`fwupdmgr security` on Lenovo Thinkpad X1 Carbon (Gen 12) #7180

iyanmv · 2024-04-26T13:08:19Z

Describe the bug
Running fwupdmgr security on a Lenovo Thinkpad X1 Carbon (Gen 12) returns the following:

$ fwupdmgr security
Host Security ID: HSI:0! (v1.9.18)

HSI-1
✔ BIOS firmware updates:         Enabled
✔ MEI key manifest:              Valid
✔ unknown manufacturing mode:    Locked
✔ unknown override:              Locked
✔ Platform debugging:            Disabled
✔ SPI write:                     Disabled
✔ SPI lock:                      Enabled
✔ SPI BIOS region:               Locked
✔ Supported CPU:                 Valid
✔ TPM empty PCRs:                Valid
✔ TPM v2.0:                      Found
✔ UEFI bootservice variables:    Locked
✔ UEFI platform key:             Valid
✔ UEFI secure boot:              Enabled
✘ MEI version:                   Unknown

HSI-2
✔ BIOS rollback protection:      Enabled
✔ Intel BootGuard:               Enabled
✔ Intel BootGuard OTP fuse:      Valid
✔ IOMMU:                         Enabled
✔ Platform debugging:            Locked
✔ TPM PCR0 reconstruction:       Valid
✘ Intel BootGuard ACM protected: Invalid
✘ Intel BootGuard verified boot: Invalid

HSI-3
✔ CET Platform:                  Supported
✔ Pre-boot DMA protection:       Enabled
✔ Suspend-to-idle:               Enabled
✔ Suspend-to-ram:                Disabled
✘ Intel BootGuard error policy:  Invalid

HSI-4
✔ SMAP:                          Enabled
✘ Encrypted RAM:                 Not supported

Runtime Suffix -!
✔ fwupd plugins:                 Untainted
✔ Linux kernel lockdown:         Enabled
✔ Linux swap:                    Disabled
✔ Linux kernel:                  Untainted
✘ CET OS Support:                Not supported

This system has a low HSI security level.
 » https://fwupd.github.io/hsi.html#low-security-level

This system has HSI runtime issues.
 » https://fwupd.github.io/hsi.html#hsi-runtime-suffix

Host Security Events
  2024-04-24 22:59:56:  ✔ Kernel lockdown enabled
  2024-04-24 22:53:13:  ✔ BIOS rollback protection changed: Disabled → Enabled
  2024-04-24 20:55:32:  ✔ Secure Boot enabled

Host Security ID attributes uploaded successfully, thanks!

MEI version is missing and Intel BootGuard ACM protected and Intel BootGuard verified boot are marked as invalid although should be supported according to the CPU specs.

fwupd version information
Please provide the version of the daemon and client.

compile   com.hughsie.libxmlb           0.3.19
compile   org.freedesktop.Passim        0.1.7
compile   com.hughsie.libjcat           0.2.1
compile   org.freedesktop.fwupd         1.9.18
runtime   org.freedesktop.Passim        0.1.7
compile   org.freedesktop.gusb          0.4.8
runtime   com.hughsie.libxmlb           0.3.19
runtime   com.hughsie.libjcat           0.2.1
runtime   org.freedesktop.gusb          0.4.8
runtime   org.kernel                    6.8.7-arch1-1
runtime   org.freedesktop.fwupd         1.9.18

Please note how you installed it (apt, dnf, pacman, source, etc): pacman

**fwupd device information**

Please provide the output of the fwupd devices recognized in your system.

