Pine64 PinePhone (Pro): upgrade modem firmware with fwupd

Pine64 PinePhone (Pro) EG25-G firmware upgrade support

This MR provides support for the EG25-G firmware in fwupd and enables fwupd in GNOME Software. KDE Discover has fwupd already enabled.

This will allow us to avoid firmware malware that abuses known CVEs of the Quectel firmware. See: https://hackaday.com/2021/12/16/pinephone-malware-surprises-users-raises-questions/

Disclaimer for distros and their maintainers

🚨 🚨 🚨

DO NOT SHIP THIS TO ANY DISTRO REPOSITORY. Did I tell you cannot ship this yet? DO NOT DO THIS, I DON'T TAKE ANY RESPONSIBILITIES FOR ANYTHING AND I WILL BLAME THE DISTRO FOR ANYTHING. Moreover, do not make any buzz about this on social media or anything else. This is still being tested, has known bugs, and must be verified that it doesn't cause ANY regression as you mess with the modem firmware which can in theory brick it, but I did as much as I can to avoid it.

You need the magic sauce (AKA the packaged firmware) as well which is not publicly available yet due to unknown licenses, so please do not ship this.

🚨 🚨 🚨

Description

The PinePhone and PinePhone Pro feature a Quectel EG25-G modem which is upgradable through either:

• Quectel firmware upgrades: https://github.com/Biktorgj/quectel_eg25_recovery
• Biktorgj's (almost) FOSS firmware: https://github.com/Biktorgj/pinephone_modem_sdk

However, this involves risky operations with qfirehose or fastboot using scripts running root. Moreover, it is not user friendly and error prone while these upgrades improve the stability of the modem...

fwupd to the rescue

After some discussion with @ollieparanoid about this, we came up with 2 options:

1. A custom tool to do this and make it easier
2. Leverage existing tools which are properly battle tested: fwupd

Since we have an upstream-first methodology, option 2 was picked. Therefore I digged into this and after days of Wireshark, debug statements, etc. I figured out the quirks necessary to support the Quectel EG25-G modem in fwupd and upstreamed it: https://github.com/fwupd/fwupd/pull/4076

In short, the EG25-G modem needs the following quirks to successfully flash a device:

• Blocksize must be 16384 bytes, not a byte more or less. If you still try another size, the next chunk the fastboot plugin writes to the modem fails which reboots the bootloader. I discovered this by analyzing the USB traffic of the same payload (once with fwupd and once with the original fastboot binary) with Wireshark.
• Writing and reading data cannot happen at fwupd's rate otherwise the fastboot bootloader crashes and reboot, the original fastboot binary seems to have some delay between writes/reads. If you enable the debug prints of the fastboot plugin, this is also 'fixed', but I properly fixed it by introducing a new quirk.
• The modem shows up under an entirely different USB vendor and device ID which causes fwupd to not see it. Adding the necessary quirks in modem-manager fixes it (like done for all other modems there).

Known issues

• ModemManager/fwupd might crash when you start the upgrade. This happens rarely and is still being investigated. Retrying to update a few seconds later works around the issue. Tracking it here: https://github.com/fwupd/fwupd/issues/4128
• ModemManager might not see the modem after the upgrade is complete. This also happens rarely and is a race condition. The cause of this is still being investigated. Restarting ModemManager works around the issue. Fixed by https://github.com/fwupd/fwupd/pull/4112
• Only the Quectel EG25-G stock firmware is packaged. I want to package Biktorgj's firmware as well before shipping this.
• eg25-manager kills the upgrade. You have to kill it with kill -9 $PID before starting the upgrade. It thinks it lost the modem. Fix upstream: https://gitlab.com/mobian1/devices/eg25-manager/-/merge_requests/44
• fwupd doesn't seem to remember branches properly, this might not be seen at first sight, but will be an issue when a next upgrade is released. Currently no idea why, biktorgj's firmware needs to provide the branch through an AT command first, issue upstream: https://github.com/fwupd/fwupd/issues/4114 Fixed thanks to Biktorgj by implementing custom AT responses! Biktorgj's firmware now properly reports the firmware branch and version to fwupd through a bunch of patches from my side. Upstreaming at https://github.com/fwupd/fwupd/pull/4133.
• GNOME Firmware Updater always display switch branch dialog even when not switching branches (doesn't influence the upgrade process, just the UX). Issue upstream: https://gitlab.gnome.org/hughsie/gnome-firmware-updater/-/issues/24 and https://gitlab.gnome.org/hughsie/gnome-firmware-updater/-/issues/25

Why this MR exist?

This MR needs to be tested in detail with the firmware stored in https://gitlab.com/postmarketOS/eg25-firmware with the fwupmgr CLI, GNOME Software and KDE Discover to make sure that everything works properly before shipping this out. This repository is currently private as the firmware license and rights are currently unclear. There's a discussion with Quectel going on to get this in LVFS so we don't need to ship this ourselves. fwupd will get the firmware then from its LVFS repository.

Testing this MR

1. Enable LVFS testing (https://github.com/fwupd/fwupd/wiki/LVFS-Testing-remote):

• CLI: fwupdmgr enable-remote lvfs-testing and refresh everything: fwupmgr refresh --force
• GNOME Software: Upgrades > Properties > scroll down to fwupd > Turn on LVFS testing with the switch

2. Install it (multiple options, pick one):

• CLI: fwupdmgr upgrade.
• GNOME Software/KDE Discover: Open the app, search for updates and it should come up if you have already 0.5.6 or higher installed of Biktorgj's firmware, if not, you have to use the CLI or GNOME Firmware Updater to switch branches.
• GNOME Firmware Updater: Open the app, select the Quectel EG25-G modem, click Show Releases button, pick a firmware you want. Supports branches thus biktorgj firmware can be installed, but until biktorgj firmware reports its branch name, fwupd won't notice that you run alternative firmware.

If nothing shows up, you might have already a firmware version which is higher than the one in the repository. You can check the supported devices with fwudmgr get-devices. If you still want to install it, you can force it with fwudmgr reinstall.

Upstreaming status

• fwupd support:
  • Initial support: https://github.com/fwupd/fwupd/pull/4076
  • Stability and safety improvements: https://github.com/fwupd/fwupd/pull/4086
  • ModemManager not unhibited fix: https://github.com/fwupd/fwupd/pull/4112
  • Branch support for modem-manager plugin: https://github.com/fwupd/fwupd/pull/4133
• GNOME Software enable fwupd for all arches. Currently only enabled for x86 in Alpine. Will upstream soon. https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/28536
• eg25-manager: do not reset the modem during upgrade. https://gitlab.com/mobian1/devices/eg25-manager/-/merge_requests/44
• GNOME Firmware Updater: make adaptive and test with the changes here: https://gitlab.gnome.org/hughsie/gnome-firmware-updater/-/merge_requests/66
• ModemManager: correctly advertise firmware versions. https://gitlab.freedesktop.org/mobile-broadband/ModemManager/-/merge_requests/712 and https://gitlab.freedesktop.org/mobile-broadband/ModemManager/-/merge_requests/713

Release status

• fwupd >= 1.7.5 ✅
• ModemManager >= 1.18.6 ✅
• eg25-manager >= 0.4.3 ✅
• GNOME Firmware Updater >= 42.beta ✅
• LVFS ✅
• Biktorgj's firmware >= 0.5.6 ✅

Fixes #887 (closed)