Closed kmauleon closed 5 months ago
@VeldoraTheDragon statement from ODM dev as below... the problems are confirmed in the process of updating T16 GEN1 INTEL IFX TPM. I will confirm the problems in SW environment (BIOS/EC/ME/Linux OS/ fwupdmgr version) and Perform an update operation after the machine I get. Check whether the TPM FW itself is a problem~
will feedback again once I get updates from them... thank you very much
@VeldoraTheDragon ODM dev did not replicate the issue
for confirmation may we have similar information from your side... thank you BIOS EC ME Linux OS fwupdmgr --version
The update did still not work @kmauleon :
└─TPM:
│ Device ID: f098ca39a715eccf184c23361aede08540bf345b
│ Summary: UEFI ESRT device
│ Current version: 0.15.21
│ Minimum Version: 0.15.21
│ Vendor: Lenovo (DMI:LENOVO)
│ Update State: Failed
│ Update Error: failed to update to 0: error-unsuccessful
│ GUID: 8d5056e5-7a0a-4bcd-bf92-7d16212b72aa
│ Device Flags: • Internal device
│ • Updatable
│ • System requires external power source
│ • Supported on remote server
│ • Needs a reboot after installation
│ • Device is usable for the duration of the update
fwupdmgr --version
compile com.hughsie.libxmlb 0.3.14
compile org.freedesktop.Passim 0.1.4
compile com.hughsie.libjcat 0.1.14
compile org.freedesktop.fwupd 1.9.8
runtime org.freedesktop.fwupd-efi 1.4
compile org.freedesktop.gusb 0.4.7
runtime org.freedesktop.Passim 0.1.4
runtime org.freedesktop.gusb 0.4.7
runtime com.hughsie.libjcat 0.1.14
runtime org.kernel 6.6.1-arch1-1
runtime org.freedesktop.fwupd 1.9.8
@VeldoraTheDragon please see instructions from ODM owner
Excuse me but the instructions are very unclear (and most likely designated to Ubuntu-based systems).
First; What is "Software & Updates"? I don't have that on Arch. Second; bionic-proposed sounds like something from Ubuntu to me. (Bionic Beaver) Arch is not based on Ubuntu.
Which results further to:
Third; sudo apt-get update
. Arch uses pacman
as it's package manager. So a apt-get update
results to the following:
[root@<hostname> ~]# sudo apt-get update
sudo: apt-get: command not found
Fourth: fwupd is up-to-date with the Arch-Repo:
[root@<hostname> ~]# pacman -Q fwupd
fwupd 1.9.9-1
Fifth: shim-signed
is neither a required dependency of fwupd
, not even listed as optional (see https://archlinux.org/packages/extra/x86_64/fwupd/), nor installed on my system.
Also, shim-signed
is not available in the official repos.
What I can give you, is the output of fwupdmgr get-devices
├─TPM:
│ Device ID: f098ca39a715eccf184c23361aede08540bf345b
│ Summary: UEFI ESRT device
│ Current version: 0.15.21
│ Minimum Version: 0.15.21
│ Vendor: Lenovo (DMI:LENOVO)
│ Update State: Failed
│ Update Error: failed to update to 0: error-unsuccessful
│ GUID: 8d5056e5-7a0a-4bcd-bf92-7d16212b72aa
│ Device Flags: • Internal device
│ • Updatable
│ • System requires external power source
│ • Supported on remote server
│ • Needs a reboot after installation
│ • Device is usable for the duration of the update
However, I think it's the same, I've sent here: https://github.com/fwupd/firmware-lenovo/issues/378#issuecomment-1818736095
Rebooting and installing the firmware didn't do anything. The installation failed like it did before.
@VeldoraTheDragon the owner can't replicate the issue. is it possible to update your BIOS/EC first again. then after successful update please update TPM firmware to latest as well. BTW, please make sure AC adapter is attached and battery is at least 25% for all updates. Thank you very much.
@kmauleon I've updated the BIOS sucessfully. Unfortunately, after trying to update the TPM, it still failed (even after updating the BIOS). Now the only open update is the TPM:
[user@hostname ~]# sudo fwupdmgr get-updates
Devices with no available firmware updates:
• ELAN0684:00 04F3:320C
• Integrated Camera
• Intel Management Engine
• Micron MTFDKBA512TFK
• Prometheus IOTA Config
• U4021QW
• UEFI Device Firmware
• UEFI Device Firmware
• UEFI Device Firmware
• UEFI Device Firmware
• UEFI Device Firmware
• UEFI Device Firmware
• UEFI Device Firmware
• UEFI Device Firmware
• UEFI Device Firmware
• UEFI Device Firmware
• UEFI Device Firmware
• UEFI Device Firmware
• USB4 Retimer
Devices with the latest available firmware version:
• Battery
• Embedded Controller
• Intel Management Engine
• Prometheus
• System Firmware
LENOVO 21BVCTO1WW
│
└─TPM:
│ Device ID: f098ca39a715eccf184c23361aede08540bf345b
│ Summary: UEFI ESRT device
│ Current version: 0.15.21
│ Minimum Version: 0.15.21
│ Vendor: Lenovo (DMI:LENOVO)
│ Update State: Failed
│ Update Error: failed to update to 0: error-unsuccessful
│ GUID: 8d5056e5-7a0a-4bcd-bf92-7d16212b72aa
│ Device Flags: • Internal device
│ • Updatable
│ • System requires external power source
│ • Supported on remote server
│ • Needs a reboot after installation
│ • Device is usable for the duration of the update
│ Device Requests: • Message
│ • Image
│ • Image (custom)
│
└─ThinkPad T14 Gen3/T16 Gen1 TPM Update:
New version: 0.15.22
Remote ID: lvfs
Release ID: 38455
Summary: Lenovo ThinkPad T14 Gen3/T16 Gen1 Infenion TPM Firmware
License: Proprietary
Size: 1.3 MB
Created: 2022-05-09
Urgency: High
Details: https://pcsupport.lenovo.com/de/en/search?query=N3BCZIFX152216832
Vendor: Lenovo
Release Flags: • Trusted metadata
• Is upgrade
Description:
This stable release fixes the following issues:
• This version tpm firmware fixed security issue
Checksum: aca3da190ce920d6891fc92415c397e106199229b3963358aa6250a6ecffc99d
will ping the owner again... thank you
hi @VeldoraTheDragon another instruction from owner... can you please check... thank you very much!
Please let user check whether Bitlocker Driver Encryption is OFF. If yes, please turn it off before updating TPM FW. The reason for this is that overseas users have opened the Bitlocker Driver Encryption before, resulting in PD firmware has not been updated
Bitlocker Driver Encryption: Control PanelSystem and Security Bitlocker Driver Encryption
Hi @kmauleon We don't use Bitlocker on these devices, since they're running Arch Linux and not Windows.
@VeldoraTheDragon unfortunately TPM owner cannot replicate the issue using Ubuntu system... not sure how can they assist further
closing as can not replicate with ubuntu. no update since jan'24
We also have custom Secure Boot keys enrolled. Unfortunately, I can't use the default keys, that are shipped with my
Lenovo ThinkPad T16 Gen1
, which would result in Arch not booting anymore.Installed Software:
Originally posted by @VeldoraTheDragon in https://github.com/fwupd/firmware-lenovo/issues/353#issuecomment-1628819046