** Description changed:
+ [ Impact ]
+
+ * Users running the affected version are unable to perform default image
+ only firmware updates under TPM/FDE. This affects certain dbx updates for
+ instance.
+
+ * The upload fixes the bug by fixing a typo where an update would not
+ be written if only the default image was provided.
+
+ [ Test Plan ]
+
+ 1) Download the latest Noble and Questing Desktop ISOs from:
+ https://ubuntu.com/download/desktop
+
+ 2) Install these using the script provided by Valentin David from
+ https://gist.github.com/valentindavid/7a6a74e6da16a3865b88e8bdf5c0294c
+
+ a) Create two directories:
+ $ mkdir ~/noble-vm ~/questing-vm
+
+ b) Copy the script to each directory:
+ $ cp qemu.sh ~/noble-vm
+ $ cp qemu.sh ~/questing-vm
+
+ c) In each directory, install the corresponding ISO:
+ $ chmod +x ./qemu.sh
+ $ ./qemu.sh clear reset cdrom <ISO_PATH>
+
+ d) Run the installation and select TPM/Hardware-backed encryption.
+ NOTE: on Noble this is accessed by selecting "Advanced features..."
+ on the "Erase disk and install Ubuntu" option.
+
+ e) IMPORTANT: save the recovery key for each VM as this will be used
+ later during testing, then close the window.
+
+ 3) Each VM can now be accessed by running the script without any arguments:
+ $ ./qemu.sh
+
+ 4) On each VM, reproduce the bug by performing the following:
+
+ a) Refresh snapd:
+ $ snap refresh snapd
+
+ b) Reboot the VM
+
+ c) Refresh firmware updates:
+ $ sudo fwupdmgr refresh
+
+ REPRODUCE STEPS (d-f)
+
+ d) Update firmware (this step requires inputting the recovery key):
+ $ sudo fwupdmgr update
+
+ e) Select "Y" on all prompts
+
+ f) When writing the dbx update, fwupdmgr will fail with the error:
+ > "failed to write-firmware: ..."
+
+ 5) On each VM, install the fixed version of fwupd using the provided
+ PPA:
+ $ sudo add-apt-repository ppa:bamf0/fwupd-lp2147129-fail-to-notify-snapd
+ $ sudo apt update
+
+ 6) On each VM, repeat steps 4d to 4f and fwupdmgr should now update the
+ firmware successfully
+
+ [ Where problems could occur ]
+
+ * The main risk associated with the suggested bug fix is that there may be
+ additonal bugs not yet discovered, as the bug in question leads to the
+ expected code path being missed. This can arguably be considered a
+ regression if new bugs are severe. The most likely problem scenario
however,
+ is that the update should still fail, which would mirror the current
+ version's behavior.
+
+ [ Original Bug Description ]
+
dbx updates not containing multiple firmware blobs are currently broken
on the snap and potentially TPM FDE systems. This will lead to the
error:
failed to write-firmware: failed to notify snapd of prepare: snapd
request failed with status 400
This has been fixed upstream as of:
https://github.com/bboozzoo/fwupd/commit/bf2502adde57bece0186f73c12c2c53d79a79363
** Summary changed:
- dbx updates fail to notify snapd on default image
+ [SRU] dbx updates fail to notify snapd on default image
** Changed in: fwupd (Ubuntu Noble)
Status: New => Triaged
** Changed in: fwupd (Ubuntu Questing)
Status: New => Triaged
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2147129
Title:
[SRU] dbx updates fail to notify snapd on default image
To manage notifications about this bug go to:
https://bugs.launchpad.net/fwupd/+bug/2147129/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
