[Bug 1961864] Re: fwupd daemon failed verifying firmware signature
** Changed in: oem-priority Status: Triaged => In Progress ** Description changed: We are going to SRU fwupd 1.7.5 to impish and focal to fix bug LP: #1949412. With update fwupd, the default config set OnlyTrusted=true With that, we need update libjcat. [Impact] need to update libjcat so the recent firmware from lvfs could be installed by fwupd. [Test Plan] Will use fwupd SRU exception test plan to do those testing. IHV vendor will also contribute by testing recent firmware that can't be install without upgrade libjcat. [Where problems could occur] fwupd will crash, signature verification will failed and the can't install firmware from LVFS. Given the test plan in the SRU exception document, plus IHV testing, I think those shall be fine. [Other Info] SRU exception page: https://wiki.ubuntu.com/firmware-updates + There are several commits between 0.1.3 (current one in focal) + and 0.1.4 (the target version for this SRU). + The non-trivial commits are: + + https://github.com/hughsie/libjcat/commit/109399e1f28cec84b43c355b2be77bac38943df7 + https://github.com/hughsie/libjcat/commit/583df67e3ee25201f1e1830ae6d92bf846c082a3 + + Per the logic there, I think we should SRU those. The firmware blobs in cabinet archive are presently LVFS signed with gpg and pkcs7, if libjcat at compilation time without one then the blobs signed with both can't be verified. Impact is fwupd daemon will fail the firmware install immediately because OnlyTrusted=true is defaulted (in fwupd 1.7.x) to verifying the signature for daemon. We need uprev libjcat at least 0.1.4 onward to fix this issue. Issue is reproducible with fwupd 1.7.4 -> https://launchpad.net/~ycheng-twn/+archive/ubuntu/fwupd174 $ fwupdmgr --version client version: 1.7.4 compile-time dependency versions gusb:0.3.4 daemon version: 1.7.4 $ dpkg -l | grep libjcat ii libjcat1:amd640.1.3-2 amd64 JSON catalog library ** Description changed: We are going to SRU fwupd 1.7.5 to impish and focal to fix bug LP: #1949412. With update fwupd, the default config set OnlyTrusted=true With that, we need update libjcat. [Impact] need to update libjcat so the recent firmware from lvfs could be installed by fwupd. [Test Plan] Will use fwupd SRU exception test plan to do those testing. IHV vendor will also contribute by testing recent firmware that can't be install without upgrade libjcat. [Where problems could occur] fwupd will crash, signature verification will failed and the can't install firmware from LVFS. Given the test plan in the SRU exception document, plus IHV testing, I think those shall be fine. [Other Info] SRU exception page: https://wiki.ubuntu.com/firmware-updates There are several commits between 0.1.3 (current one in focal) and 0.1.4 (the target version for this SRU). The non-trivial commits are: https://github.com/hughsie/libjcat/commit/109399e1f28cec84b43c355b2be77bac38943df7 https://github.com/hughsie/libjcat/commit/583df67e3ee25201f1e1830ae6d92bf846c082a3 Per the logic there, I think we should SRU those. + Also note per: + + https://github.com/fwupd/fwupd/commit/7157ca79e4d6b13d82b0a21f8586b86be0cbb80e + + We do need updated libjcat to support new firmware from LVFS. + The firmware blobs in cabinet archive are presently LVFS signed with gpg and pkcs7, if libjcat at compilation time without one then the blobs signed with both can't be verified. Impact is fwupd daemon will fail the firmware install immediately because OnlyTrusted=true is defaulted (in fwupd 1.7.x) to verifying the signature for daemon. We need uprev libjcat at least 0.1.4 onward to fix this issue. Issue is reproducible with fwupd 1.7.4 -> https://launchpad.net/~ycheng-twn/+archive/ubuntu/fwupd174 $ fwupdmgr --version client version: 1.7.4 compile-time dependency versions gusb:0.3.4 daemon version: 1.7.4 $ dpkg -l | grep libjcat ii libjcat1:amd640.1.3-2 amd64 JSON catalog library -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1961864 Title: fwupd daemon failed verifying firmware signature To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1961864/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1961864] Re: fwupd daemon failed verifying firmware signature
** Description changed: + We are going to SRU fwupd 1.7.5 to impish and focal to fix bug LP: #1949412. With update fwupd, the default config set OnlyTrusted=true + With that, we need update libjcat. + + + The firmware blobs in cabinet archive are presently LVFS signed with gpg and pkcs7, if libjcat at compilation time without one then the blobs signed with both can't be verified. Impact is