[GTALUG] Device Firmware updates getting easier (Logitech users, heads up!)

Scott Sullivan scott at ss.org
Thu May 25 09:18:15 EDT 2017 

http://fwupd.org

Firmware Update Deamon. This wonderful utility/service creates a 
consistent means for hardware vendors to provided and apply firmware 
updates to devices. Dell is on board and now so is Logitech.

The tools and infrastructure a written by the developer that created and 
released the ColorHug. The ColorHug is an open source color measurement 
device for monitor color calibration. He initial was fixing his own need 
to provided easy firmware updates to the ColorHug.

fwupd came on my radar a few months ago, when there was news reporting 
about improved Thunderbolt 3 support for the Dell laptops, and fwupd was 
the delivery mechanism. But at the time I didn't have any Dell laptops, 
so it was just a curiosity.

Now what I do have is a lot of Logitech K400 keyboards, and no easy 
means of updating the vulnerable firmware. fwupd now changes that.

https://blogs.gnome.org/hughsie/2017/05/22/updating-logitech-hardware-on-linux/



My Experience
=============

[scott at failfast ~]$ sudo dnf install fwupd
# This got me version 0.7.5-1.fc25, which didn't quite work out of box. 
No matter, were upgrading anyways.

[scott at failfast ~]$ fwupdmgr get-devices
Error calling StartServiceByName for org.freedesktop.fwupd: 
GDBus.Error:org.freedesktop.DBus.Error.Spawn.ChildExited: Launch helper 
exited with unknown return code 127

[scott at failfast ~]$ sudo dnf update fwupd --enablerepo=updates-testing
Failed to synchronize cache for repo 'xvitaly-purple-skypeweb', disabling.
Last metadata expiration check: 0:00:19 ago on Thu May 25 08:45:40 2017.
Dependencies resolved.
====================================================================================================================
  Package                Arch                   Version 
       Repository                       Size
====================================================================================================================
Upgrading:
  fwupd                  x86_64                 0.9.2-2.fc25 
       updates-testing                 256 k
      replacing  libebitdo.x86_64 0.7.5-1.fc25
  libdfu                 x86_64                 0.9.2-2.fc25 
       updates-testing                  88 k

Transaction Summary
====================================================================================================================
Upgrade  2 Packages

Total download size: 344 k
Is this ok [y/N]: y
Downloading Packages:
(1/2): libdfu-0.9.2-2.fc25.x86_64.rpm 
            283 kB/s |  88 kB     00:00
(2/2): fwupd-0.9.2-2.fc25.x86_64.rpm 
            489 kB/s | 256 kB     00:00
--------------------------------------------------------------------------------------------------------------------
Total 
            438 kB/s | 344 kB     00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
   Upgrading   : libdfu-0.9.2-2.fc25.x86_64 
                                         1/5
   Upgrading   : fwupd-0.9.2-2.fc25.x86_64 
                                         2/5
   Cleanup     : fwupd-0.7.5-1.fc25.x86_64 
                                         3/5
   Cleanup     : libdfu-0.7.5-1.fc25.x86_64 
                                         4/5
   Obsoleting  : libebitdo-0.7.5-1.fc25.x86_64 
                                         5/5
   Verifying   : fwupd-0.9.2-2.fc25.x86_64 
                                         1/5
   Verifying   : libdfu-0.9.2-2.fc25.x86_64 
                                         2/5
   Verifying   : libdfu-0.7.5-1.fc25.x86_64 
                                         3/5
   Verifying   : fwupd-0.7.5-1.fc25.x86_64 
                                         4/5
   Verifying   : libebitdo-0.7.5-1.fc25.x86_64 
                                         5/5

Upgraded:
   fwupd.x86_64 0.9.2-2.fc25 
libdfu.x86_64 0.9.2-2.fc25

Complete!

