hughsie
commented
2 years ago Can you attach the output of fwupdmgr get-devices please.
Closed arno01 closed 11 months ago
hughsie
commented
2 years ago Can you attach the output of fwupdmgr get-devices please.
hughsie
commented
2 years ago Lenovo specified the PCR0s of af3218af1484c0a9395fbc59a4190a181f6c7582 and a5bc5b90f2b1117ee4c58d2a54a4eeaa0d5c90fe for that firmware and model, but it appears your PCR0 isn't that for some reason. Also, (for Lenovo only) looking at https://fwupd.org/lvfs/components/10953/checksums it appears the PCR0 is not predictable at all -- @mrhpearson is there anything you can discover here? The PCR0 is supposed to be stable for a given system BIOS version...
arno01
commented
2 years ago fwupdmgr get-devices
root@x1gen9:~# fwupdmgr get-devices
20XXS3JC1Q
│
├─Embedded Controller:
│ Device ID: 0dcf00f0d9fd0bb13798a121c27a2832d24e005e
│ Current version: 0.1.31
│ Minimum Version: 0.1.31
│ Vendor: DMI:LENOVO
│ GUIDs: 61b65ccc-0116-4b62-80ed-ec5f089ae523
│ d990bf20-e6c9-5ec7-adb6-876fa0dc613c ← UEFI\RES_{61B65CCC-0116-4B62-80ED-EC5F089AE523}
│ Device Flags: • Internal device
│ • Updatable
│ • System requires external power source
│ • Supported on remote server
│ • Needs a reboot after installation
│ • Device is usable for the duration of the update
│
├─Integrated Camera:
│ Device ID: 3fa281ddf80d8a06b8ee5d8beb48d38ee95a9627
│ Current version: 60.18
│ Vendor: Chicony Electronics Co.,Ltd. (USB:0x04F2)
│ Serial Number: 0001
│ GUIDs: 08f48dd6-d6a2-5b4a-8108-8cdf5d247284 ← USB\VID_04F2&PID_B6EA&REV_6018
│ 30bb6882-12ea-5e20-84a6-29bb797a7b76 ← USB\VID_04F2&PID_B6EA
│ Device Flags: • Updatable
│
├─Intel Management Engine:
│ Device ID: f5ce9130680686e23b90534dbe39aac2f20b1886
│ Current version: 240.23.1706
│ Minimum Version: 0.0.1
│ Vendor: DMI:LENOVO
│ GUIDs: c1b2be54-d7ed-4e24-a577-7c5f32bb7587
│ 1b208050-d03c-513f-9842-c59a40cb61b1 ← UEFI\RES_{C1B2BE54-D7ED-4E24-A577-7C5F32BB7587}
│ Device Flags: • Internal device
│ • Updatable
│ • System requires external power source
│ • Supported on remote server
│ • Needs a reboot after installation
│ • Device is usable for the duration of the update
│
├─Prometheus:
│ Device ID: 0d5d05911800242bb1f35287012cdcbd9b381148
│ Summary: Fingerprint reader
│ Current version: 10.01.3478575
│ Vendor: Synaptics (USB:0x06CB)
│ Install Duration: 2 seconds
│ Serial Number: 30823683517983
│ GUIDs: 896bb9a6-a8be-5727-8a3a-43ca249f6933 ← USB\VID_06CB&PID_00FC&REV_0000
│ 448868f0-e05d-5849-8fc4-b8fa1ec16bf5 ← USB\VID_06CB&PID_00FC
│ Device Flags: • Updatable
│ • Supported on remote server
│ • Cryptographic hash verification is available
│
├─SAMSUNG MZVL2512HCJQ-00BL7:
│ Device ID: 04e17fcf7d3de91da49a163ffe4907855c3648be
│ Summary: NVM Express Solid State Drive
│ Current version: AL2QGXA7
│ Vendor: Samsung Electronics Co Ltd (NVME:0x144D)
│ Serial Number: S64KNF0R326080
│ GUIDs: 4d7a2791-106b-5e72-9cfb-8ea3d89f5421 ← NVME\VEN_144D&DEV_A80A&SUBSYS_144DA801&REV_00
│ 310f81b5-6fce-501e-acfb-487d10501e78 ← NVME\VEN_144D&DEV_A80A&SUBSYS_144DA801
│ 60c89aac-f321-515b-b419-3cf02aa9d375 ← NVME\VEN_144D&DEV_A80A&REV_00
│ bec63ed7-a95f-54fe-b8cc-8e9fee64ba5a ← NVME\VEN_144D&DEV_A80A
│ af35834a-86e9-5d6e-af3b-78ce4a42cf4a ← SAMSUNG MZVL2512HCJQ-00BL7
│ Device Flags: • Internal device
│ • Updatable
│ • System requires external power source
