firmware update on fwupdate version 10-3 not work on some AMI's firmwares

Bug #1785165 reported by Ivan Hu on 2018-08-03
24
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OEM Priority Project
Critical
Yuan-Chen Cheng
fwupdate (Ubuntu)
Undecided
Unassigned
Bionic
Medium
Mario Limonciello
fwupdate-signed (Ubuntu)
Undecided
Unassigned
Bionic
Medium
Mario Limonciello

Bug Description

[Rationale]
The commited patch, Handle ux capsule updates, https://github.com/rhboot/fwupdate/commit/2561423dd68622dcf8a7542709f332edb517d34e, change to calculate CapsuleBlockDesc Length = CapsuleHeader.CapsuleImageSize + HeaderSize, but on AMI BIOS image which is without capsule header. Fwudpate package on 18.04(version 10-3) included the "Handle ux capsule updates" causes those machine with AMI firmware cannot do firmware update.
The fixed patch have been committed, https://github.com/rhboot/fwupdate/commit/863db45c246acd2cbeff0b4e32d3a8312475ff6a and fix the incorrect cbd_length.

[Impact]
Machines with certain AMI firmware implementations cannot do firmware update.

[Test cases]
1. install ubuntu 18.04 on AMI's bios machine.
2. get the update firmware
3. See if this machine support firmware update,
   #sudo fwudpate -s
4. get the update GUID
   #sudo fwupdate -l
5. do firmeare update
   #sudo fwupdate -a GUID firmware.bin
6. reboot

Alternate test case:
1. Install update from LVFS with fwupd
2. Verify update works.

[Other info]
This is is very intentionally not a single patch backport. fwupdate identifies itself to fwupd by version. fwupd uses this information to determine when to offer updates based on fwupdate behavior.
If identified as fwupdate 10 many updates will not apply.
If identified as fwupdate 12 but only with a backport it's an unknown behavior and not safe.

The best thing to do is to backport fwupdate 12 fully.

[Regression potential]
Regressions would manifest in BIOS updates failing to apply.
This regression risk should be low for the following reasons:
1. This is a full backport of fwupdate 12. It doesn't take the risk of an unexpected set of code paths that lead to different failures.
2. fwupdate 12 has been released a long time and has been merged into fwupd 1.1.x. It's been verified by thousands of firmware upgrades already across many OEMs.

Ivan Hu (ivan.hu) wrote :

Attached the fixed patch

description: updated
Ivan Hu (ivan.hu) on 2018-08-03
description: updated

The attachment "0001-Let-s-see-if-this-works-with-that-number-smaller.patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags: added: patch
Mario Limonciello (superm1) wrote :

That patch alone shouldn't turn on ux capsule upgrades. Are you sure it's all that is needed?

In my opinion it would be better to jump up to fwupdate 12 rather than just the single bandaid.

Also AMI is the IBV used in some other OEM boxes with no problem. This must be specific to some implementation. You will probably want to specify which boxes need this for SRU verification.

Ivan Hu (ivan.hu) on 2018-08-03
summary: - firmware update on fwupdate version 10-3 not work on AMI's firmware
+ firmware update on fwupdate version 10-3 not work on some AMI's firmware
summary: - firmware update on fwupdate version 10-3 not work on some AMI's firmware
+ firmware update on fwupdate version 10-3 not work on some AMI's
+ firmwares
Ivan Hu (ivan.hu) wrote :

@Mario,
Actually I have built a test package 10-3.3 on my test PPA, https://launchpad.net/~ivan.hu/+archive/ubuntu/test.ppa, base on 10-3 and with the only fixed patch, and got confirmed that can fix the fwupdate issue from OEM. What other patches do you think we also need to SRU?

I also tested with Dell XPS machine which has no such issue originally, and it could do the firmware update successfully, not affected by this patch.

Ivan,

Well specifically I'm worried that
https://github.com/rhboot/fwupdate/commit/3480d52310fc3f2bc3f7df83f19e9868678e6563
is not included with this approach.

Also
https://github.com/rhboot/fwupdate/commit/9493b9b537bcff8eefb06c9fd5e3f686defea305
is missing then.

Those are all related, so if you want to have properly fixed ux capsule
support all should probably come together.

