Page MenuHomeSolus

Package & Integrate fwupd
Open, NormalPublic

Assigned To
None
Authored By
marcvg
Feb 10 2017, 2:22 PM
Referenced Files
None
Tokens
"Love" token, awarded by TClark77."Love" token, awarded by crom5."Like" token, awarded by tuxayo."Like" token, awarded by alecbcs.

Description

Actionable Item: Integrate fwupd (pulled from repo due to lack of integration points) in various tools and software in Solus. The should likely be:

  • Package fwupd and deps
  • Software Center - Firmware installation and updating. Relevant upstream repo here however no upstream issue, not necessary.
  • Track and land upstream clr-boot-manager fwupd support, pending issue here.

Revisions and Commits

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes
JoshStrobl added a project: Upstream Issue.

Adding Upstream Issue since it relies on changes in clr-boot-manager.

JoshStrobl renamed this task from fwupd to Integrate fwupd.Aug 6 2018, 6:17 PM
JoshStrobl updated the task description. (Show Details)

Yesterday, 20.08.2018 I noticed an interesting info: "The Next Challenge For Fwupd / LVFS Is Supporting NVMe SSD Firmware Updates". Shortly said, Richard Hughes at Red Hat is hoping for Linux users with NVMe drives to send him the id-ctrl identification data on their drives - this data will be useful so he knows what drives/models are most popular but also for how the firmware revision string is advertised across drives and vendors:
https://blogs.gnome.org/hughsie/2018/08/17/nvme-firmware-i-need-your-data/

I followed the instructions. Can you please confirm that all went ok:

solus@user ~ $ sudo nvme id-ctrl --raw-binary /dev/nvme0 > /tmp/id-ctrl
Password:
solus@user ~ $ curl -F type=nvme \

-F "machine_id="`cat /etc/machine-id` \
-F file=@/tmp/id-ctrl \
https://staging.fwupd.org/lvfs/upload_hwinfo

{

"success": true

}solus@user ~ $

FYI the upload is failing

cat /etc/machine-id` \
-F file=@/tmp/id-ctrl \
https://staging.fwupd.org/lvfs/upload_hwinfo
<!DOCTYPE html>
<!-- Copyright (C) 2018 Richard Hughes <richard@hughsie.com>
     Licensed under the GNU General Public License Version 2 -->
<html lang="en">
  <head>
    <title>LVFS: Temporarily Unavailable</title>
    <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta.2/css/bootstrap.min.css" integrity="sha384-PsH8R72JQ3SOdhVi3uxftmaW6Vc51MKb0q5P2rRUpPvrszuE4W1povHYgTpBfshb" crossorigin="anonymous">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
  </head>
  <body>
    <div class="container mt-3">
      <div class="container mt-3">
        <div class="alert alert-warning" role="alert">
          The LVFS is temporarily unavailable and should be back soon.
        </div>
      </div>
    </div>
  </body>
</html>

Any updates on fwupd its badly needed for folks like me who have purchase laptops like X1 Carbon 6th gen and have battery drain issues during sleep

I wanted to give it another try because I also really need this and I noticed that Clear Linux already has a package for it, which means that clr-boot-manager must be compatible.
TL;DR: I just updated the ME firmware of my T480s successfully.

The package still needs some polish (as I have basically no knowledge of DBus, polkit & stuff like that), but it's working fine. The only problem I see is that we don't mount the EFI partition which means the user has to do it himself when he wants to update BIOS/firmware. Any ideas on that? Maybe someone can help me with that, see D5647.

The only problem I see is that we don't mount the EFI partition which means the user has to do it himself when he wants to update BIOS/firmware.

That's what ikey meant by fwupd needs managing by clr-boot-manager.

Ah, you're probably right. However I wouldn't consider this a blocker because there are lots of updates that don't require the EFI partition and it's possible to make it run without clr-boot-manager integration. Also it doesn't seem like there is much development on that front.

It looks like the Clear Linux team is no longer interested in integrating this into clr-boot-manager. If all that needed, is to mount the /boot partition before running fwupd, maybe we could consider integrating this with eopkg for the time being, and then sol later on.

It looks like the Clear Linux team is no longer interested in integrating this into clr-boot-manager.

Indeed :(

If all that needed, is to mount the /boot partition before running fwupd, maybe we could consider integrating this with eopkg for the time being, and then sol later on.

Can someone else confirm if that's a viable solution for Solus?

Apparently tss2-esys from tpm2-tss is now required to compile xmlb, one of fwupd's dependencies.

Any updates here? IT would be a great move foreward to more kind of "bare-metal security" in solus.

