Noble and Questing now have associated merge proposals linked. ** Merge proposal linked: https://code.launchpad.net/~bamf0/ubuntu/+source/fwupd/+git/fwupd/+merge/503417
** Merge proposal linked: https://code.launchpad.net/~bamf0/ubuntu/+source/fwupd/+git/fwupd/+merge/503418 ** Description changed: [ Impact ] - * Users running the affected version are unable to perform default image - only firmware updates under TPM/FDE. This affects certain dbx updates for - instance. + * Users running the affected version are unable to perform default image + only firmware updates under TPM/FDE. This affects certain dbx updates for + instance. - * The upload fixes the bug by fixing a typo where an update would not - be written if only the default image was provided. + * The upload fixes the bug by fixing a typo where an update would not + be written if only the default image was provided. [ Test Plan ] - 1) Download the latest Noble and Questing Desktop ISOs from: - https://ubuntu.com/download/desktop + 1) Download the latest Noble and Questing Desktop ISOs from: + https://ubuntu.com/download/desktop - 2) Install these using the script provided by Valentin David from - https://gist.github.com/valentindavid/7a6a74e6da16a3865b88e8bdf5c0294c + 2) Install these using the script provided by Valentin David from + https://gist.github.com/valentindavid/7a6a74e6da16a3865b88e8bdf5c0294c - a) Create two directories: - $ mkdir ~/noble-vm ~/questing-vm + a) Create two directories: + $ mkdir ~/noble-vm ~/questing-vm - b) Copy the script to each directory: - $ cp qemu.sh ~/noble-vm - $ cp qemu.sh ~/questing-vm + b) Copy the script to each directory: + $ cp qemu.sh ~/noble-vm + $ cp qemu.sh ~/questing-vm - c) In each directory, install the corresponding ISO: - $ chmod +x ./qemu.sh - $ ./qemu.sh clear reset cdrom <ISO_PATH> + c) In each directory, install the corresponding ISO: + $ chmod +x ./qemu.sh + $ ./qemu.sh clear reset cdrom <ISO_PATH> - d) Run the installation and select TPM/Hardware-backed encryption. - NOTE: on Noble this is accessed by selecting "Advanced features..." - on the "Erase disk and install Ubuntu" option. + d) Run the installation and select TPM/Hardware-backed encryption. + NOTE: on Noble this is accessed by selecting "Advanced features..." + on the "Erase disk and install Ubuntu" option. - e) IMPORTANT: save the recovery key for each VM as this will be used - later during testing, then close the window. + e) IMPORTANT: save the recovery key for each VM as this will be used + later during testing, then close the window. - 3) Each VM can now be accessed by running the script without any arguments: - $ ./qemu.sh + 3) Each VM can now be accessed by running the script without any arguments: + $ ./qemu.sh - 4) On each VM, reproduce the bug by performing the following: + 4) On each VM, reproduce the bug by performing the following: - a) Refresh snapd: - $ snap refresh snapd + a) Refresh snapd: + $ snap refresh snapd - b) Reboot the VM + b) Reboot the VM - c) Refresh firmware updates: - $ sudo fwupdmgr refresh + c) Refresh firmware updates: + $ sudo fwupdmgr refresh - REPRODUCE STEPS (d-f) + REPRODUCE STEPS (d-f) - d) Update firmware (this step requires inputting the recovery key): - $ sudo fwupdmgr update + d) Update firmware (this step requires inputting the recovery key): + $ sudo fwupdmgr update - e) Select "Y" on all prompts + e) Select "Y" on all prompts - f) When writing the dbx update, fwupdmgr will fail with the error: - > "failed to write-firmware: ..." + f) When writing the dbx update, fwupdmgr will fail with the error: + > "failed to write-firmware: ..." - 5) On each VM, install the fixed version of fwupd using the provided - PPA: - $ sudo add-apt-repository ppa:bamf0/fwupd-lp2147129-fail-to-notify-snapd - $ sudo apt update + 5) On each VM, install the fixed version of fwupd using the provided + PPA: + $ sudo add-apt-repository ppa:bamf0/fwupd-lp2147129-fail-to-notify-snapd + $ sudo apt update + $ sudo apt upgrade fwupd - 6) On each VM, repeat steps 4d to 4f and fwupdmgr should now update the - firmware successfully + 6) On each VM, repeat steps 4d to 4f and fwupdmgr should now update the + firmware successfully [ Where problems could occur ] - * The main risk associated with the suggested bug fix is that there may be - additonal bugs not yet discovered, as the bug in question leads to the - expected code path being missed. This can arguably be considered a - regression if new bugs are severe. The most likely problem scenario however, - is that the update should still fail, which would mirror the current - version's behavior. + * The main risk associated with the suggested bug fix is that there may be + additonal bugs not yet discovered, as the bug in question leads to the + expected code path being missed. This can arguably be considered a + regression if new bugs are severe. The most likely problem scenario however, + is that the update should still fail, which would mirror the current + version's behavior. [ Original Bug Description ] dbx updates not containing multiple firmware blobs are currently broken on the snap and potentially TPM FDE systems. This will lead to the error: failed to write-firmware: failed to notify snapd of prepare: snapd request failed with status 400 This has been fixed upstream as of: https://github.com/bboozzoo/fwupd/commit/bf2502adde57bece0186f73c12c2c53d79a79363 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2147129 Title: [SRU] dbx updates fail to notify snapd on default image To manage notifications about this bug go to: https://bugs.launchpad.net/fwupd/+bug/2147129/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
