Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

requirement error in cab for org.freedesktop.fwupd prevents downgrade to resolve broken lvfs upgrade #7258

Open
ianbmacdonald opened this issue May 14, 2024 · 8 comments
Open

requirement error in cab for org.freedesktop.fwupd prevents downgrade to resolve broken lvfs upgrade #7258

ianbmacdonald opened this issue May 14, 2024 · 8 comments
Labels
bug

Comments

@ianbmacdonald
Copy link

ianbmacdonald commented May 14, 2024
edited

Describe the bug
Lenovo continues to ship Intel ME updates via fwupdmgr that break external monitors (my case is dual 4K/60Hz via TB3 on a Dell WD19TB). The upgrade, touting several CVE fixes, works. There seems to be no simple or workable downgrade path on Linux to rollback, even manually, due to some gotcha with .cab file dependencies.

Steps to Reproduce

  1. On an X1 Yoga G6, update to current 240.45.2411 from working 240.42.2235 (shipped). Upgrade summary exerpt from fwupdmgr is below. The upgrade is successful, but introduces an Intel ME bug that prevents external monitors from working on boot.
└─Intel Management Engine:
  │   Device ID:          23156eb4e14af860c0d4e04a401cc82b89298733
  │   Previous version:   240.42.2235
  │   Update State:       Success
  │   Last modified:      2024-05-14 13:24
  │   GUID:               c1b2be54-d7ed-4e24-a577-7c5f32bb7587
  │   Device Flags:       • Internal device
  │                       • Updatable
  │                       • System requires external power source
  │                       • Supported on remote server
  │                       • Needs a reboot after installation
  │                       • Device is usable for the duration of the update
  │ 
  └─ThinkPad X1 Yoga Gen 6/ThinkPad X1 Carbon Gen 9 Corporate ME Update:
        New version:      240.45.2411
        Remote ID:        lvfs
        Release ID:       49973
        Summary:          Lenovo ThinkPad X1 Yoga Gen 6/X1 Carbon Gen 9 Corporate ME Firmware
        License:          Proprietary
        Size:             10.7 MB
        Created:          2023-08-08
        Urgency:          High
        Details:          https://pcsupport.lenovo.com/de/en/search?query=N32RG27W
        Vendor:           Lenovo
        Release Flags:    • Trusted metadata
        Description:      
        Intel Platform Update 2023.3 Product Version Maintenance Release
        
        Corporate Version 15.0.45.2411 (LVFS: 240.45.2411)
        
        Problem Fixes
        
        • Mitigated the following security vulnerabilities under issues.Please see fixed issues for details.
        Issues:           CVE-2022-38102
                          CVE-2022-29871
                          CVE-2022-36392
                          INTEL-TA-00783
        Checksum:         c564d6a33d7ce0322c6710037979b144d938cc113fa4d0a8c34a462b3efd5264
  1. The downgrade does not work, likely due to unstated dependencies enforced in the UEFI installer, as the only downgrade option is to to 240.23.1706 (via fwupdmgr). The previous version 240.42.2235 is not available.
:~# fwupdmgr downgrade 23156eb4e14af860c0d4e04a401cc82b89298733
╔══════════════════════════════════════════════════════════════════════════════╗
║ Downgrade Intel Management Engine from 240.45.2411 to 240.23.1706?           ║
╠══════════════════════════════════════════════════════════════════════════════╣
║ • 0 Intel Platform Update 2021.1 Hotfix Release                              ║
║                                                                              ║
║ Version 15.0.23.1706 (LVFS: 240.23.1706)                                     ║
║                                                                              ║
║ Problem Fixes                                                                ║
║                                                                              ║
║ • Mitigated the following security vulnerabilities under issues.Please       ║
║ see fixed issues for details.                                                ║
║                                                                              ║
║ 20XY0027US must remain plugged into a power source for the duration of the   ║
║ update to avoid damage.                                                      ║
╚══════════════════════════════════════════════════════════════════════════════╝
Perform operation? [Y|n]: Y

... after UEFI script execution and reboot .. 
└─Intel Management Engine:
  │   Device ID:          23156eb4e14af860c0d4e04a401cc82b89298733
  │   Previous version:   240.45.2411
  │   Update State:       Failed
  │   Update Error:       failed to run update on reboot: expected 240.23.1706 and got 240.45.2
  1. Download the 240.42.2235 cab directly from lenovo (https://download.lenovo.com/pccbbs/mobiles/n32rk04w.zip) and attempt to install using fwupdmgr. The result is some kind of broken cab dependency, that does not seem to be able to be overridden with a force option.
:~# fwupdmgr --allow-older local-install n32rk04w.cab 23156eb4e14af860c0d4e04a401cc82b89298733
Decompressing…           [   -                                   ]
requirement 'firmware with version' also needs org.freedesktop.fwupd >= 1.1.0
:~# dpkg -l | grep "fwupd "
ii  fwupd                                            1.9.16-1                                   amd64        Firmware update daemon

Expected behavior
Normal upgrade, with an ability to downgrade via lvfs or via local cab file. Neither is an option, so it seems fwupdmgr will require us to deploy Windows to revert this upgrade, which isn't a great option.

fwupd version information (Ubuntu 24.04 installed via apt)

ii  fwupd                                            1.9.16-1                                   amd64        Firmware update daemon
ii  fwupd-signed                                     1.52+1.4-1                                 amd64        Linux Firmware Updater EFI signed binary
ii  fwupdate                                         12-7                                       amd64        Transitional package for fwupd
ii  libfwupd2:amd64                                  1.9.16-1                                   amd64        Firmware update daemon library
 
