Currently we only parse the nvm_version attribute according fwupd
expectations when the device is initially added. Elsewhere we just use
the raw version as is which might be problematic as the version format
can change in the middle (for example "33.02" vs. "33.2"). Fix this so
that fu_plugin_thunderbolt_udev_get_version () always returns parsed
version string.
Update self tests accordingly to have "parsed" version to which we
compare against.
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Since the multi controller entry is part of the DROM and its place is
not fixed, it is possible (however unlikely) that the locations between
controller and the image are different. One scenario is that the new
image has typo in device or vendor name string fixed which could cause
the offset to be different.
To handle this case properly we need to read multi controller locations
of both controller and image separately, read their values and then
compare them against each other.
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
During review it was pointed out that the return value of
read_drom_entry_location () should be documented because it also returns
TRUE when an entry was not found from the DROM. Caller needs to look for
the location->offset in that case. Add a comment explaining this.
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Alpine Ridge and Alpine Ridge LP also include flash size field so follow
Titan Ridge and validate those as well.
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
This reverts commit ed7acc7819.
As pointed out by @YehezkelShB during review the Titan Ridge IDs 0x15E8
and 0x15EB are for the NHI (the host controller). Windows SDK tool uses
them to keep track of different controllers but in Linux we don't need
them and can use the already existing bridge IDs.
There is no harm to have them listed but to avoid possible confusion in
future remove them.
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
/boot is a special cased directory when using ProtectSystem=full
Due to this, it's marked read only even if it's listed in ReadWritePaths.
Allow folks to use this for their ESP, but they need to create /boot/EFI
in advance of starting fwupd.
Titan Ridge devices may contain multiple controllers so we need to make
sure the supplied NVM image multi controller number matches the
controller in question. This is pretty much same than we had for Alpine
Ridge (X of N) but the difference is that this multi controller
information is found in DROM instead and the location is not fixed.
For this reason we implement a generic DROM entry parser and use it to
dynamically fill in correct location of multi controller entry based on
the controller active firmware.
In addition to that we add a check for the NVM flash size just like we
do for Titan Ridge host.
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Titan Ridge has same set of bits than Alpine Ridge telling whether the
Thunderbolt controller is in native or legacy mode. Add validation for
that.
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
We need to make sure the Thunderbolt controller and the NVM image agree
with the expected flash memory size.
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Add 0x15E8 and 0x15EB Titan Ridge IDs that were previously missed.
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Thunderbolt devices typically have a discrete PD (power delivery)
controller and firmware for that controller is part of the NVM image. To
make sure the supplied NVM image provides the necessary PD firmware we
implement a check that compares existence of both PD pointers and fails
the validation if they differ.
Since the PD pointer is part of ARC_PARAMS section we need to populate
that section offset also for hosts (following DROM section).
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
At least with Titan Ridge devices 50 * 20 ms is way too short time
reading nvm_version so most of the time the daemon fails to figure out
the version of the just connected device. To make it work better with
Titan Ridge devices increase the timeout to 50 * 200 ms.
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
There are other places in the plugin where we read nvm_version and it
can return -EAGAIN as well. To make sure it works consistenly accross
the plugin factor reading nvm_version to a helper function and use instead.
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Additionally, if the user specified something invalid, do not autodetect the
ESP but return with a journal error. It seems wrong to ignore what the user
explicitly set and perhaps do something dangerous.
Alternative to https://github.com/hughsie/fwupd/pull/599
Panamera is a newer MST chip with a different flash layout and
multiple MCU running and accessing SPI/EEPROM simultaneously.
The firmware update process has to be run separately for each
SPI/EEPROM region.
Signed-off-by: Ryan Chang <ryan.chang@synaptics.com>
Signed-off-by: Mario Limonciello <mario.limonciello@dell.com>
- Split up `synapticsmst_device_write_firmware` to smaller more manageable
chunks
- Use `FuDeviceLocker` to ensure that device is in a known state after
update is complete (both in success or failure scenarios)
- Retry the write process up to 10 times in case of DPCD update failures
- Wait for flash clear to settle before writing to EEPROM/SPI
Any previously failed runs or outside tools may adjust the remote
control register leaving the MST controller in a poor state.
If remote control enablement fails, try to disable and then re-enable
before aborting.
As seen by recent testing this is not working every time.
Since e6cda81f we're now building GUIDs that represent all the possibilities
for shared parts so it's not important to set dock type.
Since the Redfish service may use a self-signed certificate without
specifying the hostname, we could have the problem to verify such
certificate. A new option, CACheck, is introduced so that the user can
decide whether to ignore the CA verification or not.
Signed-off-by: Gary Lin <glin@suse.com>
This commit adds redfish.conf to configure the IP and username/password
in case those are not available in SMBIOS and the EFI variables.
Since we can configure the IP in the conf file, the environment
variable, FWUPD_REDFISH_URI, is removed.
Signed-off-by: Gary Lin <glin@suse.com>
Although SoupAuthManager can create a proper SoupAuth from the
WWW-Authenticate header, some redfish implementations didn't provide
such header, and we would get a 401 response in the end.
In DSP0266, it mentions that "HTTP BASIC authentication as defined by
RFC7235 shall be supported", so it shall be safe to use Basic Auth
by default.
Signed-off-by: Gary Lin <glin@suse.com>