│ • Supported on remote server
│ • Needs a reboot after installation
│ • Device is usable for the duration of the update
│
├─System Firmware:
│ │ Device ID: dcd4118aa968110eaae58bf95432c9736be3a74e
│ │ Current version: 0.1.51
│ │ Minimum Version: 0.1.39
│ │ Vendor: LENOVO (DMI:LENOVO)
│ │ GUIDs: 14f3350e-cf63-4e68-a0d9-0af1d5389a17
│ │ 230c8b18-8d9b-53ec-838b-6cfc0383493a ← main-system-firmware
│ │ 59a02609-1196-5aae-8f0b-bc8d5757a603 ← UEFI\RES_{14F3350E-CF63-4E68-A0D9-0AF1D5389A17}
│ │ Device Flags: • Internal device
│ │ • Updatable
│ │ • System requires external power source
│ │ • Supported on remote server
│ │ • Needs a reboot after installation
│ │ • Cryptographic hash verification is available
│ │ • Device is usable for the duration of the update
│ │
│ └─UEFI dbx:
│ Device ID: 362301da643102b9f38477387e2193e57abaa590
│ Summary: UEFI Revocation Database
│ Current version: 267
│ Minimum Version: 267
│ Vendor: UEFI:Linux Foundation
│ Install Duration: 1 second
│ GUIDs: 14503b3d-73ce-5d06-8137-77c68972a341 ← UEFI\CRT_A9087D1044AD18F7A94916D284CBC01827CF23CD8F60B79072C9CAA1FEF4D649
│ 5971a208-da00-5fce-b5f5-1234342f9cf7 ← UEFI\CRT_A9087D1044AD18F7A94916D284CBC01827CF23CD8F60B79072C9CAA1FEF4D649&ARCH_X64
│ c6682ade-b5ec-57c4-b687-676351208742 ← UEFI\CRT_A1117F516A32CEFCBA3F2D1ACE10A87972FD6BBE8FE0D0B996E09E65D802A503
│ f8ba2887-9411-5c36-9cee-88995bb39731 ← UEFI\CRT_A1117F516A32CEFCBA3F2D1ACE10A87972FD6BBE8FE0D0B996E09E65D802A503&ARCH_X64
│ Device Flags: • Internal device
│ • Updatable
│ • Needs a reboot after installation
│
├─UEFI Device Firmware:
│ Device ID: b31d36d75483eb0d4699561f2beccb300f997177
│ Current version: 1509034
│ Vendor: DMI:LENOVO
│ GUIDs: 7716d876-a9a6-4901-aa97-e3baef2813a9
│ 53a6d478-a91d-5ebf-a788-267d86cd808e ← UEFI\RES_{7716D876-A9A6-4901-AA97-E3BAEF2813A9}
│ Device Flags: • Internal device
│ • Updatable
│ • System requires external power source
│ • Needs a reboot after installation
│ • Device is usable for the duration of the update
│
├─UEFI Device Firmware:
│ Device ID: 951659b7b7e5881998be9c8bf806032f121717ea
│ Current version: 1
│ Vendor: DMI:LENOVO
│ GUIDs: 76ca0ad8-4a14-4389-b7e5-fd88791762ad
│ c2e0f0f3-b5df-5db2-af1c-90610dc32b12 ← UEFI\RES_{76CA0AD8-4A14-4389-B7E5-FD88791762AD}
│ Device Flags: • Internal device
│ • Updatable
│ • System requires external power source
│ • Needs a reboot after installation
│ • Device is usable for the duration of the update
│
├─UEFI Device Firmware:
│ Device ID: ac0b52f7899799eb9156fd482b2dc8262b755c89
│ Current version: 16842761
│ Minimum Version: 1
│ Vendor: DMI:LENOVO
│ GUIDs: d115756c-5710-49db-a367-cf59e98db5a0
│ d7b5f2be-e156-50fc-bc8d-68d02ea90fdb ← UEFI\RES_{D115756C-5710-49DB-A367-CF59E98DB5A0}
│ Device Flags: • Internal device
│ • Updatable
│ • System requires external power source
│ • Needs a reboot after installation
│ • Device is usable for the duration of the update
│
├─UEFI Device Firmware:
│ Device ID: 366b468f7a3942aaad8f67a27a8b76dcf0e3af3b
│ Current version: 1409356129
│ Minimum Version: 1
│ Vendor: DMI:LENOVO
│ GUIDs: 11fe9275-9b06-4c8d-853e-c6c61dd05891
│ c73c595a-b009-5eb9-83f4-594867138af2 ← UEFI\RES_{11FE9275-9B06-4C8D-853E-C6C61DD05891}
│ Device Flags: • Internal device
│ • Updatable
│ • System requires external power source
│ • Needs a reboot after installation
│ • Device is usable for the duration of the update
