Update focal fwupd to 1.3.11 point release

I've uploaded 1.3.10 fwupd to proposed but haven't uploaded fwupd-signed yet since there is a security vulnerability upload being sorted out right now (LP: #1883545). Once that's out of proposed I'll upload fwupd-signed here as well.

Status changed to 'Confirmed' because the bug affects multiple users.

The security issue was sorted in LP: #1883595, so I've uploaded fwupd-signed as well.

FYI I've adjusted this bug to 1.3.11 because two more high priority issues were identified and fixed and a new point release was spun to include these. They were related to a TPM PCR0 calculation error and an error encountered updating non-TBT Dell docks.
Given the 1.3.10 was not yet accepted into focal proposed, I feel it's better to include both of those fixes at the same time.

So ~ubuntu-sru or ~ubuntu-archive team member that reviews this, please reject fwupd 1.3.10 from unapproved queue and instead please take 1.3.11~focal1.

Status:
 fwupd | 1.3.10-1 | groovy | source, amd64, arm64, armhf, ppc64el, riscv64, s390x
 fwupd | 1.3.11-1 | groovy-proposed | source, ppc64el, riscv64, s390x

#6:
Yes, groovy is waiting for someone in ~ubuntu-archive to accept for UEFI signing.
focal is waiting in unapproved queue at the moment (https://launchpad.net/ubuntu/focal/+queue?queue_state=1&queue_text=)

Hello Mario, or anyone else affected,

Accepted fwupd into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/fwupd/1.3.11-1~focal1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello Mario, or anyone else affected,

Accepted fwupd-signed into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/fwupd-signed/1.27.1ubuntu2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

@brian murray:

Can you please release them to fwupd-signed can finish building? UEFI archives need to be signed.

It still hasn't published to be tested, setting verification-failed-focal tag.

Hey Mario! So I found the signed bits and approved them from Unapproved. Should we switch the tag back to verification-needed?

I tested reinstalling uefi firmware on my SUT.

$ fwupdmgr --version
client version: 1.3.11
compile-time dependency versions
        gusb: 0.3.4
        efivar: 37
daemon version: 1.3.11
$ sudo fwupdmgr reinstall
Choose a device:
0. Cancel
1. 008789c06313b7d4f0b633201febd50d9e1eba67 (Package level of Dell dock)
2. dbe8848490bf5e095a25b43d554dfe7eeebdbd82 (RTS5413 in Dell dock)
3. 537d091d8c75b154e773b245775927230ba23807 (RTS5487 in Dell dock)
4. c2f90c79db3fc6ff9b1dac0038deb519650a3660 (VMM5331 in Dell dock)
5. 6f5d391ae5ab8a40cb3544fa4020b66af0ee437a (WD19)
6. b6c08fb9e5384d9d101853cc1ca20cf0ce2df2e2 (System Firmware)
6
XPS 13 7390 must remain plugged into a power source for the duration of the update to avoid damage. Continue with update? [Y|n]: y
Downloading 1.5.1 for System Firmware...
Fetching firmware https://fwupd.org/downloads/21d4d04eedcc6d827af0787b2b667318e5b06aed0848b69a15873beb88ffda81-7390%20System%20BIOS_Ver.1.5.1.cab
Downloading… [***************************************]
Decompressing… [***************************************]
Authenticating… [***************************************]
Installing on System Firmware…\ ]
Scheduling… [***************************************]
Successfully installed firmware

