incorrectly reporting unencrypted swap

[dagrh]

Describe the bug fwupdmgr security --force says 'Linux swap: Unencrypted' but I'm pretty sure it is. (Maybe it's getting confused by f34 zram??)

Steps to Reproduce fwupdmgr security --force

[root@dgilbert-t580 dgilbert]# cat /proc/swaps Filename Type Size Used Priority /dev/dm-2 partition 16457724 0 -2 /dev/zram0 partition 8388604 0 100

dmsetup info

Name: fedora_dgilbert--t580-swap State: ACTIVE Read Ahead: 256 Tables present: LIVE Open count: 2 Event number: 0 Major, minor: 253, 2 Number of targets: 1 UUID: LVM-kP5olf5Yhcp9Eu1M6wB6qFzHPvqShe02SZVA4tiFRSu22eQuEfnSiCsCRwzdR2AR

[root@dgilbert-t580 dgilbert]# lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT zram0 252:0 0 8G 0 disk [SWAP] nvme0n1 259:0 0 476.9G 0 disk
├─nvme0n1p1 259:1 0 200M 0 part /boot/efi ├─nvme0n1p2 259:2 0 1G 0 part /boot └─nvme0n1p3 259:3 0 475.7G 0 part
└─luks-db06c80d-dd03-4ca7-85e6-e7f848758ff6 253:0 0 475.7G 0 crypt ├─fedora_dgilbert--t580-root 253:1 0 395G 0 lvm / └─fedora_dgilbert--t580-swap 253:2 0 15.7G 0 lvm [SWAP]

Expected behavior it should be happy with my swap

fwupd version information Please provide the version of the daemon and client.

$ fwupdmgr --version
```client version:  1.5.9
compile-time dependency versions
    gusb:   0.3.6

daemon version: 1.5.9

Please note how you installed it (`apt`, `dnf`, `pacman`, source, etc):

fedora 34

**fwupd device information**
Please provide the output of the fwupd devices recognized in your system.

```shell
$ fwupdmgr get-devices --show-all-devices

[root@dgilbert-t580 dgilbert]# fwupdmgr get-devices --show-all-devices 20LAS3NJ0B │ ├─Thunderbolt host controller: │ Device ID: 2de7d8754b9b5fdcc8c2c53b7b166dc0b8198739 │ Summary: Unmatched performance for high-speed I/O │ Current version: 20.00 │ Vendor: Lenovo (THUNDERBOLT:0x0109|TBT:0x0109) │ GUIDs: d0b85dea-a21f-5d1b-a693-55a3cf1bca5e ← THUNDERBOLT\VEN_0109&DEV_1703&REV_00 │ 72021ca5-cd76-5b37-85ca-d39e7184bf77 ← THUNDERBOLT\VEN_0109&DEV_1703 │ 5bed8b5c-e5c2-547b-8806-6603930184ee ← TBT-01091703-native │ f69aca31-6f9e-5b23-93ec-9683b02d66eb ← TBT-01091703-native-controller0-0 │ Device Flags: • Internal device │ • Updatable │ • System requires external power source │ • Supported on remote server │ • Device stages updates │
├─INTEL SSDPEKKF512G8L: │ Device ID: be29aadda98b637d33b6b740ff7b367f61886a31 │ Summary: NVM Express Solid State Drive │ Current version: L08P │ Vendor: Intel Corporation (NVME:0x8086) │ Serial Number: BTHH84330BSU512D │ GUIDs: f91a5c60-8696-539e-9d0a-57d194f74ac4 ← NVME\VEN_8086&DEV_F1A6&SUBSYS_8086390B&REV_03 │ 396fb4fd-7656-564f-88b5-381e83ca30c0 ← NVME\VEN_8086&DEV_F1A6&SUBSYS_8086390B │ 79517f86-8df8-5d6e-a18b-33f0b36a78e9 ← NVME\VEN_8086&DEV_F1A6&REV_03 │ 68db11e5-b0cf-5bc9-a94e-17e28496e505 ← NVME\VEN_8086&DEV_F1A6 │ 87fd9fec-f447-5ec6-a1cd-d55fac0d3d30 ← INTEL SSDPEKKF512G8L │ Device Flags: • Internal device │ • Updatable │ • System requires external power source │ • Needs a reboot after installation │ • Device is usable for the duration of the update │
├─Intel(R) Core™ i7-8650U CPU @ 1.90GHz: │ Device ID: 4bde70ba4e39b28f9eab1628f9dd6e6244c03027 │ Current version: 0x000000e0 │ Vendor: Intel │ GUIDs: b9a2dd81-159e-5537-a7db-e7101d164d3f ← cpu │ 30249f37-d140-5d3e-9319-186b1bd5cac3 ← CPUID\PRO_0&FAM_06 │ 561403e8-143a-5071-ab09-bf5e4c146983 ← CPUID\PRO_0&FAM_06&MOD_8E │ 54bdc429-0179-5019-9cb6-8a343324c97c ← CPUID\PRO_0&FAM_06&MOD_8E&STPA │ Device Flags: • Internal device │
├─System Firmware: │ │ Device ID: facae3f8c9e996531c93d00358a7d5b40d3260f6 │ │ Current version: 65557 │ │ Minimum Version: 1 │ │ Vendor: LENOVO (DMI:LENOVO) │ │ GUIDs: 52dd29cd-24b9-4d60-8a45-e72670901924 │ │ 230c8b18-8d9b-53ec-838b-6cfc0383493a ← main-system-firmware │ │ b4861f44-13de-5b74-826a-36df08a29656 ← UEFI\RES{52DD29CD-24B9-4D60-8A45-E72670901924} │ │ Device Flags: • Internal device │ │ • Updatable │ │ • System requires external power source │ │ • Supported on remote server │ │ • Needs a reboot after installation │ │ • Cryptographic hash verification is available │ │ • Device is usable for the duration of the update │ │ │ └─Intel AMT [unprovisioned]: │ Device ID: e2623122c99d58220498aacbfcfdb1baebbae3c5 │ Summary: Hardware and firmware technology for remote out-of-band management │ Current version: 11.8.70.3626 │ Bootloader Version:11.8.70.3626 │ Vendor: Intel Corporation │ GUID: 2800f812-b7b4-2d4b-aca8-46e0ff65814c │ Device Flags: • Internal device │
├─TPM: │ │ Device ID: c6a80ac3a22083423992a3cb15018989f37834d6 │ │ Current version: 73.4.17568.4452 │ │ Vendor: ST Microelectronics (TPM:STM) │ │ GUIDs: ff71992e-52f7-5eea-94ef-883e56e034c6 ← system-tpm │ │ 84df3581-f896-54d2-bd1a-372602f04c32 ← TPM\VEN_STM&DEV_0001 │ │ bfaed10a-bbc1-525b-a329-35da2f63e918 ← TPM\VENSTM&MOD │ │ 70b7b833-7e1a-550a-a291-b94a12d0f319 ← TPM\VEN_STM&DEV_0001&VER_2.0 │ │ 06f005e9-cb62-5d1a-82d9-13c534c53c48 ← TPM\VENSTM&MOD&VER2.0 │ │ Device Flags: • Internal device │ │ │ └─Event Log: │ Device ID: 58bd405f31c48e6eca290b425f530a94c91e955c │ GUID: a25657fe-b5dc-5be0-8b78-8b9dfec678ff ← system-tpm-eventlog │ Device Flags: • Internal device │
├─UEFI Device Firmware: │ Device ID: b7dd95c2ffb9bc7b710575d6222c9eff415f0921 │ Current version: 3091598890 │ Minimum Version: 1 │ Vendor: DMI:LENOVO │ GUIDs: ae82a157-cc81-419a-88e4-a983a76075db │ a2bca6e6-43f2-5782-af9b-a957ea644511 ← UEFI\RES{AE82A157-CC81-419A-88E4-A983A76075DB} │ Device Flags: • Internal device │ • Updatable │ • System requires external power source │ • Supported on remote server │ • Needs a reboot after installation │ • Device is usable for the duration of the update │
├─UEFI Device Firmware: │ Device ID: 66021d7392bed66cc5f15d3e6802f755ce0f63ad │ Current version: 65541 │ Minimum Version: 65541 │ Vendor: DMI:LENOVO │ GUIDs: 61b58b80-a21a-4185-8913-4bddfc68d6c9 │ bf28414b-fb22-5bd1-abdd-e38762c57231 ← UEFI\RES_{61B58B80-A21A-4185-8913-4BDDFC68D6C9} │ Device Flags: • Internal device │ • Updatable │ • System requires external power source │ • Needs a reboot after installation │ • Device is usable for the duration of the update │
└─UHD Graphics 620: Device ID: 5792b48846ce271fab11c4a545f7a3df0d36e00a Current version: 07 Vendor: Intel Corporation (PCI:0x8086) GUIDs: 6e46bdd6-e93d-5f5a-a22f-9bfe138b3db5 ← PCI\VEN_8086&DEV_5917&SUBSYS_17AA225A&REV_07 6abd5dd1-9f3b-5d12-971c-01eeedc01e1a ← PCI\VEN_8086&DEV_5917&SUBSYS_17AA225A fed2efa4-7045-55a1-b4fc-b29283d59fe5 ← PCI\VEN_8086&DEV_5917&REV_07 8b72a10c-1279-5f8e-a28a-34fb11a58240 ← PCI\VEN_8086&DEV_5917 Device Flags: • Internal device • Cryptographic hash verification is available

