Springe zum Hauptinhalt

Updating NVMe Firmware on GNU/Linux

Kommentare

Source

Tags:

nvme-logo.png

As the NAND storage technology reaches speeds that cannot be satiated with SATA anymore, the modern SSDs are attached over PCIe, the descendant of the very successful Peripheral Component Interconnect standard that allowed for many extension cards in the IBM PC ecosystem. But where most PCI cards could not be software upgraded in the field, the question on how to update firmware on attached PCI devices is not obviously standardized (or am I missing something?). So under Windows, the manufacturers of NVMe modules deliver their proprietary update tool, but what do we do in a Free Operating system like GNU/Linux?

In this blog post I will take a quick look at how I was able to upgrade the firmware of my Kingston SA2000M8250G NVMe drive in my desktop system.

Querying devices

The nvme-cli project offers user space tooling for NVMe device. The package should be easily installable with an apt-get install nvme-cli or comparable. Once it is installed, it can be used as root: 

root@krikkit:~# nvme id-ctrl /dev/nvme0 | head -10
NVME Identify Controller:
vid       : 0x2646
ssvid     : 0x2646
sn        : 50026B76840FE52A    
mn        : KINGSTON SA2000M8250G                   
fr        : S5Z42105
rab       : 6
ieee      : 0026b7
cmic      : 0
mdts      : 5
root@krikkit:~#

Downloading Firmware

Browsing the web pages of the vendor, I found an update file for my specific device and downloaded the S5Z42109.bin binary file. I can then instruct nvme to install the firmware on /dev/nvme0: 

root@krikkit:~# nvme fw-download /dev/nvme0 --fw=S5Z42109.bin
Firmware download success
root@krikkit:~#

Once the firmware has been downloaded successfully, we need also to activate it for the next boot: 

root@krikkit:~# nvme fw-activate /dev/nvme0 --slot=1 --action=1
Success committing firmware action:1 slot:1
Multiple Update Detected (MUD) Value: 0
root@krikkit:~#

What About fwupd?

Having successfully installed the latest firmware for our device, it wouldbe interesting to know if this process could somehow be automated for the GNU/Linux user. And indeed there is the Linux Vendor Firmware Service (LVFS) hosted by the Linux foundation.

The architecture of the framework is nicely summed up in this image stolen from the documentation:

lvfs-architecture-plan.png

So let's see if this framework knows about our devices: 

root@krikkit:~# fwupdmgr get-updates
Devices with no available firmware updates: 
 • HDWD110
 • KINGSTON SA2000M8250G
 • SA400S37240G
 • System Firmware
 • UEFI dbx
 • USB2.0 Hub
 • WDC WD10EZRZ-00HTKB0
 • WDC WD30NMZW-11LG6S1
No updatable devices
root@krikkit:~# 

dzu@krikkit:~$ sudo fwupdmgr get-remotes
System manufacturer System Product Name
│
├─Linux Vendor Firmware Service (testing):
│     Remote ID:          lvfs-testing
│     Typ:                download
│     Schlüsselbund:      jcat
│     Aktiviert:          false
│     Priorität:          1
│     Dateiname:          /var/lib/fwupd/metadata/lvfs-testing/metadata.xml.xz
│     Dateinamen-Signatur:/var/lib/fwupd/metadata/lvfs-testing/metadata.xml.xz.jcat
│     Dateinamen-Quelle:  /etc/fwupd/remotes.d/lvfs-testing.conf
│     Metadaten-URI:      https://cdn.fwupd.org/downloads/firmware-testing.xml.xz
│     Metadaten-Signatur: https://cdn.fwupd.org/downloads/firmware-testing.xml.xz.jcat
│     Bericht-URI:        https://fwupd.org/lvfs/firmware/report
│     Automatische Berichterstattung:false
│   
├─Enable UEFI capsule updates on Dell systems:
│     Remote ID:          dell-esrt
│     Typ:                local
│     Schlüsselbund:      none
│     Aktiviert:          true
│     Dateiname:          /usr/share/fwupd/remotes.d/dell-esrt/metadata.xml
│     Dateinamen-Quelle:  /etc/fwupd/remotes.d/dell-esrt.conf
│   
├─Linux Vendor Firmware Service:
│     Remote ID:          lvfs
│     Typ:                download
│     Schlüsselbund:      jcat
│     Aktiviert:          true
│     Prüfsumme:          30615d900323ba6db0923dff3d8322bac567d01c583a63724c7eca67239205c3
│     Alter:              3,45h
│     Dateiname:          /var/lib/fwupd/metadata/lvfs/metadata.xml.xz
│     Dateinamen-Signatur:/var/lib/fwupd/metadata/lvfs/metadata.xml.xz.jcat
│     Dateinamen-Quelle:  /etc/fwupd/remotes.d/lvfs.conf
│     Metadaten-URI:      https://cdn.fwupd.org/downloads/firmware.xml.xz
│     Metadaten-Signatur: https://cdn.fwupd.org/downloads/firmware.xml.xz.jcat
│     Bericht-URI:        https://fwupd.org/lvfs/firmware/report
│     Automatische Berichterstattung:false
│   
├─Vendor:
│     Remote ID:          vendor
│     Typ:                local
│     Schlüsselbund:      none
│     Aktiviert:          false
│     Dateiname:          /usr/share/fwupd/remotes.d/vendor/vendor.xml.gz
│     Dateinamen-Quelle:  /etc/fwupd/remotes.d/vendor.conf
│   
└─Vendor (Automatic):
      Remote ID:          vendor-directory
      Typ:                directory
      Schlüsselbund:      none
      Aktiviert:          false
      Dateiname:          /usr/share/fwupd/remotes.d/vendor/firmware
      Dateinamen-Quelle:  /etc/fwupd/remotes.d/vendor-directory.conf
    
dzu@krikkit:~$

Kommentare

Comments powered by Disqus