1. 22 Feb, 2021 1 commit
  2. 06 Feb, 2021 1 commit
  3. 27 Jan, 2021 1 commit
    • Richard Hughes's avatar
      uefi-capsule: Check if the fwupd BootXXXX entry exists on failure · 5d7fb6ad
      Richard Hughes authored
      Some systems remove the BootXXXX entry we add (so we can run fwupdx64.efi) and
      thus the firmware update does not run. Most commonly this failure is seen with
      Lenovo systems that call the helpful option 'Boot Order Lock'.
      
      Hopefully when we depend on the new kernel bios interface sysfs API in we can
      check in ->prepare(), not after reboot, but until that we can mark the update
      failure as transient as the user can actually fix the problem themselves.
      
      Fixes https://github.com/fwupd/fwupd/issues/2801
      5d7fb6ad
  4. 22 Jan, 2021 1 commit
  5. 20 Jan, 2021 1 commit
    • Richard Hughes's avatar
      Install the UX data into a single .tar.xz file · 11603b3e
      Richard Hughes authored
      This allows much better compression (-60%) than gziping them individually and
      also allows us to build the capsule UX images as part of the build stage.
      
      Also add more popular screen resolutions for laptops you can buy in 2021.
      11603b3e
  6. 19 Jan, 2021 1 commit
    • Richard Hughes's avatar
      Report the lockdown status from UEFI and SuperIO plugins · a512d91d
      Richard Hughes authored
      I was asked the other day how many machines would support a /dev/mem mmap'd
      update mechanism, and I had to say that I didn't know. We use direct port IO in
      the SuperIO plugin too, and it would be good to know how quickly we need to
      port this to something else.
      a512d91d
  7. 15 Jan, 2021 1 commit
    • Richard Hughes's avatar
      Do not allow Lenovo hardware to install multiple capsules · a676a5ec
      Richard Hughes authored
      Once a device has been scheduled for update mark the others from the same plugin
      as updatable-hidden rather than updatable so that fwupdmgr or gnome-software
      does not try to offer updates for them.
      This is preferable to quitting with an error in FuDevice->prepare as we don't
      want to waste bandwidth downloading the next update and then show the user an
      error they can't possibly understand.
      
      Exclude the currently scheduled device to allow the user to change the scheduled
      release and so the pending device does not disappear from UI tools.
      a676a5ec
  8. 07 Jan, 2021 1 commit
  9. 06 Jan, 2021 1 commit
    • Richard Hughes's avatar
      Do not export useless device attributes to the client · cf100293
      Richard Hughes authored
      That giant uint64_t isn't looking so big now, and we'll want to add even more
      to it in the future. Split out some private flags that are never useful to the
      client, although the #defines will have to remain until we break API again.
      cf100293
  10. 05 Jan, 2021 1 commit
  11. 04 Jan, 2021 1 commit
    • Richard Hughes's avatar
      Allow specifying more than one VendorID for a device · eddaed0c
      Richard Hughes authored
      Asking the user for the UID mapping isn't working very well, as it requires lots
      of manual handholding. It also doesn't work very well when the device vendor
      does not actually have a PCI ID or if the vendor has split into two entities.
      
      Just use the OUI address as an additional VendorID and match any of the device
      IDs against any of the metadata-supplied values.
      eddaed0c
  12. 16 Nov, 2020 1 commit
  13. 11 Nov, 2020 1 commit
    • Hsieh-Tseng Shen's avatar
      uefi: a new option for uefi configuration to use UEFI removable path · b47eee9a
      Hsieh-Tseng Shen authored
      Per discussion of #2513, Ubuntu Core was going to use UEFI removable
      path as default esp path, and it needs to change some parts around
      getting the esp path and searching the shim app path. Also, a new option
      "FallbacktoRemovablePath" is added into uefi.conf to be applied in this
      case, and it will be false by default.
      b47eee9a
  14. 27 Oct, 2020 1 commit
  15. 22 Oct, 2020 1 commit
  16. 19 Oct, 2020 1 commit
  17. 13 Oct, 2020 1 commit
    • Richard Hughes's avatar
      Export FwupdPlugin so we can convey enumerated system errors to the end user · 7bcb8d43
      Richard Hughes authored
      For instance, we can tell the user that UEFI UpdateCapsule is disabled in the
      system firmware, or that efivarfs is not mounted. This is much better than
      creating "dummy" devices which are really just hacks around the problem because
      no better API existed. THe dummy devices cause as many problems as they solve.
      
      Plugins have to set FWUPD_PLUGIN_FLAG_USER_WARNING if a warning should be shown
      to the user, and only one warning will be shown of each failure type.
      