I just worry that backporting individual patches is fragile with fwupdate
as it papers over individual little fixes like this
https://github.com/rhboot/fwupdate/commit/2a0c680d8535162eb94f868d38fb1492463d7976
which it's hard to know if they're going to be related on any
implementation.

That's why I think it's generally safer to adopt a newer release to fix
your problem rather than just the single patch. I know that many users in
other distro have already tested version 12 and there haven't been any
errors reported. However the testing on 10 + this one patch is a lot
smaller.

On Fri, Aug 3, 2018, 01:50 Ivan Hu <email address hidden> wrote:

> @Mario,
> Actually I have built a test package 10-3.3 on my test PPA,
> https://launchpad.net/~ivan.hu/+archive/ubuntu/test.ppa, base on 10-3 and
> with the only fixed patch, and got confirmed that can fix the fwupdate
> issue from OEM. What other patches do you think we also need to SRU?
>
> I also tested with Dell XPS machine which has no such issue originally,
> and it could do the firmware update successfully, not affected by this
> patch.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1785165
>
> Title:
> firmware update on fwupdate version 10-3 not work on some AMI's
> firmwares
>
> To manage notifications about this bug go to:
>
> https://bugs.launchpad.net/ubuntu/+source/fwupdate/+bug/1785165/+subscriptions
>

Mario Limonciello (superm1) wrote :

One more dimension to add to this.

Fwupd supports a "requirements" option on firmware. This allows manufacturers to prohibit installation on particular software combinations. If firmware doesn't work properly on fwupdate 10 then the manufacturer should be setting the requirement on com.redhat.fwupdate to 11 or 12. This was discussed upstream recently due to some Lenovo failures with fwupdate 10.

If Ubuntu picks up a patch on 10 then that requirement won't be satisfied properly. So please bring back version 12 to Ubuntu rather than a single patch.

Ivan Hu (ivan.hu) wrote :

add debdiff,

Changed in fwupdate (Ubuntu):
status: New → Fix Released
Changed in fwupdate-signed (Ubuntu):
status: New → Fix Released
Changed in fwupdate (Ubuntu Bionic):
assignee: nobody → Mario Limonciello (superm1)
Changed in fwupdate-signed (Ubuntu Bionic):
assignee: nobody → Mario Limonciello (superm1)
Changed in fwupdate (Ubuntu Bionic):
importance: Undecided → Medium
Changed in fwupdate-signed (Ubuntu Bionic):
importance: Undecided → Medium
Mario Limonciello (superm1) wrote :

I've uploaded a backported fwupdate 12 into bionic queue for this issue resolution.

I've also updated description to reflect why fwupdate 12 and not just one patch (as also explain in comment #5 and comment #6).

description: updated
Changed in fwupdate-signed (Ubuntu Bionic):
status: New → In Progress
Changed in fwupdate (Ubuntu Bionic):
status: New → In Progress
Mario Limonciello (superm1) wrote :

@SRU Team,

Can this please be reviewed? It's 12-3bionic1

Hello Ivan, or anyone else affected,

Accepted fwupdate into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/fwupdate/12-3bionic1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in fwupdate (Ubuntu Bionic):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-bionic
Changed in fwupdate-signed (Ubuntu Bionic):
status: In Progress → Fix Committed
Brian Murray (brian-murray) wrote :

Hello Ivan, or anyone else affected,

Accepted fwupdate-signed into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/fwupdate-signed/1.19bionic1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Sudarsanan (sudarsan06) wrote :

Dear Brian,

As previously discussed over Capsule Update issue w.r.t the bug ID#1785165. We are unable to update Proposed Package given in below mail link on Ubuntu 18.04 and 18.10(cosmic).
I just downloaded the .rpm file from given link(https://launchpad.net/ubuntu/+source/fwupdate-
signed/1.19bionic1) and tried to install but got the error (Attached for your reference).

Can you please try to check from your side. If it get installed successfully, then please let us know the package installation steps in detail.

We will wait for your kind response

Thanks,
Sudarsan

@brian,

This SRU hasn't been released yet. Can you look?

