firmware update on fwupdate version 10-3 not work on some AMI's firmwares

Bug #1785165 reported by Ivan Hu on 2018-08-03
20
This bug affects 1 person
Affects Status Importance Assigned to Milestone
fwupdate (Ubuntu)
Undecided
Unassigned
Bionic
Medium
Mario Limonciello
fwupdate-signed (Ubuntu)
Undecided
Unassigned
Bionic
Medium
Mario Limonciello

Bug Description

[Rationale]
The commited patch, Handle ux capsule updates, https://github.com/rhboot/fwupdate/commit/2561423dd68622dcf8a7542709f332edb517d34e, change to calculate CapsuleBlockDesc Length = CapsuleHeader.CapsuleImageSize + HeaderSize, but on AMI BIOS image which is without capsule header. Fwudpate package on 18.04(version 10-3) included the "Handle ux capsule updates" causes those machine with AMI firmware cannot do firmware update.
The fixed patch have been committed, https://github.com/rhboot/fwupdate/commit/863db45c246acd2cbeff0b4e32d3a8312475ff6a and fix the incorrect cbd_length.

[Impact]
Machines with certain AMI firmware implementations cannot do firmware update.

[Test cases]
1. install ubuntu 18.04 on AMI's bios machine.
2. get the update firmware
3. See if this machine support firmware update,
   #sudo fwudpate -s
4. get the update GUID
   #sudo fwupdate -l
5. do firmeare update
   #sudo -a GUID firmware.bin
6. reboot

Alternate test case:
1. Install update from LVFS with fwupd
2. Verify update works.

[Other info]
This is is very intentionally not a single patch backport. fwupdate identifies itself to fwupd by version. fwupd uses this information to determine when to offer updates based on fwupdate behavior.
If identified as fwupdate 10 many updates will not apply.
If identified as fwupdate 12 but only with a backport it's an unknown behavior and not safe.

The best thing to do is to backport fwupdate 12 fully.

[Regression potential]
Regressions would manifest in BIOS updates failing to apply.
This regression risk should be low for the following reasons:
1. This is a full backport of fwupdate 12. It doesn't take the risk of an unexpected set of code paths that lead to different failures.
2. fwupdate 12 has been released a long time and has been merged into fwupd 1.1.x. It's been verified by thousands of firmware upgrades already across many OEMs.

Ivan Hu (ivan.hu) wrote :

Attached the fixed patch

description: updated
Ivan Hu (ivan.hu) on 2018-08-03
description: updated

The attachment "0001-Let-s-see-if-this-works-with-that-number-smaller.patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags: added: patch
Mario Limonciello (superm1) wrote :

That patch alone shouldn't turn on ux capsule upgrades. Are you sure it's all that is needed?

In my opinion it would be better to jump up to fwupdate 12 rather than just the single bandaid.

Also AMI is the IBV used in some other OEM boxes with no problem. This must be specific to some implementation. You will probably want to specify which boxes need this for SRU verification.

Ivan Hu (ivan.hu) on 2018-08-03
summary: - firmware update on fwupdate version 10-3 not work on AMI's firmware
+ firmware update on fwupdate version 10-3 not work on some AMI's firmware
summary: - firmware update on fwupdate version 10-3 not work on some AMI's firmware
+ firmware update on fwupdate version 10-3 not work on some AMI's
+ firmwares
Ivan Hu (ivan.hu) wrote :

@Mario,
Actually I have built a test package 10-3.3 on my test PPA, https://launchpad.net/~ivan.hu/+archive/ubuntu/test.ppa, base on 10-3 and with the only fixed patch, and got confirmed that can fix the fwupdate issue from OEM. What other patches do you think we also need to SRU?

I also tested with Dell XPS machine which has no such issue originally, and it could do the firmware update successfully, not affected by this patch.

Ivan,

Well specifically I'm worried that
https://github.com/rhboot/fwupdate/commit/3480d52310fc3f2bc3f7df83f19e9868678e6563
is not included with this approach.

Also
https://github.com/rhboot/fwupdate/commit/9493b9b537bcff8eefb06c9fd5e3f686defea305
is missing then.

Those are all related, so if you want to have properly fixed ux capsule
support all should probably come together.

