A data processing system may comprise a primary basic input/output system (BIOS) image in a primary BIOS region and a rollback BIOS image in a rollback BIOS region. In one example method for upgrading the BIOS, the data processing system may establish a measured launch environment (MLE). In response to a BIOS update request, the data processing system may replace the primary BIOS image with a new BIOS image while running the MLE. After a reset operation, the data processing system may automatically boot to the rollback BIOS image and may use the rollback BIOS to automatically determine whether the new BIOS image is authentic. In response to a determination that the new BIOS image is authentic, the data processing system may copy the new BIOS image from the primary BIOS region to the rollback BIOS region. Other embodiments are described and claimed.