[Bug 1961864] [NEW] fwupd daemon failed verifying firmware signature
Crag Wang
1961864 at bugs.launchpad.net
Wed Feb 23 03:53:42 UTC 2022
Public bug reported:
The firmware blobs in cabinet archive are presently LVFS signed with gpg
and pkcs7, if libjcat at compilation time without one then the blobs
signed with both can't be verified.
Impact is fwupd daemon will fail the firmware install immediately
because OnlyTrusted=true is defaulted to verifying the signature for
daemon.
We need uprev libjcat at least 0.1.4 onward to fix this issue.
Issue is reproducible with fwupd 1.7.4
-> https://launchpad.net/~ycheng-twn/+archive/ubuntu/fwupd174
$ fwupdmgr --version
client version: 1.7.4
compile-time dependency versions
gusb: 0.3.4
daemon version: 1.7.4
$ dpkg -l | grep libjcat
ii libjcat1:amd64 0.1.3-2 amd64 JSON catalog library
** Affects: fwupd (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to fwupd in Ubuntu.
https://bugs.launchpad.net/bugs/1961864
Title:
fwupd daemon failed verifying firmware signature
Status in fwupd package in Ubuntu:
New
Bug description:
The firmware blobs in cabinet archive are presently LVFS signed with
gpg and pkcs7, if libjcat at compilation time without one then the
blobs signed with both can't be verified.
Impact is fwupd daemon will fail the firmware install immediately
because OnlyTrusted=true is defaulted to verifying the signature for
daemon.
We need uprev libjcat at least 0.1.4 onward to fix this issue.
Issue is reproducible with fwupd 1.7.4
-> https://launchpad.net/~ycheng-twn/+archive/ubuntu/fwupd174
$ fwupdmgr --version
client version: 1.7.4
compile-time dependency versions
gusb: 0.3.4
daemon version: 1.7.4
$ dpkg -l | grep libjcat
ii libjcat1:amd64 0.1.3-2 amd64 JSON catalog library
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/fwupd/+bug/1961864/+subscriptions
More information about the foundations-bugs
mailing list