0bbef29d3e
The root of this problem is that we were trying to use pending.db as both a pending report store and also a record of history, so you could see updates for device foo 1.2.3->1.2.4 and then 1.2.4->1.2.5. This sort-of half worked, but it meant in some cases we matched on the old device version, sometimes on the new release version and sometimes matching on either. The problem was that in various places we were using the device ID as *the* primary key, and so we had various functions like fu_history_get_device_by_id() that expected to return just one device, not several. The device ID also changes if the device is moved from USB plug to another, and so it got even more complicated again trying to de-dupe the devices. The sanest thing to do is to decide that pending.db only contains the latest attempt to go from one version to another using device-id as the primary key. This makes reporting work reliably now, although has the effect you can't report a 1.2.3->1.2.4 and 1.2.4->1.2.5 at the same time. Note, if you tried to do the latter before, the update-error (if set) would be wrong on the second report... For the 1.3.3 release make it all simpler and so the reporting works reliably. Longer term we can design a better database schema that uses unique ID to represent the *transaction* itself, that isn't tied to the device ID in any way. This might mean extending the DBus API to cope with multiple devices being returned with the same device-id set. |
||
|---|---|---|
| .circleci | ||
| .github | ||
| .tx | ||
| contrib | ||
| data | ||
| docs | ||
| libfwupd | ||
| plugins | ||
| po | ||
| policy | ||
| snap | ||
| src | ||
| subprojects | ||
| .gitignore | ||
| .gitmodules | ||
| .lgtm.yml | ||
| .travis.yml | ||
| AUTHORS | ||
| CODE_OF_CONDUCT.md | ||
| COMMITMENT | ||
| CONTRIBUTING.md | ||
| COPYING | ||
| MAINTAINERS | ||
| meson_options.txt | ||
| meson_post_install.sh | ||
| meson.build | ||
| README.md | ||
| RELEASE | ||
| SECURITY.md | ||
fwupd
This project aims to make updating firmware on Linux automatic, safe and reliable.
Additional information is available at the website: https://fwupd.org
Compiling
The most up to date compilation instructions are available in the Wiki
LVFS
This project is configured by default to download firmware from the Linux Vendor Firmware Service (LVFS).
This service is available to all OEMs and firmware creators who would like to make their firmware available to Linux users.
You can find more information about the technical details of creating a firmware capsule in the hardware vendors section of the fwupd website.
Basic usage flow (command line)
If you have a device with firmware supported by fwupd, this is how you will check for updates and apply them using fwupd's command line tools.
# fwupdmgr get-devices
This will display all devices detected by fwupd.
# fwupdmgr refresh
This will download the latest metadata from LVFS.
# fwupdmgr get-updates
If updates are available for any devices on the system, they'll be displayed.
# fwupdmgr update
This will download and apply all updates for your system.
- Updates that can be applied live will be done immediately.
- Updates that run at bootup will be staged for the next reboot.
You can find more information about the update workflow in the end users section of the fwupd website.
Reporting status
fwupd will encourage users to report both successful and failed updates back to LVFS. This is an optional feature, but encouraged as it provides valuable feedback to LVFS administrators and OEM developers regarding firmware update process efficacy.
The privacy policy regarding this data can be viewed on the fwupd website.
To report the status of an update run:
# fwupdmgr report-history
To clear the local history of updates:
# fwupdmgr clear-history
Only updates that were distributed from the LVFS will be reported to the LVFS.
Enterprise Use
The flow of updates can be controlled in the enterprise using the "approved updates" feature. This allows the domain administrator to filter the possible updates from a central server (e.g. the LVFS, or a mirror) to only firmware that have been tested specifically in your organisation.
The list of approved updates can be enabled by adding ApprovalRequired=true
to the remote configuration file, e.g. lvfs.conf. Once enabled, the
list of approved updates can be set in daemon.conf using a comma delimited list.
For example:
ApprovedFirmware=foo,bar
Where foo,bar refers to the container checksums that would correspond
to two updates in the metadata file.
Additionally, the list of approved firmware can be supplemented using
fwupdmgr set-approved-firmware baz or using the D-Bus interface.
Other frontends
-
GNOME Software is the graphical frontend available. When compiled with firmware support, it will check for updates periodically and automatically download firmware in the background. After the firmware has been downloaded a popup will be displayed in Gnome Software to perform the update.
-
KDE Discover is the software centre, generally bundled with KDE Plasma. With the release of KDE Plasma 5.14, a new fwupd backend has been implemented in KDE Discover for firmware updates. These firmware updates are shown with other system updates.
-
Wyse Management Suite A software suite available on Dell IoT gateways and Wyse thin clients with built-in fwupd support. The remote administration interface can be used to download and deploy firmware updates.
Fuzzing
There are several automated fuzzing tests in fwupd. These take some time to run:
CC=afl-gcc meson --default-library=static ../
AFL_HARDEN=1 ninja
ninja fuzz-synaptics-rmi
ninja fuzz-firmware
ninja fuzz-smbios