LENOVO 21KDS00600
│
├─Unknown Device:
│     Device ID:          a68c39791960b3933e30fa803e3ad3bb813e8850
│     GUID:               e4d9b4f9-ae47-5fe3-9ef0-a27b093b8553 ← GPIO\ID_INTC1083:00
│   
├─ATNA40YK20-0:
│     Device ID:          aec1a869eb0df71b7cea6b3ac71d39b830faf164
│     GUID:               ac5271d2-805b-5318-aa35-056f5564a2c2 ← DRM\VEN_SDC&DEV_419F
│     Device Flags:       • Internal device
│   
├─Core™ Ultra 7 155H:
│     Device ID:          4bde70ba4e39b28f9eab1628f9dd6e6244c03027
│     Current version:    0x0000001c
│     Vendor:             Intel
│     GUIDs:              e38fa480-0c3d-5240-be48-b590e507eed9 ← CPUID\PRO_0&FAM_06&MOD_AA
│                         189c1794-cc75-56bd-b1f7-8f4af3aa3f82 ← CPUID\PRO_0&FAM_06&MOD_AA&STP_4
│     Device Flags:       • Internal device
│   
├─Integrated Camera:
│     Device ID:          4295296d98b3ba38c72f6baa33d24f03a1d428f6
│     Current version:    56.9
│     Vendor:             Chicony Electronics Co.,Ltd. (USB:0x04F2)
│     Serial Number:      0001
│     GUID:               e3050efc-079c-58b7-9356-e148a87e9f52 ← USB\VID_04F2&PID_B7E0
│     Device Flags:       • Updatable
│   
├─Intel Management Engine:
│     Device ID:          24042f04a129b0c4f214e2a5dad7871889015686
│     Summary:            UEFI System Resource Table device (updated via NVRAM)
│     Current version:    0.5.2098
│     Vendor:             Lenovo (DMI:LENOVO)
│     Update State:       Success
│     Problems:           • Device requires AC power to be connected
│     GUID:               3e00e617-c8ff-4e88-8133-c3032089c5e7
│     Device Flags:       • Internal device
│                         • System requires external power source
│                         • Supported on remote server
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│                         • Updatable
│     Device Requests:    • Message
│   
├─KXG8AZNV1T02 LA KIOXIA:
│     Device ID:          04e17fcf7d3de91da49a163ffe4907855c3648be
│     Summary:            NVM Express solid state drive
│     Current version:    5106APLA
│     Vendor:             KIOXIA Corporation (NVME:0x1E0F)
│     Serial Number:      Z3EFB2VXFS8U
│     Problems:           • Device requires AC power to be connected
│     GUIDs:              722427b7-af1f-5554-b0c2-c608b2b94717 ← NVME\VEN_1E0F&DEV_0010
│                         d4c81e68-004c-5f36-a848-c2ccb7869b3a ← NVME\VEN_1E0F&DEV_0010&SUBSYS_1E0F0001
│                         223acc9d-09d1-5703-829b-ce7fb0d48891 ← KXG8AZNV1T02 LA KIOXIA
│     Device Flags:       • Internal device
│                         • System requires external power source
│                         • Supported on remote server
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│                         • Updatable
│                         • Signed Payload
│   
├─Meteor Lake-P [Intel Arc Graphics]:
│     Device ID:          5792b48846ce271fab11c4a545f7a3df0d36e00a
│     Current version:    08
│     Vendor:             Intel Corporation (PCI:0x8086)
│     GUIDs:              83527278-745c-5242-b41f-485755e7d464 ← PCI\VEN_8086&DEV_7D55
│                         2573d919-fdba-5d8c-9587-0311acbe2ff8 ← PCI\VEN_8086&DEV_7D55&SUBSYS_17AA231E
│     Device Flags:       • Internal device
│                         • Cryptographic hash verification is available
│   
├─Prometheus:
│ │   Device ID:          aa4b7bf130da693bbf1a8a785ad830190788233b
│ │   Summary:            Fingerprint reader
│ │   Current version:    10.01.4234207
│ │   Vendor:             Synaptics (USB:0x06CB)
│ │   Install Duration:   2 seconds
│ │   Serial Number:      252915074439988
│ │   GUID:               5ece4c46-83b9-5fdb-812f-30ed14df1b97 ← USB\VID_06CB&PID_0123
│ │   Device Flags:       • Updatable
│ │                       • Cryptographic hash verification is available
│ │                       • Signed Payload
│ │ 
│ └─Prometheus IOTA Config:
│       Device ID:        9382250e49c47a2854a1485dbbb221b39853bacd
│       Summary:          Fingerprint reader config
│       Current version:  0003
│       Minimum Version:  0003
│       Vendor:           Synaptics (USB:0x06CB)
│       GUIDs:            34255d13-bdb5-5363-a276-c2a728b82db5 ← USB\VID_06CB&PID_0123-cfg
│                         ef0d4d8c-ef9d-5cf1-81c7-f285443547a7 ← USB\VID_06CB&PID_0123&CFG1_4004&CFG2_0
│       Device Flags:     • Updatable
│                         • Only version upgrades are allowed
│                         • Signed Payload
│     
├─System Firmware:
│ │   Device ID:          d87aeba8ce6cdff706492615b1c1e9f6f48ce3c6
│ │   Summary:            UEFI System Resource Table device (updated via NVRAM)
│ │   Current version:    0.1.26
│ │   Vendor:             Lenovo (DMI:LENOVO)
│ │   Update State:       Success
│ │   Problems:           • Device requires AC power to be connected
│ │   GUID:               420e7cf1-cedf-4b5f-9ef0-f1896a946d8f
│ │   Device Flags:       • Internal device
│ │                       • System requires external power source
│ │                       • Supported on remote server
│ │                       • Needs a reboot after installation
│ │                       • Cryptographic hash verification is available
│ │                       • Device is usable for the duration of the update
│ │                       • Updatable
│ │   Device Requests:    • Message
│ │ 
│ └─BootGuard Configuration:
│       Device ID:        b0d4430dfa6bde9f0c22680df36dbc8c15c80753
│       Current version:  20
│       Vendor:           Intel Corporation (MEI:0x8086)
│       GUIDs:            dd17041c-09ea-4b17-a271-5b989867ec65
│                         1ccb36c3-6cdc-5bbc-9fc7-e9e2cb977ce4 ← MEI\VEN_8086&DEV_7E70
│                         e5a63e3f-2cbf-50ba-ae7e-4286cb1e25af ← MEI\VEN_8086&DEV_7E70&SUBSYS_17AA231E
│       Device Flags:     • Internal device
│     
├─TPM:
│     Device ID:          c6a80ac3a22083423992a3cb15018989f37834d6
│     Current version:    9.256.0.0
│     Vendor:             ST Microelectronics (TPM:STM)
│     Problems:           • Device requires AC power to be connected
│     GUIDs:              3680fbf1-593f-586f-91ac-c528b37e8373 ← TPM\VEN_STM&DEV_0000
│                         b32f3efb-e38f-566b-95fa-ce96830be9a8 ← TPM\VEN_STM&MOD_ST33KTPM2XSPI
│                         8d0b4adc-a42f-59eb-9df8-665923afa086 ← TPM\VEN_STM&DEV_0000&VER_2.0
│                         3f485b9a-29fb-5a2d-994a-958aacc1b287 ← TPM\VEN_STM&MOD_ST33KTPM2XSPI&VER_2.0
│     Device Flags:       • Internal device
│                         • System requires external power source
│                         • Needs a reboot after installation
│                         • Device can recover flash failures
│                         • Full disk encryption secrets may be invalidated when updating
│                         • Signed Payload
│   
├─UEFI Device Firmware:
│     Device ID:          84c1ee7b500ec547692c1c661ce6f46feb7809d9
│     Summary:            UEFI System Resource Table device (updated via NVRAM)
│     Current version:    347182
│     Vendor:             DMI:LENOVO
│     Update State:       Success
│     Problems:           • Device requires AC power to be connected
│     GUID:               7feb1d5d-33f4-48d3-bd11-c4b36b6d0e57
│     Device Flags:       • Internal device
│                         • System requires external power source
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│                         • Updatable
│     Device Requests:    • Message
│   
├─UEFI Device Firmware:
│     Device ID:          81b48f03e77395bb1d700a59b19f75ae6ceb9e35
│     Summary:            UEFI System Resource Table device (updated via NVRAM)
│     Current version:    347182
│     Vendor:             DMI:LENOVO
│     Update State:       Success
│     Problems:           • Device requires AC power to be connected
│     GUID:               6c8e136f-d3e6-4131-ac32-4687cb4abd27
│     Device Flags:       • Internal device
│                         • System requires external power source
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│                         • Updatable
│     Device Requests:    • Message
│   
├─UEFI Device Firmware:
│     Device ID:          8c3c42f2bc31aa1122a63975eab6b792ff13be30
│     Summary:            UEFI System Resource Table device (updated via NVRAM)
│     Current version:    327680
│     Minimum Version:    57374
│     Vendor:             DMI:LENOVO
│     Update State:       Success
│     Problems:           • Device requires AC power to be connected
│     GUID:               4ef0b292-4134-4ebc-9f2f-1fcb908c60fe
│     Device Flags:       • Internal device
│                         • System requires external power source
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│                         • Updatable
│     Device Requests:    • Message
│   
├─UEFI Device Firmware:
│     Device ID:          b388d2b4ef18b9804d15945f32a77ab8bf045412
│     Summary:            UEFI System Resource Table device (updated via NVRAM)
│     Current version:    16974641
│     Vendor:             DMI:LENOVO
│     Update State:       Success
│     Problems:           • Device requires AC power to be connected
│     GUID:               57069ed8-0b3f-4897-bb3b-b278b8d2e1f6
│     Device Flags:       • Internal device
│                         • System requires external power source
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│                         • Updatable
│     Device Requests:    • Message
│   
├─UEFI Device Firmware:
│     Device ID:          1247e16fade7c8aad409e1104831ff424088d234
│     Summary:            UEFI System Resource Table device (updated via NVRAM)
│     Current version:    0.1.20
│     Minimum Version:    0.1.20
│     Vendor:             Lenovo (DMI:LENOVO)
│     Update State:       Success
│     Problems:           • Device requires AC power to be connected
│     GUID:               573c8caf-fbdb-41a5-8f1a-c87d6695d39a
│     Device Flags:       • Internal device
│                         • System requires external power source
│                         • Supported on remote server
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│                         • Updatable
│     Device Requests:    • Message
│   
├─UEFI Device Firmware:
│     Device ID:          3a63c963c98750afaa5ac3d3698a78da900aec22
│     Summary:            UEFI System Resource Table device (updated via NVRAM)
│     Current version:    16777230
│     Minimum Version:    1
│     Vendor:             DMI:LENOVO
│     Update State:       Success
│     Problems:           • Device requires AC power to be connected
│     GUID:               e74064ef-817c-4e35-b13f-6e391f713f1c
│     Device Flags:       • Internal device
│                         • System requires external power source
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│                         • Updatable
│     Device Requests:    • Message
│   
├─UEFI Device Firmware:
│     Device ID:          4cf05374a5ad57e86fc0b6f916b875db070f603c
│     Summary:            UEFI System Resource Table device (updated via NVRAM)
│     Current version:    1442848254
│     Minimum Version:    1
│     Vendor:             DMI:LENOVO
│     Update State:       Success
│     Problems:           • Device requires AC power to be connected
│     GUID:               e468d139-d9fa-45a3-beec-aea12a1c3df5
│     Device Flags:       • Internal device
│                         • System requires external power source
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│                         • Updatable
│     Device Requests:    • Message
│   
├─UEFI Device Firmware:
│     Device ID:          8ddeff74d554a8526e241dbe66056295f6cdfe96
│     Summary:            UEFI System Resource Table device (updated via NVRAM)
│     Current version:    1
│     Minimum Version:    1
│     Vendor:             DMI:LENOVO
│     Update State:       Success
│     Problems:           • Device requires AC power to be connected
│     GUID:               e1aa1f32-86d3-40f8-a756-405549d3d0f4
│     Device Flags:       • Internal device
│                         • System requires external power source
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│                         • Updatable
│     Device Requests:    • Message
│   
├─UEFI Device Firmware:
│     Device ID:          e4726eaabaca376caad9b733ccf16fc4ca40e9ee
│     Summary:            UEFI System Resource Table device (updated via NVRAM)
│     Current version:    590080
│     Minimum Version:    590080
│     Vendor:             DMI:LENOVO
│     Update State:       Success
│     Problems:           • Device requires AC power to be connected
│     GUID:               97e533b2-6a6c-4c0b-8efb-6a493442dd1c
│     Device Flags:       • Internal device
│                         • System requires external power source
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│                         • Updatable
│     Device Requests:    • Message
│   
├─UEFI Device Firmware:
│     Device ID:          81568164782039dbd4a74856cacb9800f408d44e
│     Summary:            UEFI System Resource Table device (updated via NVRAM)
│     Current version:    70420
│     Vendor:             DMI:LENOVO
│     Update State:       Success
│     Problems:           • Device requires AC power to be connected
│     GUID:               4e88068b-41b2-4e05-893c-db0b43f7d348
│     Device Flags:       • Internal device
│                         • System requires external power source
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│                         • Updatable
│     Device Requests:    • Message
│   
├─UEFI Device Firmware:
│     Device ID:          7dccda75b1f76a97e675b08e7e0f8ab9924ad9ce
│     Summary:            UEFI System Resource Table device (updated via NVRAM)
│     Current version:    1
│     Minimum Version:    1
│     Vendor:             DMI:LENOVO
│     Update State:       Success
│     Problems:           • Device requires AC power to be connected
│     GUID:               69585d92-b50a-4ad7-b265-2eb1ae066574
│     Device Flags:       • Internal device
│                         • System requires external power source
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│                         • Updatable
│     Device Requests:    • Message
│   
├─UEFI Device Firmware:
│     Device ID:          587c6425a53c7997d7d62a4fb5986fad193f8433
│     Summary:            UEFI System Resource Table device (updated via NVRAM)
│     Current version:    0
│     Vendor:             DMI:LENOVO
│     Update State:       Success
│     Problems:           • Device requires AC power to be connected
│     GUID:               3dd84775-ec79-4ecb-8404-74de030c3f77
│     Device Flags:       • Internal device
│                         • System requires external power source
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│                         • Updatable
│     Device Requests:    • Message
│   
├─UEFI Device Firmware:
│     Device ID:          f905a7bd8805851b14be474d006372f37cc9342d
│     Summary:            UEFI System Resource Table device (updated via NVRAM)
│     Current version:    1
│     Vendor:             DMI:LENOVO
│     Update State:       Success
│     Problems:           • Device requires AC power to be connected
│     GUID:               76ca0ad8-4a14-4389-b7e5-fd88791762ad
│     Device Flags:       • Internal device
│                         • System requires external power source
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│                         • Updatable
│     Device Requests:    • Message
│   
├─UEFI Device Firmware:
│     Device ID:          7e6427fb78fdb31553c3589b14cf9a40bd2e1f2e
│     Summary:            UEFI System Resource Table device (updated via NVRAM)
│     Current version:    1
│     Vendor:             DMI:LENOVO
│     Update State:       Success
│     Problems:           • Device requires AC power to be connected
│     GUID:               626d93db-2c42-48c3-915a-71f968a81b04
│     Device Flags:       • Internal device
│                         • System requires external power source
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│                         • Updatable
│     Device Requests:    • Message
│   
├─UEFI Device Firmware:
│     Device ID:          cef254ddb406e77ace86f4cd92e2a7db5aa308fc
│     Summary:            UEFI System Resource Table device (updated via NVRAM)
│     Current version:    1
│     Vendor:             DMI:LENOVO
│     Update State:       Success
│     Problems:           • Device requires AC power to be connected
│     GUID:               86a885ee-d71e-2ed6-0fc1-9d6ccc9677eb
│     Device Flags:       • Internal device
│                         • System requires external power source
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│                         • Updatable
│     Device Requests:    • Message
│   
├─UEFI Device Firmware:
│     Device ID:          42b6a6123453cf1bac21ecba37d7baaaf949920d
│     Summary:            UEFI System Resource Table device (updated via NVRAM)
│     Current version:    22025
│     Minimum Version:    1
│     Vendor:             DMI:LENOVO
│     Update State:       Success
│     Problems:           • Device requires AC power to be connected
│     GUID:               0dbbd775-d7ac-4b92-8e6f-eec04800ebdf
│     Device Flags:       • Internal device
│                         • System requires external power source
│                         • Needs a reboot after installation
│                         • Device is usable for the duration of the update
│                         • Updatable
│     Device Requests:    • Message
│   
└─UEFI Platform Key:
      Device ID:          6924110cde4fa051bfdc600a60620dc7aa9d3c6a
      Summary:            Platform Key
      GUID:               0d495878-553a-5803-ad0b-307df77318d6 ← UEFI\CRT_FEB00E5A22F47D40463AF378E6A5E774C0F0ED9E

Additional questions

Operating system and version: Arch Linux
Have you tried rebooting?
Is this a regression?

