** Description changed: We are going to SRU fwupd 1.7.5 to impish and focal to fix bug LP: #1949412. With update fwupd, the default config set OnlyTrusted=true With that, we need update libjcat. [Impact] need to update libjcat so the recent firmware from lvfs could be installed by fwupd. [Test Plan] Will use fwupd SRU exception test plan to do those testing. IHV vendor will also contribute by testing recent firmware that can't be install without upgrade libjcat. [Where problems could occur] fwupd will crash, signature verification will failed and the can't install firmware from LVFS. Given the test plan in the SRU exception document, plus IHV testing, I think those shall be fine. [Other Info] SRU exception page: https://wiki.ubuntu.com/firmware-updates There are several commits between 0.1.3 (current one in focal) and 0.1.4 (the target version for this SRU). - The non-trivial commits are: + Those non-trivial commits between 0.1.3 and 0.1.4 are: https://github.com/hughsie/libjcat/commit/109399e1f28cec84b43c355b2be77bac38943df7 https://github.com/hughsie/libjcat/commit/583df67e3ee25201f1e1830ae6d92bf846c082a3 - Per the logic there, I think we should SRU those. + Given they are clean and clear, I think SRU those shall be fine. - Also note per: + Also, note per: https://github.com/fwupd/fwupd/commit/7157ca79e4d6b13d82b0a21f8586b86be0cbb80e We do need updated libjcat to support new firmware from LVFS. ---- The firmware blobs in cabinet archive are presently LVFS signed with gpg and pkcs7, if libjcat at compilation time without one then the blobs signed with both can't be verified. - Impact is fwupd daemon will fail the firmware install immediately - because OnlyTrusted=true is defaulted (in fwupd 1.7.x) to verifying the - signature for daemon. + The impact is fwupd daemon will fail the firmware install immediately + because OnlyTrusted=true is defaulted (in fwupd 1.7.x) to verify the + signature for the daemon. We need uprev libjcat at least 0.1.4 onward to fix this issue. Issue is reproducible with fwupd 1.7.4 -> https://launchpad.net/~ycheng-twn/+archive/ubuntu/fwupd174 $ fwupdmgr --version client version: 1.7.4 compile-time dependency versions gusb: 0.3.4 daemon version: 1.7.4 $ dpkg -l | grep libjcat ii libjcat1:amd64 0.1.3-2 amd64 JSON catalog library
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1961864 Title: fwupd daemon failed to verify firmware signature To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1961864/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