An update requires a reboot to complete. Restart now? [y|N]: y
$ fwupdmgr get-results
Choose a device:
0. Cancel
1. f78dd6bb609522e31f1ff2ff819827108606d18a (Thunderbolt Controller)
2. 008789c06313b7d4f0b633201febd50d9e1eba67 (Package level of Dell dock)
3. dbe8848490bf5e095a25b43d554dfe7eeebdbd82 (RTS5413 in Dell dock)
4. 537d091d8c75b154e773b245775927230ba23807 (RTS5487 in Dell dock)
5. c2f90c79db3fc6ff9b1dac0038deb519650a3660 (VMM5331 in Dell dock)
6. 6f5d391ae5ab8a40cb3544fa4020b66af0ee437a (WD19)
7. 58bd405f31c48e6eca290b425f530a94c91e955c (Event Log)
8. c6a0cfba7c7d81e253fce571e1d1e9f6003ae1c7 (PC601 NVMe SK hynix 512GB)
9. b6c08fb9e5384d9d101853cc1ca20cf0ce2df2e2 (System Firmware)
10. c6a80ac3a22083423992a3cb15018989f37834d6 (TPM 2.0)
11. b26933c085b020ecf84c490812458523aee710ac (Touchpad)
12. bbbf1ce3d1cf15550c3760b354592040292415bb (UHD Graphics)
9
System Firmware:
  Device ID: b6c08fb9e5384d9d101853cc1ca20cf0ce2df2e2
  Previous version: 1.5.1
  Update State: success
  Last modified: 2020-07-02 13:27
  GUID: cbe49cca-492b-93e8-b0f4-f693501f271b
  Device Flags: • Internal device
                         • Updatable
                         • Requires AC power
                         • Needs a reboot after installation
                         • Cryptographic hash verification is available
                         • Device is usable for the duration of the update

I got a Precision-3541 that's running bios 1.5.1, and it have new bios 1.9.1

I install fwupd and fwupd-signed package from proposed channel with the following version

ii fwupd 1.3.11-1~focal1 amd64 Firmware update daemon
ii fwupd-signed 1.27.1ubuntu2+1.3.11-1~focal1 amd64 Linux Firmware Updater EFI signed binary

I click the button in "Updates" tab of "Ubuntu Software" app, and reboot. The bios is correctly upgrade from 1.5.1 to 1.9.1.

I config in fwupdmgr get-devies that the bios does upgraded.

├─System Firmware:
│ Device ID: 4a73cf8d37b14dd37091e22ef71007223fb9aa67
│ Current version: 1.9.1
│ Minimum Version: 1.9.1
│ Vendor: Dell Inc. (DMI:Dell Inc.)
│ GUID: 0eecff0c-95b8-4ade-9717-8f4f3edc9e09
│ Device Flags: • Internal device
│ • Updatable
│ • Requires AC power
│ • Supported on remote server
│ • Needs a reboot after installation
│ • Cryptographic hash verification is available
│ • Device is usable for the duration of the update

Given so, the verification is passed.

This bug was fixed in the package fwupd - 1.3.11-1~focal1

---------------
fwupd (1.3.11-1~focal1) focal; urgency=medium

  * New upstream stable release: (LP: #1883568)
    - Actually reload the DFU device after upgrade has completed
    - Capture the dock SKU in report metadata
    - Correctly set the Logitech device protocol
    - Do not use shim for non-secure boot configurations
    - Ensure that the DeviceID is set for child devices
    - Fix an error when detaching MSP430
    - Fix the DeviceID set by GetDetails
    - Force the prometheus minor version from 0x02 to 0x01 to fix updates
    - Parse the CSR firmware as a DFU file
    - Prevent dell-dock updates to occur via synaptics-mst plugin
    - Rather than hardcoding thunderbolt to PCI slot numbers, use domain in GUID
    - Remove a dock device from the whitelist that is never going to be updated
    - Validate that gpgme_op_verify_result() returned at least one signature
    - Wait for the cxaudio device to reboot after writing firmware
    - Add more module types for the Dell dock
    - Fix the TPM PCR0 calculation
    - Check for free space after cleaning up ESP
  * Drop following patches, now incorporated upstream:
    - Thunderbolt: create correct GUID for dual controller devices
    - CSR: Fix parsing
    - Motd: Fix refresh target to be network.target
    - Logitech: Fix error in logs on unsigned devices and set protocol for
      signed devices properly.
    - Fix a FTBFS on empty /etc/machine-id in some buildd environments.
    - CVE-2020-10759

 -- Mario Limonciello <email address hidden> Thu, 18 Jun 2020 11:04:18 -0500

The verification of the Stable Release Update for fwupd has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

This bug was fixed in the package fwupd-signed - 1.27.1ubuntu2

---------------
fwupd-signed (1.27.1ubuntu2) focal; urgency=medium

  * Build depend on fwupd version 1.3.11-1~focal1 (LP: #1883568)

 -- Mario Limonciello <email address hidden> Thu, 18 Jun 2020 11:18:16 -0500