│
├─UEFI Device Firmware:
│ Device ID: 84c3b9112d5830c15a280a5555b60a2fd4926e69
│ Current version: 1.2.22.0
│ Vendor: DMI:LENOVO
│ GUIDs: aa096a98-94e6-479b-92f7-5771f6f2d96f
│ 3edab8fc-a48d-5066-92c4-cbdb22f60cb0 ← UEFI\RES_{AA096A98-94E6-479B-92F7-5771F6F2D96F}
│ Device Flags: • Internal device
│ • Updatable
│ • System requires external power source
│ • Supported on remote server
│ • Needs a reboot after installation
│ • Device is usable for the duration of the update
│
├─UEFI Device Firmware:
│ Device ID: 7b3df58892d71279869e1a3b86b2bbcd0365da33
│ Current version: 1
│ Vendor: DMI:LENOVO
│ GUIDs: 626d93db-2c42-48c3-915a-71f968a81b04
│ e9688c87-579e-59f0-8541-70ac22424169 ← UEFI\RES_{626D93DB-2C42-48C3-915A-71F968A81B04}
│ Device Flags: • Internal device
│ • Updatable
│ • System requires external power source
│ • Needs a reboot after installation
│ • Device is usable for the duration of the update
│
├─UEFI Device Firmware:
│ Device ID: 21b5590c66352fa4eaf2a915004b22d0dd9bf9b1
│ Current version: 0
│ Vendor: DMI:LENOVO
│ GUIDs: 3dd84775-ec79-4ecb-8404-74de030c3f77
│ c646684a-e042-5b7e-b767-ae2d910e4dfd ← UEFI\RES_{3DD84775-EC79-4ECB-8404-74DE030C3F77}
│ Device Flags: • Internal device
│ • Updatable
│ • System requires external power source
│ • Needs a reboot after installation
│ • Device is usable for the duration of the update
│
├─UEFI Device Firmware:
│ Device ID: 280bfd19f3ebb661441c6e47269186598fba2b7c
│ Current version: 1
│ Minimum Version: 1
│ Vendor: DMI:LENOVO
│ GUIDs: 69585d92-b50a-4ad7-b265-2eb1ae066574
│ b8b66c3c-cf18-5678-8475-88601a3dc2f4 ← UEFI\RES_{69585D92-B50A-4AD7-B265-2EB1AE066574}
│ Device Flags: • Internal device
│ • Updatable
│ • System requires external power source
│ • Needs a reboot after installation
│ • Device is usable for the duration of the update
│
├─UEFI Device Firmware:
│ Device ID: d90a8d506a2c5d5891093d6dfc35c9b0536d2a8e
│ Current version: 69145
│ Vendor: DMI:LENOVO
│ GUIDs: 4e88068b-41b2-4e05-893c-db0b43f7d348
│ c90427cb-e5e5-56c9-b056-959c3960fbf2 ← UEFI\RES_{4E88068B-41B2-4E05-893C-DB0B43F7D348}
│ Device Flags: • Internal device
│ • Updatable
│ • System requires external power source
│ • Needs a reboot after installation
│ • Device is usable for the duration of the update
│
└─UEFI Device Firmware:
Device ID: cff90200d7272bbe4f1049501f5383a4b6c1b37b
Current version: 24600
Minimum Version: 1
Vendor: DMI:LENOVO
GUIDs: 0d803ee9-f231-4ad7-9cb8-563bcbe75c13
a59d25e6-7e2d-519b-96a8-3a0d53d28708 ← UEFI\RES_{0D803EE9-F231-4AD7-9CB8-563BCBE75C13}
Device Flags: • Internal device
• Updatable
• System requires external power source
• Needs a reboot after installation
• Device is usable for the duration of the update
root@x1gen9:~# Have just gotten 84c3b9112d5830c15a280a5555b60a2fd4926e69 UEFI device FW update 1.2.22.0 -> 1.2.24.0, after:
root@x1gen9:~# fwupdmgr refresh --force
root@x1gen9:~# fwupdmgr update
# + rebootroot@x1gen9:~# diff -Nur get-devices.1 get-devices.2
--- get-devices.1 2022-02-09 14:51:14.504254782 +0100
+++ get-devices.2 2022-02-09 14:51:28.982925313 +0100
@@ -151,7 +151,8 @@
│
├─UEFI Device Firmware:
│ Device ID: 84c3b9112d5830c15a280a5555b60a2fd4926e69
-│ Current version: 1.2.22.0
+│ Current version: 1.2.24.0
+│ Minimum Version: 0.0.0.1
│ Vendor: DMI:LENOVO
│ GUIDs: aa096a98-94e6-479b-92f7-5771f6f2d96f
