Announcement

Collapse
No announcement yet.

LVFS Activity Going Wild Ahead Of New Security Disclosure Requiring Firmware Update

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • LVFS Activity Going Wild Ahead Of New Security Disclosure Requiring Firmware Update

    Phoronix: LVFS Activity Going Wild Ahead Of New Security Disclosure Requiring Firmware Update

    The Linux Vendor Firmware Service (LVFS) that integrates with Fwupd for delivering firmware updates primarily to Linux users is surging with around three times the normal traffic volume. Unfortunately, this boost in traffic appears to be due to vendor(s) releasing new system firmware updates ahead of disclosing a presumptive security issue...

    https://www.phoronix.com/scan.php?pa...-Wild-Jan-2022

  • #2
    Too bad PC desktop motherboards manufacturers have support for LFVS. 😢
    Asus, Gigabyte, MSI, etc. None of them support LFVS on PC desktop motherboards. 👎

    Comment


    • #3
      I got a new BIOS notification from a vendor about an urgent criticality update about 5 days ago. Which, as is typical for such security updates before the embargo expires, included zero information about what it fixed.

      Let the updates and reboots begin!

      Comment


      • #4
        Originally posted by uid313 View Post
        Too bad PC desktop motherboards manufacturers have support for LFVS. 😢
        Asus, Gigabyte, MSI, etc. None of them support LFVS on PC desktop motherboards. 👎
        If LVFS is a requirement in your environment you should make sure to put it into the RFP for the next procurement (and, of course, disqualify those vendors that do not conform and tell them why so they have the opportunity to improve). There are vendors who do support LVFS, on at least some of their systems, so you will still have options.

        Comment


        • #5
          Originally posted by uid313 View Post
          Too bad PC desktop motherboards manufacturers have support for LFVS. 😢
          Asus, Gigabyte, MSI, etc. None of them support LFVS on PC desktop motherboards. 👎
          Not that some laptops are much better, I have an Acer A515-54G that hasn't received anything even for the previous report of Intel vulnerabilities needing firmware updates (the privilege escalation one from November). None of its firmware updates even touched ME either, it'd be running whatever OS it shipped with if it weren't for me patching it manually based on dumps found in the net. Hell, I wouldn't be able to use Linux here either since it ships in Intel's fake RAID thing (RST) with no possibility to change to AHCI in this model using unmodified firmware (and I got one with no OS by default!!).

          Not that things are greener in Windows land, they certified (?) the laptop for Windows 11 and published drivers for it, unless you look at them closely: despite the date of the drivers being posted (and pushed through Windows Update), they're just repacks of the Windows 10 ones. For instance, the audio driver is still from 2019, the video ones are fucked too not even using newer architectures despite Intel and NVIDIA having done the job. Not that newer drivers are needed in Windows, you can run with the ones supplied, but come on... disregard the performance fixes and improvements even, security seems not to be important for Acer.

          First and last time I buy one of their machines, tech support can't even comment or address any concerns about this.

          EDIT: It's probably best to steer clear of this manufacturer: https://fwupd.org/lvfs/search?value=Acer
          Last edited by KaoDome; 18 January 2022, 10:45 AM. Reason: Added link on Acer presence in LVFS.

          Comment


          • #6
            That's better than MSI. This notebook I have ships with the original firmware. They never even provided updates to it in the year and a half since launch. They also didn't bother to "certify" it for Windows 11 either.

            I so miss my old Dell that supported LVFS...

            Comment


            • #7
              Originally posted by KaoDome View Post
              I have an Acer A515-54G

              Hell, I wouldn't be able to use Linux here either since it ships in Intel's fake RAID thing (RST) with no possibility to change to AHCI in this model using unmodified firmware (and I got one with no OS by default!!).
              I purchased a 2019Q3-Q4 model from the same family I think: Acer Aspire 5 Slim (i3-10110U aka A515-54-37U3) - They used to have more details here, but it seems that's a dead link now... so I can't even use that to look up details (maybe internet archive has a copy)... I never got around to applying the BIOS update that required Windows to apply, hopefully that isn't no longer available too as at least with Linux it cannot resume from suspend a 2nd time and I've been hibernating it ever since as an alternative.

              Even when suspended though the S3 seems more like s2idle/si0x due to heavier power draw, the GPU wouldn't enter a low state IIRC since the display panel that was manufactured in 2017 (AUO B156HAN02.1) still used old eDP version from around 2011-2012 before PSR was supported. Apparently if I manually replace the panel with one with a newer eDP version that'd at least resolve that issue. I guess it's a cost cutting choice since you can't market that to average consumer, and by not being listed in specs they're free to change the panel for the same model based on needs without differentiating it?

              ---

              Anyway I wanted to share a note about the RST issue you had, you can change it via an undocumented shortcut key to reveal the option in BIOS.