:~# fwupdmgr --version
compile   org.freedesktop.fwupd         1.9.16
compile   com.hughsie.libxmlb           0.3.17
compile   com.hughsie.libjcat           0.2.0
runtime   org.freedesktop.fwupd-efi     1.4
compile   org.freedesktop.gusb          0.4.8
runtime   com.hughsie.libjcat           0.2.0
runtime   org.freedesktop.gusb          0.4.8
runtime   org.kernel                    6.8.0-31-generic
runtime   org.freedesktop.fwupd         1.9.16
**fwupd device information** 
fwupdmgr get-devices --show-all-devices
LENOVO 20XY0027US
│
├─ELAN0672:00 04F3:3187:
│     Device ID:          0867c07f040e810fa5ea153981e63e324c29eb1f
│     Summary:            Touchpad
│     Current version:    0x0003
│     Bootloader Version: 0x0002
│     Vendor:             ELAN Microelectronics (HIDRAW:0x04F3)
│     GUIDs:              ab16bce2-e219-52f5-89a6-fd6b1c4244c0 ← HIDRAW\VEN_04F3&DEV_3187
│                         e4c6161e-2b1c-59cb-ad07-c8fb7feb155e ← HIDRAW\VEN_04F3&DEV_3187&MOD_0002
│                         5b73c06e-3dfd-5e6c-b06a-24e3489206c2 ← ELANTP\ICTYPE_14&MOD_0002
│                         31a158de-a671-50bf-b787-3bba647a8c49 ← ELANTP\ICTYPE_14&MOD_0002&DRIVER_HID
│     Device Flags:       • Internal device
│                         • Updatable
│   
├─WD19TB:
│ │   Device ID:          570867f4ddda9915445da59bd85cd0e0e507270e
│ │   Summary:            High performance dock
│ │   Current version:    01.01.00.07
│ │   Vendor:             Dell Inc. (USB:0x413C)
│ │   Install Duration:   1 minute
│ │   Serial Number:      H4HRVV2/3192058705161460
│ │   GUID:               cd357cf1-40b2-5d87-b8df-bb2dd82774aa ← USB\VID_413C&PID_B06E&hub&embedded
│ │   Device Flags:       • Updatable
│ │                       • Supported on remote server
│ │                       • Device stages updates
│ │                       • Device can recover flash failures
│ │                       • Device is usable for the duration of the update
│ │                       • Signed Payload
│ │ 
│ ├─Package level of Dell dock:
│ │     Device ID:        073624c16dd99abe01ba1da223a70321e4f29beb
│ │     Summary:          A representation of dock update status
│ │     Current version:  01.00.36.01
│ │     Vendor:           Dell Inc. (USB:0x413C)
│ │     Install Duration: 5 seconds
│ │     GUIDs:            d8927ff5-a5b2-5618-848b-8e8bfb75b66f
│ │                       8ceeeffd-51b6-580c-9b75-69143227aff8 ← USB\VID_413C&PID_B06E&hub&status
│ │     Device Flags:     • Updatable
│ │                       • Supported on remote server
│ │                       • Device can recover flash failures
│ │                       • Device is usable for the duration of the update
│ │                       • Unsigned Payload
│ │   
│ ├─RTS5413 in Dell dock:
│ │     Device ID:        0acceea54e71c4d8002593822afe0f4705616613
│ │     Summary:          USB 3.1 Generation 1 Hub
│ │     Current version:  01.22
│ │     Vendor:           Dell Inc. (USB:0x413C)
│ │     Install Duration: 14 seconds
│ │     GUIDs:            b27d25f1-019d-5718-b41a-02ddaefe5577 ← USB\VID_413C&PID_B06F
│ │                       ac5b774c-b49d-566b-9255-85f0f7f8a4ed ← USB\VID_413C&PID_B06F&hub
│ │     Device Flags:     • Updatable
│ │                       • Supported on remote server
│ │                       • Device stages updates
│ │                       • Device is usable for the duration of the update
│ │                       • Signed Payload
│ │   
│ ├─RTS5487 in Dell dock:
│ │     Device ID:        96969b82d977fdcbf607df084ef0dcf10119409b
│ │     Summary:          USB 3.1 Generation 2 Hub
│ │     Current version:  01.57
│ │     Vendor:           Dell Inc. (USB:0x413C)
│ │     Install Duration: 3 seconds
│ │     GUIDs:            acfcd89b-105d-55b9-b85b-08bf8508f38c ← USB\VID_413C&PID_B06E
│ │                       568ffa1e-a0db-5287-9ea3-872b60f7730b ← USB\VID_413C&PID_B06E&hub
│ │     Device Flags:     • Updatable
│ │                       • Supported on remote server
│ │                       • Device stages updates
│ │                       • Device is usable for the duration of the update
│ │                       • Signed Payload
│ │   
│ ├─VMM5331 in Dell dock:
│ │     Device ID:        228ac6846b64d532dd1ea1b7e651e8f5f55fbc34
│ │     Summary:          Multi Stream Transport controller
│ │     Current version:  05.07.04
│ │     Vendor:           Dell Inc. (USB:0x413C)
│ │     Install Duration: 6 minutes
│ │     GUID:             89fec0b6-6b76-5008-b82c-5e5c6c164007 ← MST-panamera-vmm5331-259
│ │     Device Flags:     • Updatable
│ │                       • Supported on remote server
│ │                       • Device stages updates
│ │                       • Device is usable for the duration of the update
│ │                       • Unsigned Payload
│ │   
│ └─Thunderbolt controller in Dell dock:
│       Device ID:        4e767d355b374fa5269b32568d1758736b567a6e
│       Summary:          Thunderbolt controller
│       Current version:  60.00
│       Vendor:           Dell Inc. (THUNDERBOLT:0x00D4, TBT:0x00D4)
│       Install Duration: 22 seconds
│       GUIDs:            08a8c886-2818-544c-b1a3-588eb07ae487 ← THUNDERBOLT\VEN_00D4&DEV_B070
│                         c94770ca-1773-592c-b20a-e87243bc7cd0 ← TBT-00d4b070
│                         d9d01d94-4749-58f4-b318-87cb92251fdb ← TBT-00d4b070-controller1-1
│       Device Flags:     • Updatable
│                         • System requires external power source
│                         • Supported on remote server
│                         • Install to parent device first
│                         • Device stages updates
│                         • Device is usable for the duration of the update
│                         • Signed Payload
│     
├─Unknown Device:
│     Device ID:          63223cc2d1b0b8d4c45ef8cedcb1f45315d3ff20
│     GUID:               ca5c154c-a46a-59d8-bf77-0ca40522cc85 ← GPIO\ID_INT34C5:00
│   
├─Unknown Device:
│     Device ID:          d6ba8fb1035de62e1109cee6c389e9321dd7784d
│     Serial Number:      413472
│     GUID:               400bef38-1dd7-5d44-aed8-c68bde803692 ← DRM\VEN_GSM&DEV_7707
│   
├─11th Gen Intel Core™ i7-1185G7 @ 3.00GHz:
│     Device ID:          4bde70ba4e39b28f9eab1628f9dd6e6244c03027
│     Current version:    0x000000b6
│     Vendor:             Intel
│     GUIDs:              2347ad97-b545-5bae-b6b3-b70a9553cbba ← CPUID\PRO_0&FAM_06&MOD_8C
│                         1df99df5-22f4-5505-98cc-22dcc53b132a ← CPUID\PRO_0&FAM_06&MOD_8C&STP_1
│     Device Flags:       • Internal device
│   
├─Embedded Controller:
│     Device ID:          34210774738cce62e77e32d3a08a71619df371ba
│     Summary:            UEFI System Resource Table device (updated via NVRAM)
│     Current version:    0.1.36
│     Minimum Version:    0.1.36
│     Vendor:             Lenovo (DMI:LENOVO)
│     Update State:       Success
│     GUID:               61b65ccc-0116-4b62-80ed-ec5f089ae523
│     Device Flags:       • Internal device
│                         • Updatable
│                         • System requires external power source
│                         • Supported on remote server
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│     Device Requests:    • Message
│   
├─Integrated Camera:
│     Device ID:          3fa281ddf80d8a06b8ee5d8beb48d38ee95a9627
│     Current version:    62.18
│     Vendor:             Chicony Electronics Co.,Ltd. (USB:0x04F2)
│     Serial Number:      0001
│     GUID:               30bb6882-12ea-5e20-84a6-29bb797a7b76 ← USB\VID_04F2&PID_B6EA
│     Device Flags:       • Updatable
│   
├─Intel Management Engine:
│     Device ID:          23156eb4e14af860c0d4e04a401cc82b89298733
│     Summary:            UEFI System Resource Table device (updated via NVRAM)
│     Current version:    240.45.2411
│     Minimum Version:    0.0.1
│     Vendor:             Lenovo (DMI:LENOVO)
│     Update State:       Success
│     GUID:               c1b2be54-d7ed-4e24-a577-7c5f32bb7587
│     Device Flags:       • Internal device
│                         • Updatable
│                         • System requires external power source
│                         • Supported on remote server
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│     Device Requests:    • Message
│   
├─MNE007ZA1-2:
│     Device ID:          aec1a869eb0df71b7cea6b3ac71d39b830faf164
│     GUID:               b01714e1-e594-5f4f-9851-472abbfb5db7 ← DRM\VEN_CSO&DEV_1403
│     Device Flags:       • Internal device
│   
├─Prometheus:
│ │   Device ID:          0d5d05911800242bb1f35287012cdcbd9b381148
│ │   Summary:            Fingerprint reader
│ │   Current version:    10.01.3478575
│ │   Vendor:             Synaptics (USB:0x06CB)
│ │   Install Duration:   2 seconds
│ │   Serial Number:      88445732934187
│ │   GUID:               448868f0-e05d-5849-8fc4-b8fa1ec16bf5 ← USB\VID_06CB&PID_00FC
│ │   Device Flags:       • Updatable
│ │                       • Supported on remote server
│ │                       • Cryptographic hash verification is available
│ │                       • Signed Payload
│ │ 
│ └─Prometheus IOTA Config:
│       Device ID:        73e606488fec47b3e3f9288094f66fded0051446
│       Summary:          Fingerprint reader config
│       Current version:  0008
│       Minimum Version:  0008
│       Vendor:           Synaptics (USB:0x06CB)
│       GUIDs:            5cfe6094-5ba5-5713-b5a4-bc9d9c0f55df ← USB\VID_06CB&PID_00FC-cfg
│                         d9fbfaa0-2fc3-5225-aaf4-6c640029b473 ← USB\VID_06CB&PID_00FC&CFG1_3698&CFG2_0
│       Device Flags:     • Updatable
│                         • Only version upgrades are allowed
│                         • Signed Payload
│     
├─SSD 970 EVO Plus 500GB:
│     Device ID:          04e17fcf7d3de91da49a163ffe4907855c3648be
│     Summary:            NVM Express solid state drive
│     Current version:    2B2QEXM7
│     Vendor:             Samsung (NVME:0x144D)
│     Serial Number:      S58SNJ0N612414K
│     GUIDs:              47335265-a509-51f7-841e-1c94911af66b ← NVME\VEN_144D&DEV_A808
│                         c9d531ea-ee7d-5562-8def-c64d0d144813 ← NVME\VEN_144D&DEV_A808&SUBSYS_144DA801
│                         173afe85-89dc-54b2-9a58-a5990e4e4b6a ← Samsung SSD 970 EVO Plus 500GB
│     Device Flags:       • Internal device
│                         • Updatable
│                         • System requires external power source
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│                         • Signed Payload
│   
├─System Firmware:
│ │   Device ID:          61725c7e17fb355013585de4fd31fbe8ae919444
│ │   Summary:            UEFI System Resource Table device (updated via NVRAM)
│ │   Current version:    0.1.67
│ │   Minimum Version:    0.1.39
│ │   Vendor:             Lenovo (DMI:LENOVO)
│ │   Update State:       Success
│ │   GUID:               14f3350e-cf63-4e68-a0d9-0af1d5389a17
│ │   Device Flags:       • Internal device
│ │                       • Updatable
│ │                       • System requires external power source
│ │                       • Supported on remote server
│ │                       • Needs a reboot after installation
