Firmware Updates on GNU/Linux
As the NAND storage technology reaches speeds that cannot be satiated with SATA anymore, the modern SSDs are attached over PCIe, the descendant of the very successful Peripheral Component Interconnect standard that allowed for many extension cards in the IBM PC ecosystem. But where most PCI cards could not be software upgraded in the field, the question on how to update firmware on attached PCI devices is not obviously standardized (or am I missing something?). So under Windows, the manufacturers of NVMe modules deliver their proprietary update tool, but what do we do in a Free Operating system like GNU/Linux?
In this blog post I will take a quick look at how I was able to upgrade the firmware of my Kingston SA2000M8250G NVMe drive in my desktop system.
Listing Updateable devices
dzu@krikkit:~$ fwupdmgr get-devices
ASUS System Product Name
│
├─AMD Ryzen 7 5700G with Radeon Graphics:
│ │ Device ID: 4bde70ba4e39b28f9eab1628f9dd6e6244c03027
│ │ Current version: 0x0a500011
│ │ Vendor: Advanced Micro Devices, Inc.
│ │ GUIDs: 79759cdc-94db-5098-be7b-eb02521fbbec ← CPUID\PRO_0&FAM_19&MOD_50
│ │ 20b595b0-5892-5870-8e4c-688133ad6e34 ← CPUID\PRO_0&FAM_19&MOD_50&STP_0
│ │ Device Flags: • Internal device
│ │
│ ├─AMD Radeon Graphics:
│ │ │ Device ID: 20161e3870a2030fa932712e7b7dae8a2aec59c3
│ │ │ Summary: Cezanne Generic VBIOS
│ │ │ Current version: 19
│ │ │ Vendor: Advanced Micro Devices, Inc. [AMD/ATI] (PCI:0x1002)
│ │ │ GUID: 884e745f-31eb-5acc-9594-731341d91164 ← AMD\13-CEZANNE
│ │ │ Device Flags: • Internal device
│ │ │ • Can tag for emulation
│ │ │
│ └─Secure Processor:
│ Device ID: c54ab0237d7a8db8c717b68e0be78e4374a2a079
│ Current version: 00.11.00.83
│ Bootloader Version: 00.11.00.83
│ Vendor: Advanced Micro Devices, Inc. (PCI:0x1022)
│ GUID: 0e8dc554-a0a2-51fb-b439-1eb72b14ec38 ← PCI\VEN_1022&DEV_15DF
│ Device Flags: • Internal device
│ • Can tag for emulation
│
├─Elements 25A1:
│ Device ID: fa76b17a459b41fcb27402b70f69d3251f5cb222
│ Summary: SCSI device
│ Current version: 1018
│ Vendor: WD (USB:0x1058, SCSI:WD)
│ GUIDs: 278341bb-ff68-55e0-85f1-f9edf8c35dd5 ← BLOCK\VEN_1058&DEV_25A1
│ 7d53d0b4-7a0e-5455-8561-a185437ce8e3 ← SCSI\VEN_WD &DEV_Elements 25A1
│ e09fe0b5-5f22-5c95-8a4e-f14c807272a5 ← SCSI\VEN_WD &DEV_Elements 25A1 &REV_1018
│ Device Flags: • Internal device
│ • Can tag for emulation
│
├─External USB 3.0:
│ Device ID: 57a626a9a9c9385087a0a893b4bb4da4c9bdea98
│ Summary: SCSI device
│ Current version: 5438
│ Vendor: TOSHIBA (USB:0x0480, SCSI:TOSHIBA)
│ GUIDs: 17277e23-106c-5d90-a0de-95587f3a59e5 ← BLOCK\VEN_0480&DEV_A202
│ cf7dfae8-c714-53ce-8db8-6920577a1023 ← SCSI\VEN_TOSHIBA&DEV_External USB 3.0
│ 03b04d28-0698-58b6-86b6-314e0d3ef4fb ← SCSI\VEN_TOSHIBA&DEV_External USB 3.0&REV_5438
│ Device Flags: • Internal device
│ • Can tag for emulation
│
├─HDWD110:
│ Device ID: 0bb81f2fdbd2e2a29575010af6dc8b56d55a895f
│ Summary: ATA drive
│ Current version: MS2OA8J0
│ Vendor: Toshiba (ATA:0x1179, OUI:000039)
│ Serial Number: 58R8N0VNS
│ GUIDs: 9acdde3d-ec0f-5233-b5d5-eeae54a2a7d9 ← IDE\TOSHIBA_HDWD110_________________________MS2OA8J0
│ 6badafc3-4f1b-52c0-957c-6c53f7a323db ← IDE\0TOSHIBA_HDWD110_________________________
│ e9bb055c-1ce2-58bb-8403-fbab14cd8981 ← TOSHIBA HDWD110
│ Device Flags: • Internal device
│ • Updatable
│ • System requires external power source
│ • Needs a reboot after installation
│ • Device is usable for the duration of the update
│ • Can tag for emulation
│
├─KINGSTON SA2000M8250G:
│ Device ID: d62bbbab5045e98c4f26c1dcac8b2ee96a3d90e4
│ Summary: NVM Express solid state drive
│ Current version: S5Z42109
│ Vendor: Kingston Technology Company, Inc. (PCI:0x2646)
│ Serial Number: 50026B76840FE52A
│ GUIDs: 1acc856a-5932-54e8-92a9-0fd097bf3b27 ← NVME\VEN_2646&DEV_2263
│ 5e89f5d0-ab2d-5ece-89c4-9be5cbcc73bb ← NVME\VEN_2646&DEV_2263&SUBSYS_26462263
│ fcdb6c73-cea8-5eca-ade5-e86e6fbfd35e ← KINGSTON SA2000M8250G
│ Device Flags: • Internal device
│ • Updatable
│ • System requires external power source
│ • Needs shutdown after installation
│ • Device is usable for the duration of the update
│ • Can tag for emulation
│
├─MQ03UBB200:
│ Device ID: 8915a969d84f20dff12e45313fc7616e99854589
│ Summary: ATA drive
│ Current version: JP050U
│ Vendor: Toshiba (USB:0x0480, ATA:0x1179)
│ Serial Number: 67MDTZDOT
│ GUIDs: 17277e23-106c-5d90-a0de-95587f3a59e5 ← BLOCK\VEN_0480&DEV_A202
│ 332d986a-f506-5cf7-a1ff-3edc52680718 ← IDE\TOSHIBA_MQ03UBB200______________________JP050U
│ c0e7076e-8f5f-5961-895c-31acd3828481 ← IDE\0TOSHIBA_MQ03UBB200______________________
│ fe418930-bdcb-55e0-bf98-91d32cfeb55d ← TOSHIBA MQ03UBB200
│ Device Flags: • Internal device
│ • Updatable
│ • System requires external power source
│ • Needs a reboot after installation
│ • Device is usable for the duration of the update
│ • Can tag for emulation
│
├─SA400S37240G:
│ Device ID: 6f05b0d0e755b2584767b5b37e83632df605b1ad
│ Summary: ATA drive
│ Current version: R0105A
│ Vendor: Kingston (OUI:0026b7, ATA:0x2646)
│ Serial Number: 50026B778246A616
│ GUIDs: 1c2d4ad0-01ca-5d39-bfc3-90fd59470f5d ← IDE\KINGSTON_SA400S37240G___________________R0105A
│ 2a76fab0-59b3-53a9-bdc6-7ba2cc24ee37 ← IDE\0KINGSTON_SA400S37240G___________________
│ 5bfd3e07-4ee5-5934-85e6-7aa10b2eca42 ← KINGSTON SA400S37240G
│ Device Flags: • Internal device
│ • Updatable
│ • System requires external power source
│ • Needs a reboot after installation
│ • Device is usable for the duration of the update
│ • Can tag for emulation
│
├─System Firmware:
│ │ Device ID: 0f37069a434291b08b53362cdbb19c22c45d164b
│ │ Summary: UEFI System Resource Table device (updated via NVRAM)
│ │ Current version: 14082
│ │ Minimum Version: 14082
│ │ Vendor: ASUS (DMI:American Megatrends Inc.)
