Fixup the fwupd bit?

Question

Fixup the fwupd bit?

hughsie opened this issue 4 years ago · comments

fwupd comes as a UEFI binary today, so bootupd would actually take care of updating fwupd itself.

At the moment to schedule an update fwupd

mounts the ESP if not already mounted
copies the /usr/libexec/fwupd/efi/fwupdx64.efi.signed binary to EFI/fedora/fwupdx64.efi
copies the firmware from the archive to EFI/fedora/fw/fwupd-{guid}.cap
futzes with the BootOnce EFI key
unmounts the ESP if it wasn't mounted before we started

...so we don't actually care if fwupdx64.efi is old or insecure or whatever, as it's going to be overwritten on next firmware update anyway. We could even mount->rm EFI/fedora/fwupdx64.efi -> unmount on next startup if that helps, although I'm not sure it's a helpful thing to do.

We did used to install into the ESP fro the rpm %install phase, but various distros don't automount the ESP (perhaps sensibly) and so we stopped doing that.

If I've massively misunderstood the problem, apologies.

Colin Walters · Answer 1 · Fri Jun 26 2020 23:01:36 GMT+0800 (China Standard Time)

Thanks for filing this! I think we'll need to debate a bit who owns the updates here. To start it's probably ok if bootupd defers to fwupd to update itself.

Richard Hughes · Answer 2 · Fri Jun 26 2020 23:11:14 GMT+0800 (China Standard Time)

I think we'll need to debate a bit who owns the updates here

If there's an API to use I'd be fine adding code to fwupd to say "put $THAT$ file on the ESP" and just let something else deal with mounting/unmounting/copying etc.

Colin Walters · Answer 3 · Sat Jun 27 2020 01:02:18 GMT+0800 (China Standard Time)

Right. I think there's a lot more to "have fwupd defer updates to bootupd" though like how versioning is handled and whether we want to support updating fwupd separately from other things etc.

Conceptually fwupd is a lot more like an "EFI app" which is quite distinct from the OS bootloaders I think.

I just pushed a change to bootupd which drops the concept that it has exclusive control over /boot/efi, instead it will only adjust the files it knows about. So for now I'll move forward operating under the idea that bootupd needs to not break what fwupd is doing today, and then we can iterate towards having the cooperate once bootupd is stable (and hence fwupd could in theory depend on it, then we have to ensure that everywhere fwupd is adopted bootupd is too etc).

Richard Hughes · Answer 4 · Sat Jun 27 2020 01:13:47 GMT+0800 (China Standard Time)

Conceptually fwupd is a lot more like an "EFI app"

Agree.

instead it will only adjust the files it knows about

Great, thanks.

and hence fwupd could in theory depend on it

I think a soft-depend is fine, we try to keep the list of deps as small as possible. Yell when you've got API you want us to use.