│ │                       • Cryptographic hash verification is available
│ │                       • Device is usable for the duration of the update
│ │   Device Requests:    • Message
│ │ 
│ ├─AMT [unprovisioned]:
│ │     Device ID:        8d5470e73fd9a31eaa460b2b6aea95483fe3f14c
│ │     Summary:          Hardware and firmware technology for remote out-of-band management
│ │     Current version:  15.0.45.2411
│ │     Bootloader Version:15.0.45.2411
│ │     Vendor:           Intel Corporation (MEI:0x8086)
│ │     GUIDs:            12f80028-b4b7-4b2d-aca8-46e0ff65814c
│ │                       f18c7464-aa01-5b3d-bd4f-6623597d0f70 ← MEI\VEN_8086&DEV_A0E0
│ │                       a0bbcad3-af2f-5173-927c-7fa420a8c75b ← MEI\VEN_8086&DEV_A0E0&SUBSYS_17AA22D4
│ │     Device Flags:     • Internal device
│ │   
│ ├─BootGuard Configuration:
│ │     Device ID:        b0d4430dfa6bde9f0c22680df36dbc8c15c80753
│ │     Current version:  20
│ │     Vendor:           Intel Corporation (MEI:0x8086)
│ │     GUIDs:            dd17041c-09ea-4b17-a271-5b989867ec65
│ │                       f18c7464-aa01-5b3d-bd4f-6623597d0f70 ← MEI\VEN_8086&DEV_A0E0
│ │                       a0bbcad3-af2f-5173-927c-7fa420a8c75b ← MEI\VEN_8086&DEV_A0E0&SUBSYS_17AA22D4
│ │     Device Flags:     • Internal device
│ │   
│ └─UEFI dbx:
│       Device ID:        362301da643102b9f38477387e2193e57abaa590
│       Summary:          UEFI revocation database
│       Current version:  371
│       Minimum Version:  371
│       Vendor:           UEFI:Linux Foundation
│       Install Duration: 1 second
│       GUIDs:            5971a208-da00-5fce-b5f5-1234342f9cf7 ← UEFI\CRT_A9087D1044AD18F7A94916D284CBC01827CF23CD8F60B79072C9CAA1FEF4D649&ARCH_X64
│                         f8ba2887-9411-5c36-9cee-88995bb39731 ← UEFI\CRT_A1117F516A32CEFCBA3F2D1ACE10A87972FD6BBE8FE0D0B996E09E65D802A503&ARCH_X64
│       Device Flags:     • Internal device
│                         • Updatable
│                         • Supported on remote server
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│                         • Only version upgrades are allowed
│                         • Signed Payload
│     
├─TPM:
│     Device ID:          c6a80ac3a22083423992a3cb15018989f37834d6
│     Current version:    1.258.0.0
│     Vendor:             ST Microelectronics (TPM:STM)
│     GUIDs:              84df3581-f896-54d2-bd1a-372602f04c32 ← TPM\VEN_STM&DEV_0001
│                         bfaed10a-bbc1-525b-a329-35da2f63e918 ← TPM\VEN_STM&MOD_
│                         70b7b833-7e1a-550a-a291-b94a12d0f319 ← TPM\VEN_STM&DEV_0001&VER_2.0
│                         06f005e9-cb62-5d1a-82d9-13c534c53c48 ← TPM\VEN_STM&MOD_&VER_2.0
│     Device Flags:       • Internal device
│                         • System requires external power source
│                         • Needs a reboot after installation
│                         • Device can recover flash failures
│                         • Full disk encryption secrets may be invalidated when updating
│                         • Signed Payload
│   
├─TigerLake-LP GT2 [Iris Xe Graphics]:
│     Device ID:          5792b48846ce271fab11c4a545f7a3df0d36e00a
│     Current version:    01
│     Vendor:             Intel Corporation (PCI:0x8086)
│     GUIDs:              54ff3ed7-1ea3-5279-975f-93c13bf2aa53 ← PCI\VEN_8086&DEV_9A49
│                         63989c5e-5055-5826-b694-c6d7912dc768 ← PCI\VEN_8086&DEV_9A49&SUBSYS_17AA22D4
│     Device Flags:       • Internal device
│                         • Cryptographic hash verification is available
│   
├─UEFI Device Firmware:
│     Device ID:          d3201cead9d5fc62712ce7258f0658db9d3f2540
│     Summary:            UEFI System Resource Table device (updated via NVRAM)
│     Current version:    2951531
│     Vendor:             DMI:LENOVO
│     Update State:       Success
│     GUID:               f0f8c8b2-9c7d-480c-9c2a-2831f1d7d7c3
│     Device Flags:       • Internal device
│                         • Updatable
│                         • System requires external power source
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│     Device Requests:    • Message
│   
├─UEFI Device Firmware:
│     Device ID:          f905a7bd8805851b14be474d006372f37cc9342d
│     Summary:            UEFI System Resource Table device (updated via NVRAM)
│     Current version:    1
│     Vendor:             DMI:LENOVO
│     Update State:       Success
│     GUID:               76ca0ad8-4a14-4389-b7e5-fd88791762ad
│     Device Flags:       • Internal device
│                         • Updatable
│                         • System requires external power source
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│     Device Requests:    • Message
│   
├─UEFI Device Firmware:
│     Device ID:          f3df5955811d72e6ae18957a6260043a3f03ebdb
│     Summary:            UEFI System Resource Table device (updated via NVRAM)
│     Current version:    16842769
│     Minimum Version:    1
│     Vendor:             DMI:LENOVO
│     Update State:       Success
│     GUID:               486e285b-5a0e-4ba7-ac67-cdc1db5861d5
│     Device Flags:       • Internal device
│                         • Updatable
│                         • System requires external power source
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│     Device Requests:    • Message
│   
├─UEFI Device Firmware:
│     Device ID:          0ac6a08a1e51ee11e3657f3a672eb808c0c2e0e8
│     Summary:            UEFI System Resource Table device (updated via NVRAM)
│     Current version:    1409356159
│     Minimum Version:    1
│     Vendor:             DMI:LENOVO
│     Update State:       Success
│     GUID:               11fe9275-9b06-4c8d-853e-c6c61dd05891
│     Device Flags:       • Internal device
│                         • Updatable
│                         • System requires external power source
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│     Device Requests:    • Message
│   
├─UEFI Device Firmware:
│     Device ID:          411c6f23d9326317948c7efca60068d31eb53b21
│     Summary:            UEFI System Resource Table device (updated via NVRAM)
│     Current version:    0.0.0.1
│     Minimum Version:    0.0.0.1
│     Vendor:             Lenovo (DMI:LENOVO)
│     Update State:       Success
│     GUID:               aa096a98-94e6-479b-92f7-5771f6f2d96f
│     Device Flags:       • Internal device
│                         • Updatable
│                         • System requires external power source
│                         • Supported on remote server
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│     Device Requests:    • Message
│   
├─UEFI Device Firmware:
│     Device ID:          eabaaa6ba3756a3590d823e2a49a6a2986eb4312
│     Summary:            UEFI System Resource Table device (updated via NVRAM)
│     Current version:    65794
│     Minimum Version:    65794
│     Vendor:             DMI:LENOVO
│     Update State:       Success
│     GUID:               3eeba6c0-a6f3-4b0e-b27e-cf57f21ca332
│     Device Flags:       • Internal device
│                         • Updatable
│                         • System requires external power source
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│     Device Requests:    • Message
│   
├─UEFI Device Firmware:
│     Device ID:          7e6427fb78fdb31553c3589b14cf9a40bd2e1f2e
│     Summary:            UEFI System Resource Table device (updated via NVRAM)
│     Current version:    1
│     Vendor:             DMI:LENOVO
│     Update State:       Success
│     GUID:               626d93db-2c42-48c3-915a-71f968a81b04
│     Device Flags:       • Internal device
│                         • Updatable
│                         • System requires external power source
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│     Device Requests:    • Message
│   
├─UEFI Device Firmware:
│     Device ID:          587c6425a53c7997d7d62a4fb5986fad193f8433
│     Summary:            UEFI System Resource Table device (updated via NVRAM)
│     Current version:    0
│     Vendor:             DMI:LENOVO
│     Update State:       Success
│     GUID:               3dd84775-ec79-4ecb-8404-74de030c3f77
│     Device Flags:       • Internal device
│                         • Updatable
│                         • System requires external power source
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│     Device Requests:    • Message
│   
├─UEFI Device Firmware:
│     Device ID:          7dccda75b1f76a97e675b08e7e0f8ab9924ad9ce
│     Summary:            UEFI System Resource Table device (updated via NVRAM)
│     Current version:    1
│     Minimum Version:    1
│     Vendor:             DMI:LENOVO
│     Update State:       Success
│     GUID:               69585d92-b50a-4ad7-b265-2eb1ae066574
│     Device Flags:       • Internal device
│                         • Updatable
│                         • System requires external power source
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│     Device Requests:    • Message
│   
├─UEFI Device Firmware:
│     Device ID:          81568164782039dbd4a74856cacb9800f408d44e
│     Summary:            UEFI System Resource Table device (updated via NVRAM)
│     Current version:    69145
│     Vendor:             DMI:LENOVO
│     Update State:       Success
│     GUID:               4e88068b-41b2-4e05-893c-db0b43f7d348
│     Device Flags:       • Internal device
│                         • Updatable
│                         • System requires external power source
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│     Device Requests:    • Message
│   
├─UEFI Device Firmware:
│     Device ID:          6ad5f455fbfa33903c16a954c2bbed10dc37244a
│     Summary:            UEFI System Resource Table device (updated via NVRAM)
│     Current version:    25112
│     Minimum Version:    1
│     Vendor:             DMI:LENOVO
│     Update State:       Success
│     GUID:               0d803ee9-f231-4ad7-9cb8-563bcbe75c13
│     Device Flags:       • Internal device
│                         • Updatable
│                         • System requires external power source
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│     Device Requests:    • Message
│   
├─UEFI Device Firmware:
│     Device ID:          97a1ebd5e0b64abc18f9a94d3051bfbda7bff6d7
│     Summary:            UEFI System Resource Table device (updated via NVRAM)
│     Current version:    9568256
│     Minimum Version:    57374
│     Vendor:             DMI:LENOVO
│     Update State:       Success
│     GUID:               d2718981-bb13-45b4-b919-16bd42529a70
│     Device Flags:       • Internal device
│                         • Updatable
│                         • System requires external power source
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│     Device Requests:    • Message
│   
└─UEFI Platform Key:
      Device ID:          6924110cde4fa051bfdc600a60620dc7aa9d3c6a
      Summary:            Lenovo Ltd. PK CA 2012
      Vendor:             Lenovo Ltd.
      GUID:               71599d14-9b31-5270-b3bd-74c494585820 ← UEFI\CRT_9AEF2123F4DE7C19AFABD909BB2C8CAC4411E07E

