Language Selection

English French German Italian Portuguese Spanish

Google and fwupd sitting in a tree

Filed under

I’ve been told by several sources (but not by Google directly, heh) that from Christmas onwards the “Designed for ChromeBook” sticker requires hardware vendors to use fwupd rather than random non-free binaries. This does make a lot of sense for Google, as all the firmware flash tools I’ve seen the source for are often decades old, contain layer-on-layers of abstractions, have dubious input sanitisation and are quite horrible to use. Many are setuid, which doesn’t make me sleep well at night, and I suspect the security team at Google also. Most vendor binaries are built for the specific ODM hardware device, and all of them but one doesn’t use any kind of source control or formal review process.

The requirement from Google has caused mild panic among silicon suppliers and ODMs, as they’re having to actually interact with an open source upstream project and a slightly grumpy maintainer that wants to know lots of details about hardware that doesn’t implement one of the dozens of existing protocols that fwupd supports. These are companies that have never had to deal with working with “outside” people to develop software, and it probably comes as quite a shock to the system. To avoid repeating myself these are my basic rules when adding support for a device with a custom protocol in fwupd:

I can give you advice on how to write the plugin if you give me the specifications without signing an NDA, and/or the existing code under a LGPLv2+ license. From experience, we’ll probably not end up using any of your old code in fwupd but the error defines and function names might be similar, and I don’t anyone to get “tainted” from looking at non-free code, so it’s safest all round if we have some reference code marked with the right license that actually compiles on Fedora 31. Yes, I know asking the legal team about releasing previously-nonfree code with a GPLish licence is difficult.

Read more

Matthew Garrett (Google): Extending proprietary PC...

  • Matthew Garrett: Extending proprietary PC embedded controller firmware

    I'm still playing with my X210, a device that just keeps coming up with new ways to teach me things. I'm now running Coreboot full time, so the majority of the runtime platform firmware is free software. Unfortunately, the firmware that's running on the embedded controller (a separate chip that's awake even when the rest of the system is asleep and which handles stuff like fan control, battery charging, transitioning into different power states and so on) is proprietary and the manufacturer of the chip won't release data sheets for it. This was disappointing, because the stock EC firmware is kind of annoying (there's no hysteresis on the fan control, so it hits a threshold, speeds up, drops below the threshold, turns off, and repeats every few seconds - also, a bunch of the Thinkpad hotkeys don't do anything) and it would be nice to be able to improve it.

    A few months ago someone posted a bunch of fixes, a Ghidra project and a kernel patch that lets you overwrite the EC's code at runtime for purposes of experimentation. This seemed promising. Some amount of playing later and I'd produced a patch that generated keyboard scancodes for all the missing hotkeys, and I could then use udev to map those scancodes to the keycodes that the thinkpad_acpi driver would generate. I finally had a hotkey to tell me how much battery I had left.

    But something else included in that post was a list of the GPIO mappings on the EC. A whole bunch of hardware on the board is connected to the EC in ways that allow it to control them, including things like disabling the backlight or switching the wifi card to airplane mode. Unfortunately the ACPI spec doesn't cover how to control GPIO lines attached to the embedded controller - the only real way we have to communicate is via a set of registers that the EC firmware interprets and does stuff with.

More by Michael Larabel

  • Google To Require "Designed For Chromebook" Devices Support Fwupd Firmware Updates

    Hughes shared the anecdote about the Fwupd requirement in this blog post while out of frustration also outlining how device manufacturers should work with him in Fwupd support for their products. That includes either specification or code access under a compatible license and without NDAs, the need for hardware access, understanding of device versioning, and other requirements.

Growing the fwupd ecosystem

  • Growing the fwupd ecosystem

    Yesterday I wrote a blog about what hardware vendors need to provide so I can write them a fwupd plugin. A few people contacted me telling me that I should make it more generic, as I shouldn’t be the central point of failure in this whole ecosystem. The sensible thing, of course, is growing the “community” instead, and building up a set of (paid) consultants that can help the OEMs and ODMs, only getting me involved to review pull requests or for general advice. This would certainly reduce my current feeling of working at 100% and trying to avoid burnout.

    As a first step, I’ve created an official page that will list any consulting companies that I feel are suitable to recommend for help with fwupd and the LVFS. The hardware vendors would love to throw money at this stuff, so they don’t have to care about upstream project release schedules and dealing with a gumpy maintainer like me. I’ve pinged the usual awesome people like Igalia, and hopefully more companies will be added to this list during the next few days.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

7 free GIMP scripts and plug-ins for filters, brushes, textures and more

The free and open source photo-editing program called GIMP (GNU Image Manipulation Program) is a nice alternative to the subscription-based or boxed versions of its competition (including PhotoShop). Whether you’re a beginner with GIMP or a seasoned pro, there’s lots to love. Some of GIMP’s greatest assets are the plugins and scripts created by numerous independent programmers. At one time, there was a massive collection called the GIMP Plugin Registry, but that resource is no longer available. Consequently, you must search the Internet for GIMP plug-ins and scripts. To start you on the right track, we’ve selected our favorite plugins and scripts for you to try, with a brief description of each, and a link to the resource location. First; however, we should explain the complicated process of how to install these treasures and where to find them on the GIMP menus. Read more

Android Leftovers

Get started with Lumina for your Linux desktop

For a good number of years, there was a desktop operating system (OS) based on FreeBSD called PC-BSD. It was intended as an OS for general use, which was noteworthy because BSD development mostly focuses on servers. For most of its life, PC-BSD shipped with the KDE desktop by default, but the more KDE came to depend on Linux-specific technology, the more PC-BSD migrated away from it. PC-BSD became Trident, and its default desktop is Lumina, a collection of widgets written to use the same Qt toolkit that KDE is based upon, running on the Fluxbox window manager. You may find the Lumina desktop in your Linux distribution's software repository or in BSD's ports tree. If you install Lumina and you're already running another desktop, you may find yourself with redundant applications (two PDF readers, two file managers, and so on) because Lumina includes a few integrated applications. If you just want to try the Lumina desktop, you can install a Lumina-based BSD distribution in a virtual machine, such as GNOME Boxes. Read more

Android Leftovers