aplanas
commented
3 months ago you mean that the firmware is not updated?
Closed ThePhatLe closed 4 weeks ago
aplanas
commented
3 months ago you mean that the firmware is not updated?
ThePhatLe
commented
3 months ago yes it ant update due the Secure boot is enabled, but shim isn't installed to EFI/aeon/shim.efi it fails and wont update or start update process even on both cases Gnome Software or Terminal
arvidjaar
commented
3 months ago fwupd expects path \EFI\${ID-from-os_release}:
sdbootutil hardcodes \EFI\systemd.
aplanas
commented
3 months ago Is not /EFI/vendor a free form? sdbootutil can choose systemd as vendor. I am searching in the specification to see if we are forced to select os-release
TobiPeterG
commented
3 months ago Doesn't systemd itself install to /EFI/systemd? sdbootutil just copies this behavior. I don't think it's useful by fwupd to assume the path without testing different default paths or having an option to override it.
arvidjaar
commented
3 months ago Is not
/EFI/vendora free form?
Well, it has been established convention for years. At least since grub2 took over. And BTW sdbootutil also supports grub2 and hardcodes \EFI\opensuse which would be wrong as well:
cat > %{buildroot}%{_prefix}/lib/os-release <<EOF
NAME="Aeon"
# VERSION="%{version}%{?betaversion: %{betaversion}}"
ID="aeon"
sdbootutilcan choosesystemdas vendor.
Sure. The question is how any other application becomes aware of it.
an option to override it
So far applications and distributions consistently derived path from /etc/os-release (or from /etc/SuSE-release in the past).
Doesn't systemd itself install to /EFI/systemd?
Does systemd-boot even support Secure Boot with shim natively?
aplanas
commented
3 months ago The arguments are good, but I wonder how we can update sdbootutil without breaking old installations
aplanas
commented
3 months ago Well, it has been established convention for years. At least since grub2 took over. And BTW sdbootutil also supports grub2 and hardcodes \EFI\opensuse which would be wrong as well:
Oh .. btw ... There must be something else. My GRUB2 installation has ID="opensuse-tumbleweed", and the vendor in EFI is "opensuse". Even tho fwupd worked installing the components in "opensuse"
aplanas
commented
3 months ago This something else is ID_LIKE, that is also keep into consideration. What are the ID_LIKE in Aeon?
ThePhatLe
commented
3 months ago NAME="Aeon"
# VERSION="20240812"
ID="aeon"
ID_LIKE="suse opensuse opensuse-tumbleweed opensuse-microos opensuse-aeon microos"
VERSION_ID="20240812"
PRETTY_NAME="Aeon"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:opensuse:aeon:20240812"
BUG_REPORT_URL="https://aeondesktop.org/reportbug"
SUPPORT_URL="https://aeondesktop.org/bugs"
HOME_URL="https://aeondesktop.org/"
DOCUMENTATION_URL="https://en.opensuse.org/Portal:Aeon"
LOGO="distributor-logo-Aeon"Doesn't systemd itself install to /EFI/systemd? sdbootutil just copies this behavior. I don't think it's useful by fwupd to assume the path without testing different default paths or having an option to override it.
Tobias is right also. Checking [1] seems that the path is fixed, so any bootctl installation will break fwupd
Ideally sdbootutil should disappear, and only bootctl should be used, more in the boot loader installation. I wonder if the proper fix is not in fwupd, as Tobias comment.
[1] https://github.com/systemd/systemd/blob/main/src/boot/bootctl-install.c
aplanas
commented
3 months ago One possible option is to create /EFI/opensuse manually. @ThePhatLe can you create the directory in the ESP and try again the fwupd?
ThePhatLe
commented
3 months ago /EFI/ is on aeon located in /boot/efi/EFI under /EFI/ there is BOOT, Linux, aeon,systemd
in systemd there is shim.efi
where i should create /EFI/opensuse directly in /EFI/
also it is looking shim for EFI/aeon/shim.efi
and shim actually is located in /boot/efi/EFI/systemd
aplanas
commented
3 months ago mkdir /boot/efi/EFI/opensuse
ThePhatLe
commented
3 months ago mkdir /boot/efi/EFI/opensuse
no affect still same no shim for /EFI/aeon/shim.efi since it is located on systemd not aeon
phatle@aeon:~> fwupdmgr update
Devices with no available firmware updates:
• DLL0945:00 04F3:311C
• Fingerprint Sensor
• Internal SPI Controller
• SSD 990 PRO 2TB
• TPM
• UEFI Device Firmware
╔══════════════════════════════════════════════════════════════════════════════╗
║ Upgrade System Firmware from 1.29.0 to 1.31.0? ║
╠══════════════════════════════════════════════════════════════════════════════╣
║ This stable release fixes the following issues: ║
║ ║
║ • This release contains security updates as disclosed in the Dell ║
║ Security Advisories. ║
║ • Fixed the issue where the system does not boot to the Windows operating ║
║ system. This issue occurs when the Dell Keyboard KB555T is connected to the ║
║ system. ║
║ ║
║ XPS 15 9510 must remain plugged into a power source for the duration of the ║
║ update to avoid damage. ║
╚══════════════════════════════════════════════════════════════════════════════╝
Perform operation? [Y|n]: Y
Decompressing… [ ]
Secure boot is enabled, but shim isn't installed to EFI/aeon/shim.efihow EFI/aeon/shim.efi was installed? sdbootutil does not do that
ThePhatLe
commented
3 months ago /EFI/aeon/shim.efi does not excist
everything is automated it is injecting image on aeon
inside aeon i see only 6.10.3-1-default kernel
inside systemd is all
MokManager.efi grub.efi pcrlock.json systemd-bootx64.efi
boot.csv installed_by_sdbootutil shim.efiseems like fwupd is looking somehow wrong path for the shim and thats why it fails
all this i am actually looking inside root using sudo transacttional-update -c shell
aplanas
commented
3 months ago inside aeon i see only 6.10.3-1-default kernel
I think you are confusing the directory? Maybe you are referring to /boot/efi/aeon? This one is irrelevant.
inside systemd is all
MokManager.efi grub.efi pcrlock.json systemd-bootx64.efi boot.csv installed_by_sdbootutil shim.efiseems like fwupd is looking somehow wrong path for the shim and thats why it fails
But if you create /boot/efi/EFI/opensuse, why is searching in /boot/efi/EFI/aeon?. Why requires shim.efi in there?
Can you give me the output of find /boot/efi/EFI? Do you have secure boot enabled?
ThePhatLe
commented
3 months ago secureboot enabled
phatle@aeon:~> find /boot/efi/EFI
/boot/efi/EFI
/boot/efi/EFI/systemd
/boot/efi/EFI/systemd/MokManager.efi
/boot/efi/EFI/systemd/shim.efi
/boot/efi/EFI/systemd/grub.efi
/boot/efi/EFI/systemd/boot.csv
/boot/efi/EFI/systemd/installed_by_sdbootutil
/boot/efi/EFI/systemd/pcrlock.json
/boot/efi/EFI/systemd/systemd-bootx64.efi
/boot/efi/EFI/BOOT
/boot/efi/EFI/BOOT/MokManager.efi
/boot/efi/EFI/BOOT/fallback.efi
/boot/efi/EFI/BOOT/BOOTX64.EFI
/boot/efi/EFI/Linux
/boot/efi/EFI/aeon
/boot/efi/EFI/aeon/fw
/boot/efi/EFI/aeon/fw/fwupd-6e106831-11dd-4c1b-b22b-526d6f78683c.capBut if you create /boot/efi/EFI/opensuse, why is searching in /boot/efi/EFI/aeon?. Why requires shim.efi in there?
no idea that is just output it says when trying to update firmware
aplanas
commented
3 months ago Aha ... seems that /boot/efi/EFI/opensuse was not created.
I asked also about secure boot. You can try: mokutil --sb-state
ThePhatLe
commented
3 months ago Aha ... seems that /boot/efi/EFI/opensuse was not created.
i created that manually and try again update no affect so i removed it
mokutil --sb-state
phatle@aeon:~> mokutil --sb-state
SecureBoot enabledBut if you create /boot/efi/EFI/opensuse, why is searching in /boot/efi/EFI/aeon?. Why requires shim.efi in there?
Because fwupd expects bootloader related files to be in \EFI\${ID-from-os-release} (it will also search through ID_LIKE as fallback). It is possible to disable check for shim in fwupd, not sure whether it will work though.
aplanas
commented
3 months ago ok this explain the mistery. For now copy shim.efi and grub.efi from /boot/efi/EFI/systemd/ to /boot/efi/EFI/aeon/
I am still not sure how sdbootutil will help here. For me this is a bug in fwupd
ThePhatLe
commented
3 months ago ok this explain the mistery. For now copy shim.efi and grub.efi from /boot/efi/EFI/systemd/ to /boot/efi/EFI/aeon/
thank you this worked
I am still not sure how sdbootutil will help here. For me this is a bug in fwupd
i agree now it is more fwupd related issue but as for now fix has been just copy those two files to /boot/efi/EFI/aeon fixed
thank you again for all the help
aplanas
commented
3 months ago But if you create /boot/efi/EFI/opensuse, why is searching in /boot/efi/EFI/aeon?. Why requires shim.efi in there?
Because
fwupdexpects bootloader related files to be in\EFI\${ID-from-os-release}(it will also search throughID_LIKEas fallback). It is possible to disable check forshiminfwupd, not sure whether it will work though.
No, the answer was that secure boot was enabled, /boot/efi/EFI/aeon was created (?) and /boot/efi/EFI/opensuse was not created. If opensuse was created and secure boot is disabled, then I would expect to work, and if secure boot as enabled the complain should be that /boot/efi/EFI/opensuse/shim.efi was not found.
aplanas
commented
3 months ago How can we follow up? Alternatives are:
bootctl is delivering (/boot/efi/EFI/systemd)Does anyone knows what other distributions that use systemd-boot are using?
cyril279
commented
1 month ago A conversation has been started with fwupd about this.
https://github.com/fwupd/fwupd/issues/7783
Vogtinator
commented
4 weeks ago A conversation has been started with fwupd about this. https://github.com/fwupd/fwupd/issues/7783
A fix was merged so I think this can be closed.
today i saw i have updates from Gnome Software to update system firmwae and Gnome software wont install or restart & install it. Tryied from terminal and getting error