How to DisableCapsuleUpdateOnDisk in /etc/fwupd/uefi_capsule.conf

noblman · December 5, 2022, 7:42pm

I am trying use fwupdmgr to update the system firmware on my Framework laptop. The manufacturer says I must do the following:

Please set DisableCapsuleUpdateOnDisk=true in /etc/fwupd/uefi_capsule.conf before applying this update, otherwise the update will fail.

How do I achieve this in NixOS?

Sandro · December 5, 2022, 9:06pm

I would try the following:

environment.etc."fwupd/uefi_capsule.conf".text = ''
  DisableCapsuleUpdateOnDisk=true
'';

noblman · December 5, 2022, 9:11pm

Yeah, I already tried that:

error: The option `environment.etc."fwupd/uefi_capsule.conf".source' has conflicting definition values:
       - In `/nix/var/nix/profiles/per-user/root/channels/nixos/nixos/modules/system/etc/etc.nix': <derivation /nix/store/6n9yfmnww3lyd70d46yl6yqsf80315kd-etc-uefi_capsule.conf.drv>
       - In `/nix/var/nix/profiles/per-user/root/channels/nixos/nixos/modules/services/hardware/fwupd.nix': <derivation /nix/store/53d6k5484080jz9zra4f0zh2rhbj4nsl-uefi_capsule.conf.drv>

noblman · December 5, 2022, 10:03pm

I also tried this:

  environment.etc."fwupd/uefi_capsule.conf".text = pkgs.lib.mkDefault( pkgs.lib.mkAfter ''
    DisableCapsuleUpdateOnDisk=true
    '');

and although I didn’t get any errors when I ran sudo nixos-rebuild switch, the file /etc/fwupd/uefi_capsule.conf was not modified.

danderson · December 30, 2022, 6:01am

Just ran into this myself. Longer term I think fwupd’s nixos module needs to adjust to be RFC42 compliant (rfcs/0042-config-option.md at 553b132ca05e0ad19b563b80b08d17330df205cf · NixOS/rfcs · GitHub) so these configs can be tweaked more easily. But in the meantime, what I did was put an override in my config that includes the default from the module source code, plus my change:

environment.etc."fwupd/uefi_capsule.conf" = lib.mkForce {
  source = pkgs.writeText "uefi_capsule.conf" ''
    [uefi_capsule]
    OverrideESPMountPoint=${config.boot.loader.efi.efiSysMountPoint}
    DisableCapsuleUpdateOnDisk=true
  '';
};

This worked for me, I just updated my Framework’s firmware through a couple versions with no issues.

danderson · December 30, 2022, 8:19am

Sent nixos/fwupd: allow customization of uefi_capsule.conf. by danderson · Pull Request #208326 · NixOS/nixpkgs · GitHub to make this more easily configurable in NixOS. Then we can send a PR to nixos-hardware/framework at master · NixOS/nixos-hardware · GitHub to get things configured correctly out of the box.