I just worry that backporting individual patches is fragile with fwupdate
as it papers over individual little fixes like this
https://github.com/rhboot/fwupdate/commit/2a0c680d8535162eb94f868d38fb1492463d7976
which it's hard to know if they're going to be related on any
implementation.

That's why I think it's generally safer to adopt a newer release to fix
your problem rather than just the single patch. I know that many users in
other distro have already tested version 12 and there haven't been any
errors reported. However the testing on 10 + this one patch is a lot
smaller.

On Fri, Aug 3, 2018, 01:50 Ivan Hu <email address hidden> wrote:

> @Mario,
> Actually I have built a test package 10-3.3 on my test PPA,
> https://launchpad.net/~ivan.hu/+archive/ubuntu/test.ppa, base on 10-3 and
> with the only fixed patch, and got confirmed that can fix the fwupdate
> issue from OEM. What other patches do you think we also need to SRU?
>
> I also tested with Dell XPS machine which has no such issue originally,
> and it could do the firmware update successfully, not affected by this
> patch.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1785165
>
> Title:
> firmware update on fwupdate version 10-3 not work on some AMI's
> firmwares
>
> To manage notifications about this bug go to:
>
> https://bugs.launchpad.net/ubuntu/+source/fwupdate/+bug/1785165/+subscriptions
>

Mario Limonciello (superm1) wrote :

One more dimension to add to this.

Fwupd supports a "requirements" option on firmware. This allows manufacturers to prohibit installation on particular software combinations. If firmware doesn't work properly on fwupdate 10 then the manufacturer should be setting the requirement on com.redhat.fwupdate to 11 or 12. This was discussed upstream recently due to some Lenovo failures with fwupdate 10.

If Ubuntu picks up a patch on 10 then that requirement won't be satisfied properly. So please bring back version 12 to Ubuntu rather than a single patch.

Ivan Hu (ivan.hu) wrote :

add debdiff,

Changed in fwupdate (Ubuntu):
status: New → Fix Released
Changed in fwupdate-signed (Ubuntu):
status: New → Fix Released
Changed in fwupdate (Ubuntu Bionic):
assignee: nobody → Mario Limonciello (superm1)
Changed in fwupdate-signed (Ubuntu Bionic):
assignee: nobody → Mario Limonciello (superm1)
Changed in fwupdate (Ubuntu Bionic):
importance: Undecided → Medium
Changed in fwupdate-signed (Ubuntu Bionic):
importance: Undecided → Medium
Mario Limonciello (superm1) wrote :

I've uploaded a backported fwupdate 12 into bionic queue for this issue resolution.

I've also updated description to reflect why fwupdate 12 and not just one patch (as also explain in comment #5 and comment #6).

description: updated
Changed in fwupdate-signed (Ubuntu Bionic):
status: New → In Progress
Changed in fwupdate (Ubuntu Bionic):
status: New → In Progress
Mario Limonciello (superm1) wrote :

@SRU Team,

Can this please be reviewed? It's 12-3bionic1

Hello Ivan, or anyone else affected,

Accepted fwupdate into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/fwupdate/12-3bionic1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in fwupdate (Ubuntu Bionic):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-bionic
Changed in fwupdate-signed (Ubuntu Bionic):
status: In Progress → Fix Committed
Brian Murray (brian-murray) wrote :

Hello Ivan, or anyone else affected,

Accepted fwupdate-signed into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/fwupdate-signed/1.19bionic1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Sudarsanan (sudarsan06) wrote :

Dear Brian,

As previously discussed over Capsule Update issue w.r.t the bug ID#1785165. We are unable to update Proposed Package given in below mail link on Ubuntu 18.04 and 18.10(cosmic).
I just downloaded the .rpm file from given link(https://launchpad.net/ubuntu/+source/fwupdate-
signed/1.19bionic1) and tried to install but got the error (Attached for your reference).

Can you please try to check from your side. If it get installed successfully, then please let us know the package installation steps in detail.

We will wait for your kind response

Thanks,
Sudarsan

@brian,

This SRU hasn't been released yet. Can you look?