The text was updated successfully, but these errors were encountered:

hughsie · 2024-04-29T10:55:33Z

Can you try with the 1_9_X branch in fwupd upstream please? I've pushed bae1284 already.

iyanmv · 2024-04-29T12:29:27Z

Can you try with the 1_9_X branch in fwupd upstream please? I've pushed bae1284 already.

Yes, that fixes the MEI version

hughsie · 2024-04-29T12:43:14Z

But the bootguard problem remains I guess.

iyanmv · 2024-04-29T12:53:44Z

Yes, but I only tried applying the patch bae1284 on top of 1.9.18. I can try using the 1_9_X branch if you did further changes that could fix the bootguard as well.

hughsie · 2024-04-29T17:11:08Z

@iyanmv can you attach the output of sudo fwupdtool get-plugins --plugins pci-mei -vv please.

iyanmv · 2024-04-29T18:57:38Z

Sure, here it is:

sudo fwupdtool get-plugins --plugins pci-mei -vv

$ sudo fwupdtool get-plugins --plugins pci-mei -vv                                                                                                                                            iyan@bespin
18:55:03.085 FuDebug              verbose to debug (on console 1)
18:55:03.085 FuEngine             starting fwupd 1.9.18…
18:55:03.085 FuMain               locked /run/lock/fwupdtool
18:55:03.088 FuMain               failed to stop daemon: failed to find fwupd.service: GDBus.Error:org.freedesktop.systemd1.NoSuchUnit: Unit fwupd.service not loaded.
Loading…                 [ -                                     ]18:55:03.088 FuConfig             loading config /etc/fwupd/fwupd.conf
18:55:03.088 FuConfig             not loading config /var/etc/fwupd/fwupd.conf
18:55:03.088 FuConfig             skipping mode check for /var/etc/fwupd/fwupd.conf as not writable
18:55:03.088 FuConfig             trying to load config values from /etc/fwupd/fwupd.conf
18:55:03.088 FuCommon             mapped file /etc/fwupd/fwupd.conf of size 0x33
18:55:03.088 FuConfig             trying to load config values from /var/etc/fwupd/fwupd.conf
18:55:03.088 FuConfig             Failed to open file “/var/etc/fwupd/fwupd.conf”: No such file or directory
18:55:03.088 FuConfig             ::configuration loaded
Loading…                 [                                       ]18:55:03.089 Jcat                 reading /etc/pki/fwupd/LVFS-CA.pem with 1679 bytes
18:55:03.089 Jcat                 loaded 1 certificates
18:55:03.089 Jcat                 ignoring GPG-KEY-Linux-Vendor-Firmware-Service as not PKCS-7 certificate
18:55:03.089 Jcat                 ignoring GPG-KEY-Linux-Foundation-Firmware as not PKCS-7 certificate
18:55:03.089 Jcat                 reading /etc/pki/fwupd-metadata/LVFS-CA.pem with 1679 bytes
18:55:03.089 Jcat                 loaded 1 certificates
18:55:03.089 Jcat                 ignoring GPG-KEY-Linux-Vendor-Firmware-Service as not PKCS-7 certificate
18:55:03.089 Jcat                 ignoring GPG-KEY-Linux-Foundation-Metadata as not PKCS-7 certificate
18:55:03.089 Jcat                 reading /var/lib/fwupd/pki/secret.key with 2455 bytes
18:55:03.089 Jcat                 reading /var/lib/fwupd/pki/client.pem with 1383 bytes
18:55:03.089 FuEngine             client certificate now exists: nothing to do
Loading…                 [                                       ]18:55:03.089 FuHistory            trying to open database '/var/lib/fwupd/pending.db'
18:55:03.089 FuHistory            got schema version of 12
Loading…                 [*                                      ]18:55:03.098 FuPlugin             load(/usr/lib/fwupd-1.9.18/libfu_plugin_modem_manager.so)
18:55:03.100 FuQuirks             loading quirks from /usr/share/fwupd/quirks.d
18:55:03.100 FuQuirks             loading quirks from /var/lib/fwupd/quirks.d
18:55:03.100 XbSilo               attempting to load /var/cache/fwupd/quirks.xmlb
18:55:03.100 XbSilo               file: 0dd90c7a-7be0-9815-75d8-fe37ccfd5c13, current:0dd90c7a-7be0-9815-75d8-fe37ccfd5c13, cached: (null)
18:55:03.100 XbSilo               loading silo with file contents
Loading…                 [*                                      ]18:55:03.101 FuConfig             loading config /etc/fwupd/fwupd.conf
18:55:03.101 FuConfig             not loading config /var/etc/fwupd/fwupd.conf
18:55:03.101 FuConfig             skipping mode check for /var/etc/fwupd/fwupd.conf as not writable
18:55:03.101 FuConfig             trying to load config values from /etc/fwupd/fwupd.conf
18:55:03.101 FuCommon             mapped file /etc/fwupd/fwupd.conf of size 0x33
18:55:03.101 FuConfig             trying to load config values from /var/etc/fwupd/fwupd.conf
18:55:03.101 FuConfig             Failed to open file “/var/etc/fwupd/fwupd.conf”: No such file or directory
18:55:03.101 FuConfig             ::configuration loaded
18:55:03.101 FuStruct             SmbiosEp64:
  anchor_str: _SM3_
  entry_point_csum: 0xa7
  entry_point_len: 0x18
  smbios_major_ver: 0x3
  smbios_minor_ver: 0x6
  smbios_docrev: 0x0
  entry_point_rev: 0x1
  reserved0: 0x0
  structure_table_len: 0x1450
  structure_table_addr: 0x5c06e000
18:55:03.101 FuStruct             SmbiosStructure:
  type: 0x87
  length: 0x13
  handle: 0x0
18:55:03.101 FuStruct             SmbiosStructure:
  type: 0x86
  length: 0xd
  handle: 0x1
18:55:03.101 FuStruct             SmbiosStructure:
  type: 0x2b
  length: 0x1f
  handle: 0x2
18:55:03.101 FuStruct             SmbiosStructure:
  type: 0x10
  length: 0x17
  handle: 0x3
18:55:03.101 FuStruct             SmbiosStructure:
  type: 0x11
  length: 0x5c
  handle: 0x4
18:55:03.101 FuStruct             SmbiosStructure:
  type: 0x11
  length: 0x5c
  handle: 0x5
18:55:03.101 FuStruct             SmbiosStructure:
  type: 0x11
  length: 0x5c
  handle: 0x6
18:55:03.101 FuStruct             SmbiosStructure:
  type: 0x11
  length: 0x5c
  handle: 0x7
18:55:03.101 FuStruct             SmbiosStructure:
  type: 0x11
  length: 0x5c
  handle: 0x8
18:55:03.101 FuStruct             SmbiosStructure:
  type: 0x11
  length: 0x5c
  handle: 0x9
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x11
  length: 0x5c
  handle: 0xa
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x11
  length: 0x5c
  handle: 0xb
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x13
  length: 0x1f
  handle: 0xc
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0xdd
  length: 0xc
  handle: 0xd
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0xdd
  length: 0xc
  handle: 0xe
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0xdd
  length: 0x1a
  handle: 0xf
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0xdd
  length: 0x1a
  handle: 0x10
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0xdd
  length: 0x2f
  handle: 0x11
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0xdd
  length: 0x52
  handle: 0x12
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x7
  length: 0x1b
  handle: 0x13
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x7
  length: 0x1b
  handle: 0x14
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x7
  length: 0x1b
  handle: 0x15
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x7
  length: 0x1b
  handle: 0x16
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x7
  length: 0x1b
  handle: 0x17
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x7
  length: 0x1b
  handle: 0x18
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x7
  length: 0x1b
  handle: 0x19
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x7
  length: 0x1b
  handle: 0x1a
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x4
  length: 0x32
  handle: 0x1b
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x0
  length: 0x1a
  handle: 0x1c
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x1
  length: 0x1b
  handle: 0x1d
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x2
  length: 0xf
  handle: 0x1e
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x3
  length: 0x16
  handle: 0x1f
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x8
  length: 0x9
  handle: 0x20
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x8
  length: 0x9
  handle: 0x21
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x8
  length: 0x9
  handle: 0x22
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x8
  length: 0x9
  handle: 0x23
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x7e
  length: 0x9
  handle: 0x24
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x7e
  length: 0x9
  handle: 0x25
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x7e
  length: 0x9
  handle: 0x26
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x7e
  length: 0x9
  handle: 0x27
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x7e
  length: 0x9
  handle: 0x28
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x7e
  length: 0x9
  handle: 0x29
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x8
  length: 0x9
  handle: 0x2a
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x7e
  length: 0x9
  handle: 0x2b
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x7e
  length: 0x9
  handle: 0x2c
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x7e
  length: 0x9
  handle: 0x2d
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x8
  length: 0x9
  handle: 0x2e
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x7e
  length: 0x9
  handle: 0x2f
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x9
  length: 0x11
  handle: 0x30
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0xc
  length: 0x5
  handle: 0x31
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0xd
  length: 0x16
  handle: 0x32
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x16
  length: 0x1a
  handle: 0x33
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x7e
  length: 0x1a
  handle: 0x34
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x85
  length: 0x5
  handle: 0x35
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x85
  length: 0x2c
  handle: 0x36
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x82
  length: 0x18
  handle: 0x37
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x83
  length: 0x40
  handle: 0x38
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x8c
  length: 0xf
  handle: 0x39
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0xdd
  length: 0x75
  handle: 0x3a
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x18
  length: 0x5
  handle: 0x3b
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x84
  length: 0x8
  handle: 0x3c
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0xe
  length: 0x8
  handle: 0x3d
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0xdb
  length: 0x6a
  handle: 0x3e
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x12
  length: 0x17
  handle: 0x3f
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x15
  length: 0x7
  handle: 0x40
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x15
  length: 0x7
  handle: 0x41
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x83
  length: 0x16
  handle: 0x42
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x88
  length: 0x6
  handle: 0x43
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0xf
  length: 0x1f
  handle: 0x44
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x8c
  length: 0x13
  handle: 0x45
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x8c
  length: 0x13
  handle: 0x46
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x8c
  length: 0x17
  handle: 0x47
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x8d
  length: 0x12
  handle: 0x48
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x8d
  length: 0x12
  handle: 0x49
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x8d
  length: 0x12
  handle: 0x4a
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x8d
  length: 0x12
  handle: 0x4b
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x8d
  length: 0x1e
  handle: 0x4c
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x8d
  length: 0x38
  handle: 0x4d
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x8c
  length: 0xf
  handle: 0x4e
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x8c
  length: 0x2b
  handle: 0x4f
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x87
  length: 0x12
  handle: 0x50
18:55:03.102 FuStruct             SmbiosStructure:
  type: 0x7f
  length: 0x4
  handle: 0xfeff
18:55:03.102 FuContext            SMBIOS Manufacturer=LENOVO
18:55:03.102 FuContext            SMBIOS EnclosureKind=a
18:55:03.102 FuContext            SMBIOS Family=ThinkPad X1 Carbon Gen 12
18:55:03.102 FuContext            SMBIOS ProductName=21KDS00600
18:55:03.102 FuContext            SMBIOS ProductSku=LENOVO_MT_21KD_BU_Think_FM_ThinkPad X1 Carbon Gen 12
18:55:03.102 FuContext            SMBIOS BiosVendor=LENOVO
18:55:03.102 FuContext            SMBIOS BiosVersion=N3YET61W (1.26 )
18:55:03.102 FuContext            SMBIOS BiosMajorRelease=01
18:55:03.102 FuContext            SMBIOS BiosMinorRelease=1a
18:55:03.102 FuContext            SMBIOS FirmwareMajorRelease=01
18:55:03.102 FuContext            SMBIOS FirmwareMinorRelease=14
18:55:03.102 FuContext            SMBIOS BaseboardManufacturer=LENOVO
18:55:03.102 FuContext            SMBIOS BaseboardProduct=21KDS00600
18:55:03.102 FuContext            failed to load fdt: cannot find /sys/firmware/fdt or override /var/lib/fwupd/system.dtb
18:55:03.103 FuContext            added udev subsystem watch of firmware-attributes
18:55:03.107 FuBiosSettings       save_settings is not supported
18:55:03.134 FuBiosSettings       failed to add string attrs: failed to load min_length: Failed to open file “/sys/class/firmware-attributes/thinklmi/attributes/AlarmTime/min_length”: No such file or directory
18:55:03.135 FuBiosSettings       processing AlarmTime: (00:00:00)
18:55:03.150 FuBiosSettings       failed to add string attrs: failed to load min_length: Failed to open file “/sys/class/firmware-attributes/thinklmi/attributes/UserDefinedAlarmTime/min_length”: No such file or directory
18:55:03.151 FuBiosSettings       processing UserDefinedAlarmTime: (00:00:00)
18:55:03.179 FuBiosSettings       failed to add string attrs: failed to load min_length: Failed to open file “/sys/class/firmware-attributes/thinklmi/attributes/AlarmDate/min_length”: No such file or directory
18:55:03.180 FuBiosSettings       processing AlarmDate: (01/01/2023)
18:55:03.200 FuBiosSettings       loaded 92 BIOS settings
18:55:03.200 FuBiosSettings       Disabling changing SecureBoot since Allow3rdPartyUEFICA is Disable
Loading…                 [**                                     ]18:55:03.200 FuEngine             ignoring: Error opening directory “/var/lib/fwupd/local.d”: No such file or directory
18:55:03.200 FuEngine             ignoring: Error opening directory “/usr/share/fwupd/local.d”: No such file or directory
18:55:03.200 XbSilo               attempting to load /var/cache/fwupd/metadata.xmlb
18:55:03.200 XbSilo               file: 4803e022-8bb3-6302-3438-453e0349c239, current:2d310c72-70b7-6243-8c5c-9d33112a4bc9, cached: (null)
18:55:03.200 XbSilo               loading silo with file contents
18:55:03.203 FuEngine             3045 components now in silo
Loading…                 [***                                    ]18:55:03.210 FuPlugin             constructed(pci_mei)
18:55:03.210 FuContext            added udev subsystem watch of pci
18:55:03.211 FuEngine             plugins disabled: flashrom, modem_manager, uefi_capsule, acpi_dmar, acpi_facp, acpi_ivrs, acpi_phat, algoltek_usb, amd_pmc, amd_gpu, analogix, android_boot, ata, audio_s5gen2, aver_hid, bcm57xx, bios, ccgx, ccgx_dmc, cfu, ch341a, ch347, colorhug, corsair, cpu, cros_ec, dell, dell_dock, dfu, dfu_csr, ebitdo, elantp, elanfp, emmc, ep963x, fastboot, focalfp, fpc, fresco_pd, genesys, genesys_gl32xx, goodixmoc, goodixtp, gpio, hailuck, igsc, intel_me, intel_usb4, iommu, jabra, jabra_gnp, kinetic_dp, lenovo_thinklmi, linux_display, linux_lockdown, linux_sleep, linux_swap, linux_tainted, logind, logitech_hidpp, logitech_bulkcontroller, logitech_rallysystem, logitech_scribe, logitech_tap, mediatek_scaler, msr, mtd, nitrokey, nordic_hid, nvme, optionrom, parade_lspcon, pci_bcr, pci_psp, pixart_rf, powerd, qsi_dock, realtek_mst, redfish, rts54hid, rts54hub, steelseries, scsi, superio, synaptics_cape, synaptics_cxaudio, synaptics_mst, synaptics_prometheus, synaptics_rmi, system76_launch, test, test_ble, thelio_io, thunderbolt, ti_tps6598x, tpm, uefi_dbx, uefi_esrt, uefi_pk, uefi_recovery, uf2, upower, usi_dock, vbe, vli, wacom_raw, wacom_usb, wistron_dock
Loading…                 [***                                    ]18:55:03.211 FuContext            battery threshold now 25
Loading…                 [************************************** ]18:55:03.211 FuEngine             FuUsbBackend:
  Name:                 usb
  Enabled:              true
  DoneSetup:            false
  CanInvalidate:        false
FuUdevBackend:
  Name:                 udev
  Enabled:              true
  DoneSetup:            false
  CanInvalidate:        false
DoneColdplug:           false
FuBluezBackend:
  Name:                 bluez
  Enabled:              true
  DoneSetup:            false
  CanInvalidate:        false
FuPciMeiPlugin:
  Name:                 pci_mei
  HFSTS1:
    WorkingState:       reset
    MfgMode:            false
    FptBad:             false
    OperationState:     preboot
    FwInitComplete:     false
    FtBupLdFlr:         false
    UpdateInProgress:   false
    ErrorCode:          no-error
    OperationMode:      normal
    ResetCount:         0x0
    BootOptions_present:false
    BistFinished:       false
    BistTestState:      false
    BistResetRequest:   false
    CurrentPowerSource: 0x0
    D3SupportValid:     false
    D0i3SupportValid:   false
  HFSTS2:
    NftpLoadFailure:    false
    IccProgStatus:      0x0
    InvokeMebx:         false
    CpuReplaced:        false
    Rsvd0:              false
    MfsFailure:         false
    WarmResetRqst:      false
    CpuReplacedValid:   false
    LowPowerState:      false
    MePowerGate:        false
    IpuNeeded:          false
    ForcedSafeBoot:     false
    Rsvd1:              0x0
    ListenerChange:     false
    StatusData:         0x0
    CurrentPmevent:     0x0
    Phase:              0x0
  HFSTS3:
    Chunk0:             0x0
    Chunk1:             0x0
    Chunk2:             0x0
    Chunk3:             0x0
    FwSku:              0x0
    EncryptKeyCheck:    false
    PchConfigChange:    false
    IbbVerificationResult:false
    IbbVerificationDone:false
    Reserved11:         0x0
    ActualIbbSize:      0x0
    NumberOfChunks:     0
    EncryptKeyOverride: false
    PowerDownMitigation:false
  HFSTS4:
    Rsvd0:              0x0
    EnforcementFlow:    false
    SxResumeType:       false
    Rsvd1:              false
    TpmsDisconnected:   false
    Rvsd2:              false
    FwstsValid:         false
    BootGuardSelfTest:  false
    Rsvd3:              0x0
  HFSTS5:
    AcmActive:          false
    Valid:              false
    ResultCodeSource:   false
    ErrorStatusCode:    0x0
    AcmDoneSts:         0x0
    TimeoutCount:       0x0
    ScrtmIndicator:     false
    IncBootGuardAcm:    0x0
    IncKeyManifest:     0x0
    IncBootPolicy:      0x0
    Rsvd0:              0x0
    StartEnforcement:   false
  HFSTS6:
    ForceBootGuardAcm:  false
    CpuDebugDisable:    false
    BspInitDisable:     false
    ProtectBiosEnv:     false
    Rsvd0:              0x0
    ErrorEnforcePolicy: 0x0
    MeasuredBoot:       false
    VerifiedBoot:       false
    BootGuardAcmsvn:    0x0
    Kmsvn:              0x0
    Bpmsvn:             0x0
    KeyManifestId:      0x0
    BootPolicyStatus:   false
    Error:              false
    BootGuardDisable:   false
    FpfDisable:         false
    FpfSocLock:         false
    TxtSupport:         false

