UEFI firmware update on Thinkpad P52 reset boot table to default

[rugubara]

Describe the bug Recent update of the UEFI firmware and Intel ME has reset the boot table to the default one. Original boot order:

BootCurrent: 001F
Timeout: 0 seconds
BootOrder: 0000,0018,0019,001A,001B,001C,001D,001E,001F,0020,0021,0022
Boot0000* gentoo    HD(1,GPT,82c9b306-4587-4db0-8695-0f90e1e046e7,0x800,0x82000)/File(\EFI\gentoo\grubx64.efi)
Boot0010  Setup FvFile(721c8b66-426c-4e86-8e99-3457c46ab0b9)
Boot0011  Boot Menu FvFile(126a762d-5758-4fca-8531-201a7f57f850)
Boot0012  Diagnostic Splash Screen  FvFile(a7d8d9a6-6ab0-4aeb-ad9d-163e59a7a380)
Boot0013  Lenovo Diagnostics    FvFile(3f7e615b-0d45-4f80-88dc-26b234958560)
Boot0014  Regulatory Information    FvFile(478c92a0-2622-42b7-a65d-5894169e4d24)
Boot0015  Startup Interrupt Menu    FvFile(f46ee6f4-4785-43a3-923d-7f786c3c8479)
Boot0016  Rescue and Recovery   FvFile(665d3f60-ad3e-4cad-8e26-db46eee9f1b5)
Boot0017  MEBx Hot Key  FvFile(ac6fd56a-3d41-4efd-a1b9-870293811a28)
Boot0018* USB CD    VenMsg(bc7838d2-0f82-4d60-8316-c068ee79d25b,86701296aa5a7848b66cd49dd3ba6a55)
Boot0019* USB FDD   VenMsg(bc7838d2-0f82-4d60-8316-c068ee79d25b,6ff015a28830b543a8b8641009461e49)
Boot001A* NVMe0 VenMsg(bc7838d2-0f82-4d60-8316-c068ee79d25b,001c199932d94c4eae9aa0b6e98eb8a400)
Boot001B* NVMe1 VenMsg(bc7838d2-0f82-4d60-8316-c068ee79d25b,001c199932d94c4eae9aa0b6e98eb8a401)
Boot001C* ATA HDD1  VenMsg(bc7838d2-0f82-4d60-8316-c068ee79d25b,91af625956449f41a7b91f4f892ab0f601)
Boot001D* ATA HDD2  VenMsg(bc7838d2-0f82-4d60-8316-c068ee79d25b,91af625956449f41a7b91f4f892ab0f602)
Boot001E* ATA HDD0  VenMsg(bc7838d2-0f82-4d60-8316-c068ee79d25b,91af625956449f41a7b91f4f892ab0f600)
Boot001F* USB HDD   VenMsg(bc7838d2-0f82-4d60-8316-c068ee79d25b,33e821aaaf33bc4789bd419f88c50803)
Boot0020* PCI LAN   VenMsg(bc7838d2-0f82-4d60-8316-c068ee79d25b,78a84aaf2b2afc4ea79cf5cc8f3d3803)
Boot0021  Other CD  VenMsg(bc7838d2-0f82-4d60-8316-c068ee79d25b,aea2090adfde214e8b3a5e471856a35406)
Boot0022  Other HDD VenMsg(bc7838d2-0f82-4d60-8316-c068ee79d25b,91af625956449f41a7b91f4f892ab0f606)
Boot0023* IDER BOOT CDROM   PciRoot(0x0)/Pci(0x14,0x0)/USB(15,1)
Boot0024* IDER BOOT Floppy  PciRoot(0x0)/Pci(0x14,0x0)/USB(15,0)
Boot0025* ATA HDD   VenMsg(bc7838d2-0f82-4d60-8316-c068ee79d25b,91af625956449f41a7b91f4f892ab0f6)
Boot0026* ATAPI CD  VenMsg(bc7838d2-0f82-4d60-8316-c068ee79d25b,aea2090adfde214e8b3a5e471856a354) 

After update:

BootCurrent: 001F
Timeout: 0 seconds
BootOrder: 0018,0019,001A,001B,001C,001D,001E,001F,0020,0021,0022
Boot0010  Setup FvFile(721c8b66-426c-4e86-8e99-3457c46ab0b9)
Boot0011  Boot Menu FvFile(126a762d-5758-4fca-8531-201a7f57f850)
Boot0012  Diagnostic Splash Screen  FvFile(a7d8d9a6-6ab0-4aeb-ad9d-163e59a7a380)
Boot0013  Lenovo Diagnostics    FvFile(3f7e615b-0d45-4f80-88dc-26b234958560)
Boot0014  Regulatory Information    FvFile(478c92a0-2622-42b7-a65d-5894169e4d24)
Boot0015  Startup Interrupt Menu    FvFile(f46ee6f4-4785-43a3-923d-7f786c3c8479)
Boot0016  Rescue and Recovery   FvFile(665d3f60-ad3e-4cad-8e26-db46eee9f1b5)
Boot0017  MEBx Hot Key  FvFile(ac6fd56a-3d41-4efd-a1b9-870293811a28)
Boot0018* USB CD    VenMsg(bc7838d2-0f82-4d60-8316-c068ee79d25b,86701296aa5a7848b66cd49dd3ba6a55)
Boot0019* USB FDD   VenMsg(bc7838d2-0f82-4d60-8316-c068ee79d25b,6ff015a28830b543a8b8641009461e49)
Boot001A* NVMe0 VenMsg(bc7838d2-0f82-4d60-8316-c068ee79d25b,001c199932d94c4eae9aa0b6e98eb8a400)
Boot001B* NVMe1 VenMsg(bc7838d2-0f82-4d60-8316-c068ee79d25b,001c199932d94c4eae9aa0b6e98eb8a401)
Boot001C* ATA HDD1  VenMsg(bc7838d2-0f82-4d60-8316-c068ee79d25b,91af625956449f41a7b91f4f892ab0f601)
Boot001D* ATA HDD2  VenMsg(bc7838d2-0f82-4d60-8316-c068ee79d25b,91af625956449f41a7b91f4f892ab0f602)
Boot001E* ATA HDD0  VenMsg(bc7838d2-0f82-4d60-8316-c068ee79d25b,91af625956449f41a7b91f4f892ab0f600)
Boot001F* USB HDD   VenMsg(bc7838d2-0f82-4d60-8316-c068ee79d25b,33e821aaaf33bc4789bd419f88c50803)
Boot0020* PCI LAN   VenMsg(bc7838d2-0f82-4d60-8316-c068ee79d25b,78a84aaf2b2afc4ea79cf5cc8f3d3803)
Boot0021  Other CD  VenMsg(bc7838d2-0f82-4d60-8316-c068ee79d25b,aea2090adfde214e8b3a5e471856a35406)
Boot0022  Other HDD VenMsg(bc7838d2-0f82-4d60-8316-c068ee79d25b,91af625956449f41a7b91f4f892ab0f606)
Boot0023* IDER BOOT CDROM   PciRoot(0x0)/Pci(0x14,0x0)/USB(15,1)
Boot0024* IDER BOOT Floppy  PciRoot(0x0)/Pci(0x14,0x0)/USB(15,0)
Boot0025* ATA HDD   VenMsg(bc7838d2-0f82-4d60-8316-c068ee79d25b,91af625956449f41a7b91f4f892ab0f6)
Boot0026* ATAPI CD  VenMsg(bc7838d2-0f82-4d60-8316-c068ee79d25b,aea2090adfde214e8b3a5e471856a354)

Steps to Reproduce fwupdmgr update

Expected behavior The boot order table should remain intact

fwupd version information Please provide the version of the daemon and client.