│ │ Update State: Success
│ │ GUID: 998c514f-2d48-5755-a964-b9abe76a1553
│ │ Device Flags: • Internal device
│ │ • Updatable
│ │ • System requires external power source
│ │ • Needs a reboot after installation
│ │ • Cryptographic hash verification is available
│ │ • Device is usable for the duration of the update
│ │ Device Requests: • Message
│ │
│ └─UEFI dbx:
│ Device ID: 362301da643102b9f38477387e2193e57abaa590
│ Summary: UEFI revocation database
│ Current version: 20160809
│ Minimum Version: 20160809
│ Vendor: UEFI:Microsoft
│ Install Duration: 1 second
│ GUIDs: f8ff0d50-c757-5dc3-951a-39d86e16f419 ← UEFI\CRT_D7F66BE77CEF858C174BF4338A99263C8795B74E02026411F5F532F716AE3263&ARCH_X64
│ f8ba2887-9411-5c36-9cee-88995bb39731 ← UEFI\CRT_A1117F516A32CEFCBA3F2D1ACE10A87972FD6BBE8FE0D0B996E09E65D802A503&ARCH_X64
│ 0c7691e1-b6f2-5d71-bc9c-aabee364c916 ← UEFI\CRT_ED1FE72CB9CA31C9AF5B757AFCD733323D675825032E6CED7FE1AE9EB767998C&ARCH_X64
│ d07ff664-b0e1-5f4e-a723-d7fbcbfcb94f ← UEFI\CRT_3CD3F0309EDAE228767A976DD40D9F4AFFC4FBD5218F2E8CC3C9DD97E8AC6F9D&ARCH_X64
│ Device Flags: • Internal device
│ • Updatable
│ • Supported on remote server
│ • Needs a reboot after installation
│ • Cryptographic hash verification is available
│ • Device is usable for the duration of the update
│ • Only version upgrades are allowed
│ • Signed Payload
│ • Can tag for emulation
│
├─TPM:
│ Device ID: 1d8d50a4dbc65618f5c399c2ae827b632b3ccc11
│ Current version: 3.92.0.5
│ Vendor: Advanced Micro Devices, Inc. (TPM:AMD)
│ GUIDs: 9305de1c-1e12-5665-81c4-37f8e51219b8 ← TPM\VEN_AMD&DEV_0001
│ 78a291ae-b499-5b0f-8f1d-74e1fefd0b1c ← TPM\VEN_AMD&MOD_AMD
│ 65a3fced-b423-563f-8098-bf5c329fc063 ← TPM\VEN_AMD&DEV_0001&VER_2.0
│ 5e704f0d-83cb-5364-8384-f46d725a23b8 ← TPM\VEN_AMD&MOD_AMD&VER_2.0
│ Device Flags: • Internal device
│ • System requires external power source
│ • Needs a reboot after installation
│ • Device can recover flash failures
│ • Full disk encryption secrets may be invalidated when updating
│ • Signed Payload
│ • Can tag for emulation
│
├─USB Card Reader:
│ Device ID: b428c5f0881d3ff16dd7720d585d2784f19b1610
│ Current version: 0
│ Vendor: Algoltek (USB:0x0480, BLOCK:0x0480)
│ GUID: 17277e23-106c-5d90-a0de-95587f3a59e5 ← BLOCK\VEN_0480&DEV_A202
│ Device Flags: • Updatable
│ • Unsigned Payload
│ • Can tag for emulation
│
├─Unifying Receiver:
│ Device ID: f172a9f0ebebd7f11a6e87b6fe97ce9bcafb7448
│ Summary: Miniaturised USB wireless receiver
│ Current version: RQR12.03_B0025
│ Bootloader Version: BOT01.02_B0015
│ Vendor: Logitech, Inc. (USB:0x046D, HIDRAW:0x046D)
│ Install Duration: 30 seconds
│ GUIDs: aa995882-da42-574a-8338-c8dfdca447e3 ← UFY\VID_046D&PID_C52B
│ 279ed287-3607-549e-bacc-f873bb9838c4 ← HIDRAW\VEN_046D&DEV_C52B
│ 9d131a0c-a606-580f-8eda-80587250b8d6 ← USB\VID_046D&PID_AAAA
│ Device Flags: • Updatable
│ • Supported on remote server
│ • Unsigned Payload
│ • Can tag for emulation
│
├─WD10EZRZ-00HTKB0:
│ Device ID: ac7d08eb09e1e3fecb3b681d6d602257d0775286
│ Summary: ATA drive
│ Current version: 01.01A01
│ Vendor: Western Digital (OUI:0014ee, ATA:0x101C)
│ Serial Number: WD-WCC4J7HDD075
│ GUIDs: 7be8b021-961f-5fca-b31b-e9faf263bb29 ← IDE\WDC_WD10EZRZ-00HTKB0____________________01.01A01
│ 0200cf42-b19e-50c8-bec8-d811d97777d9 ← IDE\0WDC_WD10EZRZ-00HTKB0____________________
│ a696273a-8018-556e-b1a9-ea769ab013cd ← WDC WD10EZRZ-00HTKB0
