Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

firmware signature missing or not trusted; #23

Open
Crashdummyy opened this issue Apr 26, 2022 · 11 comments
Open

firmware signature missing or not trusted; #23

Crashdummyy opened this issue Apr 26, 2022 · 11 comments

Comments

@Crashdummyy
Copy link

I just wanted to install the latest downloadable files from here.

I ended up with these files.

|19:11:54|crashdummy@crashface:[surface-uefi-firmware]> [master ✔] | 0 | 0 | 
 $ ls -1 out/**/*.cab
out/SurfacePro7/SurfacePro7_surfaceme_13.0.1889.2.cab
out/SurfacePro7/SurfacePro7_surfacepd_3.6.1.0.cab
out/SurfacePro7/SurfacePro7_surfacesam_14.418.139.0.cab
out/SurfacePro7/SurfacePro7_surfacetouchfw_3.1.65.139.cab
out/SurfacePro7/SurfacePro7_surfacetpm_7.2.2.0.cab
out/SurfacePro7/SurfacePro7_surfaceuefi_13.101.140.0.cab

I am however not able to install it:

|19:12:21|crashdummy@crashface:[surface-uefi-firmware]> [master ✔] | 0 | 0 | 
 $ ls -1 out/**/*.cab | xargs -I {} sudo fwupdmgr install {}
Decompressing…           [***************************************]
Specified firmware is older than installed '208.7.24834 < 3490068994'
Decompressing…           [***************************************]
Specified firmware is older than installed '3.0.1537 < 50333185'
Decompressing…           [***************************************]
Specified firmware is older than installed '14.1.41611 < 234960523'
Decompressing…           [***************************************]
Specified firmware is older than installed '3.1.16779 < 50413963'
Decompressing…           [***************************************]
No supported devices found
Decompressing…           [***************************************]
Specified firmware is older than installed '13.0.25996 < 151020940'
|19:14:10|crashdummy@crashface:[surface-uefi-firmware]> [master ✔] | 0 | 0 | 
 $ ls -1 out/**/*.cab | xargs -I {} sudo fwupdmgr install --allow-older {}
[sudo] password for crashdummy: 
Decompressing…           [***************************************]
firmware signature missing or not trusted; set OnlyTrusted=false in /etc/fwupd/daemon.conf ONLY if you are a firmware developer
Decompressing…           [***************************************]
firmware signature missing or not trusted; set OnlyTrusted=false in /etc/fwupd/daemon.conf ONLY if you are a firmware developer
Decompressing…           [***************************************]
firmware signature missing or not trusted; set OnlyTrusted=false in /etc/fwupd/daemon.conf ONLY if you are a firmware developer
Decompressing…           [***************************************]
firmware signature missing or not trusted; set OnlyTrusted=false in /etc/fwupd/daemon.conf ONLY if you are a firmware developer
Decompressing…           [***************************************]
No supported devices found
Decompressing…           [***************************************]
firmware signature missing or not trusted; set OnlyTrusted=false in /etc/fwupd/daemon.conf ONLY if you are a firmware developer

Should I really make this setting?
The hell is microsoft doing ?
@mobedoor
Copy link

mobedoor commented May 6, 2022

Same issue here on Surface Go

@nyonson
Copy link

nyonson commented May 23, 2022

Seeing the same for SL3 intel

@Tyler-2
Copy link

Tyler-2 commented Jun 6, 2022

Same on SL4 intel.

@SexyDog
Copy link

SexyDog commented Aug 3, 2022

Same problem on SB2

@sparkie3
Copy link

SP6 has this issue.

@mannp
Copy link

mannp commented Sep 24, 2022

Same issue here on Surface Go

Wondered if you managed to solve this? Having the same issue with the Sept '22 updates.

@mobedoor
Copy link

@mannp no, unfortunately.

@mannp
Copy link

mannp commented Sep 24, 2022

@mannp no, unfortunately.

Okay, thanks for coming back to me @mobedoor

@jlempen jlempen mentioned this issue Oct 7, 2022
Closed
@fotnite-vevo
Copy link

Any updates on this? It seems to still be an issue

@StollD
Copy link
Member

StollD commented Feb 12, 2023
edited
Loading

First of all sorry for ignoring this for so long, I was pretty busy and when I had time again I simply forgot this issue existed.

The error message about the missing signature comes from fwupd, it has nothing to do with the firmware files you are trying to flash. fwupd is designed to install firmware from LVFS, where the cab files are signed. This script doesn't sign them with a trusted key (not that we would have one, so you would need to generate your own), so fwupd refuses to flash them.

The firmware files inside the cab are signed with a Microsoft key and should be checked by the UEFI seperately before they are installed. However, this is just me guessing, so keep that in mind. As long as you only flash what is inside the MSI files you should be fine.

Since there doesnt seem to be a commandline option that disables signature verification (except maybe --force?), setting OnlyTrusted=false like it says in the output is what you should do.

@Leo1998
Copy link

Leo1998 commented May 16, 2023

I flashed the newest firmware on my Surface Pro 5 without any problems using OnlyTrusted=false. Using only --force did not help. Maybe this should be added to the README?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
10 participants
@nyonson @mannp @StollD @Tyler-2 @Leo1998 @Crashdummyy @sparkie3 @SexyDog @fotnite-vevo @mobedoor