PF16W6Y2 ~ # fwupdmgr --version
client version:1.7.4
compile-time dependency versions

daemon version:1.7.4

Installed via emerge - package management tool of Gentoo

fwupd device information Please provide the output of the fwupd devices recognized in your system.

PF16W6Y2 ~ # fwupdmgr get-devices --show-all-devices
20M90019RT
│
├─Core™ i7-8850H CPU @ 2.60GHz:
│     Device ID:          4bde70ba4e39b28f9eab1628f9dd6e6244c03027
│     Current version:    0x000000ec
│     Vendor:             Intel
│     GUIDs:              b9a2dd81-159e-5537-a7db-e7101d164d3f ← cpu
│                         30249f37-d140-5d3e-9319-186b1bd5cac3 ← CPUID\PRO_0&FAM_06
│                         809a0b93-8a12-5338-a571-ad5583acf896 ← CPUID\PRO_0&FAM_06&MOD_9E
│                         72ec2ff3-49ff-5ec2-bdbb-525badd47543 ← CPUID\PRO_0&FAM_06&MOD_9E&STP_A
│     Device Flags:       • Internal device
│
├─Embedded Controller:
│     Device ID:          2292ae5236790b47884e37cf162dcf23bfcd1c60
│     Summary:            UEFI ESRT device
│     Current version:    0.1.16
│     Minimum Version:    0.1.16
│     Vendor:             Lenovo (DMI:LENOVO)
│     Update State:       Success
│     GUIDs:              88b8ba7e-296b-4f9e-929f-dcc19318dbcf
│                         629122db-a18d-5770-a3f3-1e3d42907f7c ← UEFI\RES_{88B8BA7E-296B-4F9E-929F-DCC19318DBCF}
│     Device Flags:       • Internal device
│                         • Updatable
│                         • System requires external power source
│                         • Supported on remote server
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│
├─GP107GLM [Quadro P2000 Mobile]:
│     Device ID:          ce4c74a5188d5b9cdb1e72ed32dad2d313c1c999
│     Current version:    a1
│     Vendor:             NVIDIA Corporation (PCI:0x10DE)
│     GUIDs:              5b054688-b689-5dd0-993b-102add23543a ← PCI\VEN_10DE&DEV_1CBA&SUBSYS_17AA225F&REV_A1
│                         b5dcc529-a180-5fa2-9c4d-e3e1688148c4 ← PCI\VEN_10DE&DEV_1CBA&SUBSYS_17AA225F
│                         bc8f6213-8695-5407-be5d-cd03808d40af ← PCI\VEN_10DE&DEV_1CBA&REV_A1
│                         07633373-c1be-577f-a080-1f9ae17806eb ← PCI\VEN_10DE&DEV_1CBA
│     Device Flags:       • Internal device
│                         • Cryptographic hash verification is available
│
├─Intel Management Engine:
│     Device ID:          349bb341230b1a86e5effe7dfe4337e1590227bd
│     Summary:            UEFI ESRT device
│     Current version:    192.70.1652
│     Minimum Version:    192.70.1652
│     Vendor:             Lenovo (DMI:LENOVO)
│     Update State:       Transient failure
│     Update Error:       boot entry missing; perhaps 'Boot Order Lock' enabled in the BIOS: no 'Linux Firmware Updater' entry found
│     GUIDs:              971682af-21a0-46e3-91c0-825702c2ba70
│                         b892b4fd-841b-5ec5-a700-437299fb233f ← UEFI\RES_{971682AF-21A0-46E3-91C0-825702C2BA70}
│     Device Flags:       • Internal device
│                         • Updatable
│                         • System requires external power source
│                         • Supported on remote server
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│
├─MZVLB512HAJQ-000L7:
│     Device ID:          c6a0cfba7c7d81e253fce571e1d1e9f6003ae1c7
│     Summary:            NVM Express solid state drive
│     Current version:    5L2QEXA7
│     Vendor:             Samsung (NVME:0x144D)
│     Serial Number:      S3TNNF1K635499
│     GUIDs:              0b4d773a-7ac3-58c1-a541-e22ef1cdfe02 ← NVME\VEN_144D&DEV_A808&SUBSYS_144DA801&REV_00
│                         c9d531ea-ee7d-5562-8def-c64d0d144813 ← NVME\VEN_144D&DEV_A808&SUBSYS_144DA801
│                         6e54c992-d302-59ab-b454-2d26ddd63e6d ← NVME\VEN_144D&DEV_A808&REV_00
│                         47335265-a509-51f7-841e-1c94911af66b ← NVME\VEN_144D&DEV_A808
│                         79d6cfae-a5a2-5936-9248-5aebd23480f7 ← SAMSUNG MZVLB512HAJQ-000L7
│     Device Flags:       • Internal device
│                         • Updatable
│                         • System requires external power source
│                         • Supported on remote server
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│
├─SSD 970 EVO 2TB:
│     Device ID:          03281da317dccd2b18de2bd1cc70a782df40ed7e
│     Summary:            NVM Express solid state drive
│     Current version:    1B2QEXE7
│     Vendor:             Samsung (NVME:0x144D)
│     Serial Number:      S464NB0K704432V
│     GUIDs:              0b4d773a-7ac3-58c1-a541-e22ef1cdfe02 ← NVME\VEN_144D&DEV_A808&SUBSYS_144DA801&REV_00
│                         c9d531ea-ee7d-5562-8def-c64d0d144813 ← NVME\VEN_144D&DEV_A808&SUBSYS_144DA801
│                         6e54c992-d302-59ab-b454-2d26ddd63e6d ← NVME\VEN_144D&DEV_A808&REV_00
│                         47335265-a509-51f7-841e-1c94911af66b ← NVME\VEN_144D&DEV_A808
│                         4494b540-d91c-5ae9-9963-3b0f03e7fe2b ← Samsung SSD 970 EVO 2TB
│     Device Flags:       • Internal device
│                         • Updatable
│                         • System requires external power source
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│
├─System Firmware:
│     Device ID:          a45df35ac0e948ee180fe216a5f703f32dda163f
│     Summary:            UEFI ESRT device
│     Current version:    0.1.44
│     Minimum Version:    0.1.27
│     Vendor:             Lenovo (DMI:LENOVO)
│     Update State:       Success
│     GUIDs:              1e1fe415-74e8-49e1-9508-106b3d13d50d
│                         230c8b18-8d9b-53ec-838b-6cfc0383493a ← main-system-firmware
│                         171800c9-1a51-5fd9-a32b-7b3999cb1c4e ← UEFI\RES_{1E1FE415-74E8-49E1-9508-106B3D13D50D}
│     Device Flags:       • Internal device
│                         • Updatable
│                         • System requires external power source
│                         • Supported on remote server
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│
└─UEFI Device Firmware:
      Device ID:          f95c9218acd12697af946874bfe4239587209232
      Summary:            UEFI ESRT device
      Current version:    4784132
      Minimum Version:    4784132
      Vendor:             DMI:LENOVO
      Update State:       Success
      GUIDs:              22c037d2-4402-452a-aaa6-c0e3f0a1c9ea
                          fe52a43e-5287-515e-b7ce-2f8dc85d8bbd ← UEFI\RES_{22C037D2-4402-452A-AAA6-C0E3F0A1C9EA}
      Device Flags:       • Internal device
                          • Updatable
                          • System requires external power source
                          • Needs a reboot after installation
                          • Device is usable for the duration of the update