On Tue, Jan 22, 2019 at 7:41 AM Sudarsanan <email address hidden>
wrote:

> Dear Brian,
>
> As previously discussed over Capsule Update issue w.r.t the bug
> ID#1785165. We are unable to update Proposed Package given in below mail
> link on Ubuntu 18.04 and 18.10(cosmic).
> I just downloaded the .rpm file from given link(
> https://launchpad.net/ubuntu/+source/fwupdate-
> signed/1.19bionic1
> <https://launchpad.net/ubuntu/+source/fwupdate-signed/1.19bionic1>) and
> tried to install but got the error (Attached for your reference).
>
> Can you please try to check from your side. If it get installed
> successfully, then please let us know the package installation steps in
> detail.
>
> We will wait for your kind response
>
> Thanks,
> Sudarsan
>
> ** Attachment added: "Error_Image"
>
> https://bugs.launchpad.net/ubuntu/+source/fwupdate/+bug/1785165/+attachment/5231464/+files/fwupd_pre_install_error.jpg
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1785165
>
> Title:
> firmware update on fwupdate version 10-3 not work on some AMI's
> firmwares
>
> To manage notifications about this bug go to:
>
> https://bugs.launchpad.net/ubuntu/+source/fwupdate/+bug/1785165/+subscriptions
>

--
Mario Limonciello
<email address hidden>

Mario Limonciello (superm1) wrote :

Ivan,
The sru released into proposed today. Can you or someone please test on an affected system ASAP?

Steve Langasek (vorlon) wrote :

The fwupdate package that was uploaded to -proposed does not output the correct artifacts to result in the population of <http://archive.ubuntu.com/ubuntu/dists/bionic-proposed/main/uefi/fwupdate-amd64/>. As a result, the fwupdate-signed package continues to pull in the old version at build time and ends up with a runtime dependency on that old version, which now makes it uninstallable in -proposed (and breaks bionic daily builds).

I've marked this v-failed and am removing both packages from -proposed.

tags: added: verification-failed verification-failed-bionic
removed: verification-needed verification-needed-bionic
Changed in fwupdate (Ubuntu Bionic):
status: Fix Committed → Triaged
Changed in fwupdate-signed (Ubuntu Bionic):
status: Fix Committed → Triaged
Steve Langasek (vorlon) wrote :

Removing packages from bionic-proposed:
 fwupdate 12-3bionic1 in bionic
  fwupdate 12-3bionic1 in bionic amd64
  fwupdate 12-3bionic1 in bionic arm64
  fwupdate 12-3bionic1 in bionic armhf
  fwupdate 12-3bionic1 in bionic i386
  fwupdate-amd64-signed-template 12-3bionic1 in bionic amd64
  fwupdate-arm64-signed-template 12-3bionic1 in bionic arm64
  fwupdate-armhf-signed-template 12-3bionic1 in bionic armhf
  fwupdate-i386-signed-template 12-3bionic1 in bionic i386
  libfwup-dev 12-3bionic1 in bionic amd64
  libfwup-dev 12-3bionic1 in bionic arm64
  libfwup-dev 12-3bionic1 in bionic armhf
  libfwup-dev 12-3bionic1 in bionic i386
  libfwup1 12-3bionic1 in bionic amd64
  libfwup1 12-3bionic1 in bionic arm64
  libfwup1 12-3bionic1 in bionic armhf
  libfwup1 12-3bionic1 in bionic i386
 fwupdate-signed 1.19bionic1 in bionic
  fwupdate-amd64-signed 1.19bionic1+10-3 in bionic amd64
  fwupdate-arm64-signed 1.19bionic1+10-3 in bionic arm64
  fwupdate-armhf-signed 1.19bionic1+10-3 in bionic armhf
  fwupdate-i386-signed 1.19bionic1+10-3 in bionic i386
  fwupdate-signed 1.19bionic1+10-3 in bionic amd64
  fwupdate-signed 1.19bionic1+10-3 in bionic arm64
  fwupdate-signed 1.19bionic1+10-3 in bionic armhf
  fwupdate-signed 1.19bionic1+10-3 in bionic i386
Comment: Verification-failed; LP: #1785165
2 packages successfully removed.

Mario Limonciello (superm1) wrote :

The mistake here was that in newer Ubuntu the signed package isn't made anymore.
So I've restored that code and test built to make sure uefi archive created.
The upload was redone a few days ago. Can it be checked again?

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Related questions