pop-os / system76-firmware Goto Github PK
View Code? Open in Web Editor NEWSystem76 Firmware Tool and Daemon
License: GNU General Public License v3.0
system76-firmware's People
Contributors
Stargazers
Watchers
Forkers
0xfinch allonhadaya sodle szydell burntsushi colinbes jcsanyi spastorino bjpbakker hixio-mh phantom217 kali9000 tubbz-alt terceiro jwgarber seanwallawalla-forks cyberflamego blockchainreg fnichol doomed099 davidalphafox orangecms yetimaan demimarie samexnersystem76-firmware's Issues
Fedora dependency requirement feedback
No really an issue, more of a feedback
To compile this to run on fedora 34 an additional dependency of
dbus-devel needs to be installed
after that it had no problem compiling, and was able to update the
fireware/bios on my gazelle(gaze12)
OS error 108: Cannot send after transport endpoint shutdown for thelio-io
Distribution (run cat /etc/os-release):
$ cat /etc/os-release
NAME=Slackware
VERSION="15.0"
ID=slackware
VERSION_ID=15.0
PRETTY_NAME="Slackware 15.0 x86_64"
ANSI_COLOR="0;34"
CPE_NAME="cpe:/o:slackware:slackware_linux:15.0"
HOME_URL="http://slackware.com/"
SUPPORT_URL="http://www.linuxquestions.org/questions/slackware-14/"
BUG_REPORT_URL="http://www.linuxquestions.org/questions/slackware-14/"
VERSION_CODENAME=stable
Related Application and/or Package Version (run apt policy $PACKAGE NAME):
https://github.com/pop-os/system76-firmware.git
Issue/Bug Description:
While running the cli binary I 'm getting the following error:
$ /usr/bin/system76-firmware-cli thelio-io
downloading manifest.json
downloading metadata.json
downloading manifest.json
downloading metadata.json
downloading main.hex
Switching devices to bootloader
"/sys/bus/usb/devices/1-5"
revision: ""
switching to bootloader
system76-firmware: failed to update: Cannot send after transport endpoint shutdown (os error 108)
Steps to reproduce (if you know):
$ git clone https://github.com/pop-os/system76-firmware.git
$ cd system76-firmware
$ make all
$ sudo make install
$ /usr/bin/system76-firmware-cli schedule
$ /usr/bin/system76-firmware-cli thelio-io
Only the last command trigger the issue.
Expected behavior:
Perform the update without error.
Other Notes:
Releases?
Will this project provide Github releases similar to system76-driver? If releases aren't planned, will commits be tagged with version numbers?
Cannot perform system firmware update
Distribution (run cat /etc/os-release):
$ cat /etc/os-release
NAME="Pop!_OS"
VERSION="20.10"
ID=pop
ID_LIKE="ubuntu debian"
PRETTY_NAME="Pop!_OS 20.10"
VERSION_ID="20.10"
HOME_URL="https://pop.system76.com"
SUPPORT_URL="https://support.system76.com"
BUG_REPORT_URL="https://github.com/pop-os/pop/issues"
PRIVACY_POLICY_URL="https://system76.com/privacy"
VERSION_CODENAME=groovy
UBUNTU_CODENAME=groovy
LOGO=distributor-logo-pop-osRelated Application and/or Package Version (run apt policy $PACKAGE NAME):
N/A (not sure if this is applicable)
Issue/Bug Description:
I keep getting notified for a firmware update, but every time I try to schedule an update nothing happens. I get notified again on reboort
Steps to reproduce (if you know):
A. Using Firmware from Settings
B. Using the terminal and following the instruction
# https://support.system76.com/articles/system-firmware/
$ sudo system76-firmware-cli scheduleExpected behavior:
Firmware gets updated and not get notified
Other Notes:
I played around with the system76-firmware-cli and got the following
$ sudo system76-firmware-cli thelio-io
downloading manifest.json
downloading metadata.json
system76-firmware: failed to download: metadata.json not found
Other information
$ neofetch
///////////// carsomyrxp@pop-os
///////////////////// -----------------
///////*767//////////////// OS: Pop!_OS 20.10 x86_64
//////7676767676*////////////// Host: Thelio Mira thelio-mira-r1
/////76767//7676767////////////// Kernel: 5.11.0-7614-generic
/////767676///*76767/////////////// Uptime: 7 mins
///////767676///76767.///7676*/////// Packages: 1982 (dpkg), 9 (flatpak), 4 (snap)
/////////767676//76767///767676//////// Shell: bash 5.0.17
//////////76767676767////76767///////// Resolution: 3440x1440, 3440x1440
///////////76767676//////7676////////// DE: GNOME 3.38.3
////////////,7676,///////767/////////// WM: Mutter
/////////////*7676///////76//////////// WM Theme: Pop
///////////////7676//////////////////// Theme: Pop-dark [GTK2/3]
///////////////7676///767//////////// Icons: Pop [GTK2/3]
//////////////////////'//////////// Terminal: gnome-terminal
//////.7676767676767676767,////// CPU: AMD Ryzen 9 5950X (32) @ 3.400GHz
/////767676767676767676767///// GPU: NVIDIA Quadro RTX 5000
/////////////////////////// Memory: 2627MiB / 128799MiB
/////////////////////
/////////////
thelio-massive-b1 is not included in MODEL_WHITELIST
Distribution (run cat /etc/os-release):
# cat /etc/os-release
NAME=Slackware
VERSION="15.0"
ID=slackware
VERSION_ID=15.0
PRETTY_NAME="Slackware 15.0 x86_64"
ANSI_COLOR="0;34"
CPE_NAME="cpe:/o:slackware:slackware_linux:15.0"
HOME_URL="http://slackware.com/"
SUPPORT_URL="http://www.linuxquestions.org/questions/slackware-14/"
BUG_REPORT_URL="http://www.linuxquestions.org/questions/slackware-14/"
VERSION_CODENAME=stable
# cat /sys/class/dmi/id/product_version
thelio-massive-b1
Related Application and/or Package Version (run apt policy $PACKAGE NAME):
# ls /var/lib/pkgtools/packages/system76-firmware*
/var/lib/pkgtools/packages/system76-firmware-1.0.49-x86_64-1_SBo
Issue/Bug Description:
I noticed that "thelio-massive-b1" is not included in MODEL_WHITELIST in src/lib.rs. Is this intentional?