Additional questions

  • Operating system and version: Ubuntu 24.04
  • Have you tried rebooting? Yes, multiple execution, attempted execution on the AMT (shares version, but not firmware upgradable via fwupdmr), execution without TB3 dock attached (bare laptop)
  • Is this a regression? Notably, this happened with Intel ME previously, as part of a BIOS update, and we were able to revert the BIOS update. Also on the Lenovo website, there is a newer version (15.0.47.2521) posted for Windows notes thunderbolt updates (https://download.lenovo.com/pccbbs/mobiles/n32rg30w.exe) , and the version we want to go back to is posted for linux (15.0.42.2235) posted for Linux, so perhaps they know about this issue that fwupdmgr dropped us into.

Options we are considering, to try to avoid deploying Windows to fix this, are
a) try to get the .cab out of the newer .exe update for windows, and apply using fwupdmgr (if that is possible)
b) try to downgrade the whole BIOS, possibly with a version that comes with an older ME firmware as well (some research required, might introduce new dependency issues)
@ianbmacdonald
Copy link
Author

ianbmacdonald commented May 14, 2024
edited

Inside the .exe I can see these contents; I am thinking I am interested in TglMe_15_0_47_2521_Lp_Corp.cap however, a cab file probably has some meta, that is missing from the direct capsule, if I were to guess.

CLI seems to confirm the missing magic, which I assume is where the broken fwupd dependency is defined in the cab I can not seem to use.

$ sudo fwupdmgr local-install TglMe_15_0_47_2521_Lp_Corp.cap 23156eb4e14af860c0d4e04a401cc82b89298733
Decompressing…           [   -                                   ]
did not find magic

 innoextract n32rg30w.exe 
Extracting "version 15.0.47.2521 (n32rg30w)" - setup data version 5.5.7 (unicode)
 - "code$GetExtractPath$/FWCapUpdate_v46.exe" - overwritten
 - "code$GetExtractPath$/config.ini"
 - "code$GetExtractPath$/csme-version-detection-tool-console.exe"
 - "code$GetExtractPath$/FwCapUpdate_v46.exe"
 - "code$GetExtractPath$/FWDetect.exe"
 - "code$GetExtractPath$/fwdetect_Config.ini"
 - "code$GetExtractPath$/MEFirmwareSKUCheckTool.exe"
 - "code$GetExtractPath$/MEInfoWin64.exe"
 - "code$GetExtractPath$/SLA_TOOLS.PDF"
 - "code$GetExtractPath$/SusBde.bat"
 - "code$GetExtractPath$/Capsule/Consumer/TglMe_15_0_47_2521_Lp_Cons.cap"
 - "code$GetExtractPath$/Capsule/Consumer/tglme_15_0_47_2521_lp_cons.cat"
 - "code$GetExtractPath$/Capsule/Consumer/TglMe_15_0_47_2521_Lp_Cons.inf"
 - "code$GetExtractPath$/Capsule/Corporate/TglMe_15_0_47_2521_Lp_Corp.cap"
 - "code$GetExtractPath$/Capsule/Corporate/tglme_15_0_47_2521_lp_corp.cat"
 - "code$GetExtractPath$/Capsule/Corporate/TglMe_15_0_47_2521_Lp_Corp.inf"
 - "code$GetExtractPath$/misc/StartFWUpdate_OLD.CMD"
 - "code$GetExtractPath$/misc/Non_Capsule/Config.ini"
 - "code$GetExtractPath$/misc/Non_Capsule/FWDetect.exe"
 - "code$GetExtractPath$/misc/Non_Capsule/fwdetect_Config.ini"
 - "code$GetExtractPath$/misc/Non_Capsule/FWUpdate_v41.exe"
 - "code$GetExtractPath$/misc/Non_Capsule/FWUpdLcl64.exe"
 - "code$GetExtractPath$/misc/Non_Capsule/MEInfoWin64.exe"
 - "code$GetExtractPath$/misc/Non_Capsule/ME_15.0_Cons.bin"
 - "code$GetExtractPath$/misc/Non_Capsule/ME_15.0_Corp.bin"
 - "code$GetExtractPath$/misc/Non_Capsule/Non-Capsule_Update_ReadME.txt"
 - "code$GetExtractPath$/misc/Non_Capsule/SusBde.bat"
 - "code$GetExtractPath$/misc/TGL_FWdetect/csme-version-detection-tool-console.exe"
 - "code$GetExtractPath$/misc/TGL_FWdetect/FWDetect.exe"
 - "code$GetExtractPath$/misc/TGL_FWdetect/fwdetect_Config.ini"
 - "code$GetExtractPath$/misc/TGL_FWdetect/HowToUse.txt"
 - "code$GetExtractPath$/misc/TGL_FWdetect/MEInfoWin64.exe"
Done.