│ 3edab8fc-a48d-5066-92c4-cbdb22f60cb0 ← UEFI\RES_{AA096A98-94E6-479B-92F7-5771F6F2D96F}Oh, and the CPU voltage seem to have dropped from 1.0 V down to 0.8 V after the latest fwupdmgr update:
root@x1gen9:~# diff -Nur dmidecode.after.mobo.replacement.plus.fwupd-3rd-run dmidecode.after.mobo.replacement.plus.fwupd-4th-run
--- dmidecode.after.mobo.replacement.plus.fwupd-3rd-run 2022-02-09 14:25:10.272641751 +0100
+++ dmidecode.after.mobo.replacement.plus.fwupd-4th-run 2022-02-09 14:40:28.843897855 +0100
@@ -485,7 +485,7 @@
TM (Thermal monitor supported)
PBE (Pending break enabled)
Version: 11th Gen Intel(R) Core(TM) i7-1185G7 @ 3.00GHz
- Voltage: 1.0 V
+ Voltage: 0.8 V
External Clock: 100 MHz
Max Speed: 3000 MHz
Current Speed: 3000 MHz
@@ -740,7 +740,7 @@
Handle 0x0035, DMI type 219, 106 bytes
OEM-specific Type
Header and Data:
- DB 6A 35 00 01 04 01 45 02 00 A4 06 81 85 38 30
+ DB 6A 35 00 01 04 01 45 02 00 90 06 81 85 3B 30
00 00 00 00 40 00 00 03 1F 00 00 C9 03 40 C4 02
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF 03 00 00 00 80 00 00 00
@@ -863,8 +863,8 @@
Handle 0x0045, DMI type 141, 30 bytes
OEM-specific Type
Header and Data:
- 8D 1E 45 00 54 48 4E 4B 00 00 50 00 00 00 76 2F
- 4E 01 00 00 00 00 06 CE 85 04 00 00 00 00
+ 8D 1E 45 00 54 48 4E 4B 00 00 50 00 00 00 DB 94
+ 4E 01 00 00 00 00 DF DF 85 04 00 00 00 00
Handle 0x0046, DMI type 140, 15 bytes
ThinkPad Embedded Controller ProgramNot sure if that's expected.
hughsie
commented
2 years ago Not sure if that's expected.
¯_(ツ)_/¯
mrhpearson
commented
2 years ago Sorry for the slow reply - inbox got the better of me. I can reproduce the issue and have flagged it to the FW team for investigation. Internal ticket LO-1576 Thanks! Mark
lauaviin
commented
2 years ago mrhpearson Any updates on the issue?
arno01
commented
1 year ago @mrhpearson any updates please?
root@x1:~# fwupdmgr verify
0. Cancel
1. 5792b48846ce271fab11c4a545f7a3df0d36e00a (Alder Lake-P Integrated Graphics Controller)
2. 65a54fb6ce182f0e75edf0e43047d547a0d61f0e (Prometheus)
3. a083ebc5138e5e071ef7270cc9a8280722cc7adf (System Firmware)
Choose device [0-3]: 1
failed to verify Alder Lake-P Integrated Graphics Controller: failed to read firmware: Error reading from file: Input/output error
root@x1:~# fwupdmgr verify
0. Cancel
1. 5792b48846ce271fab11c4a545f7a3df0d36e00a (Alder Lake-P Integrated Graphics Controller)
2. 65a54fb6ce182f0e75edf0e43047d547a0d61f0e (Prometheus)
3. a083ebc5138e5e071ef7270cc9a8280722cc7adf (System Firmware)
Choose device [0-3]: 2
failed to verify Prometheus: No device checksums for 10.01.3478575
root@x1:~# fwupdmgr verify
0. Cancel
1. 5792b48846ce271fab11c4a545f7a3df0d36e00a (Alder Lake-P Integrated Graphics Controller)
2. 65a54fb6ce182f0e75edf0e43047d547a0d61f0e (Prometheus)
3. a083ebc5138e5e071ef7270cc9a8280722cc7adf (System Firmware)
Choose device [0-3]: 3
failed to verify System Firmware: No stored checksums for 0.1.37
root@x1:~# fwupdmgr --version
compile org.freedesktop.fwupd 1.8.12
compile com.hughsie.libxmlb 0.3.10
compile com.hughsie.libjcat 0.1.9
runtime org.freedesktop.fwupd-efi 1.4
compile org.freedesktop.gusb 0.3.10
runtime com.dell.libsmbios 2.4
runtime org.freedesktop.gusb 0.4.5
runtime org.freedesktop.fwupd 1.8.12
runtime org.kernel 6.2.0-26-generic
root@x1:~# dpkg -l fwupd
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-==============-============-============-=================================
