flashrom: Add a plugin for updating using the flashrom command line tool

[hughsie]

This reworks the old purism plugin to be a generic flashrom mechanism that can be used by any vendor by dropping in a quirks file.

[superm1]

As a more general comment, you should add flashrom and bubblewrap to the dependencies.txt for all the distro packages.

[superm1]

Any particular reason to capitalize Laptop and Flashrom?

[hughsie]

It's just example text really.

[superm1]

A comment on how this GUID was generate would be good

[hughsie]

Fixed.

[superm1]

This should probably match 1.x.x as that's when the plugin will merge in.

[hughsie]

Fixed.

[superm1]

Obviously sort this out before merging

[hughsie]

I'm actually waiting for hardware to know how to parse this; the dummy flashrom driver I've been using doesn't return percentage reports. :/ I've asked on the flashrom mailing list about the creation of a libflashrom which would be much better to use, but such a think might be a long time waiting.

@ximion can I get hold of the flashrom --verbose output please so I know what to parse please. If the Purism guys can get some hardware to me (even just a reconditioned mainboard) then that would make this much easier to test.

[hughsie]

I've guessed at this now, confirmation required of course.

[superm1]

likewise

[superm1]

unused AFAICT

[hughsie]

Fixed.

[superm1]

Can this directly be initialized to data->flashrom_fn?

[hughsie]

Fixed.

[superm1]

Flashrom can be used for more than just system motherboards can't it? It might make sense to be more general in this regard. For example add a quirk that represents system motherboard, and then a different one that represents some other random device (not sure what arguments flashrom uses to represent access to something other than internal:laptop though).

[hughsie]

I've never seen flashrom update anything other than the BIOS in the wild -- I know it can do things like network cards, but I'm really pushing vendors to use UEFI for that kind of thing -- flashrom is a last ditch effort really.

[superm1]

OK probably fine to keep it this way and if the need arises it can be changed some then.

[superm1]

It's not obvious that these are called coming into the update function. I think you should add something in the readme or at least gtk-doc documentation for the flashrom plugin to indicate that's how this is working.

[hughsie]

there is already documentation in (the installed) data/builder/README.md but I can add something to the readme.md too

[superm1]

I think it would be good to make this plugin optional by meson config option (but default on). Eg thinking with a RHEL hat on, I'm not sure it's something that should be on RHEL without an explicit ask from a customer.

[hughsie]

What's the logic for not including it in RHEL? Perhaps that the flashrom update mechanism is inherently riskier than a UEFI capsule update?

[superm1]

Yeah inherently riskier is exactly what I was getting at. There's no validation of the signature of a payload.

[hughsie]

Right, agree. Is flashing an unsigned system firmware from the LVFS more risky than not applying a security update? My argument would be you remove the layer of hardware validation, and fall back to just the two layers of LVFS+fwupd policy.

[superm1]

I suppose and if flashrom the runtime dep isn't installed by deafult yet this is an extremely small surface area.

[hughsie]

you should add flashrom and bubblewrap to the dependencies.txt

These are runtime deps tho, not BuildRequires...

[superm1]

Yeah so debian/control and spec.in will both want the runtime deps included then too

[hughsie]

How do you do a runtime dep in Debian out of interest? Google wasn't much help. For Fedora I've just added bubblewrap, I don't know if a 600Kb dep of flashrom is what we want in general. I suppose if we "support" it in fwupd then we do need to runtime require it. I'd still much rather depend on a libflashrom-dev although that might be some waiting.

[superm1]

How do you do a runtime dep in Debian out of interest?
debian/control add it to the depends: or recommends: line of the package that needs the runtime dep or recommend. So here: https://github.com/hughsie/fwupd/blob/master/contrib/debian/control#L78

Since these are "optional", I think it makes sense to mark bubblewrap as recommends. Recommends are installed by default, but they can be removed and let the package still be functional.

Keeping flashrom out for now sounds fine by me. As these machines are prevalent that use it that can be revisited. I think If it's not installed by default though you should make a few changes:

1. Rather than abort the plugin if not installed, only avoid adding the "updateable" flag.
2. Output something in the journal (error or info level) about missing flashrom executable in this instance if one of these devices is found.
3. Add something to the common errors wiki about this error with a fix for common distros (apt install flashrom; dnf install flashrom)

In ubuntu land there will be some paper work with getting the various deps installed by default (in the regular public image), but I'll sort that out.

[superm1]

Since we've been switching over to marking devices not updatable and setting UpdateError, I think this is a good candidate to do the same rather than fail plugin startup.

[hughsie]

Agree. I'm still not sure if I want to merge this plugin or wait for libflashrom to happen. It doesn't seem like the latter is coming any time soon.

[superm1]

I say update for that change merge it now, and if libflashrom happens, clean up later, bump up the dependency.