Steps to reproduce (if you know):
# dbus-send --system --dest=com.system76.FirmwareDaemon --print-reply /com/system76/FirmwareDaemon com.system76.FirmwareDaemon.Bios
Error org.freedesktop.DBus.Error.Failed: product is not in whitelist
Expected behavior:
The "dbus-send" command should not fail with "product is not in whitelist."
Other Notes:
Remove systemd as a dependency
Would it be possible to remove systemd as a dependency from this?
Currently this makes it complicated to install distributions which don't use systemd such as artix linux on system76 laptops.
galp5 and lemp10 firmware fails to download
There are no entries in the list of available firmware files to download:
firmware-list.txt
system76-power daemon is taking too much cpu
Distribution (run cat /etc/os-release):
NAME="Pop!_OS"
VERSION="21.04"
ID=pop
ID_LIKE="ubuntu debian"
PRETTY_NAME="Pop!_OS 21.04"
VERSION_ID="21.04"
HOME_URL="https://pop.system76.com"
SUPPORT_URL="https://support.system76.com"
BUG_REPORT_URL="https://github.com/pop-os/pop/issues"
PRIVACY_POLICY_URL="https://system76.com/privacy"
VERSION_CODENAME=hirsute
UBUNTU_CODENAME=hirsute
LOGO=distributor-logo-pop-os
Related Application and/or Package Version (run apt policy $PACKAGE NAME):
System 76 power daemon
Issue/Bug Description:
Taking 100% cpu
Steps to reproduce (if you know):
I do not know. But one processor is always using 100% of the resources, sometime the fan is way too loud, but I do not know if it is related to this issue.
Expected behavior:
When just the browser is running (without videos webGL applications), the daemon should not take that amount of cpu and the fan should be quiet.
Other Notes:
Manager firmware unavailable
Distribution (run cat /etc/os-release):
NAME="Pop!_OS"
VERSION="22.04 LTS"
ID=pop
ID_LIKE="ubuntu debian"
PRETTY_NAME="Pop!_OS 22.04 LTS"
VERSION_ID="22.04"
HOME_URL="https://pop.system76.com"
SUPPORT_URL="https://support.system76.com"
BUG_REPORT_URL="https://github.com/pop-os/pop/issues"
PRIVACY_POLICY_URL="https://system76.com/privacy"
VERSION_CODENAME=jammy
UBUNTU_CODENAME=jammy
LOGO=distributor-logo-pop-os
Issue/Bug Description:
Probably is my laptop to new (Asus zephyrus g15 2022) but I can't find any firmware available.
Laptop description:
Getting SMBIOS data from sysfs.
SMBIOS 3.4.0 present.Handle 0x0001, DMI type 1, 27 bytes
System Information
Manufacturer: ASUSTeK COMPUTER INC.
Product Name: ROG Zephyrus G15 GA503RS_GA503RS
Version: 1.0
Serial Number: N9NRCX03D14836F
UUID: 657ed70e-86f6-8d42-92f3-54031d3bc4c5
Wake-up Type: Power Switch
SKU Number:
Family: ROG Zephyrus G15
Steps to reproduce (if you know):
Expected behavior:
That some firmware appears (hopefully).
Other Notes:
A separate question, do you have an option to update the kernel or is it all cli?
Error 238 prevents update of Darter Pro
Distribution (run cat /etc/os-release):
Pop!_OS 19.10
Issue/Bug Description:
Running Pop!_OS 19.10 on a Darter Pro with 1.07.04 firmware. All external devices have been disconnected as per System76's instructions.
On starting the firmware update application, I'm able to shut the system and reboot in preparation for the update. On attempting to start the flash write operation to update the firmware, the following error is generated:
GbE Region does not exist.
Error 238: The host CPU does not have write access to the target flash area. To enable write access for this operation you must modify the descriptor settings to give the host access to this region.
Could someone help explain how to modify said descriptor?