Need any more reasons? Here => https://www.bleepingcomputer.com/news/security/intel-patched-77-vulnerabilities-in-november-2019-platform-update/

@Solus_BLN Stop spreading FUD. fwupd is not a requirement for updating firmware. You can do this using the manufacturer provided tools for your motherboard. We also provide updated microcode from Intel and other firmware from linux-firmware over at kernel.org. TSX is disabled in the kernel and we don't support BMC as this is a desktop OS.

JoshStrobl renamed this task from ifz to Integrate fwupd.Jun 16 2020, 8:12 PM
JoshStrobl updated the task description. (Show Details)
JoshStrobl changed the edit policy from "All Users" to "Restricted Project (Project)".

Sorry about that folks, seems we had a random user being abusive for seemingly no reason.

If all that needed, is to mount the /boot partition before running fwupd, maybe we could consider integrating this with eopkg for the time being, and then sol later on.

Alternative solution: add an executable to the fwupd package that mounts /boot and put in in the ExecPre for the service. This allows fwupd to be a standalone service that can be used on the command line. Integration with the Software Center (which imho should be the only integration point) can then be done at a later time.

The executable, of course, could also be a clr-boot-manager command, which should be easy enough to contribute.

I have a working fwupd integrated with clr-boot-manager based on my previous comment. The changes are fairly minimal:

  • A mount-boot command and service for clr-boot-manager (changes). This can probably be contributed upstream.
  • A 2-line patch adding a dependency on clr-boot-manager-mount-boot.service for fwupd.service.

@kyrios123, @JoshStrobl: is this sufficient integration to get fwupd back in the repo?

It is going to be very exciting to hopefully see those patches landing @silke. I think I remember seeing a differential revision opened here for integrating it, but I can't seem to find it any more. Am I remembering incorrectly or is it just very hard to find?

@Jacalz I haven't posted a differential, as I'm waiting on a go-ahead from @JoshStrobl. It is on his to-do list afaik, so we'll just have to be patient :)

@silke Thank you. Looks like I am remembering incorrectly then. Looking forward to seeing one posted :)

There is no update there, nothing changed. Last post was from 31 Jan 2020 an basically reaffirmed their position from 8 May 2019 which had already been linked too.

We don't need updates that tell us that nothing has changed.

There is no update there, nothing changed. Last post was from 31 Jan 2020 an basically reaffirmed their position from 8 May 2019 which had already been linked too.

We don't need updates that tell us that nothing has changed.

Ooops) I was wrong with the year. It's not joke

Just wandering if any progress can be made here.

I personally installed the snap version and was able to update my bios with fwupdmgr. The snap version is not perfect as it displays errors about missing libraries so a native package would be a plus, even without clr-boot-manager integration.

joebonrichie raised the priority of this task from Low to Normal.Aug 16 2022, 2:01 PM

Let's get all the packaging stuff landed (at least with the patches on phab) then we can figure out how to integrate it into the upgrade process. Consider the packaging progress part up for grabs.

joebonrichie renamed this task from Integrate fwupd to Package & Integrate fwupd.Aug 16 2022, 2:02 PM
joebonrichie merged a task: T10312: fwupd.
joebonrichie updated the task description. (Show Details)

Let's get all the packaging stuff landed (at least with the patches on phab) then we can figure out how to integrate it into the upgrade process. Consider the packaging progress part up for grabs.

I could not agree more. If things are not ready or are undecided, then they do not yet need t be deployed, but at least the foundations should be prepared on Phabricator and then figure out how to work on top of them.

I submitted an initial set of patches for the packaging and integration of fwupd, see D13506. The PR for integration with clr-boot-manager can be found here.

I did a quick check and I think those buildeps must be added:

  • gcab-devel
  • libgnutls (instead of gnutls)

Compile cannot be completed a this time as fwup (https://github.com/fwup-home/fwup) is a dependency.

I did a quick check and I think those buildeps must be added:

  • gcab-devel
  • libgnutls (instead of gnutls)

Both of those are present: pkgconfig(libgcab-1.0) (i.e. gcab-devel) and pkgconfig(gnutls) (i.e. libgnutls-devel).

Compile cannot be completed a this time as fwup (https://github.com/fwup-home/fwup) is a dependency.

I don't see fwup as a dependency of fwupd, and it builds fine for me. What compilation errors do you see?