System UEFI configuration Please provide the output of the following commands:

BootCurrent: 0000
Timeout: 0 seconds
BootOrder: 0000,0018,0019,001A,001B,001C,001D,001E,001F,0020,0021,0022
Boot0000* gentoo    HD(1,GPT,82c9b306-4587-4db0-8695-0f90e1e046e7,0x800,0x82000)/File(\EFI\gentoo\grubx64.efi)
Boot0010  SetupFvFile(721c8b66-426c-4e86-8e99-3457c46ab0b9)
Boot0011  Boot Menu FvFile(126a762d-5758-4fca-8531-201a7f57f850)
Boot0012  Diagnostic Splash Screen  FvFile(a7d8d9a6-6ab0-4aeb-ad9d-163e59a7a380)
Boot0013  Lenovo Diagnostics    FvFile(3f7e615b-0d45-4f80-88dc-26b234958560)
Boot0014  Regulatory Information    FvFile(478c92a0-2622-42b7-a65d-5894169e4d24)
Boot0015  Startup Interrupt Menu    FvFile(f46ee6f4-4785-43a3-923d-7f786c3c8479)
Boot0016  Rescue and Recovery   FvFile(665d3f60-ad3e-4cad-8e26-db46eee9f1b5)
Boot0017  MEBx Hot Key  FvFile(ac6fd56a-3d41-4efd-a1b9-870293811a28)
Boot0018* USB CD    VenMsg(bc7838d2-0f82-4d60-8316-c068ee79d25b,86701296aa5a7848b66cd49dd3ba6a55)
Boot0019* USB FDD   VenMsg(bc7838d2-0f82-4d60-8316-c068ee79d25b,6ff015a28830b543a8b8641009461e49)
Boot001A* NVMe0VenMsg(bc7838d2-0f82-4d60-8316-c068ee79d25b,001c199932d94c4eae9aa0b6e98eb8a400)
Boot001B* NVMe1VenMsg(bc7838d2-0f82-4d60-8316-c068ee79d25b,001c199932d94c4eae9aa0b6e98eb8a401)
Boot001C* ATA HDD1  VenMsg(bc7838d2-0f82-4d60-8316-c068ee79d25b,91af625956449f41a7b91f4f892ab0f601)
Boot001D* ATA HDD2  VenMsg(bc7838d2-0f82-4d60-8316-c068ee79d25b,91af625956449f41a7b91f4f892ab0f602)
Boot001E* ATA HDD0  VenMsg(bc7838d2-0f82-4d60-8316-c068ee79d25b,91af625956449f41a7b91f4f892ab0f600)
Boot001F* USB HDD   VenMsg(bc7838d2-0f82-4d60-8316-c068ee79d25b,33e821aaaf33bc4789bd419f88c50803)
Boot0020* PCI LAN   VenMsg(bc7838d2-0f82-4d60-8316-c068ee79d25b,78a84aaf2b2afc4ea79cf5cc8f3d3803)
Boot0021  Other CD  VenMsg(bc7838d2-0f82-4d60-8316-c068ee79d25b,aea2090adfde214e8b3a5e471856a35406)
Boot0022  Other HDD VenMsg(bc7838d2-0f82-4d60-8316-c068ee79d25b,91af625956449f41a7b91f4f892ab0f606)
Boot0023* IDER BOOT CDROM   PciRoot(0x0)/Pci(0x14,0x0)/USB(15,1)
Boot0024* IDER BOOT Floppy  PciRoot(0x0)/Pci(0x14,0x0)/USB(15,0)
Boot0025* ATA HDD   VenMsg(bc7838d2-0f82-4d60-8316-c068ee79d25b,91af625956449f41a7b91f4f892ab0f6)
Boot0026* ATAPI CD  VenMsg(bc7838d2-0f82-4d60-8316-c068ee79d25b,aea2090adfde214e8b3a5e471856a354)
PF16W6Y2 ~ #