      It is expected that GUI clients like gnome-software and gnome-firmware would use
      this API to notify the user the localized message for why firmware updates are
      not being shown.
      
      Fixes https://github.com/fwupd/fwupd/issues/2456
      7bcb8d43
  18. 08 Oct, 2020 1 commit
  19. 02 Oct, 2020 1 commit
    • Richard Hughes's avatar
      Clarify various parts of the HSI specification · 7d1267fd
      Richard Hughes authored
      Firsly, that HSI isn't expected for embedded devices and then secondary how we
      require SecureBoot to be available for HSI:1
      
      At the moment we get a runtime failure if it is disabled. Making SB a part of
      `HSI:1` makes this requiremnt explicit and prevents us getting `HSI:2!` if it
      is not available.
      7d1267fd
  20. 28 Sep, 2020 2 commits
  21. 09 Sep, 2020 1 commit
  22. 12 Aug, 2020 1 commit
  23. 10 Aug, 2020 1 commit
  24. 30 Jun, 2020 1 commit
  25. 24 Jun, 2020 1 commit
  26. 22 Jun, 2020 1 commit
    • Mario Limonciello's avatar
      Add a new plugin for legacy BIOS · 91e27e14
      Mario Limonciello authored
      This plugin is only enabled when coreboot isn't detected.
      It intentionally does not check for EFI to be disabled at startup
      since it can also notify the user that UEFI capsule updates are
      disabled on the system even if running in UEFI mode.
      91e27e14
  27. 16 Jun, 2020 1 commit
    • Richard Hughes's avatar
      Collect per-device report metadata for the history database · b114661a
      Richard Hughes authored
      Add two new vfuncs that can be used to collect report metadata from devices
      both before and after the update has run. This means we can remove the hacks
      where we set add 'global' metadata entries and just hope that there is only one
      device from the same plugin that is updated.
      
      This also allows us to collect debugging metadata from devices after an offline
      update has been run.
      b114661a
  28. 22 May, 2020 1 commit
  29. 18 May, 2020 1 commit
    • Richard Hughes's avatar
      Allow client tools to translate the HSI attributes and results · b246bcae
      Richard Hughes authored
      To do this, rely on the AppStream ID to map to a translated string (providing a
      fallback for clients that do not care) and switch the free-form result string
      into a set of enumerated values that can be translated.
      
      This fixes some of the problems where some things have to be enabled to "pass"
      and other attributes have to be some other state. For cases where we want the
      user to "do" something, provide a URL to a wiki page that we update out-of-band
      of fwupd releases.
      b246bcae
  30. 15 May, 2020 1 commit
  31. 12 May, 2020 1 commit
    • Richard Hughes's avatar
      Add many new plugins to support for the Host Security ID · c1eda7d5
      Richard Hughes authored
      The HSI specification is currently incomplete and in active development.
      
      Sample output for my Lenovo P50 Laptop:
      
          Host Security ID: HSI:2+UA!
      
          HSI-1
            UEFI dbx: OK
            TPM: v2.0
            SPI: Write disabled
            SPI: Lock enabled
            SPI: SMM required
            UEFI Secure Boot: Enabled
      
          HSI-2
            TPM Reconstruction: Matched PCR0 reading
      
          HSI-3
          ✘  Linux Kernel S3 Sleep: Deep sleep available
      
          HSI-4
          ✘  Intel CET: Unavailable
      
          Runtime Suffix -U
            Firmware Updates: Newest release is 8 months old
      
          Runtime Suffix -A
            Firmware Attestation: OK
      
          Runtime Suffix -!
            fwupd plugins: OK
            Linux Kernel: OK
            Linux Kernel: Locked down
          ✘  Linux Swap: Not encrypted
      c1eda7d5
  32. 01 May, 2020 1 commit
  33. 05 Mar, 2020 2 commits
  34. 26 Feb, 2020 1 commit
  35. 25 Feb, 2020 1 commit
    • Richard Hughes's avatar
      Decouple the version format from the version itself · f50ff2c2
      Richard Hughes authored
      If we say that the version format should be the same for the `version_lowest`
      and the `version_bootloader` then it does not always make sense to set it at
      the same time.
      
      Moving the `version_format` to a standalone first-class property also means it
      can be typically be set in the custom device `_init()` function, which means we
      don't need to worry about *changing* ther version format as set by the USB and
      UDev superclass helpers.
      f50ff2c2
  36. 24 Feb, 2020 1 commit
  37. 20 Feb, 2020 1 commit
  38. 11 Dec, 2019 1 commit