---

Devices that have been updated successfully:

• Thunderbolt Controller (14.00 → 20.00) • System Firmware (0.1.18 → 0.1.21) • UEFI Device Firmware (184.55.3510 → 184.70.3626)

Additional questions

• Operating system and version: Fedora 34
• Have you tried rebooting? No
• Is this a regression? Unknown

[hughsie]

TBH, I didn't know you could do swap on LVM.

[dagrh]

I think swap-on-LVM is what you get by default if you ask for an encrypted disk with fedora (I think!). Anyway, it's an easy setup so I think it's a common case.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[PhilippWendler]

I also have swap on LVM on encrypted physical volume, because this is the default setup of Ubuntu if you choose an encrypted disk, and fwupd reports this as unencrypted.

The bot closed this issue because of inactivity, was this really desired? I think recognizing this situation is a legitimate request and I would be glad to see this implemented (or at least changed to report "unknown" if swap is on LVM or so).

[hughsie]

swap on LVM on encrypted physical volume

Could you add support for detecting that to https://github.com/fwupd/fwupd/blob/main/plugins/linux-swap/fu-linux-swap.c ?

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[PhilippWendler]

This bug still exists, can this be left open?

Side note: I find it weird that a bot seems to make the decision which problem won't be fixed. Shouldn't such decisions be made by a person? As a user or bug reporter having an issue closed with "wontfix" by a bot simply because nothing happened feels quite disappointing and certainly does not invite further bug reports / feature requests / etc.

[hughsie]

I find it weird that a bot seems to make the decision which problem won't be fixed.

We're just a few people who contribute to a shared project, it's impossible for us to fix every bug with such limited resources. We need people to submit pull requests with actual code for an open source project to scale effectively. If this is important to you for $WORK then please talk with your Red Hat technical account manager and file a bug in Red Hat bugzilla so it can be prioritized accordingly. I'm sure you could do the same for Canonical or SUSE, or even hire someone from Collabora to write the code if you're unable to do so yourself. Making us feel bad on issues isn't the way to get this functionality added.

[PhilippWendler]

I am not wanting to make anyone feel bad about an open issue, I am very sorry if this was caused by my comment. I also do not want to argue about the importance of this issue.

I just wanted to point out that a bot marking stuff as wontfix automatically may come across as negative for users.

[superm1]

Maybe we need to change what the bot says to more closely align to https://github.com/fwupd/fwupd/issues/3176#issuecomment-1102687554

[hughsie]

What about something like this:

 markComment: >
   This issue has been automatically marked as stale because it has not had
-  recent activity. It will be closed if no further activity occurs. Thank you
-  for your contributions.
+  recent activity. It will be closed if no further activity occurs.
+  Please note: We are just a few people who contribute to a shared project,
+  it's impossible for us to fix every bug with such limited resources.
+  If this is important to you for your business then please talk with your
+  Red Hat, Canonical or SUSE technical account manager and file a bug in
+  bugzilla so it can be prioritized accordingly.
+  You might even consider hiring someone from Collabora to write the code
+  if you're unable to do so yourself.
+

[superm1]

Something like that yes, open a PR and I will give some word smithing advice.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Please note: We are just a few people who contribute to a shared project, and it's impossible for us to fix every bug with such limited resources. If you want to investigate and try to help solve this yourself, we will review all pull requests from new contributors. If this is issue is important to you for your business please talk with your technical account manager about arranging resources to solve this issue. You might even consider hiring someone to write the code if you're unable to do so yourself, e.g. see: https://fwupd.org/lvfs/docs/consulting