fwupd
fwupd copied to clipboard
Published
20 hours ago •
fwupd
fwupd
`fwupdmgr security` on Lenovo Thinkpad X1 Carbon (Gen 12)
Describe the bug
Running fwupdmgr security on a Lenovo Thinkpad X1 Carbon (Gen 12) returns the following:
$ fwupdmgr security
Host Security ID: HSI:0! (v1.9.18)
HSI-1
✔ BIOS firmware updates: Enabled
✔ MEI key manifest: Valid
✔ unknown manufacturing mode: Locked
✔ unknown override: Locked
✔ Platform debugging: Disabled
✔ SPI write: Disabled
✔ SPI lock: Enabled
✔ SPI BIOS region: Locked
✔ Supported CPU: Valid
✔ TPM empty PCRs: Valid
✔ TPM v2.0: Found
✔ UEFI bootservice variables: Locked
✔ UEFI platform key: Valid
✔ UEFI secure boot: Enabled
✘ MEI version: Unknown
HSI-2
✔ BIOS rollback protection: Enabled
✔ Intel BootGuard: Enabled
✔ Intel BootGuard OTP fuse: Valid
✔ IOMMU: Enabled
✔ Platform debugging: Locked
✔ TPM PCR0 reconstruction: Valid
✘ Intel BootGuard ACM protected: Invalid
✘ Intel BootGuard verified boot: Invalid
HSI-3
✔ CET Platform: Supported
✔ Pre-boot DMA protection: Enabled
✔ Suspend-to-idle: Enabled
✔ Suspend-to-ram: Disabled
✘ Intel BootGuard error policy: Invalid
HSI-4
✔ SMAP: Enabled
✘ Encrypted RAM: Not supported
Runtime Suffix -!
✔ fwupd plugins: Untainted
✔ Linux kernel lockdown: Enabled
✔ Linux swap: Disabled
✔ Linux kernel: Untainted
✘ CET OS Support: Not supported
This system has a low HSI security level.
» https://fwupd.github.io/hsi.html#low-security-level
This system has HSI runtime issues.
» https://fwupd.github.io/hsi.html#hsi-runtime-suffix
Host Security Events
2024-04-24 22:59:56: ✔ Kernel lockdown enabled
2024-04-24 22:53:13: ✔ BIOS rollback protection changed: Disabled → Enabled
2024-04-24 20:55:32: ✔ Secure Boot enabled
Host Security ID attributes uploaded successfully, thanks!
MEI version is missing and Intel BootGuard ACM protected and Intel BootGuard verified boot are marked as invalid although should be supported according to the CPU specs.
fwupd version information Please provide the version of the daemon and client.
compile com.hughsie.libxmlb 0.3.19
compile org.freedesktop.Passim 0.1.7
compile com.hughsie.libjcat 0.2.1
compile org.freedesktop.fwupd 1.9.18
runtime org.freedesktop.Passim 0.1.7
compile org.freedesktop.gusb 0.4.8
runtime com.hughsie.libxmlb 0.3.19
runtime com.hughsie.libjcat 0.2.1
runtime org.freedesktop.gusb 0.4.8
runtime org.kernel 6.8.7-arch1-1
runtime org.freedesktop.fwupd 1.9.18
Please note how you installed it (apt, dnf, pacman, source, etc): pacman
**fwupd device information**
Please provide the output of the fwupd devices recognized in your system.
LENOVO 21KDS00600
│
├─Unknown Device:
│ Device ID: a68c39791960b3933e30fa803e3ad3bb813e8850
│ GUID: e4d9b4f9-ae47-5fe3-9ef0-a27b093b8553 ← GPIO\ID_INTC1083:00
│
├─ATNA40YK20-0:
│ Device ID: aec1a869eb0df71b7cea6b3ac71d39b830faf164
│ GUID: ac5271d2-805b-5318-aa35-056f5564a2c2 ← DRM\VEN_SDC&DEV_419F
│ Device Flags: • Internal device
│
├─Core™ Ultra 7 155H:
│ Device ID: 4bde70ba4e39b28f9eab1628f9dd6e6244c03027
│ Current version: 0x0000001c
│ Vendor: Intel
│ GUIDs: e38fa480-0c3d-5240-be48-b590e507eed9 ← CPUID\PRO_0&FAM_06&MOD_AA
│ 189c1794-cc75-56bd-b1f7-8f4af3aa3f82 ← CPUID\PRO_0&FAM_06&MOD_AA&STP_4
│ Device Flags: • Internal device
│
├─Integrated Camera:
│ Device ID: 4295296d98b3ba38c72f6baa33d24f03a1d428f6
│ Current version: 56.9
│ Vendor: Chicony Electronics Co.,Ltd. (USB:0x04F2)
│ Serial Number: 0001
│ GUID: e3050efc-079c-58b7-9356-e148a87e9f52 ← USB\VID_04F2&PID_B7E0
│ Device Flags: • Updatable
│
├─Intel Management Engine:
│ Device ID: 24042f04a129b0c4f214e2a5dad7871889015686
│ Summary: UEFI System Resource Table device (updated via NVRAM)
│ Current version: 0.5.2098
│ Vendor: Lenovo (DMI:LENOVO)
│ Update State: Success
│ Problems: • Device requires AC power to be connected
│ GUID: 3e00e617-c8ff-4e88-8133-c3032089c5e7
│ Device Flags: • Internal device
│ • System requires external power source
│ • Supported on remote server
│ • Needs a reboot after installation
│ • Device is usable for the duration of the update
│ • Updatable
│ Device Requests: • Message
│
├─KXG8AZNV1T02 LA KIOXIA:
│ Device ID: 04e17fcf7d3de91da49a163ffe4907855c3648be
│ Summary: NVM Express solid state drive
│ Current version: 5106APLA
│ Vendor: KIOXIA Corporation (NVME:0x1E0F)
│ Serial Number: Z3EFB2VXFS8U
│ Problems: • Device requires AC power to be connected
│ GUIDs: 722427b7-af1f-5554-b0c2-c608b2b94717 ← NVME\VEN_1E0F&DEV_0010
│ d4c81e68-004c-5f36-a848-c2ccb7869b3a ← NVME\VEN_1E0F&DEV_0010&SUBSYS_1E0F0001
│ 223acc9d-09d1-5703-829b-ce7fb0d48891 ← KXG8AZNV1T02 LA KIOXIA
│ Device Flags: • Internal device
│ • System requires external power source
│ • Supported on remote server
│ • Needs a reboot after installation
│ • Device is usable for the duration of the update
│ • Updatable
│ • Signed Payload
│
├─Meteor Lake-P [Intel Arc Graphics]:
│ Device ID: 5792b48846ce271fab11c4a545f7a3df0d36e00a
│ Current version: 08
│ Vendor: Intel Corporation (PCI:0x8086)
│ GUIDs: 83527278-745c-5242-b41f-485755e7d464 ← PCI\VEN_8086&DEV_7D55
│ 2573d919-fdba-5d8c-9587-0311acbe2ff8 ← PCI\VEN_8086&DEV_7D55&SUBSYS_17AA231E
│ Device Flags: • Internal device
│ • Cryptographic hash verification is available
│
├─Prometheus:
│ │ Device ID: aa4b7bf130da693bbf1a8a785ad830190788233b
│ │ Summary: Fingerprint reader
│ │ Current version: 10.01.4234207
│ │ Vendor: Synaptics (USB:0x06CB)
│ │ Install Duration: 2 seconds
│ │ Serial Number: 252915074439988
│ │ GUID: 5ece4c46-83b9-5fdb-812f-30ed14df1b97 ← USB\VID_06CB&PID_0123
│ │ Device Flags: • Updatable
│ │ • Cryptographic hash verification is available
│ │ • Signed Payload
│ │
│ └─Prometheus IOTA Config:
│ Device ID: 9382250e49c47a2854a1485dbbb221b39853bacd
│ Summary: Fingerprint reader config
│ Current version: 0003
│ Minimum Version: 0003
│ Vendor: Synaptics (USB:0x06CB)
│ GUIDs: 34255d13-bdb5-5363-a276-c2a728b82db5 ← USB\VID_06CB&PID_0123-cfg
│ ef0d4d8c-ef9d-5cf1-81c7-f285443547a7 ← USB\VID_06CB&PID_0123&CFG1_4004&CFG2_0
│ Device Flags: • Updatable
│ • Only version upgrades are allowed
│ • Signed Payload
│
├─System Firmware:
│ │ Device ID: d87aeba8ce6cdff706492615b1c1e9f6f48ce3c6
│ │ Summary: UEFI System Resource Table device (updated via NVRAM)
│ │ Current version: 0.1.26
│ │ Vendor: Lenovo (DMI:LENOVO)
│ │ Update State: Success
│ │ Problems: • Device requires AC power to be connected
│ │ GUID: 420e7cf1-cedf-4b5f-9ef0-f1896a946d8f
│ │ Device Flags: • Internal device
│ │ • System requires external power source
│ │ • Supported on remote server
│ │ • Needs a reboot after installation
│ │ • Cryptographic hash verification is available
│ │ • Device is usable for the duration of the update
│ │ • Updatable
│ │ Device Requests: • Message
│ │
│ └─BootGuard Configuration:
│ Device ID: b0d4430dfa6bde9f0c22680df36dbc8c15c80753
│ Current version: 20
│ Vendor: Intel Corporation (MEI:0x8086)
│ GUIDs: dd17041c-09ea-4b17-a271-5b989867ec65
│ 1ccb36c3-6cdc-5bbc-9fc7-e9e2cb977ce4 ← MEI\VEN_8086&DEV_7E70
│ e5a63e3f-2cbf-50ba-ae7e-4286cb1e25af ← MEI\VEN_8086&DEV_7E70&SUBSYS_17AA231E
│ Device Flags: • Internal device
│
├─TPM:
│ Device ID: c6a80ac3a22083423992a3cb15018989f37834d6
│ Current version: 9.256.0.0
│ Vendor: ST Microelectronics (TPM:STM)
│ Problems: • Device requires AC power to be connected
│ GUIDs: 3680fbf1-593f-586f-91ac-c528b37e8373 ← TPM\VEN_STM&DEV_0000
│ b32f3efb-e38f-566b-95fa-ce96830be9a8 ← TPM\VEN_STM&MOD_ST33KTPM2XSPI
│ 8d0b4adc-a42f-59eb-9df8-665923afa086 ← TPM\VEN_STM&DEV_0000&VER_2.0
│ 3f485b9a-29fb-5a2d-994a-958aacc1b287 ← TPM\VEN_STM&MOD_ST33KTPM2XSPI&VER_2.0
│ Device Flags: • Internal device
│ • System requires external power source
│ • Needs a reboot after installation
│ • Device can recover flash failures
│ • Full disk encryption secrets may be invalidated when updating
│ • Signed Payload
│
├─UEFI Device Firmware:
│ Device ID: 84c1ee7b500ec547692c1c661ce6f46feb7809d9
│ Summary: UEFI System Resource Table device (updated via NVRAM)
│ Current version: 347182
│ Vendor: DMI:LENOVO
│ Update State: Success
│ Problems: • Device requires AC power to be connected
│ GUID: 7feb1d5d-33f4-48d3-bd11-c4b36b6d0e57
│ Device Flags: • Internal device
│ • System requires external power source
│ • Needs a reboot after installation
│ • Device is usable for the duration of the update
│ • Updatable
│ Device Requests: • Message
│
├─UEFI Device Firmware:
│ Device ID: 81b48f03e77395bb1d700a59b19f75ae6ceb9e35
│ Summary: UEFI System Resource Table device (updated via NVRAM)
│ Current version: 347182
│ Vendor: DMI:LENOVO
│ Update State: Success
│ Problems: • Device requires AC power to be connected
│ GUID: 6c8e136f-d3e6-4131-ac32-4687cb4abd27
│ Device Flags: • Internal device
│ • System requires external power source
│ • Needs a reboot after installation
│ • Device is usable for the duration of the update
│ • Updatable
│ Device Requests: • Message
│
├─UEFI Device Firmware:
│ Device ID: 8c3c42f2bc31aa1122a63975eab6b792ff13be30
│ Summary: UEFI System Resource Table device (updated via NVRAM)
│ Current version: 327680
│ Minimum Version: 57374
│ Vendor: DMI:LENOVO
│ Update State: Success
│ Problems: • Device requires AC power to be connected
│ GUID: 4ef0b292-4134-4ebc-9f2f-1fcb908c60fe
│ Device Flags: • Internal device
│ • System requires external power source
│ • Needs a reboot after installation
│ • Device is usable for the duration of the update
│ • Updatable
│ Device Requests: • Message
│
├─UEFI Device Firmware:
│ Device ID: b388d2b4ef18b9804d15945f32a77ab8bf045412
│ Summary: UEFI System Resource Table device (updated via NVRAM)
│ Current version: 16974641
│ Vendor: DMI:LENOVO
│ Update State: Success
│ Problems: • Device requires AC power to be connected
│ GUID: 57069ed8-0b3f-4897-bb3b-b278b8d2e1f6
│ Device Flags: • Internal device
│ • System requires external power source
│ • Needs a reboot after installation
│ • Device is usable for the duration of the update
│ • Updatable
│ Device Requests: • Message
│
├─UEFI Device Firmware:
│ Device ID: 1247e16fade7c8aad409e1104831ff424088d234
│ Summary: UEFI System Resource Table device (updated via NVRAM)
│ Current version: 0.1.20
│ Minimum Version: 0.1.20
│ Vendor: Lenovo (DMI:LENOVO)
│ Update State: Success
│ Problems: • Device requires AC power to be connected
│ GUID: 573c8caf-fbdb-41a5-8f1a-c87d6695d39a
│ Device Flags: • Internal device
│ • System requires external power source
│ • Supported on remote server
│ • Needs a reboot after installation
│ • Device is usable for the duration of the update
│ • Updatable
│ Device Requests: • Message
│
├─UEFI Device Firmware:
│ Device ID: 3a63c963c98750afaa5ac3d3698a78da900aec22
│ Summary: UEFI System Resource Table device (updated via NVRAM)
│ Current version: 16777230
│ Minimum Version: 1
│ Vendor: DMI:LENOVO
│ Update State: Success
│ Problems: • Device requires AC power to be connected
│ GUID: e74064ef-817c-4e35-b13f-6e391f713f1c
│ Device Flags: • Internal device
│ • System requires external power source
│ • Needs a reboot after installation
│ • Device is usable for the duration of the update
│ • Updatable
│ Device Requests: • Message
│
├─UEFI Device Firmware:
│ Device ID: 4cf05374a5ad57e86fc0b6f916b875db070f603c
│ Summary: UEFI System Resource Table device (updated via NVRAM)
│ Current version: 1442848254
│ Minimum Version: 1
│ Vendor: DMI:LENOVO
│ Update State: Success
│ Problems: • Device requires AC power to be connected
│ GUID: e468d139-d9fa-45a3-beec-aea12a1c3df5
│ Device Flags: • Internal device
│ • System requires external power source
│ • Needs a reboot after installation
│ • Device is usable for the duration of the update
│ • Updatable
│ Device Requests: • Message
│
├─UEFI Device Firmware:
│ Device ID: 8ddeff74d554a8526e241dbe66056295f6cdfe96
│ Summary: UEFI System Resource Table device (updated via NVRAM)
│ Current version: 1
│ Minimum Version: 1
│ Vendor: DMI:LENOVO
│ Update State: Success
│ Problems: • Device requires AC power to be connected
│ GUID: e1aa1f32-86d3-40f8-a756-405549d3d0f4
│ Device Flags: • Internal device
│ • System requires external power source
│ • Needs a reboot after installation
│ • Device is usable for the duration of the update
│ • Updatable
│ Device Requests: • Message
│
├─UEFI Device Firmware:
│ Device ID: e4726eaabaca376caad9b733ccf16fc4ca40e9ee
│ Summary: UEFI System Resource Table device (updated via NVRAM)
│ Current version: 590080
│ Minimum Version: 590080
│ Vendor: DMI:LENOVO
│ Update State: Success
│ Problems: • Device requires AC power to be connected
│ GUID: 97e533b2-6a6c-4c0b-8efb-6a493442dd1c
│ Device Flags: • Internal device
│ • System requires external power source
│ • Needs a reboot after installation
│ • Device is usable for the duration of the update
│ • Updatable
│ Device Requests: • Message
│
├─UEFI Device Firmware:
│ Device ID: 81568164782039dbd4a74856cacb9800f408d44e
│ Summary: UEFI System Resource Table device (updated via NVRAM)
│ Current version: 70420
│ Vendor: DMI:LENOVO
│ Update State: Success
│ Problems: • Device requires AC power to be connected
│ GUID: 4e88068b-41b2-4e05-893c-db0b43f7d348
│ Device Flags: • Internal device
│ • System requires external power source
│ • Needs a reboot after installation
│ • Device is usable for the duration of the update
│ • Updatable
│ Device Requests: • Message
│
├─UEFI Device Firmware:
│ Device ID: 7dccda75b1f76a97e675b08e7e0f8ab9924ad9ce
│ Summary: UEFI System Resource Table device (updated via NVRAM)
│ Current version: 1
│ Minimum Version: 1
│ Vendor: DMI:LENOVO
│ Update State: Success
│ Problems: • Device requires AC power to be connected
│ GUID: 69585d92-b50a-4ad7-b265-2eb1ae066574
│ Device Flags: • Internal device
│ • System requires external power source
│ • Needs a reboot after installation
│ • Device is usable for the duration of the update
│ • Updatable
│ Device Requests: • Message
│
├─UEFI Device Firmware:
│ Device ID: 587c6425a53c7997d7d62a4fb5986fad193f8433
│ Summary: UEFI System Resource Table device (updated via NVRAM)
│ Current version: 0
│ Vendor: DMI:LENOVO
│ Update State: Success
│ Problems: • Device requires AC power to be connected
│ GUID: 3dd84775-ec79-4ecb-8404-74de030c3f77
│ Device Flags: • Internal device
│ • System requires external power source
│ • Needs a reboot after installation
│ • Device is usable for the duration of the update
│ • Updatable
│ Device Requests: • Message
│
├─UEFI Device Firmware:
│ Device ID: f905a7bd8805851b14be474d006372f37cc9342d
│ Summary: UEFI System Resource Table device (updated via NVRAM)
│ Current version: 1
│ Vendor: DMI:LENOVO
│ Update State: Success
│ Problems: • Device requires AC power to be connected
│ GUID: 76ca0ad8-4a14-4389-b7e5-fd88791762ad
│ Device Flags: • Internal device
│ • System requires external power source
│ • Needs a reboot after installation
│ • Device is usable for the duration of the update
│ • Updatable
│ Device Requests: • Message
│
├─UEFI Device Firmware:
│ Device ID: 7e6427fb78fdb31553c3589b14cf9a40bd2e1f2e
│ Summary: UEFI System Resource Table device (updated via NVRAM)
│ Current version: 1
│ Vendor: DMI:LENOVO
│ Update State: Success
│ Problems: • Device requires AC power to be connected
│ GUID: 626d93db-2c42-48c3-915a-71f968a81b04
│ Device Flags: • Internal device
│ • System requires external power source
│ • Needs a reboot after installation
│ • Device is usable for the duration of the update
│ • Updatable
│ Device Requests: • Message
│
├─UEFI Device Firmware:
│ Device ID: cef254ddb406e77ace86f4cd92e2a7db5aa308fc
│ Summary: UEFI System Resource Table device (updated via NVRAM)
│ Current version: 1
│ Vendor: DMI:LENOVO
│ Update State: Success
│ Problems: • Device requires AC power to be connected
│ GUID: 86a885ee-d71e-2ed6-0fc1-9d6ccc9677eb
│ Device Flags: • Internal device
│ • System requires external power source
│ • Needs a reboot after installation
│ • Device is usable for the duration of the update
│ • Updatable
│ Device Requests: • Message
│
├─UEFI Device Firmware:
│ Device ID: 42b6a6123453cf1bac21ecba37d7baaaf949920d
│ Summary: UEFI System Resource Table device (updated via NVRAM)
│ Current version: 22025
│ Minimum Version: 1
│ Vendor: DMI:LENOVO
│ Update State: Success
│ Problems: • Device requires AC power to be connected
│ GUID: 0dbbd775-d7ac-4b92-8e6f-eec04800ebdf
│ Device Flags: • Internal device
│ • System requires external power source
│ • Needs a reboot after installation
│ • Device is usable for the duration of the update
│ • Updatable
│ Device Requests: • Message
│
└─UEFI Platform Key:
Device ID: 6924110cde4fa051bfdc600a60620dc7aa9d3c6a
Summary: Platform Key
GUID: 0d495878-553a-5803-ad0b-307df77318d6 ← UEFI\CRT_FEB00E5A22F47D40463AF378E6A5E774C0F0ED9E
Additional questions
- Operating system and version: Arch Linux
- Have you tried rebooting?
- Is this a regression?
Can you try with the 1_9_X branch in fwupd upstream please? I've pushed https://github.com/fwupd/fwupd/commit/bae12849f518eb2a9489bfb88e17e725ebe690e9 already.
Can you try with the 1_9_X branch in fwupd upstream please? I've pushed bae1284 already.
Yes, that fixes the MEI version
Yes, but I only tried applying the patch https://github.com/fwupd/fwupd/commit/bae12849f518eb2a9489bfb88e17e725ebe690e9 on top of 1.9.18. I can try using the 1_9_X branch if you did further changes that could fix the bootguard as well.
@iyanmv can you attach the output of sudo fwupdtool get-plugins --plugins pci-mei -vv please.
Sure, here it is:
sudo fwupdtool get-plugins --plugins pci-mei -vv
$ sudo fwupdtool get-plugins --plugins pci-mei -vv iyan@bespin
18:55:03.085 FuDebug verbose to debug (on console 1)
18:55:03.085 FuEngine starting fwupd 1.9.18…
18:55:03.085 FuMain locked /run/lock/fwupdtool
18:55:03.088 FuMain failed to stop daemon: failed to find fwupd.service: GDBus.Error:org.freedesktop.systemd1.NoSuchUnit: Unit fwupd.service not loaded.
Loading… [ - ]18:55:03.088 FuConfig loading config /etc/fwupd/fwupd.conf
18:55:03.088 FuConfig not loading config /var/etc/fwupd/fwupd.conf
18:55:03.088 FuConfig skipping mode check for /var/etc/fwupd/fwupd.conf as not writable
18:55:03.088 FuConfig trying to load config values from /etc/fwupd/fwupd.conf
18:55:03.088 FuCommon mapped file /etc/fwupd/fwupd.conf of size 0x33
18:55:03.088 FuConfig trying to load config values from /var/etc/fwupd/fwupd.conf
18:55:03.088 FuConfig Failed to open file “/var/etc/fwupd/fwupd.conf”: No such file or directory
18:55:03.088 FuConfig ::configuration loaded
Loading… [ ]18:55:03.089 Jcat reading /etc/pki/fwupd/LVFS-CA.pem with 1679 bytes
18:55:03.089 Jcat loaded 1 certificates
18:55:03.089 Jcat ignoring GPG-KEY-Linux-Vendor-Firmware-Service as not PKCS-7 certificate
18:55:03.089 Jcat ignoring GPG-KEY-Linux-Foundation-Firmware as not PKCS-7 certificate
18:55:03.089 Jcat reading /etc/pki/fwupd-metadata/LVFS-CA.pem with 1679 bytes
18:55:03.089 Jcat loaded 1 certificates
18:55:03.089 Jcat ignoring GPG-KEY-Linux-Vendor-Firmware-Service as not PKCS-7 certificate
18:55:03.089 Jcat ignoring GPG-KEY-Linux-Foundation-Metadata as not PKCS-7 certificate
18:55:03.089 Jcat reading /var/lib/fwupd/pki/secret.key with 2455 bytes
18:55:03.089 Jcat reading /var/lib/fwupd/pki/client.pem with 1383 bytes
18:55:03.089 FuEngine client certificate now exists: nothing to do
Loading… [ ]18:55:03.089 FuHistory trying to open database '/var/lib/fwupd/pending.db'
18:55:03.089 FuHistory got schema version of 12
Loading… [* ]18:55:03.098 FuPlugin load(/usr/lib/fwupd-1.9.18/libfu_plugin_modem_manager.so)
18:55:03.100 FuQuirks loading quirks from /usr/share/fwupd/quirks.d
18:55:03.100 FuQuirks loading quirks from /var/lib/fwupd/quirks.d
18:55:03.100 XbSilo attempting to load /var/cache/fwupd/quirks.xmlb
18:55:03.100 XbSilo file: 0dd90c7a-7be0-9815-75d8-fe37ccfd5c13, current:0dd90c7a-7be0-9815-75d8-fe37ccfd5c13, cached: (null)
18:55:03.100 XbSilo loading silo with file contents
Loading… [* ]18:55:03.101 FuConfig loading config /etc/fwupd/fwupd.conf
18:55:03.101 FuConfig not loading config /var/etc/fwupd/fwupd.conf
18:55:03.101 FuConfig skipping mode check for /var/etc/fwupd/fwupd.conf as not writable
18:55:03.101 FuConfig trying to load config values from /etc/fwupd/fwupd.conf
18:55:03.101 FuCommon mapped file /etc/fwupd/fwupd.conf of size 0x33
18:55:03.101 FuConfig trying to load config values from /var/etc/fwupd/fwupd.conf
18:55:03.101 FuConfig Failed to open file “/var/etc/fwupd/fwupd.conf”: No such file or directory
18:55:03.101 FuConfig ::configuration loaded
18:55:03.101 FuStruct SmbiosEp64:
anchor_str: _SM3_
entry_point_csum: 0xa7
entry_point_len: 0x18
smbios_major_ver: 0x3
smbios_minor_ver: 0x6
smbios_docrev: 0x0
entry_point_rev: 0x1
reserved0: 0x0
structure_table_len: 0x1450
structure_table_addr: 0x5c06e000
18:55:03.101 FuStruct SmbiosStructure:
type: 0x87
length: 0x13
handle: 0x0
18:55:03.101 FuStruct SmbiosStructure:
type: 0x86
length: 0xd
handle: 0x1
18:55:03.101 FuStruct SmbiosStructure:
type: 0x2b
length: 0x1f
handle: 0x2
18:55:03.101 FuStruct SmbiosStructure:
type: 0x10
length: 0x17
handle: 0x3
18:55:03.101 FuStruct SmbiosStructure:
type: 0x11
length: 0x5c
handle: 0x4
18:55:03.101 FuStruct SmbiosStructure:
type: 0x11
length: 0x5c
handle: 0x5
18:55:03.101 FuStruct SmbiosStructure:
type: 0x11
length: 0x5c
handle: 0x6
18:55:03.101 FuStruct SmbiosStructure:
type: 0x11
length: 0x5c
handle: 0x7
18:55:03.101 FuStruct SmbiosStructure:
type: 0x11
length: 0x5c
handle: 0x8
18:55:03.101 FuStruct SmbiosStructure:
type: 0x11
length: 0x5c
handle: 0x9
18:55:03.102 FuStruct SmbiosStructure:
type: 0x11
length: 0x5c
handle: 0xa
18:55:03.102 FuStruct SmbiosStructure:
type: 0x11
length: 0x5c
handle: 0xb
18:55:03.102 FuStruct SmbiosStructure:
type: 0x13
length: 0x1f
handle: 0xc
18:55:03.102 FuStruct SmbiosStructure:
type: 0xdd
length: 0xc
handle: 0xd
18:55:03.102 FuStruct SmbiosStructure:
type: 0xdd
length: 0xc
handle: 0xe
18:55:03.102 FuStruct SmbiosStructure:
type: 0xdd
length: 0x1a
handle: 0xf
18:55:03.102 FuStruct SmbiosStructure:
type: 0xdd
length: 0x1a
handle: 0x10
18:55:03.102 FuStruct SmbiosStructure:
type: 0xdd
length: 0x2f
handle: 0x11
18:55:03.102 FuStruct SmbiosStructure:
type: 0xdd
length: 0x52
handle: 0x12
18:55:03.102 FuStruct SmbiosStructure:
type: 0x7
length: 0x1b
handle: 0x13
18:55:03.102 FuStruct SmbiosStructure:
type: 0x7
length: 0x1b
handle: 0x14
18:55:03.102 FuStruct SmbiosStructure:
type: 0x7
length: 0x1b
handle: 0x15
18:55:03.102 FuStruct SmbiosStructure:
type: 0x7
length: 0x1b
handle: 0x16
18:55:03.102 FuStruct SmbiosStructure:
type: 0x7
length: 0x1b
handle: 0x17
18:55:03.102 FuStruct SmbiosStructure:
type: 0x7
length: 0x1b
handle: 0x18
18:55:03.102 FuStruct SmbiosStructure:
type: 0x7
length: 0x1b
handle: 0x19
18:55:03.102 FuStruct SmbiosStructure:
type: 0x7
length: 0x1b
handle: 0x1a
18:55:03.102 FuStruct SmbiosStructure:
type: 0x4
length: 0x32
handle: 0x1b
18:55:03.102 FuStruct SmbiosStructure:
type: 0x0
length: 0x1a
handle: 0x1c
18:55:03.102 FuStruct SmbiosStructure:
type: 0x1
length: 0x1b
handle: 0x1d
18:55:03.102 FuStruct SmbiosStructure:
type: 0x2
length: 0xf
handle: 0x1e
18:55:03.102 FuStruct SmbiosStructure:
type: 0x3
length: 0x16
handle: 0x1f
18:55:03.102 FuStruct SmbiosStructure:
type: 0x8
length: 0x9
handle: 0x20
18:55:03.102 FuStruct SmbiosStructure:
type: 0x8
length: 0x9
handle: 0x21
18:55:03.102 FuStruct SmbiosStructure:
type: 0x8
length: 0x9
handle: 0x22
18:55:03.102 FuStruct SmbiosStructure:
type: 0x8
length: 0x9
handle: 0x23
18:55:03.102 FuStruct SmbiosStructure:
type: 0x7e
length: 0x9
handle: 0x24
18:55:03.102 FuStruct SmbiosStructure:
type: 0x7e
length: 0x9
handle: 0x25
18:55:03.102 FuStruct SmbiosStructure:
type: 0x7e
length: 0x9
handle: 0x26
18:55:03.102 FuStruct SmbiosStructure:
type: 0x7e
length: 0x9
handle: 0x27
18:55:03.102 FuStruct SmbiosStructure:
type: 0x7e
length: 0x9
handle: 0x28
18:55:03.102 FuStruct SmbiosStructure:
type: 0x7e
length: 0x9
handle: 0x29
18:55:03.102 FuStruct SmbiosStructure:
type: 0x8
length: 0x9
handle: 0x2a
18:55:03.102 FuStruct SmbiosStructure:
type: 0x7e
length: 0x9
handle: 0x2b
18:55:03.102 FuStruct SmbiosStructure:
type: 0x7e
length: 0x9
handle: 0x2c
18:55:03.102 FuStruct SmbiosStructure:
type: 0x7e
length: 0x9
handle: 0x2d
18:55:03.102 FuStruct SmbiosStructure:
type: 0x8
length: 0x9
handle: 0x2e
18:55:03.102 FuStruct SmbiosStructure:
type: 0x7e
length: 0x9
handle: 0x2f
18:55:03.102 FuStruct SmbiosStructure:
type: 0x9
length: 0x11
handle: 0x30
18:55:03.102 FuStruct SmbiosStructure:
type: 0xc
length: 0x5
handle: 0x31
18:55:03.102 FuStruct SmbiosStructure:
type: 0xd
length: 0x16
handle: 0x32
18:55:03.102 FuStruct SmbiosStructure:
type: 0x16
length: 0x1a
handle: 0x33
18:55:03.102 FuStruct SmbiosStructure:
type: 0x7e
length: 0x1a
handle: 0x34
18:55:03.102 FuStruct SmbiosStructure:
type: 0x85
length: 0x5
handle: 0x35
18:55:03.102 FuStruct SmbiosStructure:
type: 0x85
length: 0x2c
handle: 0x36
18:55:03.102 FuStruct SmbiosStructure:
type: 0x82
length: 0x18
handle: 0x37
18:55:03.102 FuStruct SmbiosStructure:
type: 0x83
length: 0x40
handle: 0x38
18:55:03.102 FuStruct SmbiosStructure:
type: 0x8c
length: 0xf
handle: 0x39
18:55:03.102 FuStruct SmbiosStructure:
type: 0xdd
length: 0x75
handle: 0x3a
18:55:03.102 FuStruct SmbiosStructure:
type: 0x18
length: 0x5
handle: 0x3b
18:55:03.102 FuStruct SmbiosStructure:
type: 0x84
length: 0x8
handle: 0x3c
18:55:03.102 FuStruct SmbiosStructure:
type: 0xe
length: 0x8
handle: 0x3d
18:55:03.102 FuStruct SmbiosStructure:
type: 0xdb
length: 0x6a
handle: 0x3e
18:55:03.102 FuStruct SmbiosStructure:
type: 0x12
length: 0x17
handle: 0x3f
18:55:03.102 FuStruct SmbiosStructure:
type: 0x15
length: 0x7
handle: 0x40
18:55:03.102 FuStruct SmbiosStructure:
type: 0x15
length: 0x7
handle: 0x41
18:55:03.102 FuStruct SmbiosStructure:
type: 0x83
length: 0x16
handle: 0x42
18:55:03.102 FuStruct SmbiosStructure:
type: 0x88
length: 0x6
handle: 0x43
18:55:03.102 FuStruct SmbiosStructure:
type: 0xf
length: 0x1f
handle: 0x44
18:55:03.102 FuStruct SmbiosStructure:
type: 0x8c
length: 0x13
handle: 0x45
18:55:03.102 FuStruct SmbiosStructure:
type: 0x8c
length: 0x13
handle: 0x46
18:55:03.102 FuStruct SmbiosStructure:
type: 0x8c
length: 0x17
handle: 0x47
18:55:03.102 FuStruct SmbiosStructure:
type: 0x8d
length: 0x12
handle: 0x48
18:55:03.102 FuStruct SmbiosStructure:
type: 0x8d
length: 0x12
handle: 0x49
18:55:03.102 FuStruct SmbiosStructure:
type: 0x8d
length: 0x12
handle: 0x4a
18:55:03.102 FuStruct SmbiosStructure:
type: 0x8d
length: 0x12
handle: 0x4b
18:55:03.102 FuStruct SmbiosStructure:
type: 0x8d
length: 0x1e
handle: 0x4c
18:55:03.102 FuStruct SmbiosStructure:
type: 0x8d
length: 0x38
handle: 0x4d
18:55:03.102 FuStruct SmbiosStructure:
type: 0x8c
length: 0xf
handle: 0x4e
18:55:03.102 FuStruct SmbiosStructure:
type: 0x8c
length: 0x2b
handle: 0x4f
18:55:03.102 FuStruct SmbiosStructure:
type: 0x87
length: 0x12
handle: 0x50
18:55:03.102 FuStruct SmbiosStructure:
type: 0x7f
length: 0x4
handle: 0xfeff
18:55:03.102 FuContext SMBIOS Manufacturer=LENOVO
18:55:03.102 FuContext SMBIOS EnclosureKind=a
18:55:03.102 FuContext SMBIOS Family=ThinkPad X1 Carbon Gen 12
18:55:03.102 FuContext SMBIOS ProductName=21KDS00600
18:55:03.102 FuContext SMBIOS ProductSku=LENOVO_MT_21KD_BU_Think_FM_ThinkPad X1 Carbon Gen 12
18:55:03.102 FuContext SMBIOS BiosVendor=LENOVO
18:55:03.102 FuContext SMBIOS BiosVersion=N3YET61W (1.26 )
18:55:03.102 FuContext SMBIOS BiosMajorRelease=01
18:55:03.102 FuContext SMBIOS BiosMinorRelease=1a
18:55:03.102 FuContext SMBIOS FirmwareMajorRelease=01
18:55:03.102 FuContext SMBIOS FirmwareMinorRelease=14
18:55:03.102 FuContext SMBIOS BaseboardManufacturer=LENOVO
18:55:03.102 FuContext SMBIOS BaseboardProduct=21KDS00600
18:55:03.102 FuContext failed to load fdt: cannot find /sys/firmware/fdt or override /var/lib/fwupd/system.dtb
18:55:03.103 FuContext added udev subsystem watch of firmware-attributes
18:55:03.107 FuBiosSettings save_settings is not supported
18:55:03.134 FuBiosSettings failed to add string attrs: failed to load min_length: Failed to open file “/sys/class/firmware-attributes/thinklmi/attributes/AlarmTime/min_length”: No such file or directory
18:55:03.135 FuBiosSettings processing AlarmTime: (00:00:00)
18:55:03.150 FuBiosSettings failed to add string attrs: failed to load min_length: Failed to open file “/sys/class/firmware-attributes/thinklmi/attributes/UserDefinedAlarmTime/min_length”: No such file or directory
18:55:03.151 FuBiosSettings processing UserDefinedAlarmTime: (00:00:00)
18:55:03.179 FuBiosSettings failed to add string attrs: failed to load min_length: Failed to open file “/sys/class/firmware-attributes/thinklmi/attributes/AlarmDate/min_length”: No such file or directory
18:55:03.180 FuBiosSettings processing AlarmDate: (01/01/2023)
18:55:03.200 FuBiosSettings loaded 92 BIOS settings
18:55:03.200 FuBiosSettings Disabling changing SecureBoot since Allow3rdPartyUEFICA is Disable
Loading… [** ]18:55:03.200 FuEngine ignoring: Error opening directory “/var/lib/fwupd/local.d”: No such file or directory
18:55:03.200 FuEngine ignoring: Error opening directory “/usr/share/fwupd/local.d”: No such file or directory
18:55:03.200 XbSilo attempting to load /var/cache/fwupd/metadata.xmlb
18:55:03.200 XbSilo file: 4803e022-8bb3-6302-3438-453e0349c239, current:2d310c72-70b7-6243-8c5c-9d33112a4bc9, cached: (null)
18:55:03.200 XbSilo loading silo with file contents
18:55:03.203 FuEngine 3045 components now in silo
Loading… [*** ]18:55:03.210 FuPlugin constructed(pci_mei)
18:55:03.210 FuContext added udev subsystem watch of pci
18:55:03.211 FuEngine plugins disabled: flashrom, modem_manager, uefi_capsule, acpi_dmar, acpi_facp, acpi_ivrs, acpi_phat, algoltek_usb, amd_pmc, amd_gpu, analogix, android_boot, ata, audio_s5gen2, aver_hid, bcm57xx, bios, ccgx, ccgx_dmc, cfu, ch341a, ch347, colorhug, corsair, cpu, cros_ec, dell, dell_dock, dfu, dfu_csr, ebitdo, elantp, elanfp, emmc, ep963x, fastboot, focalfp, fpc, fresco_pd, genesys, genesys_gl32xx, goodixmoc, goodixtp, gpio, hailuck, igsc, intel_me, intel_usb4, iommu, jabra, jabra_gnp, kinetic_dp, lenovo_thinklmi, linux_display, linux_lockdown, linux_sleep, linux_swap, linux_tainted, logind, logitech_hidpp, logitech_bulkcontroller, logitech_rallysystem, logitech_scribe, logitech_tap, mediatek_scaler, msr, mtd, nitrokey, nordic_hid, nvme, optionrom, parade_lspcon, pci_bcr, pci_psp, pixart_rf, powerd, qsi_dock, realtek_mst, redfish, rts54hid, rts54hub, steelseries, scsi, superio, synaptics_cape, synaptics_cxaudio, synaptics_mst, synaptics_prometheus, synaptics_rmi, system76_launch, test, test_ble, thelio_io, thunderbolt, ti_tps6598x, tpm, uefi_dbx, uefi_esrt, uefi_pk, uefi_recovery, uf2, upower, usi_dock, vbe, vli, wacom_raw, wacom_usb, wistron_dock
Loading… [*** ]18:55:03.211 FuContext battery threshold now 25
Loading… [************************************** ]18:55:03.211 FuEngine FuUsbBackend:
Name: usb
Enabled: true
DoneSetup: false
CanInvalidate: false
FuUdevBackend:
Name: udev
Enabled: true
DoneSetup: false
CanInvalidate: false
DoneColdplug: false
FuBluezBackend:
Name: bluez
Enabled: true
DoneSetup: false
CanInvalidate: false
FuPciMeiPlugin:
Name: pci_mei
HFSTS1:
WorkingState: reset
MfgMode: false
FptBad: false
OperationState: preboot
FwInitComplete: false
FtBupLdFlr: false
UpdateInProgress: false
ErrorCode: no-error
OperationMode: normal
ResetCount: 0x0
BootOptions_present:false
BistFinished: false
BistTestState: false
BistResetRequest: false
CurrentPowerSource: 0x0
D3SupportValid: false
D0i3SupportValid: false
HFSTS2:
NftpLoadFailure: false
IccProgStatus: 0x0
InvokeMebx: false
CpuReplaced: false
Rsvd0: false
MfsFailure: false
WarmResetRqst: false
CpuReplacedValid: false
LowPowerState: false
MePowerGate: false
IpuNeeded: false
ForcedSafeBoot: false
Rsvd1: 0x0
ListenerChange: false
StatusData: 0x0
CurrentPmevent: 0x0
Phase: 0x0
HFSTS3:
Chunk0: 0x0
Chunk1: 0x0
Chunk2: 0x0
Chunk3: 0x0
FwSku: 0x0
EncryptKeyCheck: false
PchConfigChange: false
IbbVerificationResult:false
IbbVerificationDone:false
Reserved11: 0x0
ActualIbbSize: 0x0
NumberOfChunks: 0
EncryptKeyOverride: false
PowerDownMitigation:false
HFSTS4:
Rsvd0: 0x0
EnforcementFlow: false
SxResumeType: false
Rsvd1: false
TpmsDisconnected: false
Rvsd2: false
FwstsValid: false
BootGuardSelfTest: false
Rsvd3: 0x0
HFSTS5:
AcmActive: false
Valid: false
ResultCodeSource: false
ErrorStatusCode: 0x0
AcmDoneSts: 0x0
TimeoutCount: 0x0
ScrtmIndicator: false
IncBootGuardAcm: 0x0
IncKeyManifest: 0x0
IncBootPolicy: 0x0
Rsvd0: 0x0
StartEnforcement: false
HFSTS6:
ForceBootGuardAcm: false
CpuDebugDisable: false
BspInitDisable: false
ProtectBiosEnv: false
Rsvd0: 0x0
ErrorEnforcePolicy: 0x0
MeasuredBoot: false
VerifiedBoot: false
BootGuardAcmsvn: 0x0
Kmsvn: 0x0
Bpmsvn: 0x0
KeyManifestId: 0x0
BootPolicyStatus: false
Error: false
BootGuardDisable: false
FpfDisable: false
FpfSocLock: false
TxtSupport: false
18:55:03.220 FuEngine resetting update motd timeout
acpi_dmar:
Flags: • Disabled
acpi_facp:
Flags: • Disabled
acpi_ivrs:
Flags: • Disabled
acpi_phat:
Flags: • Disabled
algoltek_usb:
Flags: • Disabled
amd_gpu:
Flags: • Disabled
amd_pmc:
Flags: • Disabled
analogix:
Flags: • Disabled
android_boot:
Flags: • Disabled
ata:
Flags: • Disabled
audio_s5gen2:
Flags: • Disabled
aver_hid:
Flags: • Disabled
bcm57xx:
Flags: • Disabled
bios:
Flags: • Disabled
ccgx:
Flags: • Disabled
ccgx_dmc:
Flags: • Disabled
cfu:
Flags: • Disabled
ch341a:
Flags: • Disabled
ch347:
Flags: • Disabled
colorhug:
Flags: • Disabled
corsair:
Flags: • Disabled
cpu:
Flags: • Disabled
cros_ec:
Flags: • Disabled
dell:
Flags: • Disabled
dell_dock:
Flags: • Disabled
dfu:
Flags: • Disabled
dfu_csr:
Flags: • Disabled
ebitdo:
Flags: • Disabled
elanfp:
Flags: • Disabled
elantp:
Flags: • Disabled
emmc:
Flags: • Disabled
ep963x:
Flags: • Disabled
fastboot:
Flags: • Disabled
flashrom:
Flags: • Disabled
• Loaded from an external module
focalfp:
Flags: • Disabled
fpc:
Flags: • Disabled
fresco_pd:
Flags: • Disabled
genesys:
Flags: • Disabled
genesys_gl32xx:
Flags: • Disabled
goodixmoc:
Flags: • Disabled
goodixtp:
Flags: • Disabled
gpio:
Flags: • Disabled
hailuck:
Flags: • Disabled
igsc:
Flags: • Disabled
intel_me:
Flags: • Disabled
intel_usb4:
Flags: • Disabled
iommu:
Flags: • Disabled
jabra:
Flags: • Disabled
jabra_gnp:
Flags: • Disabled
kinetic_dp:
Flags: • Disabled
lenovo_thinklmi:
Flags: • Disabled
linux_display:
Flags: • Disabled
linux_lockdown:
Flags: • Disabled
linux_sleep:
Flags: • Disabled
linux_swap:
Flags: • Disabled
linux_tainted:
Flags: • Disabled
logind:
Flags: • Disabled
logitech_bulkcontroller:
Flags: • Disabled
logitech_hidpp:
Flags: • Disabled
logitech_rallysystem:
Flags: • Disabled
logitech_scribe:
Flags: • Disabled
logitech_tap:
Flags: • Disabled
mediatek_scaler:
Flags: • Disabled
modem_manager:
Flags: • Disabled
• Loaded from an external module
msr:
Flags: • Disabled
mtd:
Flags: • Disabled
nitrokey:
Flags: • Disabled
nordic_hid:
Flags: • Disabled
nvme:
Flags: • Disabled
optionrom:
Flags: • Disabled
parade_lspcon:
Flags: • Disabled
pci_bcr:
Flags: • Disabled
pci_mei:
Flags: • Enabled
pci_psp:
Flags: • Disabled
pixart_rf:
Flags: • Disabled
powerd:
Flags: • Disabled
qsi_dock:
Flags: • Disabled
realtek_mst:
Flags: • Disabled
redfish:
Flags: • Disabled
rts54hid:
Flags: • Disabled
rts54hub:
Flags: • Disabled
scsi:
Flags: • Disabled
steelseries:
Flags: • Disabled
superio:
Flags: • Disabled
synaptics_cape:
Flags: • Disabled
synaptics_cxaudio:
Flags: • Disabled
synaptics_mst:
Flags: • Disabled
synaptics_prometheus:
Flags: • Disabled
synaptics_rmi:
Flags: • Disabled
system76_launch:
Flags: • Disabled
test:
Flags: • Disabled
• Plugin is only for testing
test_ble:
Flags: • Disabled
• Plugin is only for testing
thelio_io:
Flags: • Disabled
thunderbolt:
Flags: • Disabled
ti_tps6598x:
Flags: • Disabled
tpm:
Flags: • Disabled
uefi_capsule:
Flags: • Disabled
• Will measure elements of system integrity around an update
uefi_dbx:
Flags: • Disabled
uefi_esrt:
Flags: • Disabled
uefi_pk:
Flags: • Disabled
uefi_recovery:
Flags: • Disabled
uf2:
Flags: • Disabled
upower:
Flags: • Disabled
usi_dock:
Flags: • Disabled
vbe:
Flags: • Disabled
vli:
Flags: • Disabled
wacom_raw:
Flags: • Disabled
wacom_usb:
Flags: • Disabled
wistron_dock:
Flags: • Disabled
18:55:03.224 FuPluginTest destroy
So all the HFSTSx registers are zero. @mrhpearson do you know if Lenovo might have disabled reading the MEI config registers (PCI_CFG_HFS_x) on newer hardware? The defines I have are:
#define PCI_CFG_HFS_1 0x40
#define PCI_CFG_HFS_2 0x48
#define PCI_CFG_HFS_3 0x60
#define PCI_CFG_HFS_4 0x64
#define PCI_CFG_HFS_5 0x68
#define PCI_CFG_HFS_6 0x6c
Also, @iyanmv do you get the same result when disabling secure boot in the firmware setup?
So here it is after disabling secure boot:
fwupdmgr security iyan@bespin
Host Security ID: HSI:1! (v1.9.18)
HSI-1
✔ BIOS firmware updates: Enabled
✔ MEI key manifest: Valid
✔ csme manufacturing mode: Locked
✔ csme override: Locked
✔ csme v0:18.0.5.2098: Valid
✔ Platform debugging: Disabled
✔ SPI write: Disabled
✔ SPI lock: Enabled
✔ SPI BIOS region: Locked
✔ Supported CPU: Valid
✔ TPM empty PCRs: Valid
✔ TPM v2.0: Found
✔ UEFI bootservice variables: Locked
✔ UEFI platform key: Valid
HSI-2
✔ BIOS rollback protection: Enabled
✔ Intel BootGuard: Enabled
✔ Intel BootGuard OTP fuse: Valid
✔ IOMMU: Enabled
✔ Platform debugging: Locked
✔ TPM PCR0 reconstruction: Valid
✘ Intel BootGuard ACM protected: Invalid
✘ Intel BootGuard verified boot: Invalid
HSI-3
✔ CET Platform: Supported
✔ Pre-boot DMA protection: Enabled
✔ Suspend-to-idle: Enabled
✔ Suspend-to-ram: Disabled
✘ Intel BootGuard error policy: Invalid
HSI-4
✔ SMAP: Enabled
✘ Encrypted RAM: Not supported
Runtime Suffix -!
✔ fwupd plugins: Untainted
✔ Linux kernel lockdown: Enabled
✔ Linux swap: Encrypted
✔ Linux kernel: Untainted
✘ CET OS Support: Not supported
✘ UEFI secure boot: Disabled
This system has HSI runtime issues.
» https://fwupd.github.io/hsi.html#hsi-runtime-suffix
Host Security Events
2024-04-29 12:28:05: ✘ Secure Boot disabled
2024-04-25 22:07:12: ✔ Linux swap changed: Disabled → Encrypted
2024-04-24 22:59:56: ✔ Kernel lockdown enabled
2024-04-24 22:53:13: ✔ BIOS rollback protection changed: Disabled → Enabled
2024-04-24 20:55:32: ✔ Secure Boot enabled
sudo fwupdtool get-plugins --plugins pci-mei -vv
sudo fwupdtool get-plugins --plugins pci-mei -vv iyan@bespin
19:29:52.743 FuDebug verbose to debug (on console 1)
19:29:52.743 FuEngine starting fwupd 1.9.18…
19:29:52.743 FuMain locked /run/lock/fwupdtool
Loading… [ - ]19:29:52.759 FuConfig loading config /etc/fwupd/fwupd.conf
19:29:52.759 FuConfig not loading config /var/etc/fwupd/fwupd.conf
19:29:52.759 FuConfig skipping mode check for /var/etc/fwupd/fwupd.conf as not writable
19:29:52.759 FuConfig trying to load config values from /etc/fwupd/fwupd.conf
19:29:52.759 FuCommon mapped file /etc/fwupd/fwupd.conf of size 0x33
19:29:52.759 FuConfig trying to load config values from /var/etc/fwupd/fwupd.conf
19:29:52.759 FuConfig Failed to open file “/var/etc/fwupd/fwupd.conf”: No such file or directory
19:29:52.759 FuConfig ::configuration loaded
Loading… [ ]19:29:52.759 Jcat reading /etc/pki/fwupd/LVFS-CA.pem with 1679 bytes
19:29:52.759 Jcat loaded 1 certificates
19:29:52.759 Jcat ignoring GPG-KEY-Linux-Vendor-Firmware-Service as not PKCS-7 certificate
19:29:52.759 Jcat ignoring GPG-KEY-Linux-Foundation-Firmware as not PKCS-7 certificate
19:29:52.759 Jcat reading /etc/pki/fwupd-metadata/LVFS-CA.pem with 1679 bytes
19:29:52.759 Jcat loaded 1 certificates
19:29:52.759 Jcat ignoring GPG-KEY-Linux-Vendor-Firmware-Service as not PKCS-7 certificate
19:29:52.759 Jcat ignoring GPG-KEY-Linux-Foundation-Metadata as not PKCS-7 certificate
19:29:52.759 Jcat reading /var/lib/fwupd/pki/secret.key with 2455 bytes
19:29:52.759 Jcat reading /var/lib/fwupd/pki/client.pem with 1383 bytes
19:29:52.759 FuEngine client certificate now exists: nothing to do
Loading… [ ]19:29:52.759 FuHistory trying to open database '/var/lib/fwupd/pending.db'
19:29:52.760 FuHistory got schema version of 12
Loading… [* ]19:29:52.766 FuPlugin load(/usr/lib/fwupd-1.9.18/libfu_plugin_modem_manager.so)
19:29:52.768 FuQuirks loading quirks from /usr/share/fwupd/quirks.d
19:29:52.768 FuQuirks loading quirks from /var/lib/fwupd/quirks.d
19:29:52.768 XbSilo attempting to load /var/cache/fwupd/quirks.xmlb
19:29:52.768 XbSilo file: 0dd90c7a-7be0-9815-75d8-fe37ccfd5c13, current:0dd90c7a-7be0-9815-75d8-fe37ccfd5c13, cached: (null)
19:29:52.768 XbSilo loading silo with file contents
Loading… [* ]19:29:52.769 FuConfig loading config /etc/fwupd/fwupd.conf
19:29:52.769 FuConfig not loading config /var/etc/fwupd/fwupd.conf
19:29:52.769 FuConfig skipping mode check for /var/etc/fwupd/fwupd.conf as not writable
19:29:52.769 FuConfig trying to load config values from /etc/fwupd/fwupd.conf
19:29:52.769 FuCommon mapped file /etc/fwupd/fwupd.conf of size 0x33
19:29:52.769 FuConfig trying to load config values from /var/etc/fwupd/fwupd.conf
19:29:52.769 FuConfig Failed to open file “/var/etc/fwupd/fwupd.conf”: No such file or directory
19:29:52.769 FuConfig ::configuration loaded
19:29:52.769 FuStruct SmbiosEp64:
anchor_str: _SM3_
entry_point_csum: 0xa7
entry_point_len: 0x18
smbios_major_ver: 0x3
smbios_minor_ver: 0x6
smbios_docrev: 0x0
entry_point_rev: 0x1
reserved0: 0x0
structure_table_len: 0x1450
structure_table_addr: 0x5c06e000
19:29:52.769 FuStruct SmbiosStructure:
type: 0x87
length: 0x13
handle: 0x0
19:29:52.769 FuStruct SmbiosStructure:
type: 0x86
length: 0xd
handle: 0x1
19:29:52.769 FuStruct SmbiosStructure:
type: 0x2b
length: 0x1f
handle: 0x2
19:29:52.769 FuStruct SmbiosStructure:
type: 0x10
length: 0x17
handle: 0x3
19:29:52.769 FuStruct SmbiosStructure:
type: 0x11
length: 0x5c
handle: 0x4
19:29:52.769 FuStruct SmbiosStructure:
type: 0x11
length: 0x5c
handle: 0x5
19:29:52.769 FuStruct SmbiosStructure:
type: 0x11
length: 0x5c
handle: 0x6
19:29:52.769 FuStruct SmbiosStructure:
type: 0x11
length: 0x5c
handle: 0x7
19:29:52.769 FuStruct SmbiosStructure:
type: 0x11
length: 0x5c
handle: 0x8
19:29:52.769 FuStruct SmbiosStructure:
type: 0x11
length: 0x5c
handle: 0x9
19:29:52.769 FuStruct SmbiosStructure:
type: 0x11
length: 0x5c
handle: 0xa
19:29:52.769 FuStruct SmbiosStructure:
type: 0x11
length: 0x5c
handle: 0xb
19:29:52.769 FuStruct SmbiosStructure:
type: 0x13
length: 0x1f
handle: 0xc
19:29:52.769 FuStruct SmbiosStructure:
type: 0xdd
length: 0xc
handle: 0xd
19:29:52.769 FuStruct SmbiosStructure:
type: 0xdd
length: 0xc
handle: 0xe
19:29:52.769 FuStruct SmbiosStructure:
type: 0xdd
length: 0x1a
handle: 0xf
19:29:52.769 FuStruct SmbiosStructure:
type: 0xdd
length: 0x1a
handle: 0x10
19:29:52.769 FuStruct SmbiosStructure:
type: 0xdd
length: 0x2f
handle: 0x11
19:29:52.769 FuStruct SmbiosStructure:
type: 0xdd
length: 0x52
handle: 0x12
19:29:52.769 FuStruct SmbiosStructure:
type: 0x7
length: 0x1b
handle: 0x13
19:29:52.769 FuStruct SmbiosStructure:
type: 0x7
length: 0x1b
handle: 0x14
19:29:52.769 FuStruct SmbiosStructure:
type: 0x7
length: 0x1b
handle: 0x15
19:29:52.769 FuStruct SmbiosStructure:
type: 0x7
length: 0x1b
handle: 0x16
19:29:52.769 FuStruct SmbiosStructure:
type: 0x7
length: 0x1b
handle: 0x17
19:29:52.769 FuStruct SmbiosStructure:
type: 0x7
length: 0x1b
handle: 0x18
19:29:52.769 FuStruct SmbiosStructure:
type: 0x7
length: 0x1b
handle: 0x19
19:29:52.770 FuStruct SmbiosStructure:
type: 0x7
length: 0x1b
handle: 0x1a
19:29:52.770 FuStruct SmbiosStructure:
type: 0x4
length: 0x32
handle: 0x1b
19:29:52.770 FuStruct SmbiosStructure:
type: 0x0
length: 0x1a
handle: 0x1c
19:29:52.770 FuStruct SmbiosStructure:
type: 0x1
length: 0x1b
handle: 0x1d
19:29:52.770 FuStruct SmbiosStructure:
type: 0x2
length: 0xf
handle: 0x1e
19:29:52.770 FuStruct SmbiosStructure:
type: 0x3
length: 0x16
handle: 0x1f
19:29:52.770 FuStruct SmbiosStructure:
type: 0x8
length: 0x9
handle: 0x20
19:29:52.770 FuStruct SmbiosStructure:
type: 0x8
length: 0x9
handle: 0x21
19:29:52.770 FuStruct SmbiosStructure:
type: 0x8
length: 0x9
handle: 0x22
19:29:52.770 FuStruct SmbiosStructure:
type: 0x8
length: 0x9
handle: 0x23
19:29:52.770 FuStruct SmbiosStructure:
type: 0x7e
length: 0x9
handle: 0x24
19:29:52.770 FuStruct SmbiosStructure:
type: 0x7e
length: 0x9
handle: 0x25
19:29:52.770 FuStruct SmbiosStructure:
type: 0x7e
length: 0x9
handle: 0x26
19:29:52.770 FuStruct SmbiosStructure:
type: 0x7e
length: 0x9
handle: 0x27
19:29:52.770 FuStruct SmbiosStructure:
type: 0x7e
length: 0x9
handle: 0x28
19:29:52.770 FuStruct SmbiosStructure:
type: 0x7e
length: 0x9
handle: 0x29
19:29:52.770 FuStruct SmbiosStructure:
type: 0x8
length: 0x9
handle: 0x2a
19:29:52.770 FuStruct SmbiosStructure:
type: 0x7e
length: 0x9
handle: 0x2b
19:29:52.770 FuStruct SmbiosStructure:
type: 0x7e
length: 0x9
handle: 0x2c
19:29:52.770 FuStruct SmbiosStructure:
type: 0x7e
length: 0x9
handle: 0x2d
19:29:52.770 FuStruct SmbiosStructure:
type: 0x8
length: 0x9
handle: 0x2e
19:29:52.770 FuStruct SmbiosStructure:
type: 0x7e
length: 0x9
handle: 0x2f
19:29:52.770 FuStruct SmbiosStructure:
type: 0x9
length: 0x11
handle: 0x30
19:29:52.770 FuStruct SmbiosStructure:
type: 0xc
length: 0x5
handle: 0x31
19:29:52.770 FuStruct SmbiosStructure:
type: 0xd
length: 0x16
handle: 0x32
19:29:52.770 FuStruct SmbiosStructure:
type: 0x16
length: 0x1a
handle: 0x33
19:29:52.770 FuStruct SmbiosStructure:
type: 0x7e
length: 0x1a
handle: 0x34
19:29:52.770 FuStruct SmbiosStructure:
type: 0x85
length: 0x5
handle: 0x35
19:29:52.770 FuStruct SmbiosStructure:
type: 0x85
length: 0x2c
handle: 0x36
19:29:52.770 FuStruct SmbiosStructure:
type: 0x82
length: 0x18
handle: 0x37
19:29:52.770 FuStruct SmbiosStructure:
type: 0x83
length: 0x40
handle: 0x38
19:29:52.770 FuStruct SmbiosStructure:
type: 0x8c
length: 0xf
handle: 0x39
19:29:52.770 FuStruct SmbiosStructure:
type: 0xdd
length: 0x75
handle: 0x3a
19:29:52.770 FuStruct SmbiosStructure:
type: 0x18
length: 0x5
handle: 0x3b
19:29:52.770 FuStruct SmbiosStructure:
type: 0x84
length: 0x8
handle: 0x3c
19:29:52.770 FuStruct SmbiosStructure:
type: 0xe
length: 0x8
handle: 0x3d
19:29:52.770 FuStruct SmbiosStructure:
type: 0xdb
length: 0x6a
handle: 0x3e
19:29:52.770 FuStruct SmbiosStructure:
type: 0x12
length: 0x17
handle: 0x3f
19:29:52.770 FuStruct SmbiosStructure:
type: 0x15
length: 0x7
handle: 0x40
19:29:52.770 FuStruct SmbiosStructure:
type: 0x15
length: 0x7
handle: 0x41
19:29:52.770 FuStruct SmbiosStructure:
type: 0x83
length: 0x16
handle: 0x42
19:29:52.770 FuStruct SmbiosStructure:
type: 0x88
length: 0x6
handle: 0x43
19:29:52.770 FuStruct SmbiosStructure:
type: 0xf
length: 0x1f
handle: 0x44
19:29:52.770 FuStruct SmbiosStructure:
type: 0x8c
length: 0x13
handle: 0x45
19:29:52.770 FuStruct SmbiosStructure:
type: 0x8c
length: 0x13
handle: 0x46
19:29:52.770 FuStruct SmbiosStructure:
type: 0x8c
length: 0x17
handle: 0x47
19:29:52.770 FuStruct SmbiosStructure:
type: 0x8d
length: 0x12
handle: 0x48
19:29:52.770 FuStruct SmbiosStructure:
type: 0x8d
length: 0x12
handle: 0x49
19:29:52.770 FuStruct SmbiosStructure:
type: 0x8d
length: 0x12
handle: 0x4a
19:29:52.770 FuStruct SmbiosStructure:
type: 0x8d
length: 0x12
handle: 0x4b
19:29:52.770 FuStruct SmbiosStructure:
type: 0x8d
length: 0x1e
handle: 0x4c
19:29:52.770 FuStruct SmbiosStructure:
type: 0x8d
length: 0x38
handle: 0x4d
19:29:52.770 FuStruct SmbiosStructure:
type: 0x8c
length: 0xf
handle: 0x4e
19:29:52.770 FuStruct SmbiosStructure:
type: 0x8c
length: 0x2b
handle: 0x4f
19:29:52.770 FuStruct SmbiosStructure:
type: 0x87
length: 0x12
handle: 0x50
19:29:52.770 FuStruct SmbiosStructure:
type: 0x7f
length: 0x4
handle: 0xfeff
19:29:52.770 FuContext SMBIOS Manufacturer=LENOVO
19:29:52.770 FuContext SMBIOS EnclosureKind=a
19:29:52.770 FuContext SMBIOS Family=ThinkPad X1 Carbon Gen 12
19:29:52.770 FuContext SMBIOS ProductName=21KDS00600
19:29:52.770 FuContext SMBIOS ProductSku=LENOVO_MT_21KD_BU_Think_FM_ThinkPad X1 Carbon Gen 12
19:29:52.770 FuContext SMBIOS BiosVendor=LENOVO
19:29:52.770 FuContext SMBIOS BiosVersion=N3YET61W (1.26 )
19:29:52.770 FuContext SMBIOS BiosMajorRelease=01
19:29:52.770 FuContext SMBIOS BiosMinorRelease=1a
19:29:52.770 FuContext SMBIOS FirmwareMajorRelease=01
19:29:52.770 FuContext SMBIOS FirmwareMinorRelease=14
19:29:52.770 FuContext SMBIOS BaseboardManufacturer=LENOVO
19:29:52.770 FuContext SMBIOS BaseboardProduct=21KDS00600
19:29:52.770 FuContext failed to load fdt: cannot find /sys/firmware/fdt or override /var/lib/fwupd/system.dtb
19:29:52.771 FuContext added udev subsystem watch of firmware-attributes
19:29:52.775 FuBiosSettings save_settings is not supported
19:29:52.798 FuBiosSettings failed to add string attrs: failed to load min_length: Failed to open file “/sys/class/firmware-attributes/thinklmi/attributes/AlarmTime/min_length”: No such file or directory
19:29:52.800 FuBiosSettings processing AlarmTime: (00:00:00)
19:29:52.813 FuBiosSettings failed to add string attrs: failed to load min_length: Failed to open file “/sys/class/firmware-attributes/thinklmi/attributes/UserDefinedAlarmTime/min_length”: No such file or directory
19:29:52.814 FuBiosSettings processing UserDefinedAlarmTime: (00:00:00)
19:29:52.841 FuBiosSettings failed to add string attrs: failed to load min_length: Failed to open file “/sys/class/firmware-attributes/thinklmi/attributes/AlarmDate/min_length”: No such file or directory
19:29:52.842 FuBiosSettings processing AlarmDate: (01/01/2023)
19:29:52.863 FuBiosSettings loaded 92 BIOS settings
19:29:52.863 FuBiosSettings Disabling changing SecureBoot since Allow3rdPartyUEFICA is Disable
Loading… [** ]19:29:52.863 FuEngine ignoring: Error opening directory “/var/lib/fwupd/local.d”: No such file or directory
19:29:52.863 FuEngine ignoring: Error opening directory “/usr/share/fwupd/local.d”: No such file or directory
19:29:52.863 XbSilo attempting to load /var/cache/fwupd/metadata.xmlb
19:29:52.863 XbSilo file: 4803e022-8bb3-6302-3438-453e0349c239, current:2d310c72-70b7-6243-8c5c-9d33112a4bc9, cached: (null)
19:29:52.863 XbSilo loading silo with file contents
19:29:52.865 FuEngine 3045 components now in silo
Loading… [*** ]19:29:52.873 FuPlugin constructed(pci_mei)
19:29:52.873 FuContext added udev subsystem watch of pci
19:29:52.873 FuEngine plugins disabled: flashrom, modem_manager, uefi_capsule, acpi_dmar, acpi_facp, acpi_ivrs, acpi_phat, algoltek_usb, amd_pmc, amd_gpu, analogix, android_boot, ata, audio_s5gen2, aver_hid, bcm57xx, bios, ccgx, ccgx_dmc, cfu, ch341a, ch347, colorhug, corsair, cpu, cros_ec, dell, dell_dock, dfu, dfu_csr, ebitdo, elantp, elanfp, emmc, ep963x, fastboot, focalfp, fpc, fresco_pd, genesys, genesys_gl32xx, goodixmoc, goodixtp, gpio, hailuck, igsc, intel_me, intel_usb4, iommu, jabra, jabra_gnp, kinetic_dp, lenovo_thinklmi, linux_display, linux_lockdown, linux_sleep, linux_swap, linux_tainted, logind, logitech_hidpp, logitech_bulkcontroller, logitech_rallysystem, logitech_scribe, logitech_tap, mediatek_scaler, msr, mtd, nitrokey, nordic_hid, nvme, optionrom, parade_lspcon, pci_bcr, pci_psp, pixart_rf, powerd, qsi_dock, realtek_mst, redfish, rts54hid, rts54hub, steelseries, scsi, superio, synaptics_cape, synaptics_cxaudio, synaptics_mst, synaptics_prometheus, synaptics_rmi, system76_launch, test, test_ble, thelio_io, thunderbolt, ti_tps6598x, tpm, uefi_dbx, uefi_esrt, uefi_pk, uefi_recovery, uf2, upower, usi_dock, vbe, vli, wacom_raw, wacom_usb, wistron_dock
Loading… [*** ]19:29:52.874 FuContext battery threshold now 25
Loading… [************************************** ]19:29:52.874 FuEngine FuUsbBackend:
Name: usb
Enabled: true
DoneSetup: false
CanInvalidate: false
FuUdevBackend:
Name: udev
Enabled: true
DoneSetup: false
CanInvalidate: false
DoneColdplug: false
FuBluezBackend:
Name: bluez
Enabled: true
DoneSetup: false
CanInvalidate: false
FuPciMeiPlugin:
Name: pci_mei
HFSTS1:
WorkingState: reset
MfgMode: false
FptBad: false
OperationState: preboot
FwInitComplete: false
FtBupLdFlr: false
UpdateInProgress: false
ErrorCode: no-error
OperationMode: normal
ResetCount: 0x0
BootOptions_present:false
BistFinished: false
BistTestState: false
BistResetRequest: false
CurrentPowerSource: 0x0
D3SupportValid: false
D0i3SupportValid: false
HFSTS2:
NftpLoadFailure: false
IccProgStatus: 0x0
InvokeMebx: false
CpuReplaced: false
Rsvd0: false
MfsFailure: false
WarmResetRqst: false
CpuReplacedValid: false
LowPowerState: false
MePowerGate: false
IpuNeeded: false
ForcedSafeBoot: false
Rsvd1: 0x0
ListenerChange: false
StatusData: 0x0
CurrentPmevent: 0x0
Phase: 0x0
HFSTS3:
Chunk0: 0x0
Chunk1: 0x0
Chunk2: 0x0
Chunk3: 0x0
FwSku: 0x0
EncryptKeyCheck: false
PchConfigChange: false
IbbVerificationResult:false
IbbVerificationDone:false
Reserved11: 0x0
ActualIbbSize: 0x0
NumberOfChunks: 0
EncryptKeyOverride: false
PowerDownMitigation:false
HFSTS4:
Rsvd0: 0x0
EnforcementFlow: false
SxResumeType: false
Rsvd1: false
TpmsDisconnected: false
Rvsd2: false
FwstsValid: false
BootGuardSelfTest: false
Rsvd3: 0x0
HFSTS5:
AcmActive: false
Valid: false
ResultCodeSource: false
ErrorStatusCode: 0x0
AcmDoneSts: 0x0
TimeoutCount: 0x0
ScrtmIndicator: false
IncBootGuardAcm: 0x0
IncKeyManifest: 0x0
IncBootPolicy: 0x0
Rsvd0: 0x0
StartEnforcement: false
HFSTS6:
ForceBootGuardAcm: false
CpuDebugDisable: false
BspInitDisable: false
ProtectBiosEnv: false
Rsvd0: 0x0
ErrorEnforcePolicy: 0x0
MeasuredBoot: false
VerifiedBoot: false
BootGuardAcmsvn: 0x0
Kmsvn: 0x0
Bpmsvn: 0x0
KeyManifestId: 0x0
BootPolicyStatus: false
Error: false
BootGuardDisable: false
FpfDisable: false
FpfSocLock: false
TxtSupport: false
19:29:52.887 FuEngine resetting update motd timeout
acpi_dmar:
Flags: • Disabled
acpi_facp:
Flags: • Disabled
acpi_ivrs:
Flags: • Disabled
acpi_phat:
Flags: • Disabled
algoltek_usb:
Flags: • Disabled
amd_gpu:
Flags: • Disabled
amd_pmc:
Flags: • Disabled
analogix:
Flags: • Disabled
android_boot:
Flags: • Disabled
ata:
Flags: • Disabled
audio_s5gen2:
Flags: • Disabled
aver_hid:
Flags: • Disabled
bcm57xx:
Flags: • Disabled
bios:
Flags: • Disabled
ccgx:
Flags: • Disabled
ccgx_dmc:
Flags: • Disabled
cfu:
Flags: • Disabled
ch341a:
Flags: • Disabled
ch347:
Flags: • Disabled
colorhug:
Flags: • Disabled
corsair:
Flags: • Disabled
cpu:
Flags: • Disabled
cros_ec:
Flags: • Disabled
dell:
Flags: • Disabled
dell_dock:
Flags: • Disabled
dfu:
Flags: • Disabled
dfu_csr:
Flags: • Disabled
ebitdo:
Flags: • Disabled
elanfp:
Flags: • Disabled
elantp:
Flags: • Disabled
emmc:
Flags: • Disabled
ep963x:
Flags: • Disabled
fastboot:
Flags: • Disabled
flashrom:
Flags: • Disabled
• Loaded from an external module
focalfp:
Flags: • Disabled
fpc:
Flags: • Disabled
fresco_pd:
Flags: • Disabled
genesys:
Flags: • Disabled
genesys_gl32xx:
Flags: • Disabled
goodixmoc:
Flags: • Disabled
goodixtp:
Flags: • Disabled
gpio:
Flags: • Disabled
hailuck:
Flags: • Disabled
igsc:
Flags: • Disabled
intel_me:
Flags: • Disabled
intel_usb4:
Flags: • Disabled
iommu:
Flags: • Disabled
jabra:
Flags: • Disabled
jabra_gnp:
Flags: • Disabled
kinetic_dp:
Flags: • Disabled
lenovo_thinklmi:
Flags: • Disabled
linux_display:
Flags: • Disabled
linux_lockdown:
Flags: • Disabled
linux_sleep:
Flags: • Disabled
linux_swap:
Flags: • Disabled
linux_tainted:
Flags: • Disabled
logind:
Flags: • Disabled
logitech_bulkcontroller:
Flags: • Disabled
logitech_hidpp:
Flags: • Disabled
logitech_rallysystem:
Flags: • Disabled
logitech_scribe:
Flags: • Disabled
logitech_tap:
Flags: • Disabled
mediatek_scaler:
Flags: • Disabled
modem_manager:
Flags: • Disabled
• Loaded from an external module
msr:
Flags: • Disabled
mtd:
Flags: • Disabled
nitrokey:
Flags: • Disabled
nordic_hid:
Flags: • Disabled
nvme:
Flags: • Disabled
optionrom:
Flags: • Disabled
parade_lspcon:
Flags: • Disabled
pci_bcr:
Flags: • Disabled
pci_mei:
Flags: • Enabled
pci_psp:
Flags: • Disabled
pixart_rf:
Flags: • Disabled
powerd:
Flags: • Disabled
qsi_dock:
Flags: • Disabled
realtek_mst:
Flags: • Disabled
redfish:
Flags: • Disabled
rts54hid:
Flags: • Disabled
rts54hub:
Flags: • Disabled
scsi:
Flags: • Disabled
steelseries:
Flags: • Disabled
superio:
Flags: • Disabled
synaptics_cape:
Flags: • Disabled
synaptics_cxaudio:
Flags: • Disabled
synaptics_mst:
Flags: • Disabled
synaptics_prometheus:
Flags: • Disabled
synaptics_rmi:
Flags: • Disabled
system76_launch:
Flags: • Disabled
test:
Flags: • Disabled
• Plugin is only for testing
test_ble:
Flags: • Disabled
• Plugin is only for testing
thelio_io:
Flags: • Disabled
thunderbolt:
Flags: • Disabled
ti_tps6598x:
Flags: • Disabled
tpm:
Flags: • Disabled
uefi_capsule:
Flags: • Disabled
• Will measure elements of system integrity around an update
uefi_dbx:
Flags: • Disabled
uefi_esrt:
Flags: • Disabled
uefi_pk:
Flags: • Disabled
uefi_recovery:
Flags: • Disabled
uf2:
Flags: • Disabled
upower:
Flags: • Disabled
usi_dock:
Flags: • Disabled
vbe:
Flags: • Disabled
vli:
Flags: • Disabled
wacom_raw:
Flags: • Disabled
wacom_usb:
Flags: • Disabled
wistron_dock:
Flags: • Disabled
19:29:52.894 FuPluginTest destroy
I think it's the same.
Created internal ticket LO-3022 to get feedback from the FW team. A note that it's a holiday in Japan and China this week so I won't get answers until at least next week. I am seeing the same on my system - but it's a prototype so these may not have been programmed. Can I confirm that the system is a ship-level supported system please? Mark
FW team thinks this will be fixed with https://github.com/fwupd/fwupd/pull/7163/commits/fb18ce3b0e333310731397a437b529391646bcb3 But I tested on my (prototype) system and it didn't help. Following up for more insight.
FW team thinks this will be fixed with https://github.com/fwupd/fwupd/commit/fb18ce3b0e333310731397a437b529391646bcb3
Nah, that's the cosmetic fix -- the real problem is the register reads are failing.
Hi @iyanmv - could you do 'sudo lspci -xxx -s 00:16.0' on your system please? I'd like to capture the registers from a ship level support system (all of the ones in our team are pre-ship)
Thanks Mark
Hi @iyanmv - could you do 'sudo lspci -xxx -s 00:16.0' on your system please? I'd like to capture the registers from a ship level support system (all of the ones in our team are pre-ship)
Thanks Mark
00:16.0 Communication controller: Intel Corporation Device 7e70 (rev 20)
00: 86 80 70 7e 06 04 10 00 20 00 80 07 00 00 80 00
10: 04 90 70 5a 40 00 00 00 00 00 00 00 00 00 00 00
20: 00 00 00 00 00 00 00 00 00 00 00 00 aa 17 1e 23
30: 00 00 00 00 50 00 00 00 00 00 00 00 ff 01 00 00
40: 45 02 00 a0 00 00 00 80 00 05 00 00 00 00 00 00
50: 01 8c 03 40 08 00 00 00 00 00 00 00 00 00 00 00
60: 20 00 00 00 00 00 00 00 03 1f f4 02 00 00 00 40
70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
80: 00 00 00 00 00 00 00 00 00 00 00 00 05 a4 81 00
90: 38 03 e0 fe 00 00 00 00 00 00 00 00 00 00 00 00
a0: 04 00 00 00 09 00 14 f0 10 00 40 01 00 00 00 00
b0: 01 80 00 00 38 0d 0e 00 00 00 00 00 00 00 00 40
c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
f0: 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 00
@mrhpearson (unrelated question but perhaps you can help) Do you know if the Intel Ultra 7 155H supports TME? It's not clear in the specs (they do mention that TME-MK is not supported, but nothing about TME). It would be weird if Intel decided to drop this with previous generations supporting RAM encryption. At least the X1 Carbon Gen 11 had an option in the BIOS (I think disabled by default) to enable the TME, but this option is missing in the X1 Carbon Gen 12.
Should be there - under Security->Memory protection At least it's showing up in the BIOS simulator (and is on my proto system): https://download.lenovo.com/bsco/index.html#/graphicalsimulator/ThinkPad%20X1%20Carbon%2012th%20Gen%20(21KC,21KD)
Should be there - under Security->Memory protection At least it's showing up in the BIOS simulator (and is on my proto system): https://download.lenovo.com/bsco/index.html#/graphicalsi mulator/ThinkPad%20X1%20Carbon%2012th%20Gen%20(21KC,21KD)
I can't see that option on my system, only the "Execution Prevention" item.
Interesting... I have two systems. One early proto (non-vPro) and one later proto (vPro with MIPI camera) - the option is there on my vPro system but not the non-vPro. I don't know if this is by design, or a factor of when I got my system, or something else.
Just to confirm - your system is a regular purchased Lenovo unit?
I will need to check with the FW team. Mark
Just to confirm - your system is a regular purchased Lenovo unit?
Yes, that is correct. Bought in Switzerland (not directly from Lenovo, but from Computacenter TS GmbH) but it is registered in Lenovo website. It is the Type 21KD with the Intel 7 155H and the 1080P FHD IR+RGB camera, not the MIPI one. Not sure about the vPro or how to check that.
Some updates: According to Intel this is a industry wide issue, and is related to the contents of HFSTS6 changing - meaning fwupdmgr cannot determine the bootguard configuration correctly. We're discussing with Intel how we address this.
@hughsie - once I have the details I'll likely reach out offline on how to get this fixed in fwupd.
On the TME...no. My apologies but that one had fallen off my radar while we dug into all the HFSTS register changes.
Checking with the FW team as to why it's available on some systems and not others - it may be a design limitation? Mark
No problem, I only ping you about the issue because I got this answer from a ticket I opened at Lenovo some months ago (also forgot about it):
«(...) After checking your github discussion you seem to be in contact with the correct people for this issue. Sadly, the Lenovo Premier Support is "only" an extended hardware warranty to replace defective parts onsite. Anything regarding BIOS issues or faults can get reported by us, but we do not receive an immediate feedback.»
I also tried to reach Intel some time ago because I couldn't find anywhere the exact differences between their new marketing terms "Intel vPro Essentials" and "Intel vPro Enterprise" (perhaps TME in the new gen is only supported by the vPro Enterprise?), but they kindly told me to ask my laptop manufacturer 😅
FW team confirmed that the encrypted memory feature is only available with vPro systems I'm afraid.
There is an Intel white paper on it (white-paper-intel-tme.pdf) - though it seems to not be available any more (I logged into my Intel support account and checked and it wasn't there either)
I thought it was just vPro, didn't matter which flavour. The white paper seems to be back up now (https://www.intel.com/content/dam/www/central-libraries/us/en/documents/white-paper-intel-tme.pdf) and I can't find anything that specifies it being enterprise only.
Do you know what you have? If you go into the BIOS setup (F1 during early boot) is there an AMT option under the Config menu?
Mark
Do you know what you have? If you go into the BIOS setup (F1 during early boot) is there an AMT option under the Config menu?
No, I don't have that submenu in config. Mine finishes with the Thunderbolt 4.
But I guess that is not a surprise because in the CPU specs it says that Intel® Active Management Technology (AMT) is not supported.
If it helps, this my Machine Type Model: 21KDS00600.
So what you are saying is that vPro Essentials ≠ vPro? (at least regarding TME) Is AMT a requirement for TME?