"Could not prepare Boot variable: Invalid argument" on lemp10
Distribution (run cat /etc/os-release):
NAME="Pop!_OS"
VERSION="20.10"
ID=pop
ID_LIKE="ubuntu debian"
PRETTY_NAME="Pop!_OS 20.10"
VERSION_ID="20.10"
HOME_URL="https://pop.system76.com"
SUPPORT_URL="https://support.system76.com"
BUG_REPORT_URL="https://github.com/pop-os/pop/issues"
PRIVACY_POLICY_URL="https://system76.com/privacy"
VERSION_CODENAME=groovy
UBUNTU_CODENAME=groovy
LOGO=distributor-logo-pop-os
Related Application and/or Package Version (run apt policy $PACKAGE NAME):
> apt policy efibootmgr
efibootmgr:
Installed: 17-1
Candidate: 17-1
Version table:
*** 17-1 500
500 http://us.archive.ubuntu.com/ubuntu groovy/main amd64 Packages
100 /var/lib/dpkg/status
Issue/Bug Description:
I got a notification about a firmware update. Clicking "reboot and install" failed, giving me this: error in system76-firmware client: calling Schedule method failed: "failed to add boot entry: exit code: 5". I then installed the CLI, and got more detailed output:
> sudo system76-firmware-cli schedule
Automatic transition: 76ec -> 76ec
downloading tail
opening download cache
downloading manifest.json
downloading system76-firmware-update.tar.xz
downloading lemp10_df60b821b2f5c45288098dba9e084aeb79d491d4133f84b73d298155aba6597e.tar.xz
loading changelog.json
Ok("./changelog.json")
Automatic transition: 76ec -> 76ec
"efibootmgr" "--quiet" "--delete-bootnext"
Could not delete BootNext: No such file or directory
"efibootmgr" "--quiet" "--delete-bootnum" "--bootnum" "1776"
Could not delete variable: No such file or directory
removing /boot/efi/system76-firmware-update
extracting system76-firmware-update.tar.xz to /boot/efi/system76-firmware-update.NNDyOTq9kGoV
Ok("./")
Ok("./boot.efi")
Ok("./res/")
Ok("./res/firmware.nsh")
Ok("./res/shell.efi")
Ok("./res/splash.bmp")
extracting lemp10_df60b821b2f5c45288098dba9e084aeb79d491d4133f84b73d298155aba6597e.tar.xz to /boot/efi/system76-firmware-update.NNDyOTq9kGoV/firmware
Ok("./")
Ok("./changelog.json")
Ok("./ec.rom")
Ok("./firmware.rom")
Ok("./fpt.efi")
Ok("./meset.efi")
Ok("./uecflash.efi")
Ok("./usb4-pd.rom")
Ok("./usb4-retimer.rom")
moving /boot/efi/system76-firmware-update.NNDyOTq9kGoV to /boot/efi/system76-firmware-update
/dev/nvme0n1 1
"efibootmgr" "--quiet" "--create-only" "--bootnum" "1776" "--disk" "/dev/nvme0n1" "--part" "1" "--loader" "\\system76-firmware-update\\boot.efi" "--label" "system76-firmware-update"
Could not prepare Boot variable: Invalid argument
system76-firmware: failed to schedule: failed to add boot entry: exit code: 5
Thelio firmware update fails with "oemid mismatch"
Distribution (run cat /etc/os-release):
PRETTY_NAME="Debian GNU/Linux bookworm/sid"
NAME="Debian GNU/Linux"
VERSION_CODENAME=bookworm
ID=debian
Related Application and/or Package Version (run apt policy $PACKAGE NAME):
system76-firmware-cli
Issue/Bug Description:
Scheduling a firmware update on thelio-mira-b2-0 results in q-flash error "oemid mismatch"
Steps to reproduce (if you know):
Run
sudo system76-firmware-cli schedule
sudo systemctl reboot
VID_20230102_140136536.mp4
Expected behavior:
If the firmware cannot be updated, I expected that it would not try to update.
If the firmware can be update, I expect the update to finish normally
Other Notes:
The website https://firmware.system76.com/ has a self-signed certificate rather than a valid SSL certificate
Failure to download if config::CACHE directory doesn't exist
Distribution (run cat /etc/os-release): Pop!_OS 20.10
Related Application and/or Package Version (run apt policy $PACKAGE NAME): 51662f6
Issue/Bug Description: If /var/cache/system76-firmware-daemon does not exist (such as in the current iso), attempting to schedule an update fails after downloading tail but before opening download cache:
pop-os@pop-os:~$ sudo system76-firmware-cli schedule
Automatic transition: 76ec -> 76ec
downloading tail
system76-firmware: failed to download: No such file or directory (os error 2)
After creating the directory with sudo mkdir /var/cache/system76-firmware-daemon, re-running the schedule command works.
Steps to reproduce (if you know):
- Boot from a live disk of Pop!_OS
- Mount the EFI System Partition
- Install
system76-firmware - Attempt to schedule a firmware update
Expected behavior: If this directory doesn't exist, it should either be created, or the process should continue without caching.
Other Notes: Possibly related to #19, which added tail block caching and was merged recently.
Support for updating Thelio Io firmware
Add support for updating Thelio Io firmware.
- The firmware will need to be added to the standard firmware repository for System76 devices, at https://firmware.system76.com/
- Add versioning to Thelio Io firmware - system76/thelio-io-firmware#2
- Hotplugging support in power daemon - pop-os/system76-power#91
- Support in firmware daemon with dbus methods - #12
- Download firmware for Thelio Io when necessary
- Iterate through all available Thelio Io boards and do the following:
- Set the
/sys/bus/usb/drivers/system76-io/*.1/bootloaderfile to 1 - Wait for a device to show up in DFU mode
- Execute the following:
- sudo dfu-programmer atmega32u4 flash main.hex
- sudo dfu-programmer atmega32u4 reset
- Wait for the device to reappear
- Continue with the other devices
- Set the
- Create GUI for interfacing with dbus methods - pop-os/system76-driver#112
Sign release tags
Distribution (run cat /etc/os-release):
N/A
Related Application and/or Package Version (run apt policy $PACKAGE NAME):
N/A
Issue/Bug Description:
The release tags in this repository are not digitally signed. This prevents those who wish to package its contents for their own distributions from verifying the authenticity of those contents.
Steps to reproduce (if you know):
Check the Releases page.
Expected behavior:
Releases are digitally signed by a System76 OpenPGP or OpenSSH key.
Other Notes:
I would like to package this code for Qubes OS, a security-oriented operating system. Since Qubes OS provides protection against e.g. vulnerabilities in the Linux Wi-Fi stack, and Pop! OS does not, dual-booting is not desirable.
Build failed E0433
Distribution (run cat /etc/os-release):
NAME=Slackware
VERSION="14.2"
ID=slackware
VERSION_ID=14.2
PRETTY_NAME="Slackware 14.2 x86_64 (post 14.2 -current)"
ANSI_COLOR="0;34"
CPE_NAME="cpe:/o:slackware:slackware_linux:14.2"
HOME_URL="http://slackware.com/"
SUPPORT_URL="http://www.linuxquestions.org/questions/slackware-14/"
BUG_REPORT_URL="http://www.linuxquestions.org/questions/slackware-14/"
VERSION_CODENAME=current
Related Application and/or Package Version (run apt policy $PACKAGE NAME):
$ rustc -V
rustc 1.52.1 (9bc8c42bb 2021-05-09)
$ cargo -V
cargo 1.52.0 (69767412a 2021-04-21)
Issue/Bug Description:
$ make all
[...]