ii fwupd 1.8.12-2 amd64 Firmware update daemon
root@x1:~# fwupdmgr get-devices
LENOVO 21CB007WCK
│
├─12th Gen Intel Core™ i7-1260P:
│ Device ID: 4bde70ba4e39b28f9eab1628f9dd6e6244c03027
│ Current version: 0x00000429
│ Vendor: Intel
│ GUIDs: b9a2dd81-159e-5537-a7db-e7101d164d3f ← cpu
│ 30249f37-d140-5d3e-9319-186b1bd5cac3 ← CPUID\PRO_0&FAM_06
│ ab855c04-4ff6-54af-8a8a-d8193daa0cd8 ← CPUID\PRO_0&FAM_06&MOD_9A
│ 3ebbde86-d03e-549a-a8fd-02ebf9aa537a ← CPUID\PRO_0&FAM_06&MOD_9A&STP_3
│ Device Flags: • Internal device
│
├─Alder Lake-P Integrated Graphics Controller:
│ Device ID: 5792b48846ce271fab11c4a545f7a3df0d36e00a
│ Current version: 0c
│ Vendor: Intel Corporation (PCI:0x8086)
│ GUIDs: eaad9970-8e4d-56da-88ab-41a8c1e2811f ← PCI\VEN_8086&DEV_46A6
│ ed0b9458-c2f1-54c5-9063-dea8f75b4039 ← PCI\VEN_8086&DEV_46A6&REV_0C
│ 15bf9dad-22cf-57a8-9ca1-eb3b08e0070e ← PCI\VEN_8086&DEV_46A6&SUBSYS_17AA22E7
│ f9c988f0-e65e-5c87-9045-aa22a751c22f ← PCI\VEN_8086&DEV_46A6&SUBSYS_17AA22E7&REV_0C
│ c4625510-a985-517c-8800-0ecfc6f68c8f ← PCI\VEN_8086&DEV_46A6&REV_00
│ d7a0b6c6-3253-598e-9195-49093094c89a ← PCI\VEN_8086&DEV_46A6&SUBSYS_17AA22E7&REV_00
│ Device Flags: • Internal device
│ • Cryptographic hash verification is available
│
├─Battery:
│ Device ID: 97b6fe9b220c7b9e1a3a1d9f404c00d4fe77ae7e
│ Summary: UEFI ESRT device
│ Current version: 1.9.2
│ Minimum Version: 0.0.1
│ Vendor: Lenovo (DMI:LENOVO)
│ Update State: Success
│ GUID: 25364b56-a8fe-4ef6-b35e-874ae4a83eb4
│ Device Flags: • Internal device
│ • Updatable
│ • System requires external power source
│ • Supported on remote server
│ • Needs a reboot after installation
│ • Device is usable for the duration of the update
│
├─Embedded Controller:
│ Device ID: 632acf4927c0b5fb53519d6beed3b60adb73f1d5
│ Summary: UEFI ESRT device
│ Current version: 0.1.18
│ Minimum Version: 0.1.18
│ Vendor: Lenovo (DMI:LENOVO)
│ Update State: Success
│ GUID: ec01fae4-c67a-42b4-bada-a7c1b9900897
│ Device Flags: • Internal device
│ • Updatable
│ • System requires external power source
│ • Supported on remote server
│ • Needs a reboot after installation
│ • Device is usable for the duration of the update
│
├─Intel Management Engine:
│ Device ID: 2292ae5236790b47884e37cf162dcf23bfcd1c60
│ Summary: UEFI ESRT device
│ Current version: 1.25.1932
│ Vendor: Lenovo (DMI:LENOVO)
│ Update State: Success
│ GUID: 23192307-d667-4bdf-af1a-6059db171246
│ Device Flags: • Internal device
│ • Updatable
│ • System requires external power source
│ • Supported on remote server
│ • Needs a reboot after installation
│ • Device is usable for the duration of the update
│
├─MZVL21T0HCLR-00BL7:
│ Device ID: 04e17fcf7d3de91da49a163ffe4907855c3648be
│ Summary: NVM Express solid state drive
│ Current version: EL2QGXA7
│ Vendor: Samsung (NVME:0x144D)
│ Serial Number: S64PNX0TA26888
│ GUIDs: bec63ed7-a95f-54fe-b8cc-8e9fee64ba5a ← NVME\VEN_144D&DEV_A80A
│ 60c89aac-f321-515b-b419-3cf02aa9d375 ← NVME\VEN_144D&DEV_A80A&REV_00
│ 310f81b5-6fce-501e-acfb-487d10501e78 ← NVME\VEN_144D&DEV_A80A&SUBSYS_144DA801
│ 4d7a2791-106b-5e72-9cfb-8ea3d89f5421 ← NVME\VEN_144D&DEV_A80A&SUBSYS_144DA801&REV_00
│ c0e40d86-e47a-57fe-8ed1-453e6d83a586 ← SAMSUNG MZVL21T0HCLR-00BL7
│ Device Flags: • Internal device
│ • Updatable
│ • System requires external power source
