[MIR] libsmbios

Hello,

Any updates on this? The new version of fwupd was just released that allows libsmbios support. I'm intending to update the whole stack in Debian unstable shortly and would like to keep Ubuntu in sync.

Thanks,

No update from the security team yet as our security review queue for Yakkety is quite large right now.

Update from my side, the packages that include this functionality (fwupdate 8-1 and fwupd 0.7.3-1) are in Debian now. When synced to Ubuntu, this bug will be a blocker for them (FFe currently here: https://bugs.launchpad.net/ubuntu/+source/fwupd/+bug/1620698).

This bug has been open since July. Any updates on this?

In zesty fwupd, fwupdate, fwupdate-signed migration is now blocked.

libfwup1/amd64 unsatisfiable Depends: libsmbios2v5
libfwup1/i386 unsatisfiable Depends: libsmbios2v5
fwupd/i386 unsatisfiable Depends: libsmbios2v5
fwupd/amd64 unsatisfiable Depends: libsmbios2v5

Hello, can this please be looked at? It's been 4 months now.

Thanks for your patience Mario.

My first question, is this actively supported and loved? There's 262 warnings in the build logs along the lines of: "class std::auto_ptr is deprecated" which gives me the strong impression that there's no longer upstream support for this library.

Thanks

Seth,

It does have someone assigned to maintain it upstream, but there hasn't
been heavy activity on the code.

The person maintaining upstream will review anything you feel needs to be
addressed.

On Mon, Nov 14, 2016, 18:25 Seth Arnold <email address hidden> wrote:

> Thanks for your patience Mario.
>
> My first question, is this actively supported and loved? There's 262
> warnings in the build logs along the lines of: "class std::auto_ptr is
> deprecated" which gives me the strong impression that there's no longer
> upstream support for this library.
>
> Thanks
>
> ** Changed in: libsmbios (Ubuntu)
> Assignee: Ubuntu Security Team (ubuntu-security) => Seth Arnold
> (seth-arnold)
>
> ** Changed in: libsmbios (Ubuntu)
> Status: New => In Progress
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1603072
>
> Title:
> [MIR] libsmbios
>
> To manage notifications about this bug go to:
>
> https://bugs.launchpad.net/ubuntu/+source/libsmbios/+bug/1603072/+subscriptions
>

Seth, any progress?

This is blocking gnome-software updates in zesty atm, as there's a component-mismatch from fwupd.

Hi Iain, progress is slow, I haven't given it undivided attention for several hours at a single time yet. It's complicated enough code that it's not easy to pick it back up again after an absence.

Thanks

Mario, could you walk me through how this library is going to be used?

- What processes use this library?
- How are they started?
- What user interaction do they have? How about their parents?
- What controls are in place to avoid operating on untrusted inputs?

I'm worried that the tool may not be suitable for unattended undirected automated use when fed malicious inputs. If inputs can be determined to only come via cryptographically signed sources we may be able to work with this tool all the same.

(I'd feel most comfortable if the instructions here were, "download a new bios from https://support.dell.com/... ; gpg --import verylongkeyhash ; gpg --verify bios.gpg bios && updatebios ./bios". Any amount of automation beyond that has me worried.)

Thanks

Seth,

In Ubuntu it's going to be used for two purposes: fwupd, and fwupdate. Although the library features functionality that could be used for RBU firmware flashing, that feature is not going to be used in Ubuntu.

The strategy for Dell client systems BIOS updates is to continue to use UEFI capsule which you have already verified the stack previously.

Here's how it will be used in Ubuntu:

fwupdate
--------
For fwupdate, the code is used to query and activate tokens. The code for that was added since after you reviewed fwupdate last year.
This functionality can be seen here:
https://github.com/rhinstaller/fwupdate/blob/master/linux/libfwup.c#L130

It's used when a user queries if the system supports firmware updates and the ESRT is not available.
It can be used two ways:
1) from the fwupdate command line tool (as root)
2) from fwupd using libfwup and calling those same function calls.

In the case of fwupd using libfwup, the code that uses it is available here:
https://github.com/hughsie/fwupd/blob/master/src/fu-provider-uefi.c#L241
The user would need to call the unlock function using fwupdmgr or gnome-software. Policykit would authenticate them and fwupd would use libfwup to do the unlock (which will adjust those token values).

fwupd
-----
For fwupd, libsmbios is used for the following functions:
0) as mentioned above, unlocking ESRT table from token.
1) parsing SMBIOS tables to determine if it's usable on the system and if flashes were successful.
Example: https://github.com/hughsie/fwupd/blob/master/src/fu-provider-dell.c#L672

2) Executing SMI's to put the CPU into SMM and read information about embedded TPM and connected docks.
Example, but there are others: https://github.com/hughsie/fwupd/blob/master/src/fu-provider-dell.c#L759

3) Executing a SMI that will put the dock into a flashing mode to accept a runtime payload.
Example: https://github.com/hughsie/fwupd/blob/master/src/fu-provider-dell.c#L1087

I'm not sure how much of the architecture you recall about fwupd, but I'll give you the 100 ft view as a reminder. fwupd is a d-bus activated daemon. fwupdmgr and gnome-software communicate over d-bus with fwupd. fwupd supports "providers" as plugins that activate functionality for different types of firmware flashing and querying. A special Dell plugin was created that uses libsmbios for querying TPM and dock information specifically.