18:55:03.220 FuEngine             resetting update motd timeout

acpi_dmar:
  Flags:                • Disabled

acpi_facp:
  Flags:                • Disabled

acpi_ivrs:
  Flags:                • Disabled

acpi_phat:
  Flags:                • Disabled

algoltek_usb:
  Flags:                • Disabled

amd_gpu:
  Flags:                • Disabled

amd_pmc:
  Flags:                • Disabled

analogix:
  Flags:                • Disabled

android_boot:
  Flags:                • Disabled

ata:
  Flags:                • Disabled

audio_s5gen2:
  Flags:                • Disabled

aver_hid:
  Flags:                • Disabled

bcm57xx:
  Flags:                • Disabled

bios:
  Flags:                • Disabled

ccgx:
  Flags:                • Disabled

ccgx_dmc:
  Flags:                • Disabled

cfu:
  Flags:                • Disabled

ch341a:
  Flags:                • Disabled

ch347:
  Flags:                • Disabled

colorhug:
  Flags:                • Disabled

corsair:
  Flags:                • Disabled

cpu:
  Flags:                • Disabled

cros_ec:
  Flags:                • Disabled

dell:
  Flags:                • Disabled

dell_dock:
  Flags:                • Disabled

dfu:
  Flags:                • Disabled

dfu_csr:
  Flags:                • Disabled

ebitdo:
  Flags:                • Disabled

elanfp:
  Flags:                • Disabled

elantp:
  Flags:                • Disabled

emmc:
  Flags:                • Disabled

ep963x:
  Flags:                • Disabled

fastboot:
  Flags:                • Disabled

flashrom:
  Flags:                • Disabled
                        • Loaded from an external module

focalfp:
  Flags:                • Disabled

fpc:
  Flags:                • Disabled

fresco_pd:
  Flags:                • Disabled

genesys:
  Flags:                • Disabled

genesys_gl32xx:
  Flags:                • Disabled

goodixmoc:
  Flags:                • Disabled

goodixtp:
  Flags:                • Disabled

gpio:
  Flags:                • Disabled

hailuck:
  Flags:                • Disabled

igsc:
  Flags:                • Disabled

intel_me:
  Flags:                • Disabled

intel_usb4:
  Flags:                • Disabled

iommu:
  Flags:                • Disabled

jabra:
  Flags:                • Disabled

jabra_gnp:
  Flags:                • Disabled

kinetic_dp:
  Flags:                • Disabled

lenovo_thinklmi:
  Flags:                • Disabled

linux_display:
  Flags:                • Disabled

linux_lockdown:
  Flags:                • Disabled

linux_sleep:
  Flags:                • Disabled

linux_swap:
  Flags:                • Disabled

linux_tainted:
  Flags:                • Disabled

logind:
  Flags:                • Disabled

logitech_bulkcontroller:
  Flags:                • Disabled

logitech_hidpp:
  Flags:                • Disabled

logitech_rallysystem:
  Flags:                • Disabled

logitech_scribe:
  Flags:                • Disabled

logitech_tap:
  Flags:                • Disabled

mediatek_scaler:
  Flags:                • Disabled

modem_manager:
  Flags:                • Disabled
                        • Loaded from an external module

msr:
  Flags:                • Disabled

mtd:
  Flags:                • Disabled

nitrokey:
  Flags:                • Disabled

nordic_hid:
  Flags:                • Disabled

nvme:
  Flags:                • Disabled

optionrom:
  Flags:                • Disabled

parade_lspcon:
  Flags:                • Disabled

pci_bcr:
  Flags:                • Disabled

pci_mei:
  Flags:                • Enabled

pci_psp:
  Flags:                • Disabled

pixart_rf:
  Flags:                • Disabled

powerd:
  Flags:                • Disabled

qsi_dock:
  Flags:                • Disabled

realtek_mst:
  Flags:                • Disabled

redfish:
  Flags:                • Disabled

rts54hid:
  Flags:                • Disabled

rts54hub:
  Flags:                • Disabled

scsi:
  Flags:                • Disabled

steelseries:
  Flags:                • Disabled

superio:
  Flags:                • Disabled

synaptics_cape:
  Flags:                • Disabled

synaptics_cxaudio:
  Flags:                • Disabled

synaptics_mst:
  Flags:                • Disabled

synaptics_prometheus:
  Flags:                • Disabled

synaptics_rmi:
  Flags:                • Disabled

system76_launch:
  Flags:                • Disabled

test:
  Flags:                • Disabled
                        • Plugin is only for testing

test_ble:
  Flags:                • Disabled
                        • Plugin is only for testing

thelio_io:
  Flags:                • Disabled

thunderbolt:
  Flags:                • Disabled

ti_tps6598x:
  Flags:                • Disabled

tpm:
  Flags:                • Disabled

uefi_capsule:
  Flags:                • Disabled
                        • Will measure elements of system integrity around an update

uefi_dbx:
  Flags:                • Disabled

uefi_esrt:
  Flags:                • Disabled

uefi_pk:
  Flags:                • Disabled

uefi_recovery:
  Flags:                • Disabled

uf2:
  Flags:                • Disabled

upower:
  Flags:                • Disabled

usi_dock:
  Flags:                • Disabled

vbe:
  Flags:                • Disabled

vli:
  Flags:                • Disabled

wacom_raw:
  Flags:                • Disabled

wacom_usb:
  Flags:                • Disabled

wistron_dock:
  Flags:                • Disabled

18:55:03.224 FuPluginTest         destroy

hughsie · 2024-04-29T19:05:20Z

So all the HFSTSx registers are zero. @mrhpearson do you know if Lenovo might have disabled reading the MEI config registers (PCI_CFG_HFS_x) on newer hardware? The defines I have are:

#define PCI_CFG_HFS_1 0x40
#define PCI_CFG_HFS_2 0x48
#define PCI_CFG_HFS_3 0x60
#define PCI_CFG_HFS_4 0x64
#define PCI_CFG_HFS_5 0x68
#define PCI_CFG_HFS_6 0x6c

Also, @iyanmv do you get the same result when disabling secure boot in the firmware setup?

iyanmv · 2024-04-29T19:32:07Z

So here it is after disabling secure boot:

fwupdmgr security                                                                                                                                                                           iyan@bespin
Host Security ID: HSI:1! (v1.9.18)

HSI-1
✔ BIOS firmware updates:         Enabled
✔ MEI key manifest:              Valid
✔ csme manufacturing mode:       Locked
✔ csme override:                 Locked
✔ csme v0:18.0.5.2098:           Valid
✔ Platform debugging:            Disabled
✔ SPI write:                     Disabled
✔ SPI lock:                      Enabled
✔ SPI BIOS region:               Locked
✔ Supported CPU:                 Valid
✔ TPM empty PCRs:                Valid
✔ TPM v2.0:                      Found
✔ UEFI bootservice variables:    Locked
✔ UEFI platform key:             Valid

HSI-2
✔ BIOS rollback protection:      Enabled
✔ Intel BootGuard:               Enabled
✔ Intel BootGuard OTP fuse:      Valid
✔ IOMMU:                         Enabled
✔ Platform debugging:            Locked
✔ TPM PCR0 reconstruction:       Valid
✘ Intel BootGuard ACM protected: Invalid
✘ Intel BootGuard verified boot: Invalid

HSI-3
✔ CET Platform:                  Supported
✔ Pre-boot DMA protection:       Enabled
✔ Suspend-to-idle:               Enabled
✔ Suspend-to-ram:                Disabled
✘ Intel BootGuard error policy:  Invalid

HSI-4
✔ SMAP:                          Enabled
✘ Encrypted RAM:                 Not supported

Runtime Suffix -!
✔ fwupd plugins:                 Untainted
✔ Linux kernel lockdown:         Enabled
✔ Linux swap:                    Encrypted
✔ Linux kernel:                  Untainted
✘ CET OS Support:                Not supported
✘ UEFI secure boot:              Disabled

This system has HSI runtime issues.
 » https://fwupd.github.io/hsi.html#hsi-runtime-suffix

Host Security Events
  2024-04-29 12:28:05:  ✘ Secure Boot disabled
  2024-04-25 22:07:12:  ✔ Linux swap changed: Disabled → Encrypted
  2024-04-24 22:59:56:  ✔ Kernel lockdown enabled
  2024-04-24 22:53:13:  ✔ BIOS rollback protection changed: Disabled → Enabled
  2024-04-24 20:55:32:  ✔ Secure Boot enabled