│ • Supported on remote server
│ • Needs a reboot after installation
│ • Device is usable for the duration of the update
│ • Signed Payload
│
├─Prometheus:
│ │ Device ID: 65a54fb6ce182f0e75edf0e43047d547a0d61f0e
│ │ Summary: Fingerprint reader
│ │ Current version: 10.01.3478575
│ │ Vendor: Synaptics (USB:0x06CB)
│ │ Install Duration: 2 seconds
│ │ Serial Number: 25291814075439
│ │ GUIDs: 448868f0-e05d-5849-8fc4-b8fa1ec16bf5 ← USB\VID_06CB&PID_00FC
│ │ 896bb9a6-a8be-5727-8a3a-43ca249f6933 ← USB\VID_06CB&PID_00FC&REV_0000
│ │ Device Flags: • Updatable
│ │ • Supported on remote server
│ │ • Cryptographic hash verification is available
│ │ • Signed Payload
│ │
│ └─Prometheus IOTA Config:
│ Device ID: 2ccad74a4991f166f0c971c0a1ededb9e3f4130b
│ Summary: Fingerprint reader config
│ Current version: 0008
│ Minimum Version: 0008
│ Vendor: Synaptics (USB:0x06CB)
│ GUIDs: 5cfe6094-5ba5-5713-b5a4-bc9d9c0f55df ← USB\VID_06CB&PID_00FC-cfg
│ d9fbfaa0-2fc3-5225-aaf4-6c640029b473 ← USB\VID_06CB&PID_00FC&CFG1_3698&CFG2_0
│ Device Flags: • Updatable
│ • Only version upgrades are allowed
│ • Signed Payload
│
├─System Firmware:
│ │ Device ID: a083ebc5138e5e071ef7270cc9a8280722cc7adf
│ │ Summary: UEFI ESRT device
│ │ Current version: 0.1.37
│ │ Vendor: Lenovo (DMI:LENOVO)
│ │ Update State: Success
│ │ GUIDs: 34d84f45-4685-4019-b7e3-dba67b96ef7d
│ │ 230c8b18-8d9b-53ec-838b-6cfc0383493a ← main-system-firmware
│ │ Device Flags: • Internal device
│ │ • Updatable
│ │ • System requires external power source
│ │ • Supported on remote server
│ │ • Needs a reboot after installation
│ │ • Cryptographic hash verification is available
│ │ • Device is usable for the duration of the update
│ │
│ ├─BootGuard Configuration:
│ │ Device ID: b0d4430dfa6bde9f0c22680df36dbc8c15c80753
│ │ Current version: 01
│ │ Vendor: Intel Corporation (MEI:0x8086)
│ │ GUIDs: dd17041c-09ea-4b17-a271-5b989867ec65
│ │ fccad2fe-62ae-5879-b7a9-4ead7bce50f4 ← MEI\VEN_8086&DEV_51E0
│ │ 4837b81a-56c3-501f-8b4c-1e71882379fe ← MEI\VEN_8086&DEV_51E0&REV_01
│ │ eae67b2f-2bc2-5c4f-8b82-b1b30ad69fff ← MEI\VEN_8086&DEV_51E0&SUBSYS_17AA22E7
│ │ 42b0c9e1-978e-5214-b3a0-8e0919f722c1 ← MEI\VEN_8086&DEV_51E0&SUBSYS_17AA22E7&REV_01
│ │ Device Flags: • Internal device
│ │
│ └─UEFI dbx:
│ Device ID: 362301da643102b9f38477387e2193e57abaa590
│ Summary: UEFI revocation database
│ Current version: 217
│ Minimum Version: 217
│ Vendor: UEFI:Linux Foundation
│ Install Duration: 1 second
│ GUIDs: 14503b3d-73ce-5d06-8137-77c68972a341 ← UEFI\CRT_A9087D1044AD18F7A94916D284CBC01827CF23CD8F60B79072C9CAA1FEF4D649
│ 5971a208-da00-5fce-b5f5-1234342f9cf7 ← UEFI\CRT_A9087D1044AD18F7A94916D284CBC01827CF23CD8F60B79072C9CAA1FEF4D649&ARCH_X64
│ c6682ade-b5ec-57c4-b687-676351208742 ← UEFI\CRT_A1117F516A32CEFCBA3F2D1ACE10A87972FD6BBE8FE0D0B996E09E65D802A503
│ f8ba2887-9411-5c36-9cee-88995bb39731 ← UEFI\CRT_A1117F516A32CEFCBA3F2D1ACE10A87972FD6BBE8FE0D0B996E09E65D802A503&ARCH_X64
│ Device Flags: • Internal device
│ • Updatable
│ • Needs a reboot after installation
│ • Device is usable for the duration of the update
│ • Only version upgrades are allowed
│ • Signed Payload
│
├─TPM:
│ Device ID: c6a80ac3a22083423992a3cb15018989f37834d6
│ Current version: 1.512.0.0
│ Vendor: ST Microelectronics (TPM:STM)
│ GUIDs: ff71992e-52f7-5eea-94ef-883e56e034c6 ← system-tpm