│ Device Flags: • Internal device
│ • Updatable
│ • System requires external power source
│ • Needs a reboot after installation
│ • Device is usable for the duration of the update
│ • Can tag for emulation
│
└─WD30NMZW-11LG6S1:
Device ID: 18e0e39ae6328780ba42c1b85e73312440f22de9
Summary: ATA drive
Current version: 02.01A02
Vendor: Western Digital (USB:0x1058, OUI:0014ee, ATA:0x101C)
Serial Number: WD-WXW1EA93VKDN
GUIDs: 278341bb-ff68-55e0-85f1-f9edf8c35dd5 ← BLOCK\VEN_1058&DEV_25A1
cad059c6-5a1a-5571-a01a-f577711c09d9 ← IDE\WDC_WD30NMZW-11LG6S1____________________02.01A02
a0cbc864-3197-598c-bcc0-d5ad4d126268 ← IDE\0WDC_WD30NMZW-11LG6S1____________________
3e8503b4-8dcb-56b9-bde7-a1d4b95bdf8c ← WDC WD30NMZW-11LG6S1
Device Flags: • Internal device
• Updatable
• System requires external power source
• Needs a reboot after installation
• Device is usable for the duration of the update
• Can tag for emulation
dzu@krikkit:~$
dzu@krikkit:~$ fwupdmgr refresh
Metadata is up to date; use --force to refresh again.
dzu@krikkit:~$
dzu@krikkit:~$ fwupdmgr update
╔══════════════════════════════════════════════════════════════════════════════╗
║ Upgrade UEFI dbx from 20160809 to 20241101? ║
╠══════════════════════════════════════════════════════════════════════════════╣
║ This updates the list of forbidden signatures (the "dbx") to the latest ║
║ release from Microsoft. ║
║ ║
║ An insecure version of Howyar's SysReturn software was added, due to a ║
║ security vulnerability that allowed an attacker to bypass UEFI Secure Boot. ║
║ ║
╚══════════════════════════════════════════════════════════════════════════════╝
Perform operation? [Y|n]: Y
Waiting… [***************************************]
Successfully installed firmware
╔══════════════════════════════════════════════════════════════════════════════╗
║ Upgrade Unifying Receiver from RQR12.03_B0025 to RQR12.10_B0032? ║
╠══════════════════════════════════════════════════════════════════════════════╣
║ This release addresses an encrypted keystroke injection vulnerability sent ║
║ by pointing devices.The vulnerability is complex to replicate and would ║
║ require a hacker to be physically close to a target. ║
║ ║
║ A few of Logitech's devices used to send select buttons in an unencrypted ║
║ way, and in an effort to protect against this vulnerability, Logitech ║
║ removed the feature.Affected hardware is: ║
║ ║
║ • Wireless Mouse M335 ║
║ • Zone Touch Mouse T400 ║
║ • Wireless Mouse M545 ║
║ • Wireless Mouse M560 ║
║ • Touch Mouse M600 ║
║ • Touch Mouse T620 ║
║ • Wireless Rechargeable Touchpad T650 ║
║ ║
║ Although Logitech does not recommend it, these features may be re-activated ║
║ by keeping/downgrading the receiver to an older firmware. ║
║ ║
║ Unifying Receiver and all connected devices may not be usable while ║
║ updating. ║
╚══════════════════════════════════════════════════════════════════════════════╝
Perform operation? [Y|n]: Y
Updating Unifying Receiver…- ]
Waiting… [***************************************] Less than one minute remaining…
Successfully installed firmware
Devices with no available firmware updates:
• HDWD110
• KINGSTON SA2000M8250G
• MQ03UBB200
• SA400S37240G
• System Firmware
• USB Card Reader
• WD10EZRZ-00HTKB0
• WD30NMZW-11LG6S1
An update requires a reboot to complete. Restart now? [y|N]:
dzu@krikkit:~$
Kommentare
Comments powered by Disqus