@hughsie
Copy link
Member

hughsie commented May 14, 2024

You can use sudo fwupdtool install-blob foo.cap -- but note that without the metadata it's entirely possible to flash the wrong firmware to the wrong device -- so be careful!

@ianbmacdonald
Copy link
Author

Okay, installing the blob directly worked great. I know from the fwupdmgr release note breadcrumbs during the breaking upgrade that my system uses the Corporate ME engine, as opposed to the Consumer, so my confidence on the right capsule was high.

fwupdtool install-blob TglMe_15_0_47_2521_Lp_Corp.cap 
Writing…                 [************                           ]
0.	Cancel
1.	0867c07f040e810fa5ea153981e63e324c29eb1f (ELAN0672:00 04F3:3187)
2.	073624c16dd99abe01ba1da223a70321e4f29beb (Package level of Dell dock)
3.	0acceea54e71c4d8002593822afe0f4705616613 (RTS5413 in Dell dock)
4.	96969b82d977fdcbf607df084ef0dcf10119409b (RTS5487 in Dell dock)
5.	228ac6846b64d532dd1ea1b7e651e8f5f55fbc34 (VMM5331 in Dell dock)
6.	570867f4ddda9915445da59bd85cd0e0e507270e (WD19TB)
7.	34210774738cce62e77e32d3a08a71619df371ba (Embedded Controller)
8.	3fa281ddf80d8a06b8ee5d8beb48d38ee95a9627 (Integrated Camera)
9.	23156eb4e14af860c0d4e04a401cc82b89298733 (Intel Management Engine)
10.	0d5d05911800242bb1f35287012cdcbd9b381148 (Prometheus)
11.	73e606488fec47b3e3f9288094f66fded0051446 (Prometheus IOTA Config)
12.	04e17fcf7d3de91da49a163ffe4907855c3648be (SSD 970 EVO Plus 500GB)
13.	61725c7e17fb355013585de4fd31fbe8ae919444 (System Firmware)
14.	4e767d355b374fa5269b32568d1758736b567a6e (Thunderbolt controller in Dell dock)
15.	d3201cead9d5fc62712ce7258f0658db9d3f2540 (UEFI Device Firmware)
16.	f905a7bd8805851b14be474d006372f37cc9342d (UEFI Device Firmware)
17.	f3df5955811d72e6ae18957a6260043a3f03ebdb (UEFI Device Firmware)
18.	0ac6a08a1e51ee11e3657f3a672eb808c0c2e0e8 (UEFI Device Firmware)
19.	411c6f23d9326317948c7efca60068d31eb53b21 (UEFI Device Firmware)
20.	eabaaa6ba3756a3590d823e2a49a6a2986eb4312 (UEFI Device Firmware)
21.	7e6427fb78fdb31553c3589b14cf9a40bd2e1f2e (UEFI Device Firmware)
22.	587c6425a53c7997d7d62a4fb5986fad193f8433 (UEFI Device Firmware)
23.	7dccda75b1f76a97e675b08e7e0f8ab9924ad9ce (UEFI Device Firmware)
24.	81568164782039dbd4a74856cacb9800f408d44e (UEFI Device Firmware)
25.	6ad5f455fbfa33903c16a954c2bbed10dc37244a (UEFI Device Firmware)
26.	97a1ebd5e0b64abc18f9a94d3051bfbda7bff6d7 (UEFI Device Firmware)
27.	362301da643102b9f38477387e2193e57abaa590 (UEFI dbx)
Choose device [0-27]: 9
Waiting…                 [***************************************]
An update requires a reboot to complete. Restart now? [y|N]: y

The reboot followed by the long UEFI update process, so it definately got the AMT component as well.

In hindsight, a safer option would have been to use cabextract and force the blob in, working around why I originally filed this bug; Rather than to push forward to a version not yet in the online database.

But it worked, and it solved the broken external monitor enumeration on boot, which is great. Below is my new enumerated firmware, noting my lid is closed since my monitors are working on boot now.