Compiling synstructure v0.12.4
Compiling proc-macro-error v0.2.6
Compiling tokio-threadpool v0.1.18
Compiling cookie v0.12.0
Compiling publicsuffix v1.5.6
Compiling tokio-reactor v0.1.12
Compiling h2 v0.1.26
Compiling http-body v0.1.0
Compiling tokio-tcp v0.1.4
error[E0433]: failed to resolve: could not find `__rt` in `quote`
--> /root/.cargo/registry/src/github.com-1ecc6299db9ec823/err-derive-0.1.6/src/lib.rs:145:63
|
145 | fn display_body(s: &synstructure::Structure) -> Option<quote::__rt::TokenStream> {
| ^^^^ could not find `__rt` in `quote`
Compiling tokio v0.1.22
error: aborting due to previous error
For more information about this error, try `rustc --explain E0433`.
error: could not compile `err-derive`
To learn more, run the command again with --verbose.
warning: build failed, waiting for other jobs to finish...
error: build failed
Compiling either v1.6.1
Compiling enum_derive v0.1.7
Compiling libdbus-sys v0.2.1
Compiling bitflags v1.2.1
Compiling serde v1.0.126
Compiling err-derive v0.1.6
Compiling failure v0.1.8
Compiling hyper v0.12.36
error[E0433]: failed to resolve: could not find `__rt` in `quote`
--> /root/.cargo/registry/src/github.com-1ecc6299db9ec823/err-derive-0.1.6/src/lib.rs:145:63
|
145 | fn display_body(s: &synstructure::Structure) -> Option<quote::__rt::TokenStream> {
| ^^^^ could not find `__rt` in `quote`
Compiling itertools v0.8.2
error: aborting due to previous error
For more information about this error, try `rustc --explain E0433`.
error: could not compile `err-derive`
To learn more, run the command again with --verbose.
warning: build failed, waiting for other jobs to finish...
error: build failed
make: *** [Makefile:48: target/release/system76-firmware-cli] Error 101
Steps to reproduce (if you know):
Type make all
Expected behavior:
build successful
Other Notes:
systemd-analyze marks the system76-firmware-daemon service as high risk
Distribution:
NAME="Pop!_OS"
VERSION="20.10"
ID=pop
ID_LIKE="ubuntu debian"
PRETTY_NAME="Pop!_OS 20.10"
VERSION_ID="20.10"
HOME_URL="https://pop.system76.com"
SUPPORT_URL="https://support.system76.com"
BUG_REPORT_URL="https://github.com/pop-os/pop/issues"
PRIVACY_POLICY_URL="https://system76.com/privacy"
VERSION_CODENAME=groovy
UBUNTU_CODENAME=groovy
LOGO=distributor-logo-pop-os
Related Application and/or Package Version:
system76-firmware-daemon:
Installed: 1.0.20~1605805932~20.10~3ac2492
Candidate: 1.0.20~1605805932~20.10~3ac2492
Version table:
*** 1.0.20~1605805932~20.10~3ac2492 1001
1001 http://ppa.launchpad.net/system76/pop/ubuntu groovy/main amd64 Packages
100 /var/lib/dpkg/status
Issue/Bug Description:
SystemD Analyze command marks the system76-firmware-daemon service as an "UNSAFE" service with the following output:
NAME DESCRIPTION EXPOSURE
✗ PrivateNetwork= Service has access to the host's network 0.5
✗ User=/DynamicUser= Service runs as root user 0.4
✗ CapabilityBoundingSet=~CAP_SET(UID|GID|PCAP) Service may change UID/GID identities/capabilities 0.3
✗ CapabilityBoundingSet=~CAP_SYS_ADMIN Service has administrator privileges 0.3
✗ CapabilityBoundingSet=~CAP_SYS_PTRACE Service has ptrace() debugging abilities 0.3
✗ RestrictAddressFamilies=~AF_(INET|INET6) Service may allocate Internet sockets 0.3
✗ RestrictNamespaces=~CLONE_NEWUSER Service may create user namespaces 0.3
✗ RestrictAddressFamilies=~… Service may allocate exotic sockets 0.3
✗ CapabilityBoundingSet=~CAP_(CHOWN|FSETID|SETFCAP) Service may change file ownership/access mode/capabilities unrestricted 0.2
✗ CapabilityBoundingSet=~CAP_(DAC_*|FOWNER|IPC_OWNER) Service may override UNIX file/IPC permission checks 0.2
✗ CapabilityBoundingSet=~CAP_NET_ADMIN Service has network configuration privileges 0.2
✗ CapabilityBoundingSet=~CAP_SYS_MODULE Service may load kernel modules 0.2
✗ CapabilityBoundingSet=~CAP_SYS_RAWIO Service has raw I/O access 0.2
✗ CapabilityBoundingSet=~CAP_SYS_TIME Service processes may change the system clock 0.2
✗ DeviceAllow= Service has no device ACL 0.2
✗ IPAddressDeny= Service does not define an IP address allow list 0.2
✓ KeyringMode= Service doesn't share key material with other services
✗ NoNewPrivileges= Service processes may acquire new privileges 0.2
✓ NotifyAccess= Service child processes cannot alter service state
✗ PrivateDevices= Service potentially has access to hardware devices 0.2
✗ PrivateMounts= Service may install system mounts 0.2
✗ PrivateTmp= Service has access to other software's temporary files 0.2
✗ PrivateUsers= Service has access to other users 0.2
✗ ProtectClock= Service may write to the hardware clock or system clock 0.2
✗ ProtectControlGroups= Service may modify the control group file system 0.2
✗ ProtectHome= Service has full access to home directories 0.2
✗ ProtectKernelLogs= Service may read from or write to the kernel log ring buffer 0.2