sudo fwupdtool get-plugins --plugins pci-mei -vv

sudo fwupdtool get-plugins --plugins pci-mei -vv                                                                                                                                            iyan@bespin
19:29:52.743 FuDebug              verbose to debug (on console 1)
19:29:52.743 FuEngine             starting fwupd 1.9.18…
19:29:52.743 FuMain               locked /run/lock/fwupdtool
Loading…                 [ -                                     ]19:29:52.759 FuConfig             loading config /etc/fwupd/fwupd.conf
19:29:52.759 FuConfig             not loading config /var/etc/fwupd/fwupd.conf
19:29:52.759 FuConfig             skipping mode check for /var/etc/fwupd/fwupd.conf as not writable
19:29:52.759 FuConfig             trying to load config values from /etc/fwupd/fwupd.conf
19:29:52.759 FuCommon             mapped file /etc/fwupd/fwupd.conf of size 0x33
19:29:52.759 FuConfig             trying to load config values from /var/etc/fwupd/fwupd.conf
19:29:52.759 FuConfig             Failed to open file “/var/etc/fwupd/fwupd.conf”: No such file or directory
19:29:52.759 FuConfig             ::configuration loaded
Loading…                 [                                       ]19:29:52.759 Jcat                 reading /etc/pki/fwupd/LVFS-CA.pem with 1679 bytes
19:29:52.759 Jcat                 loaded 1 certificates
19:29:52.759 Jcat                 ignoring GPG-KEY-Linux-Vendor-Firmware-Service as not PKCS-7 certificate
19:29:52.759 Jcat                 ignoring GPG-KEY-Linux-Foundation-Firmware as not PKCS-7 certificate
19:29:52.759 Jcat                 reading /etc/pki/fwupd-metadata/LVFS-CA.pem with 1679 bytes
19:29:52.759 Jcat                 loaded 1 certificates
19:29:52.759 Jcat                 ignoring GPG-KEY-Linux-Vendor-Firmware-Service as not PKCS-7 certificate
19:29:52.759 Jcat                 ignoring GPG-KEY-Linux-Foundation-Metadata as not PKCS-7 certificate
19:29:52.759 Jcat                 reading /var/lib/fwupd/pki/secret.key with 2455 bytes
19:29:52.759 Jcat                 reading /var/lib/fwupd/pki/client.pem with 1383 bytes
19:29:52.759 FuEngine             client certificate now exists: nothing to do
Loading…                 [                                       ]19:29:52.759 FuHistory            trying to open database '/var/lib/fwupd/pending.db'
19:29:52.760 FuHistory            got schema version of 12
Loading…                 [*                                      ]19:29:52.766 FuPlugin             load(/usr/lib/fwupd-1.9.18/libfu_plugin_modem_manager.so)
19:29:52.768 FuQuirks             loading quirks from /usr/share/fwupd/quirks.d
19:29:52.768 FuQuirks             loading quirks from /var/lib/fwupd/quirks.d
19:29:52.768 XbSilo               attempting to load /var/cache/fwupd/quirks.xmlb
19:29:52.768 XbSilo               file: 0dd90c7a-7be0-9815-75d8-fe37ccfd5c13, current:0dd90c7a-7be0-9815-75d8-fe37ccfd5c13, cached: (null)
19:29:52.768 XbSilo               loading silo with file contents
Loading…                 [*                                      ]19:29:52.769 FuConfig             loading config /etc/fwupd/fwupd.conf
19:29:52.769 FuConfig             not loading config /var/etc/fwupd/fwupd.conf
19:29:52.769 FuConfig             skipping mode check for /var/etc/fwupd/fwupd.conf as not writable
19:29:52.769 FuConfig             trying to load config values from /etc/fwupd/fwupd.conf
19:29:52.769 FuCommon             mapped file /etc/fwupd/fwupd.conf of size 0x33
19:29:52.769 FuConfig             trying to load config values from /var/etc/fwupd/fwupd.conf
19:29:52.769 FuConfig             Failed to open file “/var/etc/fwupd/fwupd.conf”: No such file or directory
19:29:52.769 FuConfig             ::configuration loaded
19:29:52.769 FuStruct             SmbiosEp64:
  anchor_str: _SM3_
  entry_point_csum: 0xa7
  entry_point_len: 0x18
  smbios_major_ver: 0x3
  smbios_minor_ver: 0x6
  smbios_docrev: 0x0
  entry_point_rev: 0x1
  reserved0: 0x0
  structure_table_len: 0x1450
  structure_table_addr: 0x5c06e000
19:29:52.769 FuStruct             SmbiosStructure:
  type: 0x87
  length: 0x13
  handle: 0x0
19:29:52.769 FuStruct             SmbiosStructure:
  type: 0x86
  length: 0xd
  handle: 0x1
19:29:52.769 FuStruct             SmbiosStructure:
  type: 0x2b
  length: 0x1f
  handle: 0x2
19:29:52.769 FuStruct             SmbiosStructure:
  type: 0x10
  length: 0x17
  handle: 0x3
19:29:52.769 FuStruct             SmbiosStructure:
  type: 0x11
  length: 0x5c
  handle: 0x4
19:29:52.769 FuStruct             SmbiosStructure:
  type: 0x11
  length: 0x5c
  handle: 0x5
19:29:52.769 FuStruct             SmbiosStructure:
  type: 0x11
  length: 0x5c
  handle: 0x6
19:29:52.769 FuStruct             SmbiosStructure:
  type: 0x11
  length: 0x5c
  handle: 0x7
19:29:52.769 FuStruct             SmbiosStructure:
  type: 0x11
  length: 0x5c
  handle: 0x8
19:29:52.769 FuStruct             SmbiosStructure:
  type: 0x11
  length: 0x5c
  handle: 0x9
19:29:52.769 FuStruct             SmbiosStructure:
  type: 0x11
  length: 0x5c
  handle: 0xa
19:29:52.769 FuStruct             SmbiosStructure:
  type: 0x11
  length: 0x5c
  handle: 0xb
19:29:52.769 FuStruct             SmbiosStructure:
  type: 0x13
  length: 0x1f
  handle: 0xc
19:29:52.769 FuStruct             SmbiosStructure:
  type: 0xdd
  length: 0xc
  handle: 0xd
19:29:52.769 FuStruct             SmbiosStructure:
  type: 0xdd
  length: 0xc
  handle: 0xe
19:29:52.769 FuStruct             SmbiosStructure:
  type: 0xdd
  length: 0x1a
  handle: 0xf
19:29:52.769 FuStruct             SmbiosStructure:
  type: 0xdd
  length: 0x1a
  handle: 0x10
19:29:52.769 FuStruct             SmbiosStructure:
  type: 0xdd
  length: 0x2f
  handle: 0x11
19:29:52.769 FuStruct             SmbiosStructure:
  type: 0xdd
  length: 0x52
  handle: 0x12
19:29:52.769 FuStruct             SmbiosStructure:
  type: 0x7
  length: 0x1b
  handle: 0x13
19:29:52.769 FuStruct             SmbiosStructure:
  type: 0x7
  length: 0x1b
  handle: 0x14
19:29:52.769 FuStruct             SmbiosStructure:
  type: 0x7
  length: 0x1b
  handle: 0x15
19:29:52.769 FuStruct             SmbiosStructure:
  type: 0x7
  length: 0x1b
  handle: 0x16
19:29:52.769 FuStruct             SmbiosStructure:
  type: 0x7
  length: 0x1b
  handle: 0x17
19:29:52.769 FuStruct             SmbiosStructure:
  type: 0x7
  length: 0x1b
  handle: 0x18
19:29:52.769 FuStruct             SmbiosStructure:
  type: 0x7
  length: 0x1b
  handle: 0x19
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0x7
  length: 0x1b
  handle: 0x1a
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0x4
  length: 0x32
  handle: 0x1b
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0x0
  length: 0x1a
  handle: 0x1c
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0x1
  length: 0x1b
  handle: 0x1d
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0x2
  length: 0xf
  handle: 0x1e
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0x3
  length: 0x16
  handle: 0x1f
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0x8
  length: 0x9
  handle: 0x20
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0x8
  length: 0x9
  handle: 0x21
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0x8
  length: 0x9
  handle: 0x22
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0x8
  length: 0x9
  handle: 0x23
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0x7e
  length: 0x9
  handle: 0x24
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0x7e
  length: 0x9
  handle: 0x25
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0x7e
  length: 0x9
  handle: 0x26
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0x7e
  length: 0x9
  handle: 0x27
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0x7e
  length: 0x9
  handle: 0x28
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0x7e
  length: 0x9
  handle: 0x29
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0x8
  length: 0x9
  handle: 0x2a
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0x7e
  length: 0x9
  handle: 0x2b
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0x7e
  length: 0x9
  handle: 0x2c
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0x7e
  length: 0x9
  handle: 0x2d
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0x8
  length: 0x9
  handle: 0x2e
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0x7e
  length: 0x9
  handle: 0x2f
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0x9
  length: 0x11
  handle: 0x30
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0xc
  length: 0x5
  handle: 0x31
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0xd
  length: 0x16
  handle: 0x32
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0x16
  length: 0x1a
  handle: 0x33
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0x7e
  length: 0x1a
  handle: 0x34
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0x85
  length: 0x5
  handle: 0x35
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0x85
  length: 0x2c
  handle: 0x36
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0x82
  length: 0x18
  handle: 0x37
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0x83
  length: 0x40
  handle: 0x38
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0x8c
  length: 0xf
  handle: 0x39
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0xdd
  length: 0x75
  handle: 0x3a
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0x18
  length: 0x5
  handle: 0x3b
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0x84
  length: 0x8
  handle: 0x3c
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0xe
  length: 0x8
  handle: 0x3d
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0xdb
  length: 0x6a
  handle: 0x3e
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0x12
  length: 0x17
  handle: 0x3f
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0x15
  length: 0x7
  handle: 0x40
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0x15
  length: 0x7
  handle: 0x41
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0x83
  length: 0x16
  handle: 0x42
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0x88
  length: 0x6
  handle: 0x43
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0xf
  length: 0x1f
  handle: 0x44
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0x8c
  length: 0x13
  handle: 0x45
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0x8c
  length: 0x13
  handle: 0x46
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0x8c
  length: 0x17
  handle: 0x47
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0x8d
  length: 0x12
  handle: 0x48
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0x8d
  length: 0x12
  handle: 0x49
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0x8d
  length: 0x12
  handle: 0x4a
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0x8d
  length: 0x12
  handle: 0x4b
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0x8d
  length: 0x1e
  handle: 0x4c
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0x8d
  length: 0x38
  handle: 0x4d
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0x8c
  length: 0xf
  handle: 0x4e
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0x8c
  length: 0x2b
  handle: 0x4f
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0x87
  length: 0x12
  handle: 0x50
19:29:52.770 FuStruct             SmbiosStructure:
  type: 0x7f
  length: 0x4
  handle: 0xfeff
19:29:52.770 FuContext            SMBIOS Manufacturer=LENOVO
19:29:52.770 FuContext            SMBIOS EnclosureKind=a
19:29:52.770 FuContext            SMBIOS Family=ThinkPad X1 Carbon Gen 12
19:29:52.770 FuContext            SMBIOS ProductName=21KDS00600
19:29:52.770 FuContext            SMBIOS ProductSku=LENOVO_MT_21KD_BU_Think_FM_ThinkPad X1 Carbon Gen 12
19:29:52.770 FuContext            SMBIOS BiosVendor=LENOVO
19:29:52.770 FuContext            SMBIOS BiosVersion=N3YET61W (1.26 )
19:29:52.770 FuContext            SMBIOS BiosMajorRelease=01
19:29:52.770 FuContext            SMBIOS BiosMinorRelease=1a
19:29:52.770 FuContext            SMBIOS FirmwareMajorRelease=01
19:29:52.770 FuContext            SMBIOS FirmwareMinorRelease=14
19:29:52.770 FuContext            SMBIOS BaseboardManufacturer=LENOVO
19:29:52.770 FuContext            SMBIOS BaseboardProduct=21KDS00600
19:29:52.770 FuContext            failed to load fdt: cannot find /sys/firmware/fdt or override /var/lib/fwupd/system.dtb
19:29:52.771 FuContext            added udev subsystem watch of firmware-attributes
19:29:52.775 FuBiosSettings       save_settings is not supported
19:29:52.798 FuBiosSettings       failed to add string attrs: failed to load min_length: Failed to open file “/sys/class/firmware-attributes/thinklmi/attributes/AlarmTime/min_length”: No such file or directory
19:29:52.800 FuBiosSettings       processing AlarmTime: (00:00:00)
19:29:52.813 FuBiosSettings       failed to add string attrs: failed to load min_length: Failed to open file “/sys/class/firmware-attributes/thinklmi/attributes/UserDefinedAlarmTime/min_length”: No such file or directory
19:29:52.814 FuBiosSettings       processing UserDefinedAlarmTime: (00:00:00)
19:29:52.841 FuBiosSettings       failed to add string attrs: failed to load min_length: Failed to open file “/sys/class/firmware-attributes/thinklmi/attributes/AlarmDate/min_length”: No such file or directory
19:29:52.842 FuBiosSettings       processing AlarmDate: (01/01/2023)
19:29:52.863 FuBiosSettings       loaded 92 BIOS settings
19:29:52.863 FuBiosSettings       Disabling changing SecureBoot since Allow3rdPartyUEFICA is Disable
Loading…                 [**                                     ]19:29:52.863 FuEngine             ignoring: Error opening directory “/var/lib/fwupd/local.d”: No such file or directory
19:29:52.863 FuEngine             ignoring: Error opening directory “/usr/share/fwupd/local.d”: No such file or directory
19:29:52.863 XbSilo               attempting to load /var/cache/fwupd/metadata.xmlb
19:29:52.863 XbSilo               file: 4803e022-8bb3-6302-3438-453e0349c239, current:2d310c72-70b7-6243-8c5c-9d33112a4bc9, cached: (null)
19:29:52.863 XbSilo               loading silo with file contents
19:29:52.865 FuEngine             3045 components now in silo
Loading…                 [***                                    ]19:29:52.873 FuPlugin             constructed(pci_mei)
19:29:52.873 FuContext            added udev subsystem watch of pci
19:29:52.873 FuEngine             plugins disabled: flashrom, modem_manager, uefi_capsule, acpi_dmar, acpi_facp, acpi_ivrs, acpi_phat, algoltek_usb, amd_pmc, amd_gpu, analogix, android_boot, ata, audio_s5gen2, aver_hid, bcm57xx, bios, ccgx, ccgx_dmc, cfu, ch341a, ch347, colorhug, corsair, cpu, cros_ec, dell, dell_dock, dfu, dfu_csr, ebitdo, elantp, elanfp, emmc, ep963x, fastboot, focalfp, fpc, fresco_pd, genesys, genesys_gl32xx, goodixmoc, goodixtp, gpio, hailuck, igsc, intel_me, intel_usb4, iommu, jabra, jabra_gnp, kinetic_dp, lenovo_thinklmi, linux_display, linux_lockdown, linux_sleep, linux_swap, linux_tainted, logind, logitech_hidpp, logitech_bulkcontroller, logitech_rallysystem, logitech_scribe, logitech_tap, mediatek_scaler, msr, mtd, nitrokey, nordic_hid, nvme, optionrom, parade_lspcon, pci_bcr, pci_psp, pixart_rf, powerd, qsi_dock, realtek_mst, redfish, rts54hid, rts54hub, steelseries, scsi, superio, synaptics_cape, synaptics_cxaudio, synaptics_mst, synaptics_prometheus, synaptics_rmi, system76_launch, test, test_ble, thelio_io, thunderbolt, ti_tps6598x, tpm, uefi_dbx, uefi_esrt, uefi_pk, uefi_recovery, uf2, upower, usi_dock, vbe, vli, wacom_raw, wacom_usb, wistron_dock
Loading…                 [***                                    ]19:29:52.874 FuContext            battery threshold now 25
Loading…                 [************************************** ]19:29:52.874 FuEngine             FuUsbBackend:
  Name:                 usb
  Enabled:              true
  DoneSetup:            false
  CanInvalidate:        false
FuUdevBackend:
  Name:                 udev
  Enabled:              true
  DoneSetup:            false
  CanInvalidate:        false
DoneColdplug:           false
FuBluezBackend:
  Name:                 bluez
  Enabled:              true
  DoneSetup:            false
  CanInvalidate:        false
FuPciMeiPlugin:
  Name:                 pci_mei
  HFSTS1:
    WorkingState:       reset
    MfgMode:            false
    FptBad:             false
    OperationState:     preboot
    FwInitComplete:     false
    FtBupLdFlr:         false
    UpdateInProgress:   false
    ErrorCode:          no-error
    OperationMode:      normal
    ResetCount:         0x0
    BootOptions_present:false
    BistFinished:       false
    BistTestState:      false
    BistResetRequest:   false
    CurrentPowerSource: 0x0
    D3SupportValid:     false
    D0i3SupportValid:   false
  HFSTS2:
    NftpLoadFailure:    false
    IccProgStatus:      0x0
    InvokeMebx:         false
    CpuReplaced:        false
    Rsvd0:              false
    MfsFailure:         false
    WarmResetRqst:      false
    CpuReplacedValid:   false
    LowPowerState:      false
    MePowerGate:        false
    IpuNeeded:          false
    ForcedSafeBoot:     false
    Rsvd1:              0x0
    ListenerChange:     false
    StatusData:         0x0
    CurrentPmevent:     0x0
    Phase:              0x0
  HFSTS3:
    Chunk0:             0x0
    Chunk1:             0x0
    Chunk2:             0x0
    Chunk3:             0x0
    FwSku:              0x0
    EncryptKeyCheck:    false
    PchConfigChange:    false
    IbbVerificationResult:false
    IbbVerificationDone:false
    Reserved11:         0x0
    ActualIbbSize:      0x0
    NumberOfChunks:     0
    EncryptKeyOverride: false
    PowerDownMitigation:false
  HFSTS4:
    Rsvd0:              0x0
    EnforcementFlow:    false
    SxResumeType:       false
    Rsvd1:              false
    TpmsDisconnected:   false
    Rvsd2:              false
    FwstsValid:         false
    BootGuardSelfTest:  false
    Rsvd3:              0x0
  HFSTS5:
    AcmActive:          false
    Valid:              false
    ResultCodeSource:   false
    ErrorStatusCode:    0x0
    AcmDoneSts:         0x0
    TimeoutCount:       0x0
    ScrtmIndicator:     false
    IncBootGuardAcm:    0x0
    IncKeyManifest:     0x0
    IncBootPolicy:      0x0
    Rsvd0:              0x0
    StartEnforcement:   false
  HFSTS6:
    ForceBootGuardAcm:  false
    CpuDebugDisable:    false
    BspInitDisable:     false
    ProtectBiosEnv:     false
    Rsvd0:              0x0
    ErrorEnforcePolicy: 0x0
    MeasuredBoot:       false
    VerifiedBoot:       false
    BootGuardAcmsvn:    0x0
    Kmsvn:              0x0
    Bpmsvn:             0x0
    KeyManifestId:      0x0
    BootPolicyStatus:   false
    Error:              false
    BootGuardDisable:   false
    FpfDisable:         false
    FpfSocLock:         false
    TxtSupport:         false

19:29:52.887 FuEngine             resetting update motd timeout

acpi_dmar:
  Flags:                • Disabled

acpi_facp:
  Flags:                • Disabled

acpi_ivrs:
  Flags:                • Disabled

acpi_phat:
  Flags:                • Disabled

algoltek_usb:
  Flags:                • Disabled

amd_gpu:
  Flags:                • Disabled

amd_pmc:
  Flags:                • Disabled

analogix:
  Flags:                • Disabled

android_boot:
  Flags:                • Disabled

ata:
  Flags:                • Disabled

audio_s5gen2:
  Flags:                • Disabled

aver_hid:
  Flags:                • Disabled

bcm57xx:
  Flags:                • Disabled

bios:
  Flags:                • Disabled

ccgx:
  Flags:                • Disabled

ccgx_dmc:
  Flags:                • Disabled

cfu:
  Flags:                • Disabled

ch341a:
  Flags:                • Disabled

ch347:
  Flags:                • Disabled

colorhug:
  Flags:                • Disabled

corsair:
  Flags:                • Disabled

cpu:
  Flags:                • Disabled

cros_ec:
  Flags:                • Disabled

dell:
  Flags:                • Disabled

dell_dock:
  Flags:                • Disabled

dfu:
  Flags:                • Disabled

dfu_csr:
  Flags:                • Disabled

ebitdo:
  Flags:                • Disabled

elanfp:
  Flags:                • Disabled

elantp:
  Flags:                • Disabled

emmc:
  Flags:                • Disabled

ep963x:
  Flags:                • Disabled

fastboot:
  Flags:                • Disabled

flashrom:
  Flags:                • Disabled
                        • Loaded from an external module