efivar -l | grep fw
<empty output>

/boot
├── config-5.15.11-gentoo
├── config-5.15.13-gentoo
├── config-5.15.3-rt-rt21
├── config-5.16.0-gentoo
├── config-5.16.1-gentoo
├── config-5.4.129-rt-rt61
├── config-5.4.129-rt-rt61.old
├── efi
│   ├── $RECYCLE.BIN
│   │   └── desktop.ini
│   ├── BOOT
│   │   └── BOOT.SDI
│   ├── EFI
│   │   ├── Boot
│   │   │   ├── bootx64.efi
│   │   │   ├── LenovoBT.EFI
│   │   │   ├── License.txt
│   │   │   └── ReadMe.txt
│   │   └── gentoo
│   │       ├── fw
│   │       │   ├── fwupd-1e1fe415-74e8-49e1-9508-106b3d13d50d.cap
│   │       │   └── fwupd-971682af-21a0-46e3-91c0-825702c2ba70.cap
│   │       ├── fwupdx64.efi
│   │       └── grubx64.efi
│   ├── rdsosreport.txt
│   ├── rdsosreport.zip
│   └── System Volume Information
│       ├── IndexerVolumeGuid
│       └── WPSettings.dat
├── grub
│   ├── fonts
│   │   ├── terminus.pf2
│   │   └── unicode.pf2
│   ├── grub.cfg
│   ├── grubenv
│   ├── locale
│   │   ├── ast.mo
│   │   ├── ca.mo
│   │   ├── da.mo
│   │   ├── de_CH.mo
│   │   ├── de@hebrew.mo
│   │   ├── de.mo
│   │   ├── en@arabic.mo
│   │   ├── en@cyrillic.mo
│   │   ├── en@greek.mo
│   │   ├── en@hebrew.mo
│   │   ├── en@piglatin.mo
│   │   ├── en@quot.mo
│   │   ├── eo.mo
│   │   ├── es.mo
│   │   ├── fi.mo
│   │   ├── fr.mo
│   │   ├── gl.mo
│   │   ├── hr.mo
│   │   ├── hu.mo
│   │   ├── id.mo
│   │   ├── it.mo
│   │   ├── ja.mo
│   │   ├── ko.mo
│   │   ├── lg.mo
│   │   ├── lt.mo
│   │   ├── nb.mo
│   │   ├── nl.mo
│   │   ├── pa.mo
│   │   ├── pl.mo
│   │   ├── pt_BR.mo
│   │   ├── pt.mo
│   │   ├── ro.mo
│   │   ├── ru.mo
│   │   ├── sl.mo
│   │   ├── sr.mo
│   │   ├── sv.mo
│   │   ├── tr.mo
│   │   ├── uk.mo
│   │   ├── vi.mo
│   │   ├── zh_CN.mo
│   │   └── zh_TW.mo
│   ├── themes
│   │   └── starfield
│   │       ├── blob_w.png
│   │       ├── boot_menu_c.png
│   │       ├── boot_menu_e.png
│   │       ├── boot_menu_ne.png
│   │       ├── boot_menu_n.png
│   │       ├── boot_menu_nw.png
│   │       ├── boot_menu_se.png
│   │       ├── boot_menu_s.png
│   │       ├── boot_menu_sw.png
│   │       ├── boot_menu_w.png
│   │       ├── COPYING.CC-BY-SA-3.0
│   │       ├── dejavu_10.pf2
│   │       ├── dejavu_12.pf2
│   │       ├── dejavu_14.pf2
│   │       ├── dejavu_16.pf2
│   │       ├── dejavu_bold_14.pf2
│   │       ├── README
│   │       ├── slider_c.png
│   │       ├── slider_n.png
│   │       ├── slider_s.png
│   │       ├── starfield.png
│   │       ├── terminal_box_c.png
│   │       ├── terminal_box_e.png
│   │       ├── terminal_box_ne.png
│   │       ├── terminal_box_n.png
│   │       ├── terminal_box_nw.png
│   │       ├── terminal_box_se.png
│   │       ├── terminal_box_s.png
│   │       ├── terminal_box_sw.png
│   │       ├── terminal_box_w.png
│   │       └── theme.txt
│   └── x86_64-efi
│       ├── acpi.mod
│       ├── adler32.mod
│       ├── affs.mod
│       ├── afs.mod
│       ├── afsplitter.mod
│       ├── ahci.mod
│       ├── all_video.mod
│       ├── aout.mod
│       ├── appleldr.mod
│       ├── archelp.mod
│       ├── ata.mod
│       ├── at_keyboard.mod
│       ├── backtrace.mod
│       ├── bfs.mod
│       ├── bitmap.mod
│       ├── bitmap_scale.mod
│       ├── blocklist.mod
│       ├── boot.mod
│       ├── bsd.mod
│       ├── bswap_test.mod
│       ├── btrfs.mod
│       ├── bufio.mod
│       ├── cat.mod
│       ├── cbfs.mod
│       ├── cbls.mod
│       ├── cbmemc.mod
│       ├── cbtable.mod
│       ├── cbtime.mod
│       ├── chain.mod
│       ├── cmdline_cat_test.mod
│       ├── cmp.mod
│       ├── cmp_test.mod
│       ├── command.lst
│       ├── configfile.mod
│       ├── core.efi
│       ├── cpio_be.mod
│       ├── cpio.mod
│       ├── cpuid.mod
│       ├── crc64.mod
│       ├── cryptodisk.mod
│       ├── crypto.lst
│       ├── crypto.mod
│       ├── cs5536.mod
│       ├── ctz_test.mod
│       ├── datehook.mod
│       ├── date.mod
│       ├── datetime.mod
│       ├── diskfilter.mod
│       ├── disk.mod
│       ├── div.mod
│       ├── div_test.mod
│       ├── dm_nv.mod
│       ├── echo.mod
│       ├── efifwsetup.mod
│       ├── efi_gop.mod
│       ├── efinet.mod
│       ├── efi_uga.mod
│       ├── ehci.mod
│       ├── elf.mod
│       ├── eval.mod
│       ├── exfat.mod
│       ├── exfctest.mod
│       ├── ext2.mod
│       ├── extcmd.mod
│       ├── f2fs.mod
│       ├── fat.mod
│       ├── file.mod
│       ├── fixvideo.mod
│       ├── font.mod
│       ├── fshelp.mod
│       ├── fs.lst
│       ├── functional_test.mod
│       ├── gcry_arcfour.mod
│       ├── gcry_blowfish.mod
│       ├── gcry_camellia.mod
│       ├── gcry_cast5.mod
│       ├── gcry_crc.mod
│       ├── gcry_des.mod
│       ├── gcry_dsa.mod
│       ├── gcry_idea.mod
│       ├── gcry_md4.mod
│       ├── gcry_md5.mod
│       ├── gcry_rfc2268.mod
│       ├── gcry_rijndael.mod
│       ├── gcry_rmd160.mod
│       ├── gcry_rsa.mod
│       ├── gcry_seed.mod
│       ├── gcry_serpent.mod
│       ├── gcry_sha1.mod
│       ├── gcry_sha256.mod
│       ├── gcry_sha512.mod
│       ├── gcry_tiger.mod
│       ├── gcry_twofish.mod
│       ├── gcry_whirlpool.mod
│       ├── geli.mod