fwupd daemon will fail the firmware install immediately because OnlyTrusted=true is defaulted (in fwupd 1.7.x) to verifying the signature for daemon. We need uprev libjcat at least 0.1.4 onward to fix this issue. Issue is reproducible with fwupd 1.7.4 -> https://launchpad.net/~ycheng-twn/+archive/ubuntu/fwupd174 $ fwupdmgr --version client version: 1.7.4 compile-time dependency versions gusb:0.3.4 daemon version: 1.7.4 $ dpkg -l | grep libjcat ii libjcat1:amd640.1.3-2 amd64 JSON catalog library ** Description changed: We are going to SRU fwupd 1.7.5 to impish and focal to fix bug LP: #1949412. With update fwupd, the default config set OnlyTrusted=true With that, we need update libjcat. + [Impact] + need to update libjcat so the recent firmware from lvfs could be installed + by fwupd. + + [Test Plan] + Will use fwupd SRU exception test plan to do those testing. + IHV vendor will also contribute by testing recent firmware that + can't be install without upgrade libjcat. + + [] The firmware blobs in cabinet archive are presently LVFS signed with gpg and pkcs7, if libjcat at compilation time without one then the blobs signed with both can't be verified. Impact is fwupd daemon will fail the firmware install immediately because OnlyTrusted=true is defaulted (in fwupd 1.7.x) to verifying the signature for daemon. We need uprev libjcat at least 0.1.4 onward to fix this issue. Issue is reproducible with fwupd 1.7.4 -> https://launchpad.net/~ycheng-twn/+archive/ubuntu/fwupd174 $ fwupdmgr --version client version: 1.7.4 compile-time dependency versions gusb:0.3.4 daemon version: 1.7.4 $ dpkg -l | grep libjcat ii libjcat1:amd640.1.3-2 amd64 JSON catalog library ** Description changed: We are going to SRU fwupd 1.7.5 to impish and focal to fix bug LP: #1949412. With update fwupd, the default config set OnlyTrusted=true With that, we need update libjcat. [Impact] need to update libjcat so the recent firmware from lvfs could be installed by fwupd. [Test Plan] Will use fwupd SRU exception test plan to do those testing. IHV vendor will also contribute by testing recent firmware that can't be install without upgrade libjcat. - [] + [Where problems could occur] + fwupd will crash, signature verification will failed and the can't + install firmware from LVFS. + + Given the test plan in the SRU exception document, plus IHV testing, + I think those shall be fine. + + [Other Info] + SRU exception page: https://wiki.ubuntu.com/firmware-updates + + The firmware blobs in cabinet archive are presently LVFS signed with gpg and pkcs7, if libjcat at compilation time without one then the blobs signed with both can't be verified. Impact is fwupd daemon will fail the firmware install immediately because OnlyTrusted=true is defaulted (in fwupd 1.7.x) to verifying the signature for daemon. We need uprev libjcat at least 0.1.4 onward to fix this issue. Issue is reproducible with fwupd 1.7.4 -> https://launchpad.net/~ycheng-twn/+archive/ubuntu/fwupd174 $ fwupdmgr --version client version: 1.7.4 compile-time dependency versions gusb:0.3.4 daemon version: 1.7.4 $ dpkg -l | grep libjcat ii libjcat1:amd640.1.3-2 amd64 JSON catalog library -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1961864 Title: fwupd daemon failed verifying firmware signature To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1961864/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1961864] Re: fwupd daemon failed verifying firmware signature
libjcat can be de-couple with fwupd SRU. However with the new fwupd, we need libjcat also to be upgraded, or it will fail with new firmware from LVFS. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1961864 Title: fwupd daemon failed verifying firmware signature To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1961864/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1961864] Re: fwupd daemon failed verifying firmware signature
** Changed in: fwupd (Ubuntu Focal) Status: Triaged => Invalid ** Changed in: fwupd (Ubuntu Impish) Status: Triaged => Invalid ** Changed in: fwupd (Ubuntu Jammy) Status: Fix Released => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1961864 Title: fwupd daemon failed verifying firmware signature To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1961864/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1961864] Re: fwupd daemon failed verifying firmware signature
It works well with libjcat 0.1.4 from comment #7, we need uprev libjcat as mentioned in the bug description to fulfilling the runtime dependency. 0.1.4 as a minimum version of libjcat is now required by upstream fwupd, details at https://github.com/fwupd/fwupd/commit/7157ca79e4d6b13d82b0a21f8586b86be0cbb80e -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1961864 Title: fwupd daemon failed verifying firmware signature To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1961864/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1961864] Re: fwupd daemon failed verifying firmware signature