│ 84df3581-f896-54d2-bd1a-372602f04c32 ← TPM\VEN_STM&DEV_0001
│ bfaed10a-bbc1-525b-a329-35da2f63e918 ← TPM\VEN_STM&MOD_
│ 70b7b833-7e1a-550a-a291-b94a12d0f319 ← TPM\VEN_STM&DEV_0001&VER_2.0
│ 06f005e9-cb62-5d1a-82d9-13c534c53c48 ← TPM\VEN_STM&MOD_&VER_2.0
│ Device Flags: • Internal device
│
├─UEFI Device Firmware:
│ Device ID: a45df35ac0e948ee180fe216a5f703f32dda163f
│ Summary: UEFI ESRT device
│ Current version: 70151
│ Vendor: DMI:LENOVO
│ Update State: Success
│ GUID: 4e88068b-41b2-4e05-893c-db0b43f7d348
│ Device Flags: • Internal device
│ • Updatable
│ • System requires external power source
│ • Needs a reboot after installation
│ • Device is usable for the duration of the update
│
├─UEFI Device Firmware:
│ Device ID: 349bb341230b1a86e5effe7dfe4337e1590227bd
│ Summary: UEFI ESRT device
│ Current version: 1
│ Minimum Version: 1
│ Vendor: DMI:LENOVO
│ Update State: Success
│ GUID: 69585d92-b50a-4ad7-b265-2eb1ae066574
│ Device Flags: • Internal device
│ • Updatable
│ • System requires external power source
│ • Needs a reboot after installation
│ • Device is usable for the duration of the update
│
├─UEFI Device Firmware:
│ Device ID: ae1abd099407b1d95698d69b7273f7fed5c6f35c
│ Summary: UEFI ESRT device
│ Current version: 1410863573
│ Minimum Version: 1
│ Vendor: DMI:LENOVO
│ Update State: Success
│ GUID: 04cb082c-77e9-4fd8-8832-94e0bdd2dfce
│ Device Flags: • Internal device
│ • Updatable
│ • System requires external power source
│ • Needs a reboot after installation
│ • Device is usable for the duration of the update
│
├─UEFI Device Firmware:
│ Device ID: 4b78f537b7d3e281a2ecbc83048b8856fb9eb98e
│ Summary: UEFI ESRT device
│ Current version: 1.3.16.0
│ Vendor: Lenovo (DMI:LENOVO)
│ Update State: Success
│ GUID: 7e5534a3-2069-414b-90b6-3e365d2ccd09
│ Device Flags: • Internal device
│ • Updatable
│ • System requires external power source
│ • Supported on remote server
│ • Needs a reboot after installation
│ • Device is usable for the duration of the update
│
├─UEFI Device Firmware:
│ Device ID: 2656b5b7e7c4f91fef1537f93095449cda5fb264
│ Summary: UEFI ESRT device
│ Current version: 66048
│ Minimum Version: 66048
│ Vendor: DMI:LENOVO
│ Update State: Success
│ GUID: dcde6a43-bdd2-4da4-ace7-d005c112bd13
│ Device Flags: • Internal device
│ • Updatable
│ • System requires external power source
│ • Needs a reboot after installation
│ • Device is usable for the duration of the update
│
├─UEFI Device Firmware:
│ Device ID: f95c9218acd12697af946874bfe4239587209232
│ Summary: UEFI ESRT device
│ Current version: 1
│ Vendor: DMI:LENOVO
│ Update State: Success
│ GUID: 76ca0ad8-4a14-4389-b7e5-fd88791762ad
│ Device Flags: • Internal device
│ • Updatable
│ • System requires external power source
│ • Needs a reboot after installation
│ • Device is usable for the duration of the update
│
├─UEFI Device Firmware:
│ Device ID: d96de5c124b60ed6241ebcb6bb2c839cb5580786
│ Summary: UEFI ESRT device
│ Current version: 1
│ Vendor: DMI:LENOVO
│ Update State: Success
│ GUID: 626d93db-2c42-48c3-915a-71f968a81b04
│ Device Flags: • Internal device
│ • Updatable
│ • System requires external power source
│ • Needs a reboot after installation
│ • Device is usable for the duration of the update
│
├─UEFI Device Firmware:
│ Device ID: f37fb01122dd62c773f4e84ec89737e059712d59
│ Summary: UEFI ESRT device
│ Current version: 1
│ Vendor: DMI:LENOVO