│       ├── gettext.mod
│       ├── gfxmenu.mod
│       ├── gfxterm_background.mod
│       ├── gfxterm_menu.mod
│       ├── gfxterm.mod
│       ├── gptsync.mod
│       ├── grub.efi
│       ├── gzio.mod
│       ├── halt.mod
│       ├── hashsum.mod
│       ├── hdparm.mod
│       ├── hello.mod
│       ├── help.mod
│       ├── hexdump.mod
│       ├── hfs.mod
│       ├── hfspluscomp.mod
│       ├── hfsplus.mod
│       ├── http.mod
│       ├── iorw.mod
│       ├── iso9660.mod
│       ├── jfs.mod
│       ├── jpeg.mod
│       ├── json.mod
│       ├── keylayouts.mod
│       ├── keystatus.mod
│       ├── ldm.mod
│       ├── legacycfg.mod
│       ├── legacy_password_test.mod
│       ├── linux16.mod
│       ├── linux.mod
│       ├── loadbios.mod
│       ├── load.cfg
│       ├── loadenv.mod
│       ├── loopback.mod
│       ├── lsacpi.mod
│       ├── lsefimmap.mod
│       ├── lsefi.mod
│       ├── lsefisystab.mod
│       ├── lsmmap.mod
│       ├── ls.mod
│       ├── lspci.mod
│       ├── lssal.mod
│       ├── luks2.mod
│       ├── luks.mod
│       ├── lvm.mod
│       ├── lzopio.mod
│       ├── macbless.mod
│       ├── macho.mod
│       ├── mdraid09_be.mod
│       ├── mdraid09.mod
│       ├── mdraid1x.mod
│       ├── memdisk.mod
│       ├── memrw.mod
│       ├── minicmd.mod
│       ├── minix2_be.mod
│       ├── minix2.mod
│       ├── minix3_be.mod
│       ├── minix3.mod
│       ├── minix_be.mod
│       ├── minix.mod
│       ├── mmap.mod
│       ├── moddep.lst
│       ├── modinfo.sh
│       ├── morse.mod
│       ├── mpi.mod
│       ├── msdospart.mod
│       ├── mul_test.mod
│       ├── multiboot2.mod
│       ├── multiboot.mod
│       ├── nativedisk.mod
│       ├── net.mod
│       ├── newc.mod
│       ├── nilfs2.mod
│       ├── normal.mod
│       ├── ntfscomp.mod
│       ├── ntfs.mod
│       ├── odc.mod
│       ├── offsetio.mod
│       ├── ohci.mod
│       ├── part_acorn.mod
│       ├── part_amiga.mod
│       ├── part_apple.mod
│       ├── part_bsd.mod
│       ├── part_dfly.mod
│       ├── part_dvh.mod
│       ├── part_gpt.mod
│       ├── partmap.lst
│       ├── part_msdos.mod
│       ├── part_plan.mod
│       ├── part_sun.mod
│       ├── part_sunpc.mod
│       ├── parttool.lst
│       ├── parttool.mod
│       ├── password.mod
│       ├── password_pbkdf2.mod
│       ├── pata.mod
│       ├── pbkdf2.mod
│       ├── pbkdf2_test.mod
│       ├── pcidump.mod
│       ├── pgp.mod
│       ├── play.mod
│       ├── png.mod
│       ├── priority_queue.mod
│       ├── probe.mod
│       ├── procfs.mod
│       ├── progress.mod
│       ├── raid5rec.mod
│       ├── raid6rec.mod
│       ├── random.mod
│       ├── rdmsr.mod
│       ├── read.mod
│       ├── reboot.mod
│       ├── regexp.mod
│       ├── reiserfs.mod
│       ├── relocator.mod
│       ├── romfs.mod
│       ├── scsi.mod
│       ├── search_fs_file.mod
│       ├── search_fs_uuid.mod
│       ├── search_label.mod
│       ├── search.mod
│       ├── serial.mod
│       ├── setjmp.mod
│       ├── setjmp_test.mod
│       ├── setpci.mod
│       ├── sfs.mod
│       ├── shift_test.mod
│       ├── signature_test.mod
│       ├── sleep.mod
│       ├── sleep_test.mod
│       ├── smbios.mod
│       ├── spkmodem.mod
│       ├── squash4.mod
│       ├── strtoull_test.mod
│       ├── syslinuxcfg.mod
│       ├── tar.mod
│       ├── terminal.lst
│       ├── terminal.mod
│       ├── terminfo.mod
│       ├── test_blockarg.mod
│       ├── testload.mod
│       ├── test.mod
│       ├── testspeed.mod
│       ├── tftp.mod
│       ├── tga.mod
│       ├── time.mod
│       ├── tpm.mod
│       ├── trig.mod
│       ├── tr.mod
│       ├── true.mod
│       ├── udf.mod
│       ├── ufs1_be.mod
│       ├── ufs1.mod
│       ├── ufs2.mod
│       ├── uhci.mod
│       ├── usb_keyboard.mod
│       ├── usb.mod
│       ├── usbms.mod
│       ├── usbserial_common.mod
│       ├── usbserial_ftdi.mod
│       ├── usbserial_pl2303.mod
│       ├── usbserial_usbdebug.mod
│       ├── usbtest.mod
│       ├── verify.mod
│       ├── video_bochs.mod
│       ├── video_cirrus.mod
│       ├── video_colors.mod
│       ├── video_fb.mod
│       ├── videoinfo.mod
│       ├── video.lst
│       ├── video.mod
│       ├── videotest_checksum.mod
│       ├── videotest.mod
│       ├── wrmsr.mod
│       ├── xfs.mod
│       ├── xnu.mod
│       ├── xnu_uuid.mod
│       ├── xnu_uuid_test.mod
│       ├── xzio.mod
│       ├── zfscrypt.mod
│       ├── zfsinfo.mod
│       ├── zfs.mod
│       └── zstd.mod
├── initramfs-5.15.11-gentoo.img
├── initramfs-5.15.13-gentoo.img
├── initramfs-5.15.3-rt-rt21.img
├── initramfs-5.16.0-gentoo.img
├── initramfs-5.16.1-gentoo.img
├── initramfs-5.4.129-rt-rt61.img
├── memtest86plus
│   ├── memtest
│   └── memtest.bin
├── System.map-5.15.11-gentoo
├── System.map-5.15.13-gentoo
├── System.map-5.15.3-rt-rt21
├── System.map-5.16.0-gentoo
├── System.map-5.16.1-gentoo
├── System.map-5.4.129-rt-rt61
├── System.map-5.4.129-rt-rt61.old
├── systemrescue.iso
├── vmlinuz-5.15.11-gentoo
├── vmlinuz-5.15.13-gentoo
├── vmlinuz-5.15.3-rt-rt21
├── vmlinuz-5.16.0-gentoo
├── vmlinuz-5.16.1-gentoo
├── vmlinuz-5.4.129-rt-rt61
└── vmlinuz-5.4.129-rt-rt61.old