I cloned this repo: https://dev.getsol.us/source/fwupd.git and this is what I get on first compile test:

 me   master  ~  git  fwupd  make
make build
make[1] : on entre dans le répertoire « /home/me/git/fwupd »
sudo solbuild build package.yml -p unstable-x86_64;
Updating repositories
Updating repository: Solus
eopkg-index.xml.xz.sha1sum     (40.0  B)100%      0.00 --/- [--:--:--] [complete]
Solus repository information is up-to-date.
No packages to upgrade.
The following package(s) are already installed and are not going to be installed again:
abi-wizard  iproute2  sccache
No packages to install.
The following package(s) are already installed and are not going to be installed again:
autoconf                     automake          bash-completion-devel  binutils     
bison                        catbox            cmake                  dbus-devel   
diffstat                     diffutils         expat-devel            fakeroot     
file-devel                   flex              flex-devel             g++          
gcc                          gfortran          glibc-devel            gmp-devel    
gobject-introspection-devel  intltool          libarchive-bin         libffi-devel 
libgpg-error-devel           libgudev-devel    libtool-devel          libxml2-devel
linux-headers                m4                make                   meson        
mpc-devel                    mpfr-devel        nano                   nanorc       
nasm                         ncurses-devel     openssl-11-devel       openssl-devel
pam-devel                    patch             pkg-config             polkit-devel 
python-devel                 quilt             readline-devel         systemd-devel
texinfo                      util-linux-devel  ypkg                   zlib-devel   
No packages to install.
[BuildDep] Checking build-deps for fwupd-1.0.5-1
[pkgconfig:fwup] This dependency is not in any repo
[BuildDep] pkgconfig(fwup) build dep does not exist in the repository.
 ?  Failed to build packages
make[1]: *** [../Makefile.common:26 : build] Erreur 1
make[1] : on quitte le répertoire « /home/me/git/fwupd »
make: *** [../Makefile.common:11 : complete] Erreur 2

I cloned this repo: https://dev.getsol.us/source/fwupd.git and this is what I get on first compile test:

 me   master  ~  git  fwupd  make
make build
make[1] : on entre dans le répertoire « /home/me/git/fwupd »
sudo solbuild build package.yml -p unstable-x86_64;
Updating repositories
Updating repository: Solus
eopkg-index.xml.xz.sha1sum     (40.0  B)100%      0.00 --/- [--:--:--] [complete]
Solus repository information is up-to-date.
No packages to upgrade.
The following package(s) are already installed and are not going to be installed again:
abi-wizard  iproute2  sccache
No packages to install.
The following package(s) are already installed and are not going to be installed again:
autoconf                     automake          bash-completion-devel  binutils     
bison                        catbox            cmake                  dbus-devel   
diffstat                     diffutils         expat-devel            fakeroot     
file-devel                   flex              flex-devel             g++          
gcc                          gfortran          glibc-devel            gmp-devel    
gobject-introspection-devel  intltool          libarchive-bin         libffi-devel 
libgpg-error-devel           libgudev-devel    libtool-devel          libxml2-devel
linux-headers                m4                make                   meson        
mpc-devel                    mpfr-devel        nano                   nanorc       
nasm                         ncurses-devel     openssl-11-devel       openssl-devel
pam-devel                    patch             pkg-config             polkit-devel 
python-devel                 quilt             readline-devel         systemd-devel
texinfo                      util-linux-devel  ypkg                   zlib-devel   
No packages to install.
[BuildDep] Checking build-deps for fwupd-1.0.5-1
[pkgconfig:fwup] This dependency is not in any repo
[BuildDep] pkgconfig(fwup) build dep does not exist in the repository.
 ?  Failed to build packages
make[1]: *** [../Makefile.common:26 : build] Erreur 1
make[1] : on quitte le répertoire « /home/me/git/fwupd »
make: *** [../Makefile.common:11 : complete] Erreur 2

It looks like you haven't applied D13506, also don't forget to build the dependencies first!

Good to know :)
Now I have this error:

ERROR:../src/fu-self-test.c:3997:fu_firmware_builder_process_func: assertion failed (error == NULL): failed to build firmware: bwrap: No permissions to creating new namespace, likely because the kernel does not allow non-privileged user namespaces. On e.g. debian this can be enabled with 'sysctl kernel.unprivileged_userns_clone=1'.
 (FwupdError, 0)

Good to know :)
Now I have this error:

ERROR:../src/fu-self-test.c:3997:fu_firmware_builder_process_func: assertion failed (error == NULL): failed to build firmware: bwrap: No permissions to creating new namespace, likely because the kernel does not allow non-privileged user namespaces. On e.g. debian this can be enabled with 'sysctl kernel.unprivileged_userns_clone=1'.
 (FwupdError, 0)

Strange, AFAIK Solus doesn't disable unprivileged user namespaces. Can you execute unshare -U true as your user?

"unshare -U true" returns nothing. Compile after returns the same error.

Anything i can do to help with this issue?