Ubuntu
fwupdate-signed package

[SRU] [HWE] Backport fwupdate-signed to 15.04

Bug #1512809 reported by Mathieu Trudel-Lapierre
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
fwupdate-signed (Ubuntu)
Fix Released
Medium
Unassigned
Vivid
Fix Released
Medium
Unassigned

Bug Description

[Impact]
We should ship fwupdate in 15.04 (hardware enablement tool; a firmware updater tool). It is used to apply firmware updates to BIOS or other components on systems for which their BIOS supports the EFI Capsule specification.

fwupdate-signed ships the signed fwupdate images, and should be updated alongside fwupdate.

[Test Case]
<requires a system with EFI Capsule support>
1) Run 'fwupdate -s' to check that EFI capsule is supported.
2) Run 'fwupdate -l' to list device UUIDs supporting EFI Capsule updates.
3) Acquire a firmware update binary from your hardware vendor.
4) sudo fwupdate -a `sudo fwupdate -l | sed -e 's/.*{\(.*\)}.*/\1/'` firmware.bin
5) sudo efibootmgr -v # should list the LinuxFirmwareUpdate entry, along with the same value in BootNext.
6) Reboot the system and watch the update being applied.

The fwupdate tool should succeed for every call. Following the last, one should see a new "LinuxFirmwareUpdater" entry reported by efibootmgr, and upon rebooting one should see the system applying the new firmware update, which may be recognizable as vendor-specific code (some vendors may show their own logo once the firmware update gets run).

[Regression Potential]
Limited to EFI installations. Failure to execute the firmware updater may result in shim loading the MokManager (EFI certificate management tool) instead, before allowing one to continue with normal boot. Otherwise, one may notice other issues in booting the system, in the form of a freeze when the firmware updater attempts to run. Rebooting should fix issues in all cases since the system should only boot *once* to the updater (what BootNext is supposed to do). Repeatedly booting in the firmware updater would constitute a regression.

Brian Murray (brian-murray)
Changed in fwupdate-signed (Ubuntu Vivid):
status: New → In Progress
importance: Undecided → Medium
Revision history for this message
Brian Murray (brian-murray) wrote : Please test proposed package

Hello Mathieu, or anyone else affected,

Accepted fwupdate-signed into vivid-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/fwupdate-signed/1.0~15.04.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in fwupdate-signed (Ubuntu Vivid):
status: In Progress → Fix Committed
tags: added: verification-needed
Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

fwupdate-signed is already in xenial; closing as Fix Released for that release.

Changed in fwupdate-signed (Ubuntu):
status: New → Fix Released
Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

Tested the signed fwupx64.efi; it boots and runs its checks for firmware updates (which there are none for my hardware). Verification passes.

tags: added: verification-done
removed: verification-needed
Mathew Hodson (mhodson)
Changed in fwupdate-signed (Ubuntu):
importance: Undecided → Medium
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package fwupdate-signed - 1.0~15.04.2

---------------
fwupdate-signed (1.0~15.04.2) vivid; urgency=medium

  * Backport to 15.04. (LP: #1512809)
  * debian/control: remove the Recommends for secureboot-db.
  * debian/control: fudge the version number for fwupdate Build-Depends.

 -- Mathieu Trudel-Lapierre <email address hidden> Tue, 03 Nov 2015 11:05:45 -0600

Changed in fwupdate-signed (Ubuntu Vivid):
status: Fix Committed → Fix Released
Revision history for this message
Steve Langasek (vorlon) wrote : Update Released

The verification of the Stable Release Update for fwupdate-signed has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.