15 directories, 398 files

Additional questions

• Operating system and version: Gentoo
• Have you tried rebooting?: yes
• Is this a regression?: yes
• Are you using an NVMe disk?: yes
• Is secure boot enabled?: no
• Is this a Lenovo system with 'Boot Order Lock' turned on in the BIOS?: no

[mrhpearson]

Hi, Which FW did you update? And did it update cleanly and with no errors displayed. I can flag this to the FW team, it's not expected behaviour, but I want to make sure they know which update to focus on. Thanks Mark

[rugubara]

I think it was the System firmware on 2022-01-19 0.1.43 to 0.1.44. If I read the history correctly, other updates didn't succeed due to boot entry reset.

PF16W6Y2 /var/tmp/portage/sys-devel/gcc-11.2.1_p20220115/temp # fwupdmgr get-history
20M90019RT
│
├─UEFI Device Firmware:
│ │   Device ID:          0f3c64df11304fc5711ef77a93e3e042e2738907
│ │   Previous version:   0.1.15
│ │   Update State:       Success
│ │   Last modified:      2019-12-21 13:21
│ │   GUID:               88b8ba7e-296b-4f9e-929f-dcc19318dbcf
│ │   Device Flags:       • Internal device
│ │                       • Updatable
│ │                       • System requires external power source
│ │                       • Needs a reboot after installation
│ │                       • Reported to remote server
│ │                       • Device is usable for the duration of the update
│ │
│ └─  New version:      0.1.16
│       License:          Unknown
│
├─SAMSUNG MZVLB512HAJQ-000L7:
│ │   Device ID:          c6a0cfba7c7d81e253fce571e1d1e9f6003ae1c7
│ │   Previous version:   4L2QEXA7
│ │   Update State:       Success
│ │   Last modified:      2020-03-14 19:30
│ │   GUID:               6e54c992-d302-59ab-b454-2d26ddd63e6d
│ │   Device Flags:       • Internal device
│ │                       • Updatable
│ │                       • System requires external power source
│ │                       • Needs a reboot after installation
│ │                       • Reported to remote server
│ │                       • Device is usable for the duration of the update
│ │
│ └─  New version:      5L2QEXA7
│       License:          Unknown
│
├─System Firmware:
│ │   Device ID:          65b6a9dc7b7df18bdff003584b51bf21373e3aa6
│ │   Previous version:   0.1.40
│ │   Update State:       Success
│ │   Last modified:      2021-04-27 20:51
│ │   GUID:               1e1fe415-74e8-49e1-9508-106b3d13d50d
│ │   Device Flags:       • Internal device
│ │                       • Updatable
│ │                       • System requires external power source
│ │                       • Supported on remote server
│ │                       • Needs a reboot after installation
│ │                       • Reported to remote server
│ │                       • Cryptographic hash verification is available
│ │                       • Device is usable for the duration of the update
│ │
│ └─  New version:      0.1.41
│       Remote ID:        lvfs
│       License:          Unknown
│
├─Intel Management Engine:
│ │   Device ID:          619057f1d0da67b3fa4e9f74e09fc9218ce32643
│ │   Previous version:   192.70.1652
│ │   Update State:       Failed
│ │   Update Error:       (null)/fwupdx64.efi cannot be found
│ │   Last modified:      2021-06-16 07:08
│ │   GUID:               971682af-21a0-46e3-91c0-825702c2ba70
│ │   Device Flags:       • Internal device
│ │                       • Updatable
│ │                       • System requires external power source
│ │                       • Supported on remote server
│ │                       • Needs a reboot after installation
│ │                       • Reported to remote server
│ │                       • Device is usable for the duration of the update
│ │
│ └─  New version:      192.72.1757
│       Remote ID:        lvfs
│       License:          Unknown
│
├─Intel Management Engine:
│ │   Device ID:          349bb341230b1a86e5effe7dfe4337e1590227bd
│ │   Previous version:   192.70.1652
│ │   Update State:       Transient failure
│ │   Update Error:       boot entry missing; perhaps 'Boot Order Lock' enabled in the BIOS: no 'Linux Firmware Updater' entry found
│ │   Last modified:      2022-01-19 17:52
│ │   GUID:               971682af-21a0-46e3-91c0-825702c2ba70
│ │   Device Flags:       • Internal device
│ │                       • Updatable
│ │                       • System requires external power source
│ │                       • Supported on remote server
│ │                       • Needs a reboot after installation
│ │                       • Device is usable for the duration of the update
│ │
│ └─ThinkPad P52/P72:
│       New version:      192.81.1753
│       Remote ID:        lvfs
│       Release ID:       8841
│       Summary:          Lenovo ThinkPad P52/P72 Corporate ME Firmware
│       License:          Proprietary
│       Size:             12,2 MB
│       Created:          2021-06-07
│       Urgency:          High
│       Details:          https://pcsupport.lenovo.com/de/en/search?query=N2CRM29W
│       Vendor:           Lenovo
│       Flags:            is-upgrade
│       Description:
│       • 0 Intel Platform Update
│
│       Version 12.0.81.1753 (LVFS: 192.81.1753)
│
│       Problem Fixes
│
│       • Intel CSME PSIRT-TA-00459 IPU 2021.1
│       • Mitigated the following security vulnerability under issues
│
└─System Firmware:
  │   Device ID:          a45df35ac0e948ee180fe216a5f703f32dda163f
  │   Previous version:   0.1.43
  │   Update State:       Success
  │   Last modified:      2022-01-19 17:53
  │   GUID:               1e1fe415-74e8-49e1-9508-106b3d13d50d
  │   Device Flags:       • Internal device
  │                       • Updatable
  │                       • System requires external power source
  │                       • Supported on remote server
  │                       • Needs a reboot after installation
  │                       • Reported to remote server
  │                       • Device is usable for the duration of the update
  │
  └─ThinkPad P52/P72:
        New version:      0.1.44
        Remote ID:        lvfs
        Release ID:       10904
        Summary:          Lenovo ThinkPad P52/P72 System Firmware
        License:          Proprietary
        Size:             16,2 MB
        Created:          2021-10-28
        Urgency:          Critical
        Vendor:           Lenovo
        Description:
        Lenovo ThinkPad P52P72 System Firmware Version 1.44

        Important updates:

        • Update includes a security fix.

        New functions or enhancements:

        • Updated the CPU microcode.
        • Updated the Diagnostics module to version 04.18.000.

[mrhpearson]

Feedback from the FW team is the only time they'll be touching the efi variables is if you go into the setup and reset to defaults. Otherwise they shouldn't be touching them. We're trying to reproduce but so far haven't been sucessful

[rugubara]

Another update I installed on my P52, and again the boot entries were reset. i suspected that it might happen and I captured the efibootmgr output just before the update and just after. 20220507.txt