So a user will query from fwupdmgr for supported devices and fwupd will run a routine in all it's providers to see what devices are available. This will cause for example a few SMI requests when fwupd is first started to see the information on the TPM on the system if applicable.

Please feel free to double check everything, but all of the inputs that get passed through SMI in these cases are hardcoded into fwupd code and can't be passed an untrusted input.

Mario, thanks so much for the overview. Really, it saved me hours. :)

I reviewed libsmbios version 2.3.1-0ubuntu1 as checked into Yakkety. This
should not be considered a full security audit but rather a quick check of
maintainability.

- libsmbios provides libraries and utilities for working with Dell BIOS
- No CVEs in our database

- The library is used by fwupd and fwupdate
- Build-Depends: debhelper, autotools-dev, libcppunit-dev, doxygen,
  graphviz, python, chrpath, libxml2-dev, pkg-config, autoconf, automake,
  libtool, autopoint
- provides the following binaries and symlinks in /usr/sbin:
  -rwxr-xr-x root/root dellBiosUpdate-compat
  -rwxr-xr-x root/root dellLEDCtl
  -rwxr-xr-x root/root dellMediaDirectCtl
  -rwxr-xr-x root/root smbios-battery-ctl
  -rwxr-xr-x root/root smbios-get-ut-data
  -rwxr-xr-x root/root smbios-keyboard-ctl
  -rwxr-xr-x root/root smbios-lcd-brightness
  -rwxr-xr-x root/root smbios-passwd
  -rwxr-xr-x root/root smbios-rbu-bios-update
  -rwxr-xr-x root/root smbios-state-byte-ctl
  -rwxr-xr-x root/root smbios-sys-info
  -rwxr-xr-x root/root smbios-sys-info-lite
  -rwxr-xr-x root/root smbios-thermal-ctl
  -rwxr-xr-x root/root smbios-token-ctl
  -rwxr-xr-x root/root smbios-upflag-ctl
  -rwxr-xr-x root/root smbios-wakeup-ctl
  -rwxr-xr-x root/root smbios-wireless-ctl
  lrwxrwxrwx root/root dellBiosUpdate -> smbios-rbu-bios-update
  lrwxrwxrwx root/root dellLcdBrightness -> smbios-lcd-brightness
  lrwxrwxrwx root/root dellWirelessCtl -> smbios-wireless-ctl
  lrwxrwxrwx root/root getSystemId -> smbios-sys-info
- I don't believe any packages daemonize
- pre/post inst/rm scripts autogenerated
- No initscripts / systemd units
- No dbus services itself
- No setuid executables
- No sudo fragments
- No udev rules
- The test suites are not run during build -- please do so
- Build logs have hundreds of warnings

- No subprocesses spawned in C/C++ code
- Subprocesses spawned in Python BackCompatRbu::doUpdate() looks unsafe
  but I think this is dead code
- Memory management is extremely difficult to decipher
  - "memory factory" is way too much trouble for whatever benefits it may
    provide
  - many C++ operator new allocations are checked for NULL returns when
    those would instead throw an exception
  - many memory-failure error pathways try to use facilities that would
    fail when memory is scarce (gettext especially)
  - I suspect copy_mmap() / trycopy() / remap() is probably not safe
- files usually passed in as parameters, sometimes writing to current
  working directory
- logging looked fine, assuming the debug logs aren't enabled
- Environment variable handling looked fine
- Uses iopl()
- No cryptography
- No networking
- Portions that use iopl are very privileged; what felt like minimal
  sanity checks before using iopl() are used first
- No files in /tmp
- No webkit
- No javasript
- No policykit
- One cppcheck error for Windows:
  - [src/libsmbios_c++/memory/Memory_Windows.cpp:336]: (error) Mismatching
    allocation and deallocation: MemoryAtRequestedOffSet

Here's my notes collected while reading the sources:

- /etc/yum/ -- etc/yum/pluginconf.d/dellsysid.conf is packaged in
  smbios-utils
- many binaries without manpages
- lintian warning about embedded js libraries in docs
- ...

And from my (packaging) side:

Blockers:
- Needs a team bug subscriber that will look after this in Ubuntu

Non-blocker comments:
- smbios-utils should use ${python:Depends}
- Do we have a delta we care about from Debian anymore? I see their latest upload claims to sync with us, then adds a few more changes. We could potentially import their version.

I've just uploaded a new package to zesty that does the following:
- fixes smbios-utils python depends
- turns on the test suite at build time

@mterry
Can you subscribe foundations bugs for this?
As for the delta, yes the most recent upload to Debian did sync with us until this new delta was introduced in this upload for turning on the test suite. I expect that we'll sync up again over the period of the next release.