On Tue, Jan 22, 2019 at 7:41 AM Sudarsanan <email address hidden>
wrote:

> Dear Brian,
>
> As previously discussed over Capsule Update issue w.r.t the bug
> ID#1785165. We are unable to update Proposed Package given in below mail
> link on Ubuntu 18.04 and 18.10(cosmic).
> I just downloaded the .rpm file from given link(
> https://launchpad.net/ubuntu/+source/fwupdate-
> signed/1.19bionic1
> <https://launchpad.net/ubuntu/+source/fwupdate-signed/1.19bionic1>) and
> tried to install but got the error (Attached for your reference).
>
> Can you please try to check from your side. If it get installed
> successfully, then please let us know the package installation steps in
> detail.
>
> We will wait for your kind response
>
> Thanks,
> Sudarsan
>
> ** Attachment added: "Error_Image"
>
> https://bugs.launchpad.net/ubuntu/+source/fwupdate/+bug/1785165/+attachment/5231464/+files/fwupd_pre_install_error.jpg
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1785165
>
> Title:
> firmware update on fwupdate version 10-3 not work on some AMI's
> firmwares
>
> To manage notifications about this bug go to:
>
> https://bugs.launchpad.net/ubuntu/+source/fwupdate/+bug/1785165/+subscriptions
>

--
Mario Limonciello
<email address hidden>

Mario Limonciello (superm1) wrote :

Ivan,
The sru released into proposed today. Can you or someone please test on an affected system ASAP?

Steve Langasek (vorlon) wrote :

The fwupdate package that was uploaded to -proposed does not output the correct artifacts to result in the population of <http://archive.ubuntu.com/ubuntu/dists/bionic-proposed/main/uefi/fwupdate-amd64/>. As a result, the fwupdate-signed package continues to pull in the old version at build time and ends up with a runtime dependency on that old version, which now makes it uninstallable in -proposed (and breaks bionic daily builds).

I've marked this v-failed and am removing both packages from -proposed.

tags: added: verification-failed verification-failed-bionic
removed: verification-needed verification-needed-bionic
Changed in fwupdate (Ubuntu Bionic):
status: Fix Committed → Triaged
Changed in fwupdate-signed (Ubuntu Bionic):
status: Fix Committed → Triaged
Steve Langasek (vorlon) wrote :

Removing packages from bionic-proposed:
 fwupdate 12-3bionic1 in bionic
  fwupdate 12-3bionic1 in bionic amd64
  fwupdate 12-3bionic1 in bionic arm64
  fwupdate 12-3bionic1 in bionic armhf
  fwupdate 12-3bionic1 in bionic i386
  fwupdate-amd64-signed-template 12-3bionic1 in bionic amd64
  fwupdate-arm64-signed-template 12-3bionic1 in bionic arm64
  fwupdate-armhf-signed-template 12-3bionic1 in bionic armhf
  fwupdate-i386-signed-template 12-3bionic1 in bionic i386
  libfwup-dev 12-3bionic1 in bionic amd64
  libfwup-dev 12-3bionic1 in bionic arm64
  libfwup-dev 12-3bionic1 in bionic armhf
  libfwup-dev 12-3bionic1 in bionic i386
  libfwup1 12-3bionic1 in bionic amd64
  libfwup1 12-3bionic1 in bionic arm64
  libfwup1 12-3bionic1 in bionic armhf
  libfwup1 12-3bionic1 in bionic i386
 fwupdate-signed 1.19bionic1 in bionic
  fwupdate-amd64-signed 1.19bionic1+10-3 in bionic amd64
  fwupdate-arm64-signed 1.19bionic1+10-3 in bionic arm64
  fwupdate-armhf-signed 1.19bionic1+10-3 in bionic armhf
  fwupdate-i386-signed 1.19bionic1+10-3 in bionic i386
  fwupdate-signed 1.19bionic1+10-3 in bionic amd64
  fwupdate-signed 1.19bionic1+10-3 in bionic arm64
  fwupdate-signed 1.19bionic1+10-3 in bionic armhf
  fwupdate-signed 1.19bionic1+10-3 in bionic i386
Comment: Verification-failed; LP: #1785165
2 packages successfully removed.

Mario Limonciello (superm1) wrote :

The mistake here was that in newer Ubuntu the signed package isn't made anymore.
So I've restored that code and test built to make sure uefi archive created.
The upload was redone a few days ago. Can it be checked again?