PF16W6Y2 ~ # fwupdmgr get-history
20M90019RT
│
├─UEFI Device Firmware:
│ │   Device ID:          0f3c64df11304fc5711ef77a93e3e042e2738907
│ │   Previous version:   0.1.15
│ │   Update State:       Success
│ │   Last modified:      2019-12-21 13:21
│ │   GUID:               88b8ba7e-296b-4f9e-929f-dcc19318dbcf
│ │   Device Flags:       • Internal device
│ │                       • Updatable
│ │                       • System requires external power source
│ │                       • Needs a reboot after installation
│ │                       • Reported to remote server
│ │                       • Device is usable for the duration of the update
│ │
│ └─  New version:      0.1.16
│       License:          Unknown
│       Description:
│       The vendor did not supply any release notes.
│
├─SAMSUNG MZVLB512HAJQ-000L7:
│ │   Device ID:          c6a0cfba7c7d81e253fce571e1d1e9f6003ae1c7
│ │   Previous version:   4L2QEXA7
│ │   Update State:       Success
│ │   Last modified:      2020-03-14 19:30
│ │   GUID:               6e54c992-d302-59ab-b454-2d26ddd63e6d
│ │   Device Flags:       • Internal device
│ │                       • Updatable
│ │                       • System requires external power source
│ │                       • Needs a reboot after installation
│ │                       • Reported to remote server
│ │                       • Device is usable for the duration of the update
│ │
│ └─  New version:      5L2QEXA7
│       License:          Unknown
│       Description:
│       The vendor did not supply any release notes.
│
├─System Firmware:
│ │   Device ID:          65b6a9dc7b7df18bdff003584b51bf21373e3aa6
│ │   Previous version:   0.1.40
│ │   Update State:       Success
│ │   Last modified:      2021-04-27 20:51
│ │   GUID:               1e1fe415-74e8-49e1-9508-106b3d13d50d
│ │   Device Flags:       • Internal device
│ │                       • Updatable
│ │                       • System requires external power source
│ │                       • Supported on remote server
│ │                       • Needs a reboot after installation
│ │                       • Reported to remote server
│ │                       • Cryptographic hash verification is available
│ │                       • Device is usable for the duration of the update
│ │
│ └─  New version:      0.1.41
│       Remote ID:        lvfs
│       License:          Unknown
│       Description:
│       The vendor did not supply any release notes.
│
├─Intel Management Engine:
│ │   Device ID:          619057f1d0da67b3fa4e9f74e09fc9218ce32643
│ │   Previous version:   192.70.1652
│ │   Update State:       Failed
│ │   Update Error:       (null)/fwupdx64.efi cannot be found
│ │   Last modified:      2021-06-16 07:08
│ │   GUID:               971682af-21a0-46e3-91c0-825702c2ba70
│ │   Device Flags:       • Internal device
│ │                       • Updatable
│ │                       • System requires external power source
│ │                       • Supported on remote server
│ │                       • Needs a reboot after installation
│ │                       • Reported to remote server
│ │                       • Device is usable for the duration of the update
│ │
│ └─  New version:      192.72.1757
│       Remote ID:        lvfs
│       License:          Unknown
│       Description:
│       The vendor did not supply any release notes.
│
├─Intel Management Engine:
│ │   Device ID:          349bb341230b1a86e5effe7dfe4337e1590227bd
│ │   Previous version:   192.70.1652
│ │   Update State:       Transient failure
│ │   Update Error:       boot entry missing; perhaps 'Boot Order Lock' enabled in the BIOS: no 'Linux Firmware Updater' entry found
│ │   Last modified:      2022-05-07 13:35
│ │   GUID:               971682af-21a0-46e3-91c0-825702c2ba70
│ │   Device Flags:       • Internal device
│ │                       • Updatable
│ │                       • System requires external power source
│ │                       • Supported on remote server
│ │                       • Needs a reboot after installation
│ │                       • Device is usable for the duration of the update
│ │
│ └─ThinkPad P52/P72:
│       New version:      192.85.1869
│       Remote ID:        lvfs
│       Release ID:       11618
│       Summary:          Lenovo ThinkPad P52/P72 Corporate ME Firmware
│       License:          Proprietary
│       Size:             12,2 MB
│       Created:          2021-11-10
│       Urgency:          High
│       Details:          https://pcsupport.lenovo.com/de/en/search?query=N2CRG30W
│       Vendor:           Lenovo
│       Release Flags:    • Is upgrade
│       Description:
│       • 0 Intel Platform Update
│
│       Version 12.0.85.1869 (LVFS: 192.85.1869)
│
│       Problem Fixes
│
│       • Intel TA-00575 IPU 2021.2 CSME
│       • Mitigated the following security vulnerability under issues.
│       • Intel TA-00539 IPU 2021.2 CSME
│       • Mitigated the following security vulnerabilities under issues.
│
└─System Firmware:
  │   Device ID:          a45df35ac0e948ee180fe216a5f703f32dda163f
  │   Previous version:   0.1.44
  │   Update State:       Success
  │   Last modified:      2022-05-07 13:38
  │   GUID:               1e1fe415-74e8-49e1-9508-106b3d13d50d
  │   Device Flags:       • Internal device
  │                       • Updatable
  │                       • System requires external power source
  │                       • Supported on remote server
  │                       • Needs a reboot after installation
  │                       • Device is usable for the duration of the update
  │
  └─ThinkPad P52/P72:
        New version:      0.1.46
        Remote ID:        lvfs
        Release ID:       12990
        Summary:          Lenovo ThinkPad P52/P72 System Firmware
        License:          Proprietary
        Size:             16,2 MB
        Created:          2022-03-22
        Urgency:          Critical
        Vendor:           Lenovo
        Description:
        Lenovo ThinkPad P52P72 System Firmware Version 1.46

        New functions or enhancements:

        • Updated the Diagnostics module to version 04.22.000.

        Problem fixes:

        • Fixed an issue where always show "Configuring Thunderbolt Controller..." message on every boot.

[rugubara]

Another update I installed on my P52, and again the boot entries were reset. i suspected that it might happen and I captured the efibootmgr output just before the update and just after. 20220507.txt