@seth-arnold
Thanks for the thorough review. I'm passing your feedback onto the right people internally to look at this from an upstream perspective. It will take some time to get people tasked to fixing up that stuff, but I'll keep poking them to do so.
Frankly I think the best thing to do at this point is to drop the c++ implementation rather than fix it, but we'll need to double check what other people are using it for first. The C implementation actually came later, and I believe was intended to supersede the C++ one.

hmm, we are trying to move away from Python2. Can smbios be used with Python3 instead? I'd like to avoid new Python2 using packages in main given that we plan to demote it for the next LTS.

Is it an all or nothing approach on moving binaries packages to main? If
not, only care about the library package in main.

It will take some work to adjust them to Python3 (wish this was raised
sooner) but it can be done.

On Mon, Dec 12, 2016, 06:05 Matthias Klose <email address hidden> wrote:

> hmm, we are trying to move away from Python2. Can smbios be used with
> Python3 instead? I'd like to avoid new Python2 using packages in main
> given that we plan to demote it for the next LTS.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1603072
>
> Title:
> [MIR] libsmbios
>
> To manage notifications about this bug go to:
>
> https://bugs.launchpad.net/ubuntu/+source/libsmbios/+bug/1603072/+subscriptions
>

The python package can stay in Universe if it's not needed as a dependency/recommends of anything in main

Well with the tests enabled, I believe that's an ACK from Seth. From my end, all that's missing is the bug subscriber.

Mario, you asked me to sub ~foundations-bugs, but I'm not an admin for that team. I poked Steve Langasek on IRC, but he was away at the time. We'll see.

Steve subscribed. Approved.

On 12.12.2016 13:07, Mario Limonciello wrote:
> It will take some work to adjust them to Python3 (wish this was raised
> sooner) but it can be done.

sure, it doesn't have to be done now, but could you address this for 17.04, or
if not possible, for 17.10?

Yes, I'll make sure it's added to the list of stuff upstream needs to work
on.

On Mon, Dec 12, 2016, 10:15 Matthias Klose <email address hidden> wrote:

> On 12.12.2016 13:07, Mario Limonciello wrote:
> > It will take some work to adjust them to Python3 (wish this was raised
> > sooner) but it can be done.
>
> sure, it doesn't have to be done now, but could you address this for
> 17.04, or
> if not possible, for 17.10?
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1603072
>
> Title:
> [MIR] libsmbios
>
> To manage notifications about this bug go to:
>
> https://bugs.launchpad.net/ubuntu/+source/libsmbios/+bug/1603072/+subscriptions
>

Override component to main
libsmbios 2.3.1-0ubuntu2 in zesty: universe/libs -> main
libsmbios-dev 2.3.1-0ubuntu2 in zesty amd64: universe/libdevel/optional/100% -> main
libsmbios-dev 2.3.1-0ubuntu2 in zesty i386: universe/libdevel/optional/100% -> main
libsmbios-doc 2.3.1-0ubuntu2 in zesty amd64: universe/libs/optional/100% -> main
libsmbios-doc 2.3.1-0ubuntu2 in zesty arm64: universe/libs/optional/100% -> main
libsmbios-doc 2.3.1-0ubuntu2 in zesty armhf: universe/libs/optional/100% -> main
libsmbios-doc 2.3.1-0ubuntu2 in zesty i386: universe/libs/optional/100% -> main
libsmbios-doc 2.3.1-0ubuntu2 in zesty powerpc: universe/libs/optional/100% -> main
libsmbios-doc 2.3.1-0ubuntu2 in zesty ppc64el: universe/libs/optional/100% -> main
libsmbios-doc 2.3.1-0ubuntu2 in zesty s390x: universe/libs/optional/100% -> main
libsmbios2v5 2.3.1-0ubuntu2 in zesty amd64: universe/libs/optional/100% -> main
libsmbios2v5 2.3.1-0ubuntu2 in zesty i386: universe/libs/optional/100% -> main
python-libsmbios 2.3.1-0ubuntu2 in zesty amd64: universe/admin/optional/100% -> main
python-libsmbios 2.3.1-0ubuntu2 in zesty arm64: universe/admin/optional/100% -> main
python-libsmbios 2.3.1-0ubuntu2 in zesty armhf: universe/admin/optional/100% -> main
python-libsmbios 2.3.1-0ubuntu2 in zesty i386: universe/admin/optional/100% -> main
python-libsmbios 2.3.1-0ubuntu2 in zesty powerpc: universe/admin/optional/100% -> main
python-libsmbios 2.3.1-0ubuntu2 in zesty ppc64el: universe/admin/optional/100% -> main
python-libsmbios 2.3.1-0ubuntu2 in zesty s390x: universe/admin/optional/100% -> main
smbios-utils 2.3.1-0ubuntu2 in zesty amd64: universe/admin/optional/100% -> main
smbios-utils 2.3.1-0ubuntu2 in zesty i386: universe/admin/optional/100% -> main
Override [y|N]? y
21 publications overridden.