Hello Ivan, or anyone else affected,

Accepted fwupdate into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/fwupdate/12-3bionic2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in fwupdate (Ubuntu Bionic):
status: Triaged → Fix Committed
tags: added: verification-needed verification-needed-bionic
removed: verification-failed verification-failed-bionic
Changed in fwupdate-signed (Ubuntu Bionic):
status: Triaged → Fix Committed
Timo Aaltonen (tjaalton) wrote :

Hello Ivan, or anyone else affected,

Accepted fwupdate-signed into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/fwupdate-signed/1.19bionic2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in oem-priority:
status: New → Confirmed
importance: Undecided → Critical
Ivan Hu (ivan.hu) wrote :

It seems the proposed release packages still be pending,

amd64 - Pending publication
arm64 - Pending publication
armhf - Pending publication
i386 - Pending publication
https://launchpad.net/ubuntu/+source/fwupdate

Manfred Hampl (m-hampl) wrote :

https://launchpad.net/ubuntu/+source/fwupdate/12-3bionic2/+build/16466858 says

"Binary packages awaiting approval in UNAPPROVED queue:"

What kind of approval (and by whom) do these packages need to be published?

They seem to be in this status already for four days.

Changed in oem-priority:
assignee: nobody → Yuan-Chen Cheng (ycheng-twn)
Ivan Hu (ivan.hu) wrote :

Got confirmed from AMI Taipei team. This version fixes the Capsule issue on AMI's firmware.

tags: added: verification-done verification-done-bionic
removed: verification-needed verification-needed-bionic
Changed in oem-priority:
status: Confirmed → Fix Committed
Brian Murray (brian-murray) wrote :

Ivan - could you please provide more details of the testing done and the package versions used? Comment #22 isn't enough for me to release the package update.

Changed in fwupdate (Ubuntu Bionic):
status: Fix Committed → Incomplete
Ivan Hu (ivan.hu) wrote :

Here are testing procedures,

1. Install Ubuntu 18.04 and connect to internet

2. Perform Firmware Update, base on 10-3 (expeted fail due to capsule header issue)
$sudo fwupdate -a {guid} 1AUOK.bin
$sudo efibootmgr (check boot entry, next boot is create or not)
$sudo reboot
It failed to do firmware update.

3. Setting software for proposed version
Software & updates -> select Download from "Main server"
Software & updates -> check "Source code"
Software & updates -> Developer option -> Pre-released updates

4. update fwupdate to version 12-3
$sudo apt update
$sudo apt install fwupdate (make sure fwupdate update to 12)

5. Get firmware update GUID
$sudo fwupdate -l --find the guid for firmware update

6. Perform Firmware Update
$sudo fwupdate -a {guid} 1AUOK.bin
$sudo efibootmgr (check boot entry, next boot is create or not)
$sudo reboot

Confirmed firmware is successful updated by fwupdate 12-3 packages.

Yuan-Chen Cheng (ycheng-twn) wrote :

set back to fix committed based on #24.

@Brian, please kindly review again.

Changed in fwupdate (Ubuntu Bionic):
status: Incomplete → Fix Committed
Łukasz Zemczak (sil2100) wrote :

Excellent, thank you!

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package fwupdate - 12-3bionic2

---------------
fwupdate (12-3bionic2) bionic; urgency=medium

  * Backport to Ubuntu 18.04
    - Fixes BIOS update on some AMI BIOS where the capsule descriptor length
      is not properly calculated (LP: #1785165)
  * Drop signed template packages, only used in Debian.
  * Re-enable the signed archive used in Ubuntu 18.04.

 -- Mario Limonciello <email address hidden> Tue, 05 Feb 2019 13:59:48 -0600

Changed in fwupdate (Ubuntu Bionic):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for fwupdate has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package fwupdate-signed - 1.19bionic2

---------------
fwupdate-signed (1.19bionic2) bionic; urgency=medium

  * Build-depend on fwupdate 12-3bionic2 (LP: #1785165)

 -- Mario Limonciello <email address hidden> Tue, 05 Feb 2019 14:01:10 -0600

Changed in fwupdate-signed (Ubuntu Bionic):
status: Fix Committed → Fix Released
Changed in oem-priority:
status: Fix Committed → Fix Released
description: updated
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Related questions