News

Microsoft Floats New Approach for Updating Drivers and Firmware in Windows Systems

Microsoft on Wednesday described its Component Firmware Update (CFU) effort, which is a new open source protocol that Windows developers can leverage to keep their drivers and firmware properly updated.

The CFU protocol is an open source project housed at the GitHub repository, providing driver and firmware code samples for testing. It's the sort of thing that independent hardware vendors and original equipment manufacturers might use for Windows systems.

The CFU protocol follows a model that's designed to better assure that firmware in a Windows system will only accept updates that are appropriate for it. The protocol is capable of sorting out the proper order of updates, for instance. All of the updates arrive via the Windows Update software delivery system, but the target component controls whether to apply the update or not. Microsoft created the CFU protocol with the objective that these firmware and driver updates will cause "little or no user disruption."

By "components," Microsoft's announcement appears to be referring to computer chips. The announcement also refers to "subcomponents," which can be things like keyboards and mice (see chart).

[Click on image for larger view.] Software vendors create firmware updates for delivery via the Windows Update service, which can then get managed using Microsoft's Component Firmware Update mechanism. (Source: Oct. 17, 2018 Windows blog)

Some so-called "third-party" software developers will produce drivers that are component-specific, and their updates arrive using their own protocols. However, with CFU, there only needs to be one component in a Windows system that's CFU-compatible to get its management benefits. This CFU-compatible component will grab the third-party vendor's software driver and will deliver it to the vendor's component using that software vendor's protocol.

Not everything gets handled by the CFU protocol. If a system gets bricked, then it can't use CFU, and there's no recovery mechanism. There's also no authentication, encryption or rollback capabilities offered by the CFU protocol. In addition, the CFU approach requires extra memory "to store the incoming images."

In other words, it's not clear if this new mechanism will be able to avoid problems that were seen earlier this month with the Windows 10 October 2018 Update. For instance, Intel drivers caused a loss of sound, while HP keyboard drivers caused blue screen problems for some users.

The main advantage of the new approach seems to be that the CFU protocol can help Windows systems better sort out which driver or firmware updates to use. It can delay an update in order to install updates in the proper sequence, for instance.

Microsoft's announcement didn't clarify whether CFU will be the approach adopted for all Windows systems. Apparently, CFU is just at the testing stage right now.