focalfp:
  Flags:                • Disabled

fpc:
  Flags:                • Disabled

fresco_pd:
  Flags:                • Disabled

genesys:
  Flags:                • Disabled

genesys_gl32xx:
  Flags:                • Disabled

goodixmoc:
  Flags:                • Disabled

goodixtp:
  Flags:                • Disabled

gpio:
  Flags:                • Disabled

hailuck:
  Flags:                • Disabled

igsc:
  Flags:                • Disabled

intel_me:
  Flags:                • Disabled

intel_usb4:
  Flags:                • Disabled

iommu:
  Flags:                • Disabled

jabra:
  Flags:                • Disabled

jabra_gnp:
  Flags:                • Disabled

kinetic_dp:
  Flags:                • Disabled

lenovo_thinklmi:
  Flags:                • Disabled

linux_display:
  Flags:                • Disabled

linux_lockdown:
  Flags:                • Disabled

linux_sleep:
  Flags:                • Disabled

linux_swap:
  Flags:                • Disabled

linux_tainted:
  Flags:                • Disabled

logind:
  Flags:                • Disabled

logitech_bulkcontroller:
  Flags:                • Disabled

logitech_hidpp:
  Flags:                • Disabled

logitech_rallysystem:
  Flags:                • Disabled

logitech_scribe:
  Flags:                • Disabled

logitech_tap:
  Flags:                • Disabled

mediatek_scaler:
  Flags:                • Disabled

modem_manager:
  Flags:                • Disabled
                        • Loaded from an external module

msr:
  Flags:                • Disabled

mtd:
  Flags:                • Disabled

nitrokey:
  Flags:                • Disabled

nordic_hid:
  Flags:                • Disabled

nvme:
  Flags:                • Disabled

optionrom:
  Flags:                • Disabled

parade_lspcon:
  Flags:                • Disabled

pci_bcr:
  Flags:                • Disabled

pci_mei:
  Flags:                • Enabled

pci_psp:
  Flags:                • Disabled

pixart_rf:
  Flags:                • Disabled

powerd:
  Flags:                • Disabled

qsi_dock:
  Flags:                • Disabled

realtek_mst:
  Flags:                • Disabled

redfish:
  Flags:                • Disabled

rts54hid:
  Flags:                • Disabled

rts54hub:
  Flags:                • Disabled

scsi:
  Flags:                • Disabled

steelseries:
  Flags:                • Disabled

superio:
  Flags:                • Disabled

synaptics_cape:
  Flags:                • Disabled

synaptics_cxaudio:
  Flags:                • Disabled

synaptics_mst:
  Flags:                • Disabled

synaptics_prometheus:
  Flags:                • Disabled

synaptics_rmi:
  Flags:                • Disabled

system76_launch:
  Flags:                • Disabled

test:
  Flags:                • Disabled
                        • Plugin is only for testing

test_ble:
  Flags:                • Disabled
                        • Plugin is only for testing

thelio_io:
  Flags:                • Disabled

thunderbolt:
  Flags:                • Disabled

ti_tps6598x:
  Flags:                • Disabled

tpm:
  Flags:                • Disabled

uefi_capsule:
  Flags:                • Disabled
                        • Will measure elements of system integrity around an update

uefi_dbx:
  Flags:                • Disabled

uefi_esrt:
  Flags:                • Disabled

uefi_pk:
  Flags:                • Disabled

uefi_recovery:
  Flags:                • Disabled

uf2:
  Flags:                • Disabled

upower:
  Flags:                • Disabled

usi_dock:
  Flags:                • Disabled

vbe:
  Flags:                • Disabled

vli:
  Flags:                • Disabled

wacom_raw:
  Flags:                • Disabled

wacom_usb:
  Flags:                • Disabled

wistron_dock:
  Flags:                • Disabled

19:29:52.894 FuPluginTest         destroy

I think it's the same.

mrhpearson · 2024-04-30T13:59:36Z

Created internal ticket LO-3022 to get feedback from the FW team. A note that it's a holiday in Japan and China this week so I won't get answers until at least next week.
I am seeing the same on my system - but it's a prototype so these may not have been programmed. Can I confirm that the system is a ship-level supported system please?
Mark

mrhpearson · 2024-05-08T13:07:34Z

FW team thinks this will be fixed with fb18ce3
But I tested on my (prototype) system and it didn't help. Following up for more insight.

hughsie · 2024-05-08T13:10:22Z

FW team thinks this will be fixed with fb18ce3

Nah, that's the cosmetic fix -- the real problem is the register reads are failing.

mrhpearson · 2024-05-10T18:26:59Z

Hi @iyanmv - could you do 'sudo lspci -xxx -s 00:16.0' on your system please? I'd like to capture the registers from a ship level support system (all of the ones in our team are pre-ship)

Thanks
Mark

iyanmv · 2024-05-11T07:30:11Z

Hi @iyanmv - could you do 'sudo lspci -xxx -s 00:16.0' on your system please? I'd like to capture the registers from a ship level support system (all of the ones in our team are pre-ship)

Thanks Mark

00:16.0 Communication controller: Intel Corporation Device 7e70 (rev 20)
00: 86 80 70 7e 06 04 10 00 20 00 80 07 00 00 80 00
10: 04 90 70 5a 40 00 00 00 00 00 00 00 00 00 00 00
20: 00 00 00 00 00 00 00 00 00 00 00 00 aa 17 1e 23
30: 00 00 00 00 50 00 00 00 00 00 00 00 ff 01 00 00
40: 45 02 00 a0 00 00 00 80 00 05 00 00 00 00 00 00
50: 01 8c 03 40 08 00 00 00 00 00 00 00 00 00 00 00
60: 20 00 00 00 00 00 00 00 03 1f f4 02 00 00 00 40
70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
80: 00 00 00 00 00 00 00 00 00 00 00 00 05 a4 81 00
90: 38 03 e0 fe 00 00 00 00 00 00 00 00 00 00 00 00
a0: 04 00 00 00 09 00 14 f0 10 00 40 01 00 00 00 00
b0: 01 80 00 00 38 0d 0e 00 00 00 00 00 00 00 00 40
c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
f0: 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 00

iyanmv · 2024-05-12T11:41:21Z

@mrhpearson (unrelated question but perhaps you can help) Do you know if the Intel Ultra 7 155H supports TME? It's not clear in the specs (they do mention that TME-MK is not supported, but nothing about TME). It would be weird if Intel decided to drop this with previous generations supporting RAM encryption. At least the X1 Carbon Gen 11 had an option in the BIOS (I think disabled by default) to enable the TME, but this option is missing in the X1 Carbon Gen 12.

mrhpearson · 2024-05-13T13:34:19Z

Should be there - under Security->Memory protection
At least it's showing up in the BIOS simulator (and is on my proto system): https://download.lenovo.com/bsco/index.html#/graphicalsimulator/ThinkPad%20X1%20Carbon%2012th%20Gen%20(21KC,21KD)

iyanmv · 2024-05-13T13:50:34Z

Should be there - under Security->Memory protection At least it's showing up in the BIOS simulator (and is on my proto system): https://download.lenovo.com/bsco/index.html#/graphicalsi
mulator/ThinkPad%20X1%20Carbon%2012th%20Gen%20(21KC,21KD)

I can't see that option on my system, only the "Execution Prevention" item.

mrhpearson · 2024-05-13T14:18:10Z

Interesting...
I have two systems. One early proto (non-vPro) and one later proto (vPro with MIPI camera) - the option is there on my vPro system but not the non-vPro. I don't know if this is by design, or a factor of when I got my system, or something else.

Just to confirm - your system is a regular purchased Lenovo unit?

I will need to check with the FW team.
Mark

iyanmv · 2024-05-13T14:38:29Z

Just to confirm - your system is a regular purchased Lenovo unit?

Yes, that is correct. Bought in Switzerland (not directly from Lenovo, but from Computacenter TS GmbH) but it is registered in Lenovo website. It is the Type 21KD with the Intel 7 155H and the 1080P FHD IR+RGB camera, not the MIPI one. Not sure about the vPro or how to check that.

mrhpearson · 2024-05-16T18:15:55Z

Some updates: According to Intel this is a industry wide issue, and is related to the contents of HFSTS6 changing - meaning fwupdmgr cannot determine the bootguard configuration correctly.
We're discussing with Intel how we address this.

@hughsie - once I have the details I'll likely reach out offline on how to get this fixed in fwupd.

iyanmv added the bug label Apr 26, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

`fwupdmgr security` on Lenovo Thinkpad X1 Carbon (Gen 12) #7180

`fwupdmgr security` on Lenovo Thinkpad X1 Carbon (Gen 12) #7180

iyanmv commented Apr 26, 2024

hughsie commented Apr 29, 2024

iyanmv commented Apr 29, 2024

hughsie commented Apr 29, 2024

iyanmv commented Apr 29, 2024

hughsie commented Apr 29, 2024

iyanmv commented Apr 29, 2024

hughsie commented Apr 29, 2024

iyanmv commented Apr 29, 2024

mrhpearson commented Apr 30, 2024

mrhpearson commented May 8, 2024

hughsie commented May 8, 2024

mrhpearson commented May 10, 2024

iyanmv commented May 11, 2024

iyanmv commented May 12, 2024

mrhpearson commented May 13, 2024

iyanmv commented May 13, 2024

mrhpearson commented May 13, 2024

iyanmv commented May 13, 2024

mrhpearson commented May 16, 2024

fwupdmgr security on Lenovo Thinkpad X1 Carbon (Gen 12) #7180

fwupdmgr security on Lenovo Thinkpad X1 Carbon (Gen 12) #7180

Comments

iyanmv commented Apr 26, 2024

hughsie commented Apr 29, 2024

iyanmv commented Apr 29, 2024

hughsie commented Apr 29, 2024

iyanmv commented Apr 29, 2024

hughsie commented Apr 29, 2024

iyanmv commented Apr 29, 2024

hughsie commented Apr 29, 2024

iyanmv commented Apr 29, 2024

mrhpearson commented Apr 30, 2024

mrhpearson commented May 8, 2024

hughsie commented May 8, 2024

mrhpearson commented May 10, 2024

iyanmv commented May 11, 2024

iyanmv commented May 12, 2024

mrhpearson commented May 13, 2024

iyanmv commented May 13, 2024

mrhpearson commented May 13, 2024

iyanmv commented May 13, 2024

mrhpearson commented May 16, 2024

`fwupdmgr security` on Lenovo Thinkpad X1 Carbon (Gen 12) #7180

`fwupdmgr security` on Lenovo Thinkpad X1 Carbon (Gen 12) #7180