# Let's follow the instructions on the blog post.

[scott at failfast ~]$ sudo vi /etc/fwupd.conf
[scott at failfast ~]$ sudo service restart fwupd
[scott at failfast ~]$ fwupdmgr refresh

[scott at failfast ~]$ fwupdmgr get-devices
[ Redacted other Devices ]

Unifying Receiver
   Guid:                 77d843f7-682c-57e8-8e29-584f5b4f52a1
   Guid:                 9d131a0c-a606-580f-8eda-80587250b8d6
   UniqueID: 
system/*/lvfs/firmware/com.logitech.Unifying.RQR12.firmware/*
   DeviceID:             /sys/devices/pci0000:00/0000:00:14.0/usb1/1-2
   Description:          <p>A Unifying receiver allows you to connect 
multiple compatible keyboards and mice to a laptop or desktop computer 
with a single USB receiver. Updating the firmware on your Unifying 
receiver improves performance, adds new features and fixes security 
issues.</p>
   Plugin:               unifying
   Flags:                allow-online|supported
   DeviceVendor:         Logitech
   Version:              RQR12.01_B0019
   VersionBootloader:    BOT01.02_B0014
   Created:              2017-05-25
   AppstreamId:          com.logitech.Unifying.RQR12.firmware
   Summary:              Firmware for the Logitech Unifying receiver
   UpdateDescription:    <p>RQR12.07_B0029:</p><p>This release addresses 
an unencrypted keystroke injection issue known as Bastille security 
issue #11. The vulnerability is complex to replicate and would require a 
hacker to be physically close to a 
target.</p><p>RQR12.05_B0028:</p><p>This release addresses an force 
pairing issue, an unencrypted keystroke injection issue and fake mouse 
issue known as Bastille security issues #1, #2 and #3. The 
vulnerabilities are complex to replicate and would require a hacker to 
be physically close to a target.</p>
   UpdateVersion:        RQR12.07_B0029
   UpdateHash:           d0d33e760ab6eeed6f11b9f9bd7e83820b29e970
   UpdateChecksumKind:   sha1
   License:              Proprietary
   UpdateUri: 
https://secure-lvfs.rhcloud.com/downloads/938fec082652c603a1cdafde7cd25d76baadc70d-Logitech-Unifying-RQR12.07_B0029.cab
   UrlHomepage:          http://support.logitech.com/en-us/software/unifying
   Vendor:               Logitech
   Trusted:              none

[scott at failfast ~]$ fwupdmgr update
Downloading RQR12.07_B0029 for Unifying Receiver...
Failed to save file: Failed to rename file 
'/tmp/938fec082652c603a1cdafde7cd25d76baadc70d-Logitech-Unifying-RQR12.07_B0029.cab.RKFS0Y' 
to 
'/tmp/938fec082652c603a1cdafde7cd25d76baadc70d-Logitech-Unifying-RQR12.07_B0029.cab': 
g_rename() failed: Operation not permitted
[scott at failfast ~]$ sudo fwupdmgr update
Downloading RQR12.07_B0029 for Unifying Receiver...
Updating RQR12.07_B0029 on Unifying Receiver...
Restarting deviceā€¦     [****************************************]
USB error on device 046d:aaaa : No such device (it may have been 
disconnected) [-4]

# at this point removing and reconnecting the USB dongle didn't show it 
as updated, but this turned to just require a restart of fwupd.

[scott at failfast ~]$ sudo systemctl restart fwupd
[scott at failfast ~]$ fwupdmgr get-devices
Unifying Receiver
   Guid:                 77d843f7-682c-57e8-8e29-584f5b4f52a1
   Guid:                 9d131a0c-a606-580f-8eda-80587250b8d6
   DeviceID: 
/sys/devices/pci0000:00/0000:00:14.0/usb1/1-3/1-3.3/1-3.3.2
   Plugin:               unifying
   Flags:                allow-online|supported
   DeviceVendor:         Logitech
   Version:              RQR12.07_B0029
   VersionBootloader:    BOT01.02_B0014
   Created:              2017-05-25


-- 
Scott Sullivan

More information about the talk mailing list