Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-32183

linux-firmware ships encrypted zip files (named *.ncf) [rhel-10.0.beta]

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • rhel-10.0.beta
    • rhel-10.0.beta
    • linux-firmware
    • None
    • linux-firmware-20240624-5.el10
    • None
    • None
    • sst_kernel_maintainers
    • ssg_core_kernel
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • Red Hat Enterprise Linux
    • None
    • All
    • None

      What were you trying to do that didn't work?

      I was trying to understand what content was being shipped in the firmware packages. I ran into a password protected zip file to which I did not have the password, and which caused me to look further.

      Please provide the package NVR for which bug is seen:

      $ rpm -q linux-firmware
      linux-firmware-20230814-142.el9_3.noarch

      Presumed also present in other releases.

      How reproducible:

      Always.

      Steps to reproduce

      $ rpm -q linux-firmware
      linux-firmware-20230814-142.el9_3.noarch

      $ rpm -qil linux-firmware | grep ncf
      /usr/lib/firmware/vxge/X3fw-pxe.ncf.xz
      /usr/lib/firmware/vxge/X3fw.ncf.xz

      $ xzdec /usr/lib/firmware/vxge/X3fw-pxe.ncf.xz > /tmp/X3fw-pxe.ncf
      $ unzip -l /tmp/X3fw-pxe.ncf
      Archive: X3fw-pxe.ncf
      Length Date Time Name
      --------- ---------- ----- ----
      19 11-15-2010 18:32 T1:X3_101115_1_8_1_expROM_FW_uni_template_rmt_cmd_line.txt
      2097152 11-15-2010 18:32 T1:X3_101115_1_8_1_expROM_FW_uni_template_flash0.bin
      1024 11-15-2010 18:32 T1:X3_101115_1_8_1_expROM_FW_uni_template_eeprom0.bin
      19 11-15-2010 18:32 T1A:X3_101115_1_8_1_expROM_FW_uni_template_rmt_cmd_line.txt
      2097152 11-15-2010 18:32 T1A:X3_101115_1_8_1_expROM_FW_uni_template_flash0.bin
      1024 11-15-2010 18:32 T1A:X3_101115_1_8_1_expROM_FW_uni_template_eeprom0.bin
      --------- -------
      4196390 6 files

      $ unzip /tmp/X3fw-pxe.ncf
      Archive: X3fw-pxe.ncf
      [X3fw-pxe.ncf] T1:X3_101115_1_8_1_expROM_FW_uni_template_rmt_cmd_line.txt password:

      Expected results

      I would not expect to have password protected files being shipped by my operating system.

      Actual results

      Password protected files are shipped, the contents of which I do not have access to.

      In looking into this, I find reference in a very old ticket – https://bugzilla.redhat.com/show_bug.cgi?id=1016595

      Quoting that ticket:
      Can Red Hatbug 1122334 join this bug? That is, can you remove the X3fw-pxe.ncf and X3fw.ncf blobs too? These firmware blobs are for the Exar 10Gb NICs but Exar exited that business in 2011, and I do not see the vxge.ko driver in the RHEL7 kernel, so I believe these are also good candidates for removal.

      And, also, https://bugzilla.redhat.com/show_bug.cgi?id=1122334 asking for the actual password (reported 2014; last modified 2019). This happened, but the files have since been reintroduced in the rhel-9 packages.

            rhn-support-dvlasenk Denys Vlasenko
            dbaker.openshift Dave Baker
            Denys Vlasenko Denys Vlasenko
            Laura Trivelloni Laura Trivelloni
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated: