fwupd / firmware-lenovo

Missing firmware for Lenovo Thinkpad hardware
121 stars 4 forks source link

Cannot update TPM on T16 Gen 1 #378

Closed kmauleon closed 5 months ago

kmauleon commented 11 months ago
          I'm having the exact same issue here:
TPM:
  Device ID:            f098ca39a715eccf184c23361aede08540bf345b
  Previous version:     0.15.21
  Update State:         Failed
  Update Error:         failed to update to 0: error-unsuccessful
  Last modified:        2023-07-10 10:52
  GUID:                 8d5056e5-7a0a-4bcd-bf92-7d16212b72aa
  Device Flags:         • Internal device
                        • Updatable
                        • System requires external power source
                        • Needs a reboot after installation
                        • Device is usable for the duration of the update

We also have custom Secure Boot keys enrolled. Unfortunately, I can't use the default keys, that are shipped with my Lenovo ThinkPad T16 Gen1, which would result in Arch not booting anymore.

Installed Software:

~ pacman -Q fwupd linux 
fwupd 1.9.2-2
linux 6.4.1.arch2-1

Originally posted by @VeldoraTheDragon in https://github.com/fwupd/firmware-lenovo/issues/353#issuecomment-1628819046

kmauleon commented 11 months ago

@VeldoraTheDragon statement from ODM dev as below... the problems are confirmed in the process of updating T16 GEN1 INTEL IFX TPM. I will confirm the problems in SW environment (BIOS/EC/ME/Linux OS/ fwupdmgr version) and Perform an update operation after the machine I get. Check whether the TPM FW itself is a problem~

will feedback again once I get updates from them... thank you very much

kmauleon commented 11 months ago

@VeldoraTheDragon ODM dev did not replicate the issue image image

for confirmation may we have similar information from your side... thank you BIOS EC ME Linux OS fwupdmgr --version

VeldoraTheDragon commented 11 months ago

The update did still not work @kmauleon :

└─TPM:
  │   Device ID:          f098ca39a715eccf184c23361aede08540bf345b
  │   Summary:            UEFI ESRT device
  │   Current version:    0.15.21
  │   Minimum Version:    0.15.21
  │   Vendor:             Lenovo (DMI:LENOVO)
  │   Update State:       Failed
  │   Update Error:       failed to update to 0: error-unsuccessful
  │   GUID:               8d5056e5-7a0a-4bcd-bf92-7d16212b72aa
  │   Device Flags:       • Internal device
  │                       • Updatable
  │                       • System requires external power source
  │                       • Supported on remote server
  │                       • Needs a reboot after installation
  │                       • Device is usable for the duration of the update

fwupdmgr --version

compile   com.hughsie.libxmlb           0.3.14
compile   org.freedesktop.Passim        0.1.4
compile   com.hughsie.libjcat           0.1.14
compile   org.freedesktop.fwupd         1.9.8
runtime   org.freedesktop.fwupd-efi     1.4
compile   org.freedesktop.gusb          0.4.7
runtime   org.freedesktop.Passim        0.1.4
runtime   org.freedesktop.gusb          0.4.7
runtime   com.hughsie.libjcat           0.1.14
runtime   org.kernel                    6.6.1-arch1-1
runtime   org.freedesktop.fwupd         1.9.8
kmauleon commented 11 months ago

@VeldoraTheDragon please see instructions from ODM owner image

VeldoraTheDragon commented 11 months ago

Excuse me but the instructions are very unclear (and most likely designated to Ubuntu-based systems).

First; What is "Software & Updates"? I don't have that on Arch. Second; bionic-proposed sounds like something from Ubuntu to me. (Bionic Beaver) Arch is not based on Ubuntu.

Which results further to: Third; sudo apt-get update. Arch uses pacman as it's package manager. So a apt-get update results to the following:

[root@<hostname> ~]# sudo apt-get update
sudo: apt-get: command not found

Fourth: fwupd is up-to-date with the Arch-Repo:

[root@<hostname> ~]# pacman -Q fwupd
fwupd 1.9.9-1

Fifth: shim-signed is neither a required dependency of fwupd, not even listed as optional (see https://archlinux.org/packages/extra/x86_64/fwupd/), nor installed on my system.

Also, shim-signed is not available in the official repos.

What I can give you, is the output of fwupdmgr get-devices

├─TPM:
│     Device ID:          f098ca39a715eccf184c23361aede08540bf345b
│     Summary:            UEFI ESRT device
│     Current version:    0.15.21
│     Minimum Version:    0.15.21
│     Vendor:             Lenovo (DMI:LENOVO)
│     Update State:       Failed
│     Update Error:       failed to update to 0: error-unsuccessful
│     GUID:               8d5056e5-7a0a-4bcd-bf92-7d16212b72aa
│     Device Flags:       • Internal device
│                         • Updatable
│                         • System requires external power source
│                         • Supported on remote server
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update

However, I think it's the same, I've sent here: https://github.com/fwupd/firmware-lenovo/issues/378#issuecomment-1818736095

Rebooting and installing the firmware didn't do anything. The installation failed like it did before.

kmauleon commented 10 months ago

@VeldoraTheDragon the owner can't replicate the issue. is it possible to update your BIOS/EC first again. then after successful update please update TPM firmware to latest as well. BTW, please make sure AC adapter is attached and battery is at least 25% for all updates. Thank you very much.

VeldoraTheDragon commented 9 months ago

@kmauleon I've updated the BIOS sucessfully. Unfortunately, after trying to update the TPM, it still failed (even after updating the BIOS). Now the only open update is the TPM:

[user@hostname ~]# sudo fwupdmgr get-updates
Devices with no available firmware updates: 
 • ELAN0684:00 04F3:320C
 • Integrated Camera
 • Intel Management Engine
 • Micron MTFDKBA512TFK
 • Prometheus IOTA Config
 • U4021QW
 • UEFI Device Firmware
 • UEFI Device Firmware
 • UEFI Device Firmware
 • UEFI Device Firmware
 • UEFI Device Firmware
 • UEFI Device Firmware
 • UEFI Device Firmware
 • UEFI Device Firmware
 • UEFI Device Firmware
 • UEFI Device Firmware
 • UEFI Device Firmware
 • UEFI Device Firmware
 • USB4 Retimer
Devices with the latest available firmware version:
 • Battery
 • Embedded Controller
 • Intel Management Engine
 • Prometheus
 • System Firmware
LENOVO 21BVCTO1WW
│
└─TPM:
  │   Device ID:          f098ca39a715eccf184c23361aede08540bf345b
  │   Summary:            UEFI ESRT device
  │   Current version:    0.15.21
  │   Minimum Version:    0.15.21
  │   Vendor:             Lenovo (DMI:LENOVO)
  │   Update State:       Failed
  │   Update Error:       failed to update to 0: error-unsuccessful
  │   GUID:               8d5056e5-7a0a-4bcd-bf92-7d16212b72aa
  │   Device Flags:       • Internal device
  │                       • Updatable
  │                       • System requires external power source
  │                       • Supported on remote server
  │                       • Needs a reboot after installation
  │                       • Device is usable for the duration of the update
  │   Device Requests:    • Message
  │                       • Image
  │                       • Image (custom)
  │ 
  └─ThinkPad T14 Gen3/T16 Gen1 TPM Update:
        New version:      0.15.22
        Remote ID:        lvfs
        Release ID:       38455
        Summary:          Lenovo ThinkPad T14 Gen3/T16 Gen1 Infenion TPM Firmware
        License:          Proprietary
        Size:             1.3 MB
        Created:          2022-05-09
        Urgency:          High
        Details:          https://pcsupport.lenovo.com/de/en/search?query=N3BCZIFX152216832
        Vendor:           Lenovo
        Release Flags:    • Trusted metadata
                          • Is upgrade
        Description:      
        This stable release fixes the following issues:

        • This version tpm firmware fixed security issue
        Checksum:         aca3da190ce920d6891fc92415c397e106199229b3963358aa6250a6ecffc99d
kmauleon commented 9 months ago

will ping the owner again... thank you

kmauleon commented 9 months ago

hi @VeldoraTheDragon another instruction from owner... can you please check... thank you very much!

Please let user check whether Bitlocker Driver Encryption is OFF. If yes, please turn it off before updating TPM FW. The reason for this is that overseas users have opened the Bitlocker Driver Encryption before, resulting in PD firmware has not been updated

Bitlocker Driver Encryption: Control PanelSystem and Security Bitlocker Driver Encryption

VeldoraTheDragon commented 9 months ago

Hi @kmauleon We don't use Bitlocker on these devices, since they're running Arch Linux and not Windows.

kmauleon commented 9 months ago

@VeldoraTheDragon unfortunately TPM owner cannot replicate the issue using Ubuntu system... not sure how can they assist further

kmauleon commented 5 months ago

closing as can not replicate with ubuntu. no update since jan'24