Wip/hughsie/ifd #6644
Wip/hughsie/ifd #6644
Conversation
hughsie
force-pushed
the
wip/hughsie/ifd
branch
from
7f37200
to
75e2abb
Compare
|
Can you pull some already redistributable binaries from LVFS and tear them apart as part of CI perhaps? |
|
Those aren't going to be IFD images -- those will be at best IFD partitions -- and probably also wrapped up in other container formats (looking at you Dell) -- they're also not going to have all the local-only NVRAM junk populated either. |
|
Got it; so these are basically a collection of dediprog dumps you run it through. |
|
Yes -- and I'm crowd-sourcing some more! https://blogs.gnome.org/hughsie/2024/01/09/looking-for-logofail-on-your-local-system/ |
Ah. I think your 99% statement is probably wrong - it's only vendors that allow changing the logo isn't it? Others might have parser problems but if you can't change the logo they're not affected. So I think any hsi check for logo fail needs to also check availability of the interfaces used to change. |
I think more support it than you might immediately realize; Lenovo is affected for example. But yes, 100% agreed on parsing the NVRAM for the keys to indicate the image data before failing HSI tests. |
|
But notably I recall reading in some logo fail article that Dell isn't affected because they don't offer any logo changing interface. They're a pretty sizable chunk too :) |
Ohh, TIL. I've updated the blog post, thanks. |
hughsie
force-pushed
the
wip/hughsie/ifd
branch
from
75e2abb
to
227c9aa
Compare
check-ifd-firmware.py:
../libfwupdplugin/tests/ifd/lenovo-p1-gen3.bin
FuEfiFirmwareFile : 536 -> 1338
FuEfiFirmwareFilesystem : 6 -> 32
FuEfiFirmwareSection : 9 -> 35
FuEfiFirmwareVolume : 6 -> 33
FuIfdFirmware : 1 -> 1
../libfwupdplugin/tests/ifd/lenovo-x1-nano.bin
FuEfiFirmwareFile : 0 -> 578
FuEfiFirmwareFilesystem : 0 -> 21
FuEfiFirmwareSection : 0 -> 35
FuEfiFirmwareVolume : 0 -> 22
FuIfdBios : 0 -> 1
FuIfdFirmware : 0 -> 1
FuIfdImage : 0 -> 3
check-ifd-firmware.py:
../libfwupdplugin/tests/ifd/lenovo-p1-gen3.bin
../libfwupdplugin/tests/ifd/lenovo-x1-nano.bin
Lines : 5289 -> 5290
check-ifd-firmware.py:
../libfwupdplugin/tests/ifd/lenovo-p1-gen3.bin
FuEfiFirmwareSection : 35 -> 4629
Lines : 11570 -> 48265
../libfwupdplugin/tests/ifd/lenovo-x1-nano.bin
FuEfiFirmwareSection : 35 -> 2027
Lines : 5290 -> 21206
check-ifd-firmware.py:
../libfwupdplugin/tests/ifd/lenovo-p1-gen3.bin
Lines : 48265 -> 49354
../libfwupdplugin/tests/ifd/lenovo-x1-nano.bin
Lines : 21206 -> 21686
Also, split up fu_efi_firmware_section_parse() as it's getting a bit wild.
hughsie
force-pushed
the
wip/hughsie/ifd
branch
from
8d720fb
to
ca6aba7
Compare
This can be run on a a directory of BIOS dumps, and only returns success if there are no regressions in parsing. The old parsing stats are stored in json files in the same directory. This cannot be run in CI or precommit as the big directory of firmware is 100% non-redistributable, and may even contain user secrets.
check-ifd-firmware.py:
../libfwupdplugin/tests/ifd/lenovo-p1-gen3.bin
FuEfiFirmwareSection : 4629 -> 4727
Lines : 49354 -> 50162
../libfwupdplugin/tests/ifd/lenovo-x1-nano.bin
FuEfiFirmwareSection : 2027 -> 2076
Lines : 21686 -> 22090
hughsie
force-pushed
the
wip/hughsie/ifd
branch
from
ca6aba7
to
dbaaf15
Compare
Type of pull request: