dasharo-issues
dasharo-issues copied to clipboard
Dasharo
Firmware preparation instructions
Component
Dasharo documentation
Device
Dell OptiPlex 7010
Dasharo version
No response
Dasharo Tools Suite version
No response
Test case ID
No response
Brief summary
Instructions from https://docs.dasharo.com/variants/dell_optiplex/initial-deployment/#firmware-preparation aren't exact.
How reproducible
No response
How to reproduce
https://docs.dasharo.com/variants/dell_optiplex/initial-deployment/#firmware-preparation - try to follow
Expected behavior
Each instruction works as written.
Actual behavior
Some instructions must be modified.
Screenshots
No response
Additional context
python3-develmust also be installed - at least on Fedorauefi-firmware-parserfails, but at least it writes required output files before failing- paths to extracted files are wrong (
_O7010A29.exe.extracted/65C10_output/should be dropped) - may be caused by the above - Intel SINIT ACM package no longer has ACM used by OptiPlex
Solutions you've tried
No response
In addition to problems mentioned earlier, https://docs.dasharo.com/variants/dell_optiplex/recovery/#vendor-bios-recovery tells the user to use backup, but instructions in https://docs.dasharo.com/variants/dell_optiplex/initial-deployment/ don't mention how such backup should be prepared.
https://docs.dasharo.com/variants/dell_optiplex/building-manual/#building-steps - very last point sends to https://docs.dasharo.com/variants/dell_optiplex/firmware-update/, but by following that path, the flashed binary does not include ACMs and EC blobs.
Intel SINIT ACM package no longer has ACM used by OptiPlex
Heads used web.archive.org but that fails too now https://github.com/linuxboot/heads/issues/1979#issue-3125079664
I'm interested in working on this issue.
The instruction recommends to use Dasharo Tools Suite. So wouldn't it be easier to pack this manual steps into a script and ship it with DTS?
Good point @haeckle .
It says to use DTS, and then it also says to use apt (which is not available in DTS) to install packages.
I second your suggestion on shipping a script into dts-scripts. In the documentation we may simply refer to it. We may also link to script's code, so if one for some reason wants to avoid DTS, they can still use it on host, but we need to make it clear that this is not a supported path, and they need to take care of dependencies (and other issues) themselves.
This functionality already exists as part of the Dasharo zero-touch initial deployment. It's the function blob_transmission().
Splitting this out and making it usable for manual use on self-built firmware would be good.
However as discussed in #1067 maybe this should be part of a larger refactoring. So I suggest to update the documentation in moving the "Firmware Preparation" section to the "Building Manual" as it's only needed when you build yourself. Also making it distro independent and just saying wich tools are needed should be sufficient for people who self-build.
To reproduce the failing approach from @krystian-hebel I tested it with Fedora 42 Toolbox with the following commands and it worked flawless:
sudo dnf install binwalk python3-pip python3-devel gcc
pip install uefi-firmware==1.9
wget --user-agent='Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)' https://dl.dell.com/FOLDER05066036M/1/O7010A29.exe
binwalk -e O7010A29.exe -C .
uefi-firmware-parser -e "_O7010A29.exe.extracted/65C10" -O
cp _O7010A29.exe.extracted/65C10_output/pfsobject/section-7ec6c2b0-3fe3-42a0-a316-22dd0517c1e8/volume-0x50000/file-d386beb8-4b54-4e69-94f5-06091f67e0d3/section0.raw sch5545_ecfw.bin
However trying this commands with DTS 2.6.0 didn't work as binwalk (called with --run-as=root as DTS shell runs as root) seems to miss some extractors and then uefi-firmware-parser also fails.
And missing the hardware I didn't build and patched the binary as I can't test if that works.
For the points from "Additional Context":
* `python3-devel` must also be installed - at least on Fedora
Yes, see above.
* `uefi-firmware-parser` fails, but at least it writes required output files before failing
Same with uefi-firmware==1.9. DTS seems to ship the latest version which exits with another failure and don't write anything out. I wonder if the zero-touch initial deployment still works…
* paths to extracted files are wrong (`_O7010A29.exe.extracted/65C10_output/` should be dropped) - may be caused by the above
The documentation is cursed and adds whitespace to the filepath. It worked as oneliner:
cp _O7010A29.exe.extracted/65C10_output/pfsobject/section-7ec6c2b0-3fe3-42a0-a316-22dd0517c1e8/volume-0x50000/file-d386beb8-4b54-4e69-94f5-06091f67e0d3/section0.raw sch5545_ecfw.bin
and also with linebreaks
cp _O7010A29.exe.extracted/65C10_output/pfsobject/\
section-7ec6c2b0-3fe3-42a0-a316-22dd0517c1e8/volume-0x500000/\
file-2d27c618-7dcd-41f5-bb10-21166be7e143/object-0.raw IVB_BIOSAC_PRODUCTION.bin
Intel SINIT ACM package no longer has ACM used by OptiPlex
Heads used web.archive.org but that fails too now linuxboot/heads#1979 (comment)
I got this from the 3mdeb mirror as in the deploy code:
wget https://dl.3mdeb.com/mirror/intel/acm/SNB_IVB_SINIT_20190708_PW.bin
I suggest to update the documentation in moving the "Firmware Preparation" section to the "Building Manual" as it's only needed when you build yourself.
@haeckle
I am fine with this proposal. We just need to make sure that the copy-paste commands from documentation works fine to address the main points raised in this issue.
Looking forward for a PR to docs.