before QA tests and the 12th of November is the release date, but I could be wrong.

The issue is 6.4 does not support a lot of functions compared to 6.3 as seen here:

https://www.dell.com/support/home/en-us/product-support/product/trusted-device/docs

Look at the Installation and Administrator Guide v6.4 starting with page 7 which shows what platforms each function supports.

It supports the XPS NB 9720 but not the XPS 17 9720

There is only one XPS 17 9720. NB is an error in the PDF. They are all "generally" classified as NB (notebook) Laptops.

@DELL-Chris M​, exactly.Version 6.4 was working (acceptably) well before I applied firmware 1.28.0

Very often it failed to connect to dell servers to check the bios signature, even with full Internet access, but when it managed to connect bios verification was successful.

My suspicion was that the web shield of my antivirus, which acts as a man in the middle between my applications and certified servers, in order to be able to scan urls, was hijacking the connections, which the Web browser allows, was causing Trusted device to fail to establish a secure connection to dell servers I'd they didn't recognise the certificate presented by the antivirus during the test handshake.

The bios verification intermitently worked, and I suspect this happened when trusted device tried to check the bios signature before the antivirus webshield activated, but it's hard to be sure since as a user there is no way to know when exactly is trusted device trying to contact dell servers, since the check is done automatically by Tristed Device and there is no way the iser can influence this afaik.

But after version 1.28.0 it seems it manages to connect to dell servers (or a site impersonating dell servers), and the server responds that the firmware version is not supported.

I have not seen many issues with UEFI updates. My latest 13th gen laptop lasts longer on battery so I like it.

This is why I suggest a clean install of 24h2 

If the bios is compromised, I first need to clean it up. Otherwise it will taint any clean install I do, and I have around 7 TB of data in the machine, most of which can only be installed from a client that downloads it from a slow server, so I think it's better to first confirm the behavior of Trusted Device is expected and not the consequence of a bios attack. There are a lot of new threats, and the issues the latest bios is supposed to address aren't in dell's public bug tracker, which makes me suspect they could be serious.

@DELL-Chris M​ - I figured as such but hopefully it's correct in Dell Trusted Device itself as while I do not have a XPS 17, on my XPS 15 9570 which seems to only support a minimal amount of functions in Dell Trusted Device v6.4, v6.3 appears to be fine but v6.4 complains literally about everything as seen here, the BIOS and ME basically the first 3 items are what I am concerned about and I am using v1.27.0 of the firmware which I have just downloaded directly from Dell and the BIOS contains the ME firmware:

:

I have a XPS 15 9570 in a pile of machines. Had to do a lotas of restoration to get it back to life, New keyboard, fans and even a new WiFi card.