https://launchpad.net/~ycheng-twn/+archive/ubuntu/libjcat014/+packages Jcat 0.1.4 focal ppa for testing -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1961864 Title: fwupd daemon failed verifying firmware signature To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1961864/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1961864] Re: fwupd daemon failed verifying firmware signature
IMO ideally you don't want this coupled with the fwupd SRU with certain ordering since Jammy already has 0.1.3. 0.1.4 just fixes a bug in 0.1.3. So I don't think there is a strong requirement on the order of compilation here, is there? I'd expect just updating libjcat will be enough: https://github.com/fwupd/fwupd/blob/1.7.5/src/fu-engine.c#L4122 In which case the fwupd task should be invalid for this bug and fwupd 1.7.5 SRU can go independently of libjcat SRU. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1961864 Title: fwupd daemon failed verifying firmware signature To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1961864/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1961864] Re: fwupd daemon failed verifying firmware signature
With newer libjcat installed from given ppa in comment #4, and restarted the daemon now I can update firmware successfully. Thanks. $ fwupdmgr --version runtime org.freedesktop.fwupd 1.7.5 runtime com.dell.libsmbios2.4 compile org.freedesktop.gusb 0.3.4 runtime org.kernel5.11.0-49-generic compile org.freedesktop.fwupd 1.7.5 runtime org.freedesktop.gusb 0.3.5 $ dpkg -l | grep libjcat ii gir1.2-jcat-1.0:amd64 0.1.9-1~20.04.1 ii libjcat-dev:amd64 0.1.9-1~20.04.1 ii libjcat1:amd640.1.9-1~20.04.1 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1961864 Title: fwupd daemon failed verifying firmware signature To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1961864/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1961864] Re: fwupd daemon failed verifying firmware signature
I don't have enough knowledge on if this is a bug or not. If this is and we should upgrade libjcat, I've build it in ppa and please kindly sponsor to upload it to focal and impish, so we can SRU those with fwupd. https://launchpad.net/~ycheng-twn/+archive/ubuntu/fwupd175-3-2-jcat -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1961864 Title: fwupd daemon failed verifying firmware signature To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1961864/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1961864] Re: fwupd daemon failed verifying firmware signature
** Also affects: fwupd (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: libjcat (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: fwupd (Ubuntu Impish) Importance: Undecided Status: New ** Also affects: libjcat (Ubuntu Impish) Importance: Undecided Status: New ** Also affects: fwupd (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: libjcat (Ubuntu Jammy) Importance: Undecided Status: New ** Changed in: fwupd (Ubuntu Jammy) Status: New => Fix Released ** Changed in: libjcat (Ubuntu Jammy) Status: New => Fix Released ** Changed in: libjcat (Ubuntu Impish) Status: New => Triaged ** Changed in: libjcat (Ubuntu Focal) Status: New => Triaged ** Changed in: fwupd (Ubuntu Impish) Status: New => Triaged ** Changed in: fwupd (Ubuntu Focal) Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1961864 Title: fwupd daemon failed verifying firmware signature To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1961864/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1961864] Re: fwupd daemon failed verifying firmware signature
On the machine that test passed for WD19, the output is: # jcat-tool verify ./firmware.jcat --public-keys /etc/pki/fwupd package.bin: FAILED sha1: verifying data is not supported FAILED sha256: verifying data is not supported PASSED pkcs7: O=Linux Vendor Firmware Project,CN=LVFS CA PASSED gpg: 3FC6B804410ED0840D8F2F9748A6D80E4538BAC2 FAILED: Validation failed ec.bin: FAILED sha1: verifying data is not supported FAILED sha256: verifying data is not supported PASSED pkcs7: O=Linux Vendor Firmware Project,CN=LVFS CA PASSED gpg: 3FC6B804410ED0840D8F2F9748A6D80E4538BAC2 FAILED: Validation failed vmm5331.bin: FAILED sha1: verifying data is not supported