deeplow
commented
3 months ago I should have mentioned before, but I have had issues in the past with fwupd where it didn't fully shut down my system prior to firmware updates. So it just hung for like 15 minutes. I kind of gave up and force-shutdown. Then booting again and firmware upgrades did their own thing and worked well.
If we consider this a risk, then we could use fwupd to warn of firmware updates and let the user know that they should call the admin. I don't know how likely users are to do this, but it's better than no information at all.
Description
Qubes 4.2 now ships with fwupd integration for firmware updates (QubesOS/qubes-issues#4855). Currently a workstation user has to manually perform upgrades, but I wonder if it would be feasible to include in the workstation's launcher. In an initial phase, we could just check that there are firmware updates and inform the user.
How will this impact SecureDrop/SecureDrop Workstation users?
Firmware upgrades require a reboot and it may take longer / show "weird" bios messaging while performing an upgrade, which may confuse some users.
How would this affect the SecureDrop Workstation threat model?
If anything, the automation of firmware updates should reduce some threats. At the same time it potentially exposes the system to other kinds of supply chain attacks in fwupd. A lot of firmware vendors don't provide any kind of signature checks. While I haven't checked how fwupd stores / verifies firmware images and thus my inclination to assume there is some exposure.
On the other hand, non-automated firmware upgrades, means that in practice many won't do them, which also has adverse consequences.
User Stories
As an admin, I don't want to have to manually install firmware upgrades on workstation machines.