│ Update State: Success
│ GUID: 86a885ee-d71e-2ed6-0fc1-9d6ccc9677eb
│ Device Flags: • Internal device
│ • Updatable
│ • System requires external power source
│ • Needs a reboot after installation
│ • Device is usable for the duration of the update
│
├─UEFI Device Firmware:
│ Device ID: 36efb79c255f402f619fa9eb53cd659db51f2a04
│ Summary: UEFI ESRT device
│ Current version: 12713984
│ Minimum Version: 57374
│ Vendor: DMI:LENOVO
│ Update State: Success
│ GUID: 09f77c9f-1c5d-4616-bafb-bbb19f557480
│ Device Flags: • Internal device
│ • Updatable
│ • System requires external power source
│ • Needs a reboot after installation
│ • Device is usable for the duration of the update
│
├─UEFI Device Firmware:
│ Device ID: 11a7fbdd09ce583e58b899660fe10f147fd155a2
│ Summary: UEFI ESRT device
│ Current version: 3552440
│ Vendor: DMI:LENOVO
│ Update State: Success
│ GUID: 6fbaaaff-982b-4b54-aae6-b82c5d89db22
│ Device Flags: • Internal device
│ • Updatable
│ • System requires external power source
│ • Needs a reboot after installation
│ • Device is usable for the duration of the update
│
└─UEFI Device Firmware:
Device ID: 5bfc5b91c18ef8b751d3d052af77b69ebf738038
Summary: UEFI ESRT device
Current version: 18417548
Minimum Version: 1
Vendor: DMI:LENOVO
Update State: Success
GUID: 62036a80-3968-4bf1-ab13-175eabbc4901
Device Flags: • Internal device
• Updatable
• System requires external power source
• Needs a reboot after installation
• Device is usable for the duration of the update
The original issue of the PCR changing got closed and reviewing the above it seems there is something different going on so I have a separate ticket to track that (LO-2605). I can reproduce (and see the same on other platforms)
@hughsie - I haven't dug into what fwupdmgr is actually doing under the hood but given the different failure conditions highlighted above (File IO, no device checksums, no stored checksums) it looks like there might be multiple things going on and I'm guessing the FW team might need some guidelines into what they are missing from the process. Maybe we can take offline?
mrhpearson
commented
1 year ago Under investigation by the FW team. Something changed in the process so PCR0 checksum isn't listed - we're figuring out what and why that was
mrhpearson
commented
1 year ago The conclusion is that using PCR0 is a problem - it includes measurements of FW and the FW can change. For example the ME FW may be updated, and that is measured. Not sure exactly who/why/when the decision of removing PCR0 was made - but I suspect it was related to getting too many tickets where the measurement was incorrect.
Not sure what the answer is - but for now I think this issue has to be closed as effectively the FW team have chosen to not support this feature.
@hughsie - if we should have an offline conversation on how to address this let me know. Especially if I'm missing something critical :)
Describe the question
Got my ThinkPad X1 Carbon Gen 9 mobo replaced due to a faulty charging port. (Common issues with some gen9 models).
Used
fwupdmgr update, worked like a charm!After upgrading FW, decided to check
fwupdmgr verifycommand. It says there are two issues:1) getting
failed to verify System Firmware:2) additionally seeing
failed to verify Prometheus: No device checksums for 10.01.3478575:fwupd version information