fwupdmgr get-devices --show-all-devices
LENOVO 20XY0027US
│
├─ELAN0672:00 04F3:3187:
│     Device ID:          0867c07f040e810fa5ea153981e63e324c29eb1f
│     Summary:            Touchpad
│     Current version:    0x0003
│     Bootloader Version: 0x0002
│     Vendor:             ELAN Microelectronics (HIDRAW:0x04F3)
│     GUIDs:              ab16bce2-e219-52f5-89a6-fd6b1c4244c0 ← HIDRAW\VEN_04F3&DEV_3187
│                         e4c6161e-2b1c-59cb-ad07-c8fb7feb155e ← HIDRAW\VEN_04F3&DEV_3187&MOD_0002
│                         5b73c06e-3dfd-5e6c-b06a-24e3489206c2 ← ELANTP\ICTYPE_14&MOD_0002
│                         31a158de-a671-50bf-b787-3bba647a8c49 ← ELANTP\ICTYPE_14&MOD_0002&DRIVER_HID
│     Device Flags:       • Internal device
│                         • Updatable
│   
├─WD19TB:
│ │   Device ID:          570867f4ddda9915445da59bd85cd0e0e507270e
│ │   Summary:            High performance dock
│ │   Current version:    01.01.00.07
│ │   Vendor:             Dell Inc. (USB:0x413C)
│ │   Install Duration:   1 minute
│ │   Serial Number:      H4HRVV2/3192058705161460
│ │   GUID:               cd357cf1-40b2-5d87-b8df-bb2dd82774aa ← USB\VID_413C&PID_B06E&hub&embedded
│ │   Device Flags:       • Updatable
│ │                       • Supported on remote server
│ │                       • Device stages updates
│ │                       • Device can recover flash failures
│ │                       • Device is usable for the duration of the update
│ │                       • Signed Payload
│ │ 
│ ├─Package level of Dell dock:
│ │     Device ID:        073624c16dd99abe01ba1da223a70321e4f29beb
│ │     Summary:          A representation of dock update status
│ │     Current version:  01.00.36.01
│ │     Vendor:           Dell Inc. (USB:0x413C)
│ │     Install Duration: 5 seconds
│ │     GUIDs:            d8927ff5-a5b2-5618-848b-8e8bfb75b66f
│ │                       8ceeeffd-51b6-580c-9b75-69143227aff8 ← USB\VID_413C&PID_B06E&hub&status
│ │     Device Flags:     • Updatable
│ │                       • Supported on remote server
│ │                       • Device can recover flash failures
│ │                       • Device is usable for the duration of the update
│ │                       • Unsigned Payload
│ │   
│ ├─RTS5413 in Dell dock:
│ │     Device ID:        0acceea54e71c4d8002593822afe0f4705616613
│ │     Summary:          USB 3.1 Generation 1 Hub
│ │     Current version:  01.22
│ │     Vendor:           Dell Inc. (USB:0x413C)
│ │     Install Duration: 14 seconds
│ │     GUIDs:            b27d25f1-019d-5718-b41a-02ddaefe5577 ← USB\VID_413C&PID_B06F
│ │                       ac5b774c-b49d-566b-9255-85f0f7f8a4ed ← USB\VID_413C&PID_B06F&hub
│ │     Device Flags:     • Updatable
│ │                       • Supported on remote server
│ │                       • Device stages updates
│ │                       • Device is usable for the duration of the update
│ │                       • Signed Payload
│ │   
│ ├─RTS5487 in Dell dock:
│ │     Device ID:        96969b82d977fdcbf607df084ef0dcf10119409b
│ │     Summary:          USB 3.1 Generation 2 Hub
│ │     Current version:  01.57
│ │     Vendor:           Dell Inc. (USB:0x413C)
│ │     Install Duration: 3 seconds
│ │     GUIDs:            acfcd89b-105d-55b9-b85b-08bf8508f38c ← USB\VID_413C&PID_B06E
│ │                       568ffa1e-a0db-5287-9ea3-872b60f7730b ← USB\VID_413C&PID_B06E&hub
│ │     Device Flags:     • Updatable
│ │                       • Supported on remote server
│ │                       • Device stages updates
│ │                       • Device is usable for the duration of the update
│ │                       • Signed Payload
│ │   
│ ├─VMM5331 in Dell dock:
│ │     Device ID:        228ac6846b64d532dd1ea1b7e651e8f5f55fbc34
│ │     Summary:          Multi Stream Transport controller
│ │     Current version:  05.07.04
│ │     Vendor:           Dell Inc. (USB:0x413C)
│ │     Install Duration: 6 minutes
│ │     GUID:             89fec0b6-6b76-5008-b82c-5e5c6c164007 ← MST-panamera-vmm5331-259
│ │     Device Flags:     • Updatable
│ │                       • Supported on remote server
│ │                       • Device stages updates
│ │                       • Device is usable for the duration of the update
│ │                       • Unsigned Payload
│ │   
│ └─Thunderbolt controller in Dell dock:
│       Device ID:        4e767d355b374fa5269b32568d1758736b567a6e
│       Summary:          Thunderbolt controller
│       Current version:  60.00
│       Vendor:           Dell Inc. (THUNDERBOLT:0x00D4, TBT:0x00D4)
│       Install Duration: 22 seconds
│       GUIDs:            08a8c886-2818-544c-b1a3-588eb07ae487 ← THUNDERBOLT\VEN_00D4&DEV_B070
│                         c94770ca-1773-592c-b20a-e87243bc7cd0 ← TBT-00d4b070
│                         d9d01d94-4749-58f4-b318-87cb92251fdb ← TBT-00d4b070-controller1-1
│       Device Flags:     • Updatable
│                         • System requires external power source
│                         • Supported on remote server
│                         • Install to parent device first
│                         • Device stages updates
│                         • Device is usable for the duration of the update
│                         • Signed Payload
│     
├─Unknown Device:
│     Device ID:          eb5437c428ae83ddcf16735cc4fe3b2983d5c0ce
│     Serial Number:      413472
│     GUID:               400bef38-1dd7-5d44-aed8-c68bde803692 ← DRM\VEN_GSM&DEV_7707
│   
├─Unknown Device:
│     Device ID:          63223cc2d1b0b8d4c45ef8cedcb1f45315d3ff20
│     GUID:               ca5c154c-a46a-59d8-bf77-0ca40522cc85 ← GPIO\ID_INT34C5:00
│   
├─11th Gen Intel Core™ i7-1185G7 @ 3.00GHz:
│     Device ID:          4bde70ba4e39b28f9eab1628f9dd6e6244c03027
│     Current version:    0x000000b6
│     Vendor:             Intel
│     GUIDs:              2347ad97-b545-5bae-b6b3-b70a9553cbba ← CPUID\PRO_0&FAM_06&MOD_8C
│                         1df99df5-22f4-5505-98cc-22dcc53b132a ← CPUID\PRO_0&FAM_06&MOD_8C&STP_1
│     Device Flags:       • Internal device
│   
├─Embedded Controller:
│     Device ID:          34210774738cce62e77e32d3a08a71619df371ba
│     Summary:            UEFI System Resource Table device (updated via NVRAM)
│     Current version:    0.1.36
│     Minimum Version:    0.1.36
│     Vendor:             Lenovo (DMI:LENOVO)
│     Update State:       Success
│     Problems:           • Device cannot be used while the lid is closed
│     GUID:               61b65ccc-0116-4b62-80ed-ec5f089ae523
│     Device Flags:       • Internal device
│                         • System requires external power source
│                         • Supported on remote server
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│                         • Updatable
│     Device Requests:    • Message
│   
├─Integrated Camera:
│     Device ID:          3fa281ddf80d8a06b8ee5d8beb48d38ee95a9627
│     Current version:    62.18
│     Vendor:             Chicony Electronics Co.,Ltd. (USB:0x04F2)
│     Serial Number:      0001
│     GUID:               30bb6882-12ea-5e20-84a6-29bb797a7b76 ← USB\VID_04F2&PID_B6EA
│     Device Flags:       • Updatable
│   
├─Intel Management Engine:
│     Device ID:          23156eb4e14af860c0d4e04a401cc82b89298733
│     Summary:            UEFI System Resource Table device (updated via NVRAM)
│     Current version:    240.47.2521
│     Minimum Version:    0.0.1
│     Vendor:             Lenovo (DMI:LENOVO)
│     Update State:       Success
│     Problems:           • Device cannot be used while the lid is closed
│     GUID:               c1b2be54-d7ed-4e24-a577-7c5f32bb7587
│     Device Flags:       • Internal device
│                         • System requires external power source
│                         • Supported on remote server
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│                         • Updatable
│     Device Requests:    • Message
│   
├─MNE007ZA1-2:
│     Device ID:          aec1a869eb0df71b7cea6b3ac71d39b830faf164
│     GUID:               b01714e1-e594-5f4f-9851-472abbfb5db7 ← DRM\VEN_CSO&DEV_1403
│     Device Flags:       • Internal device
│   
├─Prometheus:
│ │   Device ID:          0d5d05911800242bb1f35287012cdcbd9b381148
│ │   Summary:            Fingerprint reader
│ │   Current version:    10.01.3478575
│ │   Vendor:             Synaptics (USB:0x06CB)
│ │   Install Duration:   2 seconds
│ │   Serial Number:      88445732934187
│ │   GUID:               448868f0-e05d-5849-8fc4-b8fa1ec16bf5 ← USB\VID_06CB&PID_00FC
│ │   Device Flags:       • Updatable
│ │                       • Supported on remote server
│ │                       • Cryptographic hash verification is available
│ │                       • Signed Payload
│ │ 
│ └─Prometheus IOTA Config:
│       Device ID:        73e606488fec47b3e3f9288094f66fded0051446
│       Summary:          Fingerprint reader config
│       Current version:  0008
│       Minimum Version:  0008
│       Vendor:           Synaptics (USB:0x06CB)
│       GUIDs:            5cfe6094-5ba5-5713-b5a4-bc9d9c0f55df ← USB\VID_06CB&PID_00FC-cfg
│                         d9fbfaa0-2fc3-5225-aaf4-6c640029b473 ← USB\VID_06CB&PID_00FC&CFG1_3698&CFG2_0
│       Device Flags:     • Updatable
│                         • Only version upgrades are allowed
│                         • Signed Payload
│     
├─SSD 970 EVO Plus 500GB:
│     Device ID:          04e17fcf7d3de91da49a163ffe4907855c3648be
│     Summary:            NVM Express solid state drive
│     Current version:    2B2QEXM7
│     Vendor:             Samsung (NVME:0x144D)
│     Serial Number:      S58SNJ0N612414K
│     GUIDs:              47335265-a509-51f7-841e-1c94911af66b ← NVME\VEN_144D&DEV_A808
│                         c9d531ea-ee7d-5562-8def-c64d0d144813 ← NVME\VEN_144D&DEV_A808&SUBSYS_144DA801
│                         173afe85-89dc-54b2-9a58-a5990e4e4b6a ← Samsung SSD 970 EVO Plus 500GB
│     Device Flags:       • Internal device
│                         • Updatable
│                         • System requires external power source
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│                         • Signed Payload
│   
├─System Firmware:
│ │   Device ID:          61725c7e17fb355013585de4fd31fbe8ae919444
│ │   Summary:            UEFI System Resource Table device (updated via NVRAM)
│ │   Current version:    0.1.67
│ │   Minimum Version:    0.1.39
│ │   Vendor:             Lenovo (DMI:LENOVO)
│ │   Update State:       Success
│ │   Problems:           • Device cannot be used while the lid is closed
│ │   GUID:               14f3350e-cf63-4e68-a0d9-0af1d5389a17
│ │   Device Flags:       • Internal device
│ │                       • System requires external power source
│ │                       • Supported on remote server
│ │                       • Needs a reboot after installation
│ │                       • Cryptographic hash verification is available
│ │                       • Device is usable for the duration of the update
│ │                       • Updatable
│ │   Device Requests:    • Message
│ │ 
│ ├─AMT [unprovisioned]:
│ │     Device ID:        8d5470e73fd9a31eaa460b2b6aea95483fe3f14c
│ │     Summary:          Hardware and firmware technology for remote out-of-band management
│ │     Current version:  15.0.47.2521
│ │     Bootloader Version:15.0.47.2521
│ │     Vendor:           Intel Corporation (MEI:0x8086)