✗ ProtectKernelModules= Service may load or read kernel modules 0.2
✗ ProtectKernelTunables= Service may alter kernel tunables 0.2
✗ ProtectSystem= Service has full access to the OS file hierarchy 0.2
✗ RestrictAddressFamilies=~AF_PACKET Service may allocate packet sockets 0.2
✗ RestrictSUIDSGID= Service may create SUID/SGID files 0.2
✗ SystemCallArchitectures= Service may execute system calls with all ABIs 0.2
✗ SystemCallFilter=~@clock Service does not filter system calls 0.2
✗ SystemCallFilter=~@debug Service does not filter system calls 0.2
✗ SystemCallFilter=~@module Service does not filter system calls 0.2
✗ SystemCallFilter=~@mount Service does not filter system calls 0.2
✗ SystemCallFilter=~@raw-io Service does not filter system calls 0.2
✗ SystemCallFilter=~@reboot Service does not filter system calls 0.2
✗ SystemCallFilter=~@swap Service does not filter system calls 0.2
✗ SystemCallFilter=~@privileged Service does not filter system calls 0.2
✗ SystemCallFilter=~@resources Service does not filter system calls 0.2
✓ AmbientCapabilities= Service process does not receive ambient capabilities
✗ CapabilityBoundingSet=~CAP_AUDIT_* Service has audit subsystem access 0.1
✗ CapabilityBoundingSet=~CAP_KILL Service may send UNIX signals to arbitrary processes 0.1
✗ CapabilityBoundingSet=~CAP_MKNOD Service may create device nodes 0.1
✗ CapabilityBoundingSet=~CAP_NET_(BIND_SERVICE|BROADCAST|RAW) Service has elevated networking privileges 0.1
✗ CapabilityBoundingSet=~CAP_SYSLOG Service has access to kernel logging 0.1
✗ CapabilityBoundingSet=~CAP_SYS_(NICE|RESOURCE) Service has privileges to change resource use parameters 0.1
✗ RestrictNamespaces=~CLONE_NEWCGROUP Service may create cgroup namespaces 0.1
✗ RestrictNamespaces=~CLONE_NEWIPC Service may create IPC namespaces 0.1
✗ RestrictNamespaces=~CLONE_NEWNET Service may create network namespaces 0.1
✗ RestrictNamespaces=~CLONE_NEWNS Service may create file system namespaces 0.1
✗ RestrictNamespaces=~CLONE_NEWPID Service may create process namespaces 0.1
✗ RestrictRealtime= Service may acquire realtime scheduling 0.1
✗ SystemCallFilter=~@cpu-emulation Service does not filter system calls 0.1
✗ SystemCallFilter=~@obsolete Service does not filter system calls 0.1
✗ RestrictAddressFamilies=~AF_NETLINK Service may allocate netlink sockets 0.1
✗ RootDirectory=/RootImage= Service runs within the host's root directory 0.1
SupplementaryGroups= Service runs as root, option does not matter
✗ CapabilityBoundingSet=~CAP_MAC_* Service may adjust SMACK MAC 0.1
✗ CapabilityBoundingSet=~CAP_SYS_BOOT Service may issue reboot() 0.1
✓ Delegate= Service does not maintain its own delegated control group subtree
✗ LockPersonality= Service may change ABI personality 0.1
✗ MemoryDenyWriteExecute= Service may create writable executable memory mappings 0.1
RemoveIPC= Service runs as root, option does not apply
✗ RestrictNamespaces=~CLONE_NEWUTS Service may create hostname namespaces 0.1
✗ UMask= Files created by service are world-readable by default 0.1
✗ CapabilityBoundingSet=~CAP_LINUX_IMMUTABLE Service may mark files immutable 0.1
✗ CapabilityBoundingSet=~CAP_IPC_LOCK Service may lock memory into RAM 0.1
✗ CapabilityBoundingSet=~CAP_SYS_CHROOT Service may issue chroot() 0.1
✗ ProtectHostname= Service may change system host/domainname 0.1
✗ CapabilityBoundingSet=~CAP_BLOCK_SUSPEND Service may establish wake locks 0.1
✗ CapabilityBoundingSet=~CAP_LEASE Service may create file leases 0.1
✗ CapabilityBoundingSet=~CAP_SYS_PACCT Service may use acct() 0.1
✗ CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG Service may issue vhangup() 0.1
✗ CapabilityBoundingSet=~CAP_WAKE_ALARM Service may program timers that wake up the system 0.1
✗ RestrictAddressFamilies=~AF_UNIX Service may allocate local sockets 0.1
→ Overall exposure level for system76-firmware-daemon.service: 9.6 UNSAFE 😨
Steps to reproduce (if you know):
systemd-analyze security system76-firmware-daemon.service
Expected behavior:
The service should not have access to parts of the system it doesn't need to have access to or configure the service to not trigger as "UNSAFE" when scanning services with the built-in systemd security scanner
Two packages install /usr/bin/system76-firmware
Distribution (run cat /etc/os-release):
NAME="Arch Linux"
PRETTY_NAME="Arch Linux"
ID=arch
ID_LIKE=archlinux
ANSI_COLOR="0;36"
HOME_URL="https://www.archlinux.org/"
SUPPORT_URL="https://bbs.archlinux.org/"
BUG_REPORT_URL="https://bugs.archlinux.org/"
Related Application and/or Package Version (run apt policy $PACKAGE NAME):
system76-firmware 1.0.2
system76-driver 18.04.25
Issue/Bug Description:
Both system76-firmware and system76-driver install an executable to /usr/bin/system76-firmware
Steps to reproduce (if you know):
Install both packages.
