Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Properly handle fwupd update capsules #113

Merged
merged 1 commit into from
Feb 25, 2023
Merged

Properly handle fwupd update capsules #113

merged 1 commit into from
Feb 25, 2023

Conversation

dasJ
Copy link
Member

@dasJ dasJ commented Feb 21, 2023

Closes #85

$ sudo sbctl verify
Verifying file database and EFI images in /boot...
✓ /boot/EFI/BOOT/BOOTX64.EFI is signed
✓ /boot/EFI/Linux/nixos-generation-553.efi is signed
✓ /boot/EFI/Linux/nixos-generation-554.efi is signed
✓ /boot/EFI/Linux/nixos-generation-555.efi is signed
✓ /boot/EFI/Linux/nixos-generation-556.efi is signed
✓ /boot/EFI/Linux/nixos-generation-557.efi is signed
✓ /boot/EFI/Linux/nixos-generation-558.efi is signed
✓ /boot/EFI/Linux/nixos-generation-559.efi is signed
✓ /boot/EFI/Linux/nixos-generation-560.efi is signed
✓ /boot/EFI/Linux/nixos-generation-561.efi is signed
✓ /boot/EFI/Linux/nixos-generation-562.efi is signed
✓ /boot/EFI/Linux/nixos-generation-563.efi is signed
✓ /boot/EFI/nixos/fwupdx64.efi is signed
✓ /boot/EFI/systemd/systemd-bootx64.efi is signed

RaitoBezarius
RaitoBezarius approved these changes Feb 23, 2023
View reviewed changes
Copy link
Member

@RaitoBezarius RaitoBezarius left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for this cool change!

@blitz
Copy link
Member

blitz commented Feb 25, 2023

@dasJ Looks good. Can you maybe provide a happy path test in another PR? :) I think even testing that everything evualates with fwupd on is better than nothing.

@blitz blitz merged commit 9daa941 into nix-community:master Feb 25, 2023
@mweinelt
Copy link
Member

This caused a regression against nixos-unstable.

error: The option `environment.etc."fwupd/uefi_capsule.conf".source' has conflicting definition values:
       - In `/nix/store/s2lni0idfkhs0lcnr8walzhdqzarfb0m-source/nixos/modules/system/etc/etc.nix': <derivation etc-uefi_capsule.conf>
       - In `/nix/store/s2lni0idfkhs0lcnr8walzhdqzarfb0m-source/nixos/modules/services/hardware/fwupd.nix': "/nix/store/nxv27wliyqqdxvp44mx715d2v568k9ym-fwupd-1.8.10/etc/fwupd/uefi_capsule.conf"
       Use `lib.mkForce value` or `lib.mkDefault value` to change the priority on any of these definitions.

@blitz blitz mentioned this pull request Feb 25, 2023
Merged
@blitz
Copy link
Member

blitz commented Feb 25, 2023

@mweinelt Thanks for reporting. I've reverted this for now.

@lilyinstarlight lilyinstarlight mentioned this pull request Mar 10, 2023
Merged
12 tasks
@lilyinstarlight
Copy link
Member

I can confirm a slightly modified version of this PR (commit at lilyinstarlight@9404722) and NixOS/nixpkgs#220555 makes this work correctly

I just successfully did a BIOS update with secureboot enforcing using a UEFI capsule with fwupd

@mweinelt
Copy link
Member

@lilyinstarlight PR in nixpkgs is merged. Please create a new pr on the repo.

@lilyinstarlight lilyinstarlight mentioned this pull request Mar 14, 2023
Merged
@lilyinstarlight
Copy link
Member

@lilyinstarlight PR in nixpkgs is merged. Please create a new pr on the repo.

I was going to give @dasJ a chance to since they did the harder work, but I've gone ahead and opened #131 now

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@RaitoBezarius RaitoBezarius RaitoBezarius approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

fwupd support
5 participants
@dasJ @blitz @mweinelt @lilyinstarlight @RaitoBezarius