│ │     GUIDs:            12f80028-b4b7-4b2d-aca8-46e0ff65814c
│ │                       f18c7464-aa01-5b3d-bd4f-6623597d0f70 ← MEI\VEN_8086&DEV_A0E0
│ │                       a0bbcad3-af2f-5173-927c-7fa420a8c75b ← MEI\VEN_8086&DEV_A0E0&SUBSYS_17AA22D4
│ │     Device Flags:     • Internal device
│ │   
│ ├─BootGuard Configuration:
│ │     Device ID:        b0d4430dfa6bde9f0c22680df36dbc8c15c80753
│ │     Current version:  20
│ │     Vendor:           Intel Corporation (MEI:0x8086)
│ │     GUIDs:            dd17041c-09ea-4b17-a271-5b989867ec65
│ │                       f18c7464-aa01-5b3d-bd4f-6623597d0f70 ← MEI\VEN_8086&DEV_A0E0
│ │                       a0bbcad3-af2f-5173-927c-7fa420a8c75b ← MEI\VEN_8086&DEV_A0E0&SUBSYS_17AA22D4
│ │     Device Flags:     • Internal device
│ │   
│ └─UEFI dbx:
│       Device ID:        362301da643102b9f38477387e2193e57abaa590
│       Summary:          UEFI revocation database
│       Current version:  371
│       Minimum Version:  371
│       Vendor:           UEFI:Linux Foundation
│       Install Duration: 1 second
│       GUIDs:            5971a208-da00-5fce-b5f5-1234342f9cf7 ← UEFI\CRT_A9087D1044AD18F7A94916D284CBC01827CF23CD8F60B79072C9CAA1FEF4D649&ARCH_X64
│                         f8ba2887-9411-5c36-9cee-88995bb39731 ← UEFI\CRT_A1117F516A32CEFCBA3F2D1ACE10A87972FD6BBE8FE0D0B996E09E65D802A503&ARCH_X64
│       Device Flags:     • Internal device
│                         • Updatable
│                         • Supported on remote server
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│                         • Only version upgrades are allowed
│                         • Signed Payload
│     
├─TPM:
│     Device ID:          c6a80ac3a22083423992a3cb15018989f37834d6
│     Current version:    1.258.0.0
│     Vendor:             ST Microelectronics (TPM:STM)
│     GUIDs:              84df3581-f896-54d2-bd1a-372602f04c32 ← TPM\VEN_STM&DEV_0001
│                         bfaed10a-bbc1-525b-a329-35da2f63e918 ← TPM\VEN_STM&MOD_
│                         70b7b833-7e1a-550a-a291-b94a12d0f319 ← TPM\VEN_STM&DEV_0001&VER_2.0
│                         06f005e9-cb62-5d1a-82d9-13c534c53c48 ← TPM\VEN_STM&MOD_&VER_2.0
│     Device Flags:       • Internal device
│                         • System requires external power source
│                         • Needs a reboot after installation
│                         • Device can recover flash failures
│                         • Full disk encryption secrets may be invalidated when updating
│                         • Signed Payload
│   
├─TigerLake-LP GT2 [Iris Xe Graphics]:
│     Device ID:          5792b48846ce271fab11c4a545f7a3df0d36e00a
│     Current version:    01
│     Vendor:             Intel Corporation (PCI:0x8086)
│     GUIDs:              54ff3ed7-1ea3-5279-975f-93c13bf2aa53 ← PCI\VEN_8086&DEV_9A49
│                         63989c5e-5055-5826-b694-c6d7912dc768 ← PCI\VEN_8086&DEV_9A49&SUBSYS_17AA22D4
│     Device Flags:       • Internal device
│                         • Cryptographic hash verification is available
│   
├─UEFI Device Firmware:
│     Device ID:          d3201cead9d5fc62712ce7258f0658db9d3f2540
│     Summary:            UEFI System Resource Table device (updated via NVRAM)
│     Current version:    3082713
│     Vendor:             DMI:LENOVO
│     Update State:       Success
│     Problems:           • Device cannot be used while the lid is closed
│     GUID:               f0f8c8b2-9c7d-480c-9c2a-2831f1d7d7c3
│     Device Flags:       • Internal device
│                         • System requires external power source
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│                         • Updatable
│     Device Requests:    • Message
│   
├─UEFI Device Firmware:
│     Device ID:          f905a7bd8805851b14be474d006372f37cc9342d
│     Summary:            UEFI System Resource Table device (updated via NVRAM)
│     Current version:    1
│     Vendor:             DMI:LENOVO
│     Update State:       Success
│     Problems:           • Device cannot be used while the lid is closed
│     GUID:               76ca0ad8-4a14-4389-b7e5-fd88791762ad
│     Device Flags:       • Internal device
│                         • System requires external power source
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│                         • Updatable
│     Device Requests:    • Message
│   
├─UEFI Device Firmware:
│     Device ID:          f3df5955811d72e6ae18957a6260043a3f03ebdb
│     Summary:            UEFI System Resource Table device (updated via NVRAM)
│     Current version:    16842769
│     Minimum Version:    1
│     Vendor:             DMI:LENOVO
│     Update State:       Success
│     Problems:           • Device cannot be used while the lid is closed
│     GUID:               486e285b-5a0e-4ba7-ac67-cdc1db5861d5
│     Device Flags:       • Internal device
│                         • System requires external power source
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│                         • Updatable
│     Device Requests:    • Message
│   
├─UEFI Device Firmware:
│     Device ID:          0ac6a08a1e51ee11e3657f3a672eb808c0c2e0e8
│     Summary:            UEFI System Resource Table device (updated via NVRAM)
│     Current version:    1409356159
│     Minimum Version:    1
│     Vendor:             DMI:LENOVO
│     Update State:       Success
│     Problems:           • Device cannot be used while the lid is closed
│     GUID:               11fe9275-9b06-4c8d-853e-c6c61dd05891
│     Device Flags:       • Internal device
│                         • System requires external power source
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│                         • Updatable
│     Device Requests:    • Message
│   
├─UEFI Device Firmware:
│     Device ID:          411c6f23d9326317948c7efca60068d31eb53b21
│     Summary:            UEFI System Resource Table device (updated via NVRAM)
│     Current version:    1.2.28.0
│     Vendor:             Lenovo (DMI:LENOVO)
│     Update State:       Success
│     Problems:           • Device cannot be used while the lid is closed
│     GUID:               aa096a98-94e6-479b-92f7-5771f6f2d96f
│     Device Flags:       • Internal device
│                         • System requires external power source
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│                         • Updatable
│     Device Requests:    • Message
│   
├─UEFI Device Firmware:
│     Device ID:          eabaaa6ba3756a3590d823e2a49a6a2986eb4312
│     Summary:            UEFI System Resource Table device (updated via NVRAM)
│     Current version:    65794
│     Minimum Version:    65794
│     Vendor:             DMI:LENOVO
│     Update State:       Success
│     Problems:           • Device cannot be used while the lid is closed
│     GUID:               3eeba6c0-a6f3-4b0e-b27e-cf57f21ca332
│     Device Flags:       • Internal device
│                         • System requires external power source
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│                         • Updatable
│     Device Requests:    • Message
│   
├─UEFI Device Firmware:
│     Device ID:          7e6427fb78fdb31553c3589b14cf9a40bd2e1f2e
│     Summary:            UEFI System Resource Table device (updated via NVRAM)
│     Current version:    1
│     Vendor:             DMI:LENOVO
│     Update State:       Success
│     Problems:           • Device cannot be used while the lid is closed
│     GUID:               626d93db-2c42-48c3-915a-71f968a81b04
│     Device Flags:       • Internal device
│                         • System requires external power source
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│                         • Updatable
│     Device Requests:    • Message
│   
├─UEFI Device Firmware:
│     Device ID:          587c6425a53c7997d7d62a4fb5986fad193f8433
│     Summary:            UEFI System Resource Table device (updated via NVRAM)
│     Current version:    0
│     Vendor:             DMI:LENOVO
│     Update State:       Success
│     Problems:           • Device cannot be used while the lid is closed
│     GUID:               3dd84775-ec79-4ecb-8404-74de030c3f77
│     Device Flags:       • Internal device
│                         • System requires external power source
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│                         • Updatable
│     Device Requests:    • Message
│   
├─UEFI Device Firmware:
│     Device ID:          7dccda75b1f76a97e675b08e7e0f8ab9924ad9ce
│     Summary:            UEFI System Resource Table device (updated via NVRAM)
│     Current version:    1
│     Minimum Version:    1
│     Vendor:             DMI:LENOVO
│     Update State:       Success
│     Problems:           • Device cannot be used while the lid is closed
│     GUID:               69585d92-b50a-4ad7-b265-2eb1ae066574
│     Device Flags:       • Internal device
│                         • System requires external power source
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│                         • Updatable
│     Device Requests:    • Message
│   
├─UEFI Device Firmware:
│     Device ID:          81568164782039dbd4a74856cacb9800f408d44e
│     Summary:            UEFI System Resource Table device (updated via NVRAM)
│     Current version:    69145
│     Vendor:             DMI:LENOVO
│     Update State:       Success
│     Problems:           • Device cannot be used while the lid is closed
│     GUID:               4e88068b-41b2-4e05-893c-db0b43f7d348
│     Device Flags:       • Internal device
│                         • System requires external power source
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│                         • Updatable
│     Device Requests:    • Message
│   
├─UEFI Device Firmware:
│     Device ID:          6ad5f455fbfa33903c16a954c2bbed10dc37244a
│     Summary:            UEFI System Resource Table device (updated via NVRAM)
│     Current version:    25112
│     Minimum Version:    1
│     Vendor:             DMI:LENOVO
│     Update State:       Success
│     Problems:           • Device cannot be used while the lid is closed
│     GUID:               0d803ee9-f231-4ad7-9cb8-563bcbe75c13
│     Device Flags:       • Internal device
│                         • System requires external power source
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│                         • Updatable
│     Device Requests:    • Message
│   
├─UEFI Device Firmware:
│     Device ID:          97a1ebd5e0b64abc18f9a94d3051bfbda7bff6d7
│     Summary:            UEFI System Resource Table device (updated via NVRAM)
│     Current version:    9568256
│     Minimum Version:    57374
│     Vendor:             DMI:LENOVO
│     Update State:       Success
│     Problems:           • Device cannot be used while the lid is closed
│     GUID:               d2718981-bb13-45b4-b919-16bd42529a70
│     Device Flags:       • Internal device
│                         • System requires external power source
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│                         • Updatable
│     Device Requests:    • Message
│   
└─UEFI Platform Key:
      Device ID:          6924110cde4fa051bfdc600a60620dc7aa9d3c6a
      Summary:            Lenovo Ltd. PK CA 2012
      Vendor:             Lenovo Ltd.
      GUID:               71599d14-9b31-5270-b3bd-74c494585820 ← UEFI\CRT_9AEF2123F4DE7C19AFABD909BB2C8CAC4411E07E