PF16W6Y2 ~ # fwupdmgr get-history
20M90019RT
│
├─UEFI Device Firmware:
│ │   Device ID:          0f3c64df11304fc5711ef77a93e3e042e2738907
│ │   Previous version:   0.1.15
│ │   Update State:       Success
│ │   Last modified:      2019-12-21 13:21
│ │   GUID:               88b8ba7e-296b-4f9e-929f-dcc19318dbcf
│ │   Device Flags:       • Internal device
│ │                       • Updatable
│ │                       • System requires external power source
│ │                       • Needs a reboot after installation
│ │                       • Reported to remote server
│ │                       • Device is usable for the duration of the update
│ │
│ └─  New version:      0.1.16
│       License:          Unknown
│       Description:
│       The vendor did not supply any release notes.
│
├─SAMSUNG MZVLB512HAJQ-000L7:
│ │   Device ID:          c6a0cfba7c7d81e253fce571e1d1e9f6003ae1c7
│ │   Previous version:   4L2QEXA7
│ │   Update State:       Success
│ │   Last modified:      2020-03-14 19:30
│ │   GUID:               6e54c992-d302-59ab-b454-2d26ddd63e6d
│ │   Device Flags:       • Internal device
│ │                       • Updatable
│ │                       • System requires external power source
│ │                       • Needs a reboot after installation
│ │                       • Reported to remote server
│ │                       • Device is usable for the duration of the update
│ │
│ └─  New version:      5L2QEXA7
│       License:          Unknown
│       Description:
│       The vendor did not supply any release notes.
│
├─System Firmware:
│ │   Device ID:          65b6a9dc7b7df18bdff003584b51bf21373e3aa6
│ │   Previous version:   0.1.40
│ │   Update State:       Success
│ │   Last modified:      2021-04-27 20:51
│ │   GUID:               1e1fe415-74e8-49e1-9508-106b3d13d50d
│ │   Device Flags:       • Internal device
│ │                       • Updatable
│ │                       • System requires external power source
│ │                       • Supported on remote server
│ │                       • Needs a reboot after installation
│ │                       • Reported to remote server
│ │                       • Cryptographic hash verification is available
│ │                       • Device is usable for the duration of the update
│ │
│ └─  New version:      0.1.41
│       Remote ID:        lvfs
│       License:          Unknown
│       Description:
│       The vendor did not supply any release notes.
│
├─Intel Management Engine:
│ │   Device ID:          619057f1d0da67b3fa4e9f74e09fc9218ce32643
│ │   Previous version:   192.70.1652
│ │   Update State:       Failed
│ │   Update Error:       (null)/fwupdx64.efi cannot be found
│ │   Last modified:      2021-06-16 07:08
│ │   GUID:               971682af-21a0-46e3-91c0-825702c2ba70
│ │   Device Flags:       • Internal device
│ │                       • Updatable
│ │                       • System requires external power source
│ │                       • Supported on remote server
│ │                       • Needs a reboot after installation
│ │                       • Reported to remote server
│ │                       • Device is usable for the duration of the update
│ │
│ └─  New version:      192.72.1757
│       Remote ID:        lvfs
│       License:          Unknown
│       Description:
│       The vendor did not supply any release notes.
│
├─Intel Management Engine:
│ │   Device ID:          349bb341230b1a86e5effe7dfe4337e1590227bd
│ │   Previous version:   192.70.1652
│ │   Update State:       Transient failure
│ │   Update Error:       boot entry missing; perhaps 'Boot Order Lock' enabled in the BIOS: no 'Linux Firmware Updater' entry found
│ │   Last modified:      2022-05-07 13:35
│ │   GUID:               971682af-21a0-46e3-91c0-825702c2ba70
│ │   Device Flags:       • Internal device
│ │                       • Updatable
│ │                       • System requires external power source
│ │                       • Supported on remote server
│ │                       • Needs a reboot after installation
│ │                       • Device is usable for the duration of the update
│ │
│ └─ThinkPad P52/P72:
│       New version:      192.85.1869
│       Remote ID:        lvfs
│       Release ID:       11618
│       Summary:          Lenovo ThinkPad P52/P72 Corporate ME Firmware
│       License:          Proprietary
│       Size:             12,2 MB
│       Created:          2021-11-10
│       Urgency:          High
│       Details:          https://pcsupport.lenovo.com/de/en/search?query=N2CRG30W
│       Vendor:           Lenovo
│       Release Flags:    • Is upgrade
│       Description:
│       • 0 Intel Platform Update
│
│       Version 12.0.85.1869 (LVFS: 192.85.1869)
│
│       Problem Fixes
│
│       • Intel TA-00575 IPU 2021.2 CSME
│       • Mitigated the following security vulnerability under issues.
│       • Intel TA-00539 IPU 2021.2 CSME
│       • Mitigated the following security vulnerabilities under issues.
│
└─System Firmware:
  │   Device ID:          a45df35ac0e948ee180fe216a5f703f32dda163f
  │   Previous version:   0.1.44
  │   Update State:       Success
  │   Last modified:      2022-05-07 13:38
  │   GUID:               1e1fe415-74e8-49e1-9508-106b3d13d50d
  │   Device Flags:       • Internal device
  │                       • Updatable
  │                       • System requires external power source
  │                       • Supported on remote server
  │                       • Needs a reboot after installation
  │                       • Device is usable for the duration of the update
  │
  └─ThinkPad P52/P72:
        New version:      0.1.46
        Remote ID:        lvfs
        Release ID:       12990
        Summary:          Lenovo ThinkPad P52/P72 System Firmware
        License:          Proprietary
        Size:             16,2 MB
        Created:          2022-03-22
        Urgency:          Critical
        Vendor:           Lenovo
        Description:
        Lenovo ThinkPad P52P72 System Firmware Version 1.46

        New functions or enhancements:

        • Updated the Diagnostics module to version 04.22.000.

        Problem fixes:

        • Fixed an issue where always show "Configuring Thunderbolt Controller..." message on every boot.

[mrhpearson]

Thanks for the notes - it does look like your EFI variables are completely wiped, at least that is my guess. I've forwarded the details to the FW team for their comment (as a note for myself, internal ticket LO-1716) LO-1716 In the above you also have some interesting failure logs for the ME update. I've no idea if they're related - but they do stand out.

Can you check you don't have 'Boot Order Lock' enabled in the BIOS - just in case that's responsible.

Thanks Mark

[AndriyKalashnykov]

I have had same behavior i.e. boot table was reset. Now i want to upgrade bios to from 0.1.41 to 0.1.46 and can't afford any downtime. Can anybody provide steps to upgrade BIOS without loosing boot table or how to put it back where it was after the upgrade so i can continue from where i started but with new BIOS?

[mrhpearson]

I followed up with the FW team on this and we can't reproduce and they are adamant that they don't deliberately reset them at any point.

@hughsie - I'm grasping at straws - but I assume we need to update the efiboot variable to run the linux firmware updater on the next boot? e.g from this capture

BootNext: 0001
BootCurrent: 0000
Timeout: 0 seconds
BootOrder: 0000,0018,0019,001A,001B,001C,001D,001E,001F,0020,0021,0022,0001
Boot0000* gentoo    HD(2,GPT,534c523b-b9fa-bb45-b5af-ac06f1a856a0,0x2000800,0xfa000)/File(\EFI\gentoo\grubx64.efi)
Boot0001* Linux-Firmware-Updater    HD(2,GPT,534c523b-b9fa-bb45-b5af-ac06f1a856a0,0x2000800,0xfa000)/File(\EFI\gentoo\fwupdx64.efi)

Something would have gone in and at minimum updated the BootOrder to make entry 0001 the first one? So it's possible that the boot variables were wrong before the updater was called.

Is there any way we can discount OS, fwupdx64 or shim or grub doing something wonky in this area? I don't know the efiboot variable storage well enough - but is it checksummed or something like that?

I agree that BIOS seems like a likely culprit...but they're telling me they don't touch this space (unless the user does something manually) so I'm a bit stuck.

Mark

[jonbrenner]

I can confirm that updating to 1.53, as well as earlier firmware versions, removes my EFI boot entry. I use EFISTUB booting to directly boot a unified kernel image, discounting the idea that an intermediate bootloader could be to blame:

Boot0000* Arch Linux (Secure Boot)  HD(1,GPT,22c1fcf0-d66f-4484-a807-30596dc41360,0x800,0xfa000)/File(Arch\linux-signed.efi)