              It took me a while to dig up the info from some random forum post, Acer had no help about it and I don't think I got any info from tech support (nor after where I thought I bricked it as after the Linux install entering the BIOS was often corrupted and at one point it wouldn't power on for a day, other than that I ship it from NZ for several weeks pre-covid to Canada, and they would only allow a return address to America, I purchased from Amazon thinking since Acer is in NZ it'd be fine to send it locally for this kinda problem... nope).

              Here's a snippet from my notes on the product. I wanted to clone the current disk install before putting Linux on just in case. It shipped with an NVMe m.2 SSD and had a spare bay for a 2.5" disk too, but no Optane:

              Backing up the disk via Clonezilla, the internal disk was not detected due to "SATA Mode" set to "RST with Optane" instead of "AHCI". This doesn't seem like it can be changed, but if you tab to the "Main" menu section, then press "CTRL + s" you'll activate a hidden item "SATA Mode" where you can change the value. Note that after performing a backup, you'll need to switch back to "RST with Optane" for Windows to boot again.
              ---

              It was a budget product for $399 USD, but I won't make that mistake again with Acer. Previously made a bad choice with MSI too. I guess next time I'll fork over a bit more for Lenovo (which still seems to have some linux issues but at least makes an effort?) or Dell. Open to suggestions of other vendors that might be worth looking into!

              Comment


              • #8
                Originally posted by polarathene View Post
                It was a budget product for $399 USD, but I won't make that mistake again with Acer. Previously made a bad choice with MSI too. I guess next time I'll fork over a bit more for Lenovo (which still seems to have some linux issues but at least makes an effort?) or Dell. Open to suggestions of other vendors that might be worth looking into!
                Both Lenovo and Dell participate in extremely shady, anti-consumer practices (Lenovo https://www.youtube.com/watch?v=MYZlom4cLUA) (Dell https://linustechtips.com/topic/1331...t-system-page/)

                I'd look into getting a Framework if you don't need discrete graphics, or I've been pretty happy with my ASUS Zephyrus G14. (Despite the Nvidia GPU, I've been quite happy with the experience. BIOS updates require installing from the BIOS setup interface via EZ Flash, but it's honestly a very minor inconvenience. Asusctl is a must-use.)

                Comment


                • #9
                  Originally posted by QwertyChouskie View Post
                  Both Lenovo and Dell participate in extremely shady, anti-consumer practices (Lenovo https://www.youtube.com/watch?v=MYZlom4cLUA) (Dell https://linustechtips.com/topic/1331...t-system-page/)
                  I'm rather careful at the purchasing step and wouldn't expect the subscription to go unnoticed (unless the review/summary page before confirming purchase isn't listing it explicitly when it should, I didn't read into the link too deeply).

                  The Lenovo one is interesting but again not too much of a concern when I'm purchasing a laptop.

                  Originally posted by QwertyChouskie View Post
                  I'd look into getting a Framework if you don't need discrete graphics
                  Yeah, I'm aware of them and they look pretty cool. They don't ship to my region (NZ) yet. I'm also wanting my next machine to have more than 4 cores and possibly a larger display (less important), so something like the upcoming Lenovo ThinkPad Z 16" looks good with the new AMD APU.

                  The specs for the display panel on Framework (not that it's really any better elsewhere) is a bit vague/sparse. I'd have thought for Framework they'd provide the actual panel model so I could look it up (here's my current Acer panel). I'd love to see some more options there too in their marketplace.

                  It's good to see Framework is using fwupd/LVFS! I was also a bit surprised that their USB-C expansion cards offer USB4, I see the Intel CPUs offer ThunderBolt 4, so I guess it's via that or something? I'm curious if the expansion card vs competitors (with fixed I/O ports directly wired up) has an impact on I/O perf or capabilities at all.

                  It's not clear if you can use an eGPU with their USB4 offering. I'm also curious if all expansion cards are sharing the same bus / host controller for I/O, with TB3 the eGPU support varied as some ports only offered x2 lanes (eg two ports split x4 lanes). That's a feature I'm interested in, and should allow me to not need a desktop for a more capable GPU that can be used with multiple devices more easily.

                  Originally posted by QwertyChouskie View Post
                  or I've been pretty happy with my ASUS Zephyrus G14. (Despite the Nvidia GPU, I've been quite happy with the experience. BIOS updates require installing from the BIOS setup interface via EZ Flash, but it's honestly a very minor inconvenience. Asusctl is a must-use.)
                  Asus doesn't seem to have anything on fwupd? Are they generally good with updating firmware for the product you have? No issues with Linux? (Installing via EZ Flash is fine, better than requiring Windows installed like Acer).

                  I've had a great experience with ASRock motherboard for my desktop that Asus is a parent company of. I had a firmware bug affecting my linux system on resume from suspend, emailed support and they responded within 1-2 days with a new beta BIOS update to try which resolved the issue. I was surprised since I was clear that I was using Linux, very positive experience

                  Comment


                  • #10
                    Updated ThinkPad 14s Gen2 with a BIOS security patch. Had to turn SecureBoot off first.

                    Comment

                    Working...
                    X