Following up on the original intent, to make fwupdmgr follow published instructions for older versions of the tool, like those included in the readme that comes along with the Lenovo cab file for manual installation, I did go and extract the cab, and look at the meta.

 cabextract n32rk04w.cab 
Extracting cabinet: n32rk04w.cab
  extracting firmware.bin
  extracting firmware.metainfo.xml

All done, no errors.

There is no specification for the fwupd version in the firmware.metainfo.xml, so the dependency, it would seem on fwupd <= 1.1.0 stems from newer fwupd versions when other things are defined in the meta, likely the version, given the output "firmware with version" which is clearly not an issue with older fwupd included in Ubuntu LTS 20.04.

It seems logical, another --allow-xxxx should be added for this new constraint to allow for compatability with existing documentation and to allow manual updates with older .cab files, that were packaged before the change to fwupd logic, to be applied without soo much effort.

Lenovo for their part, releasing fixes for Windows without making simple tweaks to their Linux equivalent cab could be seen as just lazy, but the issue is more likely a set of missing QA procedures to catch this problem. I'll do my part to file a ticket with them, letting them know they can safely update and release a new cab supporting Ubuntu 24.04.

@hughsie
Copy link
Member

hughsie commented May 14, 2024

to allow manual updates with older .cab

I'm confused -- what's wrong with installing older files with a new fwupd?

@ianbmacdonald
Copy link
Author

It causes the requirement 'firmware with version' also needs org.freedesktop.fwupd >= 1.1.0 error. Presumably the same shipped meta (below) works on Ubuntu 20.04 as described in Lenovo's readme https://download.lenovo.com/pccbbs/mobiles/n32rk04w.txt

But not in 24.04, where meta with a version defined, spits out this failure with no obvious way to override and get the previous behavior. Assuming I have not made an error, it seems like a problem for any existing cab files before the change.

cat firmware.metainfo.xml 
<?xml version="1.0" encoding="UTF-8"?>
<!-- Copyright 2016 Richard Hughes  -->
<component type="firmware">
  <id>com.lenovo.ThinkPadN32RM.firmware</id>
  <name>ThinkPad X1 Yoga Gen 6/ThinkPad X1 Carbon Gen 9</name>
  <summary>Lenovo ThinkPad X1 Yoga Gen 6/X1 Carbon Gen 9 Corporate ME Firmware</summary>
  <description>
    <p>
      Lenovo ThinkPad X1 Yoga Gen 6/X1 Carbon Gen 9 Corporate ME Firmware N32RG26W, 15.0.42.2235
    </p>
  </description>
  <provides>
    <firmware type="flashed">c1b2be54-d7ed-4e24-a577-7c5f32bb7587</firmware>
  </provides>
  <url type="homepage">http://www.lenovo.com/</url>
  <metadata_license>CC0-1.0</metadata_license>
  <project_license>proprietary</project_license>
  <developer_name>Lenovo Ltd.</developer_name>
  <categories>
     <category>X-CorporateManagementEngine</category>
     <category>X-ManagementEngine</category>
  </categories>
  <custom>
     <value key="LVFS::UpdateProtocol">org.uefi.capsule</value>
     <value key="LVFS::VersionFormat">triplet</value>
  </custom>
  <releases>
    <release version="240.42.2235" date="2022-09-21" urgency="high" tag="N32RG26W">
      <description>
        <p>Intel Platform Update 2022.3 Product Version Maintenance Release</p>
        <p>Version 15.0.42.2235 (LVFS: 240.42.2235)</p>
        <p>Problem Fixes</p>
           <ul>
              <li>   Mitigated the following security vulnerabilities under issues. Please see fixed issues for details.</li>
           </ul>
      </description>
      <issues>
        <issue type="intel">INTEL-TA-00610</issue>
        <issue type="cve">CVE-2022-21181</issue>
        <issue type="cve">CVE-2022-27497</issue>
        <issue type="cve">CVE-2022-29893</issue>
        <issue type="cve">CVE-2021-33159</issue>
        <issue type="cve">CVE-2022-29515</issue>
      </issues>
    </release>
  </releases>
  <requires>
       <firmware compare="ge" version="0.1.49">14f3350e-cf63-4e68-a0d9-0af1d5389a17</firmware>
       <firmware compare="ge" version="0.1.30">61b65ccc-0116-4b62-80ed-ec5f089ae523</firmware>
  </requires>

@hughsie
Copy link
Member

hughsie commented May 15, 2024

I think this lets us detect this on the LVFS: https://gitlab.com/fwupd/lvfs-website/-/commit/81d5e5258ddd393fbdb34b0d90e49fef92522b1c -- deploying now.

@hughsie
Copy link
Member

hughsie commented May 15, 2024

If you re-download https://fwupd.org/downloads/8f3899045a2d6024c6aee493632e53335b601bcea3fd149d61db9f345227eff1-Lenovo-ThinkPad-X1YogaGen6X1CarbonGen9-CorporateMEFirmware-15.0.42.2235.cab does it install locally now?

@mrhpearson
Copy link
Collaborator

Hi - Lenovo premiere support pointed me at this (I assume this got escalated to them?)

Seems to me there are two problems - can I confirm my understanding:

  1. There is an issue with the 240.45.2411 ME FW that causes problems with your monitor (or is it with the Dell dock?). Is this ticket raised anywhere or not? (apologies if I've missed it)
  2. fwdupd not allowing downgrades. Looks like this is understood and potentially fixed. @hughsie - holler if you need anything from me.

If I've missed anything important let me know.
Mark

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hughsie @ianbmacdonald @mrhpearson