FAILED sha256: verifying data is not supported PASSED pkcs7: O=Linux Vendor Firmware Project,CN=LVFS CA PASSED gpg: 3FC6B804410ED0840D8F2F9748A6D80E4538BAC2 FAILED: Validation failed rts5413.bin: FAILED sha1: verifying data is not supported FAILED sha256: verifying data is not supported PASSED pkcs7: O=Linux Vendor Firmware Project,CN=LVFS CA PASSED gpg: 3FC6B804410ED0840D8F2F9748A6D80E4538BAC2 FAILED: Validation failed rts5487.bin: FAILED sha1: verifying data is not supported FAILED sha256: verifying data is not supported PASSED pkcs7: O=Linux Vendor Firmware Project,CN=LVFS CA PASSED gpg: 3FC6B804410ED0840D8F2F9748A6D80E4538BAC2 FAILED: Validation failed titanridge.bin: FAILED sha1: verifying data is not supported FAILED sha256: verifying data is not supported PASSED pkcs7: O=Linux Vendor Firmware Project,CN=LVFS CA PASSED gpg: 3FC6B804410ED0840D8F2F9748A6D80E4538BAC2 FAILED: Validation failed package.metainfo.xml: FAILED sha1: verifying data is not supported FAILED sha256: verifying data is not supported PASSED pkcs7: O=Linux Vendor Firmware Project,CN=LVFS CA PASSED gpg: 3FC6B804410ED0840D8F2F9748A6D80E4538BAC2 FAILED: Validation failed ec.metainfo.xml: FAILED sha1: verifying data is not supported FAILED sha256: verifying data is not supported PASSED pkcs7: O=Linux Vendor Firmware Project,CN=LVFS CA PASSED gpg: 3FC6B804410ED0840D8F2F9748A6D80E4538BAC2 FAILED: Validation failed vmm5331.metainfo.xml: FAILED sha1: verifying data is not supported FAILED sha256: verifying data is not supported PASSED pkcs7: O=Linux Vendor Firmware Project,CN=LVFS CA PASSED gpg: 3FC6B804410ED0840D8F2F9748A6D80E4538BAC2 FAILED: Validation failed rts5413.metainfo.xml: FAILED sha1: verifying data is not supported FAILED sha256: verifying data is not supported PASSED pkcs7: O=Linux Vendor Firmware Project,CN=LVFS CA PASSED gpg: 3FC6B804410ED0840D8F2F9748A6D80E4538BAC2 FAILED: Validation failed rts5487.metainfo.xml: FAILED sha1: verifying data is not supported FAILED sha256: verifying data is not supported PASSED pkcs7: O=Linux Vendor Firmware Project,CN=LVFS CA PASSED gpg: 3FC6B804410ED0840D8F2F9748A6D80E4538BAC2 FAILED: Validation failed titanridge.metainfo.xml: FAILED sha1: verifying data is not supported FAILED sha256: verifying data is not supported PASSED pkcs7: O=Linux Vendor Firmware Project,CN=LVFS CA PASSED gpg: 3FC6B804410ED0840D8F2F9748A6D80E4538BAC2 FAILED: Validation failed Validation failed root@ubuntu:~# -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1961864 Title: fwupd daemon failed verifying firmware signature To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1961864/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1961864] Re: fwupd daemon failed verifying firmware signature
Can you please paste your output from running below? $ gcab -x 4e3f12fc1901c05790ab17ff2223a79631477aa87979498874c4c262cfafc144-WD19FirmwareUpdateLinux_01.00.21.cab $ jcat-tool verify ./firmware.jcat --public-keys /etc/pki/fwupd package.bin: FAILED sha1: verifying data is not supported FAILED sha256: verifying data is not supported PASSED pkcs7: O=Linux Vendor Firmware Project,CN=LVFS CA PASSED gpg: 3FC6B804410ED0840D8F2F9748A6D80E4538BAC2 FAILED: Validation failed ec.bin: FAILED sha1: verifying data is not supported FAILED sha256: verifying data is not supported PASSED pkcs7: O=Linux Vendor Firmware Project,CN=LVFS CA PASSED gpg: 3FC6B804410ED0840D8F2F9748A6D80E4538BAC2 FAILED: Validation failed vmm5331.bin: FAILED sha1: verifying data is not supported FAILED sha256: verifying data is not supported PASSED pkcs7: O=Linux Vendor Firmware Project,CN=LVFS CA PASSED gpg: 3FC6B804410ED0840D8F2F9748A6D80E4538BAC2 FAILED: Validation failed rts5413.bin: FAILED sha1: verifying data is not supported FAILED sha256: verifying data is not supported PASSED pkcs7: O=Linux Vendor Firmware Project,CN=LVFS CA PASSED gpg: 3FC6B804410ED0840D8F2F9748A6D80E4538BAC2 FAILED: Validation failed rts5487.bin: FAILED sha1: verifying data is not supported FAILED sha256: verifying data is not supported PASSED pkcs7: O=Linux Vendor Firmware Project,CN=LVFS CA PASSED gpg: 3FC6B804410ED0840D8F2F9748A6D80E4538BAC2 FAILED: Validation failed titanridge.bin: FAILED sha1: verifying data is not supported FAILED sha256: verifying data is not supported PASSED pkcs7: O=Linux Vendor Firmware Project,CN=LVFS CA PASSED gpg: 3FC6B804410ED0840D8F2F9748A6D80E4538BAC2 FAILED: Validation failed package.metainfo.xml: FAILED sha1: verifying data is not supported FAILED sha256: verifying data is not supported PASSED pkcs7: O=Linux Vendor Firmware Project,CN=LVFS CA PASSED gpg: 3FC6B804410ED0840D8F2F9748A6D80E4538BAC2 FAILED: Validation failed ec.metainfo.xml: FAILED sha1: verifying data is not supported FAILED sha256: verifying data is not supported PASSED pkcs7: O=Linux Vendor Firmware Project,CN=LVFS CA PASSED gpg: 3FC6B804410ED0840D8F2F9748A6D80E4538BAC2 FAILED: Validation failed vmm5331.metainfo.xml: FAILED sha1: verifying data is not supported FAILED sha256: verifying data is not supported PASSED pkcs7: O=Linux Vendor Firmware Project,CN=LVFS CA PASSED gpg: 3FC6B804410ED0840D8F2F9748A6D80E4538BAC2 FAILED: Validation failed rts5413.metainfo.xml: FAILED sha1: verifying data is not supported FAILED sha256: verifying data is not supported PASSED pkcs7: O=Linux Vendor Firmware Project,CN=LVFS CA PASSED gpg: 3FC6B804410ED0840D8F2F9748A6D80E4538BAC2 FAILED: Validation failed rts5487.metainfo.xml: FAILED sha1: verifying data is not supported FAILED sha256: verifying data is not supported PASSED pkcs7: O=Linux Vendor Firmware Project,CN=LVFS CA PASSED gpg: 3FC6B804410ED0840D8F2F9748A6D80E4538BAC2 FAILED: Validation failed titanridge.metainfo.xml: FAILED sha1: verifying data is not supported FAILED sha256: verifying data is not supported PASSED pkcs7: O=Linux Vendor Firmware Project,CN=LVFS CA PASSED gpg: 3FC6B804410ED0840D8F2F9748A6D80E4538BAC2 FAILED: Validation failed Validation failed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1961864 Title: fwupd daemon failed verifying firmware signature To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1961864/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1961864] Re: fwupd daemon failed verifying firmware signature
I use WD19SC to upgrade its firmware, and it works fine. I use fwupd 1.7.5 from this ppa: https://launchpad.net/~ycheng-twn/+archive/ubuntu/fwupd175-3-2 I didn't upgrade libjcat and it also works fine. Use get-releases, the cab used is https://fwupd.org/downloads/4e3f12fc1901c05790ab17ff2223a79631477aa87979498874c4c262cfafc144-WD19FirmwareUpdateLinux_01.00.21.cab use gcab -x XXX.cab, there is firmware.jcat inside. ** Changed in: oem-priority Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1961864 Title: fwupd daemon failed verifying firmware signature To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1961864/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1961864] Re: fwupd daemon failed verifying firmware signature
** Also affects: libjcat (Ubuntu) Importance: Undecided Status: New ** Tags added: focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1961864 Title: fwupd daemon failed verifying firmware signature To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1961864/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1961864] Re: fwupd daemon failed verifying firmware signature
** Changed in: oem-priority Assignee: (unassigned) => Yuan-Chen Cheng (ycheng-twn) ** Changed in: oem-priority Importance: Undecided => Critical -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1961864 Title: fwupd daemon failed verifying firmware signature To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1961864/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1961864] Re: fwupd daemon failed verifying firmware signature
** Description changed: The firmware blobs in cabinet archive are presently LVFS signed with gpg and pkcs7, if libjcat at compilation time without one then the blobs signed with both can't be verified. Impact is fwupd daemon will fail the firmware install immediately - because OnlyTrusted=true is defaulted to verifying the signature for - daemon. + because OnlyTrusted=true is defaulted (in fwupd 1.7.x) to verifying the + signature for daemon. We need uprev libjcat at least 0.1.4 onward to fix this issue. Issue is reproducible with fwupd 1.7.4 -> https://launchpad.net/~ycheng-twn/+archive/ubuntu/fwupd174 $ fwupdmgr --version client version: 1.7.4 compile-time dependency versions - gusb: 0.3.4 + gusb:0.3.4 daemon version: 1.7.4 $ dpkg -l | grep libjcat ii libjcat1:amd640.1.3-2 amd64 JSON catalog library -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1961864 Title: fwupd daemon failed verifying firmware signature To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1961864/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1961864] Re: fwupd daemon failed verifying firmware signature
** Also affects: oem-priority Importance: Undecided Status: New ** Tags added: oem-priority -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1961864 Title: fwupd daemon failed verifying firmware signature To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1961864/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs