ec icon indicating copy to clipboard operation
ec copied to clipboard
verified publisher icon system76

tool: Add error for write locked

Open crawfxrd opened this issue 1 year ago • 3 comments

Add a new error for the case of trying to flash when security is enabled and it is still locked and update the related docs.

crawfxrd avatar Mar 22 '24 21:03 crawfxrd

After running ectool.sh security unlock I get presented with the unlock prompt on every boot - hot or cold - until I cancel out of it.

That doesn't feel correct? I would expect it to prompt for a single boot, and then the standard locked behaviour to reassert on subsequent boots.

XV-02 avatar Apr 17 '24 16:04 XV-02

Also, should the post ectool.sh security unlock message highlight that a reboot is insufficient to correctly change the security state?

Currently tool/src/main.rs line 299 prints "Shut down the system for the security state to take effect" which is technically correct, but could perhaps more forcibly state that a cold boot is required?

XV-02 avatar Apr 17 '24 17:04 XV-02

After running ectool.sh security unlock I get presented with the unlock prompt on every boot - hot or cold - until I cancel out of it.

~Addressed by https://github.com/system76/firmware-setup/pull/45.~

This change was reverted; it's intended behavior for it to show up even when unlocked.

Currently tool/src/main.rs line 299 prints "Shut down the system for the security state to take effect" which is technically correct, but could perhaps more forcibly state that a cold boot is required?

Per UEFI wording for ResetType, "Shutdown" is the correct type of event. "Cold" and "Warm" are reset events that will not trigger the EC logic to reboot unlocked.

crawfxrd avatar Jun 18 '24 21:06 crawfxrd