Other Notes:
Are these two packages incompatible? If not, which system76-firmware executable is the "correct" version?
Cannot schedule installation on Gazelle with ArchLinux: failed to map sideband memory
Distribution (run cat /etc/os-release):
NAME="Arch Linux"
PRETTY_NAME="Arch Linux"
ID=arch
BUILD_ID=rolling
ANSI_COLOR="38;2;23;147;209"
HOME_URL="https://archlinux.org/"
DOCUMENTATION_URL="https://wiki.archlinux.org/"
SUPPORT_URL="https://bbs.archlinux.org/"
BUG_REPORT_URL="https://bugs.archlinux.org/"
LOGO=archlinux-logo
Related Application and/or Package Version:
- aur/system76-firmware 1.0.32-1
- aur/system76-firmware-daemon 1.0.32-1
Issue/Bug Description:
When I try to schedule an installation of a firmware, be it the open or the proprietary firmware, I get the following error message:
$ sudo system76-firmware-cli schedule --open
system76-firmware: failed to download: failed to map sideband memory: Operation not permitted (os error 1)
This happens whether the argument --open or --proprietary are passed, even when only executing sudo system76-firmware-cli schedule.
Steps to reproduce (if you know):
Expected behavior:
I assume system76-firmware-cli should return a positive message about successfully scheduling the firmware upgrade.
Other Notes:
The System76 packages that are installed on my Gazelle are the two packages mentioned above, as well as aur/system76-dkms. The service system76-firmware-daemon.service is enabled and running:
$ systemctl status system76-firmware-daemon.service
● system76-firmware-daemon.service - System76 Firmware Daemon
Loaded: loaded (/usr/lib/systemd/system/system76-firmware-daemon.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2022-04-13 03:18:54 CEST; 16min ago
Main PID: 71145 (system76-firmwa)
Tasks: 1 (limit: 38135)
Memory: 880.0K
CPU: 34ms
CGroup: /system.slice/system76-firmware-daemon.service
└─71145 /usr/lib/system76-firmware/system76-firmware-daemon
avril 13 03:18:54 leon systemd[1]: Started System76 Firmware Daemon.
The precise model is a 17″ gaze15 with an Nvidia 1650 Ti.
system76-firmware fails to schedule/install on Dell XPS 13 running Pop_OS 22.04 LTS
Distribution (run cat /etc/os-release):
$ cat /etc/os-release
NAME="Pop!_OS"
VERSION="22.04 LTS"
ID=pop
ID_LIKE="ubuntu debian"
PRETTY_NAME="Pop!_OS 22.04 LTS"
VERSION_ID="22.04"
HOME_URL="https://pop.system76.com"
SUPPORT_URL="https://support.system76.com"
BUG_REPORT_URL="https://github.com/pop-os/pop/issues"
PRIVACY_POLICY_URL="https://system76.com/privacy"
VERSION_CODENAME=jammy
UBUNTU_CODENAME=jammy
LOGO=distributor-logo-pop-os
Related Application and/or Package Version (run apt policy $PACKAGE NAME):
$ apt policy system76-firmware
system76-firmware:
Installed: 1.0.55~1699483593~22.04~cb768e7
Candidate: 1.0.55~1699483593~22.04~cb768e7
Version table:
*** 1.0.55~1699483593~22.04~cb768e7 1001
1001 http://apt.pop-os.org/release jammy/main amd64 Packages
100 /var/lib/dpkg/status
Issue/Bug Description:
For several weeks I have been getting prompted to install new firmware on my laptop (A Dell XPS 13 9300). When I click "Reboot and Install" I get this error:
So I did some googling, and found the command line steps here: https://support.system76.com/articles/system-firmware/
So I followed the steps described here, and it also fails, but with a different error:
$ sudo system76-firmware-cli schedule
[sudo] password for jeremy:
Automatic transition: none -> none
downloading tail
opening download cache
downloading manifest.json
downloading system76-firmware-update.tar.xz
downloading _140bedbf9c3f6d56a9846d2ba7088798683f4da0c248231336e6a05679e4fdfe.tar.xz
downloading tail
opening download cache
downloading manifest.json
downloading system76-firmware-update.tar.xz
downloading _140bedbf9c3f6d56a9846d2ba7088798683f4da0c248231336e6a05679e4fdfe.tar.xz
downloading tail
opening download cache
downloading manifest.json
downloading system76-firmware-update.tar.xz
downloading _140bedbf9c3f6d56a9846d2ba7088798683f4da0c248231336e6a05679e4fdfe.tar.xz
downloading tail
opening download cache
downloading manifest.json
downloading system76-firmware-update.tar.xz
downloading _140bedbf9c3f6d56a9846d2ba7088798683f4da0c248231336e6a05679e4fdfe.tar.xz
system76-firmware: failed to download: _140bedbf9c3f6d56a9846d2ba7088798683f4da0c248231336e6a05679e4fdfe.tar.xz not found
I saw nothing on the system76 website instructions that offered any help for this particular type of error.
Steps to reproduce (if you know):
Click "Reboot and Install" or run "sudo system76-firmware-cli schedule"
Expected behavior:
Laptop should reboot and firmware should be updated in the process.
Schedule fails with "failed to create /boot/efi/system76-firmware-update.x/firmware"
Distribution (run cat /etc/os-release):
NAME=Fedora
VERSION="34 (Workstation Edition)"
ID=fedora
VERSION_ID=34
VERSION_CODENAME=""
PLATFORM_ID="platform:f34"
PRETTY_NAME="Fedora 34 (Workstation Edition)"
ANSI_COLOR="0;38;2;60;110;180"
LOGO=fedora-logo-icon
CPE_NAME="cpe:/o:fedoraproject:fedora:34"
HOME_URL="https://fedoraproject.org/"
DOCUMENTATION_URL="https://docs.fedoraproject.org/en-US/fedora/f34/system-administrators-guide/"
SUPPORT_URL="https://fedoraproject.org/wiki/Communicating_and_getting_help"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Fedora"
REDHAT_BUGZILLA_PRODUCT_VERSION=34
REDHAT_SUPPORT_PRODUCT="Fedora"
REDHAT_SUPPORT_PRODUCT_VERSION=34
PRIVACY_POLICY_URL="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
VARIANT="Workstation Edition"
VARIANT_ID=workstation
Related Application and/or Package Version (run apt policy $PACKAGE NAME):
system76-firmware-0.20-1.fc34
Issue/Bug Description:
Automatic transition: N140WU -> N140WU
downloading tail
opening download cache
downloading manifest.json
downloading system76-firmware-update.tar.xz
downloading galp3-b_7f564a54c43ab2be20d254ebf9d520bf4920ec7b8f9bdf87d8bda4d2ac3b49bf.tar.xz
loading changelog.json
Ok("./changelog.json")
Automatic transition: N140WU -> N140WU
"efibootmgr" "--quiet" "--delete-bootnext"
Could not delete BootNext: No such file or directory
"efibootmgr" "--quiet" "--delete-bootnum" "--bootnum" "1776"
Could not delete variable: No such file or directory
extracting system76-firmware-update.tar.xz to /boot/efi/system76-firmware-update.EoO5F7t8LhLf
Ok("./")
Ok("./boot.efi")
Ok("./res/")
Ok("./res/firmware.nsh")
Ok("./res/shell.efi")
Ok("./res/splash.bmp")
extracting galp3-b_7f564a54c43ab2be20d254ebf9d520bf4920ec7b8f9bdf87d8bda4d2ac3b49bf.tar.xz to /boot/efi/system76-firmware-update.EoO5F7t8LhLf/firmware
Ok("./")
Ok("./afuefi.efi")
system76-firmware: failed to schedule: failed to extract galp3-b_7f564a54c43ab2be20d254ebf9d520bf4920ec7b8f9bdf87d8bda4d2ac3b49bf.tar.xz to /boot/efi/system76-firmware-update.EoO5F7t8LhLf/firmware: failed to create `/boot/efi/system76-firmware-update.EoO5F7t8LhLf/firmware`
The exit code is 1.
Steps to reproduce (if you know):
This happens every time I run sudo system76-firmware-cli schedule.
Expected behavior:
Other Notes:
Mention bootctl in error message if ESP isn't found
I installed system76-firmware and wanted to use the cli:
# system76-firmware-cli
system76-firmware: EFI mount point not found
# system76-firmware-cli -h
system76-firmware: EFI mount point not found
But i have my ESP mounted!
# findmnt /boot/esp
TARGET SOURCE FSTYPE OPTIONS
/boot/esp /dev/nvme0n1p1 vfat rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,utf8,errors=remount-ro
# ls /boot/esp
EFI efibootmgr 'System Volume Information'
In order to get the software working I had to strace the program, learn where does it look for ESP mount and symlink the expected path to the actual mountpoint.
Can you please make the error message more informative and make it not require ESP mounts for --help flag?
We can also provide it with --efi-mount flag which allows the user to specify where to look for ESP.
Does not work when the Secure Boot is enabled (failed to get I/O permission)
Distribution (run cat /etc/os-release):
NAME="Fedora Linux"
VERSION="39 (KDE Plasma)"
ID=fedora
VERSION_ID=39
VERSION_CODENAME=""
PLATFORM_ID="platform:f39"
PRETTY_NAME="Fedora Linux 39 (KDE Plasma)"
Related Application and/or Package Version (run apt policy $PACKAGE NAME):
Current version from the GitHub packaged for Fedora.
Issue/Bug Description:
[root@ ~]# system76-firmware-daemon
system76-firmware-daemon: failed to get I/O permission: Operation not permitted (os error 1)
The issue is related to Secure Boot and kernel lockdown. I was able to reproduce it and found a workaround. With the disabled secure boot, it works ok again.
As written in the man (https://man7.org/linux/man-pages/man2/iopl.2.html) usage of iopl is deprecated. Maybe there is a way to rewrite this part? :)
if unsafe { libc::iopl(3) } < 0 {
return Err(format!(
"failed to get I/O permission: {}",
io::Error::last_os_error()
));
}
Steps to reproduce (if you know):
You can just run it on a system with enabled Secure Boot.
Expected behavior:
Run also on systems with enabled Secure Boot.
Other Notes:
Originally reported as an issue for Fedora copr package here: https://pagure.io/system76/system76-firmware/issue/1
Invalid cross-device link (os error 18)
Using the CLI command schedule, I get this error:
system76-firmware: failed to schedule: failed to move /boot/efiMG6RBk to /efi/boot/system76-firmware-update: Invalid cross-device link (os error 18)
I found this to be the final fs::rename failing, and others had this issue with Rust before.
Investigating; PR to follow (I hope :))
Thelio-io firmware update fails with permission denied error
Distribution (run cat /etc/os-release):
Pop!_OS 18.04
Issue/Bug Description:
Upon receiving a notification that there is a firmware update available for the thelio-io board, I proceeded with the upgrade and was given an error message that the firmware could not be updated. The logs below describe the issue in greater depth.
system76-firmware-daemon[1214]: switching to bootloader
system76-firmware-daemon[1214]: Permission denied (os error 13)
system76-firmware-autostart.desktop[2595]: 2019-07-25 07:28:15,367 ERROR Failed to install Thelio Io firmware
system76-firmware-autostart.desktop[2595]: Traceback (most recent call last):
system76-firmware-autostart.desktop[2595]: File "/usr/lib/python3/dist-packages/system76driver/firmware.py", line 489, in _run_firmware_updater
system76-firmware-autostart.desktop[2595]: iface.ThelioIoUpdate(digest)
system76-firmware-autostart.desktop[2595]: File "/usr/lib/python3/dist-packages/dbus/proxies.py", line 145, in __call__
system76-firmware-autostart.desktop[2595]: **keywords)
system76-firmware-autostart.desktop[2595]: File "/usr/lib/python3/dist-packages/dbus/connection.py", line 651, in call_blocking
system76-firmware-autostart.desktop[2595]: message, timeout)
system76-firmware-autostart.desktop[2595]: dbus.exceptions.DBusException: org.freedesktop.DBus.Error.Failed: Permission denied (os error 13)
tail cache sometimes hides updates
Sometimes the tail cache is not invalidated and updates do not appear in a timely manner. Removing the tail with sudo rm /var/cache/system76-firmware-daemon/tail and restarting the daemon causes updates to appear again.
New release
The latest release (1.0.5) is not compatible with the latest firmware-manager required by system76-driver. The Firmware Manager GTK app shows an error about a missing ThelioIoList DBUS method.
Building system76-firmware-daemon from master solves the issue: would it be possible to tag a new release version at this commit?
Build failure, "literal out of range for i32"
Distribution: Alpine Linux
Application Version: 1.0.5 and latest Git master, commit 699fd04
Issue/Bug Description: Build failure
Compiling system76-firmware v1.0.5 (/home/builder/aports/testing/system76-firmware/src/system76-firmware-699fd04d9d4971dc2e199c08c143f9aefae8174d)
error: literal out of range for i32
--> src/me.rs:62:41
|
62 | if unsafe { libc::ioctl(mei_fd, 0xc0104801, uuid_bytes.as_mut_ptr()) } != 0 {
| ^^^^^^^^^^
|
= note: `#[deny(overflowing_literals)]` on by default
= note: the literal `0xc0104801` (decimal `3222292481`) does not fit into an `i32` and will become `-1072674815i32`
= help: consider using `u32` instead
error: aborting due to previous error
error: Could not compile `system76-firmware`.
New version?
Would it be possible to tag a new version of system76-firmware? The current version (1.0.4) will not build on Rust stable releases.
Implement feature in CLI to allow checking for updates
Would it be possible to add an additional command to the CLI, which checks for firmware updates?
defaulting to /boot/efi should warn user before making any changes
system76-firmware/src/bin/cli.rs
Line 21 in dde2142
Or better yet, detect where EFI is actually mounted, via mount or something.
`cargo` crashes with "network failure" while attempting to fetch `ecflash`
Distribution (run cat /etc/os-release):
Debian GNU/Linux 12 (bookworm)
Issue/Bug Description:
Build always fails because cargo crashes with a network error.
Steps to reproduce (if you know):
Install cargo with sudo apt install cargo.
Clone https://github.com/pop-os/system76-firmware and cd into the repo.
Run make. After downloading about 10%, fails with the following error:
cargo build --release
Updating crates.io index
error: failed to get `ecflash` as a dependency of package `system76-firmware v1.0.58 (/home/jth/apps/system76-firmware)`
Caused by:
failed to load source for dependency `ecflash`
Caused by:
Unable to update registry `crates-io`
Caused by:
failed to fetch `https://github.com/rust-lang/crates.io-index`
Caused by:
network failure seems to have happened
if a proxy or similar is necessary `net.git-fetch-with-cli` may help here
https://doc.rust-lang.org/cargo/reference/config.html#netgit-fetch-with-cli
Caused by:
SSL error: 0xffff8780 - SSL - The peer notified us that the connection is going to be closed; class=Ssl (16)
make: *** [Makefile:66: target/release/system76-firmware-cli] Error 101
Other Notes:
I'm attempting to build system76-firmware on Debian 12 for use with my Lemur Pro laptop.
I do not use a network proxy. My internet isn't very fast, but works fine for all other use cases (web browsing, video conferencing, installing packages with apt and flatpak, pushing and pulling with git, etc.). Is cargo extremely sensitive to momentary network interrupts?
meer6 shows a Lenovo ME update
Distribution (run cat /etc/os-release):
Pop!_OS 22.04
Related Application and/or Package Version (run apt policy $PACKAGE NAME):
$ apt policy fwupd
fwupd:
Installed: 1.8.0-1pop0~1651249442~22.04~70f32d3
Candidate: 1.8.0-1pop0~1651249442~22.04~70f32d3
Version table:
*** 1.8.0-1pop0~1651249442~22.04~70f32d3 1002
1001 http://apt.pop-os.org/release jammy/main amd64 Packages
1002 http://apt.pop-os.org/staging/master jammy/main amd64 Packages
100 /var/lib/dpkg/status
1.7.5-3 500
500 http://apt.pop-os.org/ubuntu jammy/main amd64 Packages
$ apt policy system76-firmware
system76-firmware:
Installed: 1.0.39~1654116394~22.04~f71ce23
Candidate: 1.0.39~1654116394~22.04~f71ce23
Version table:
*** 1.0.39~1654116394~22.04~f71ce23 1002
1001 http://apt.pop-os.org/release jammy/main amd64 Packages
1002 http://apt.pop-os.org/staging/master jammy/main amd64 Packages
100 /var/lib/dpkg/status
Issue/Bug Description:
Trying to install this firmware reboots the machine, but nothing ever installs, and and I'm prompted to install this update again after login.
Steps to reproduce (if you know):
Open firmware manager on meer6
Expected behavior:
Only show installable firmware updates
Other Notes:
I also saw a Mattermost user with a Tuxedo laptop report the same thing: https://chat.pop-os.org/pop-os/pl/8nr99qb5eifh7kxamjafgg5puy
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.