[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Secure Boot dbx Configuration Update

On Sunday, September 25, 2022 4:03:50 PM EDT Ansgar wrote:
> On Sun, 2022-09-25 at 11:17 -0700, John Darrah wrote:
> > I'm tracking testing and with my most recent update I started getting
> > the nag to update the Secure Boot dbx. When I click the graphical
> > 'update' button it appears to update something, but the update button
> > remains as if nothing changed.
> Some firmware updates, including DBX updates, are distributed via a
> different service than apt: fwupd.  The fwupdmgr program provides a
> command-line interface; the most helpful commands are probably
> "fwupdmgr get-updates" (get list of updates, i.e., equivalent to "apt
> update"), "fwupdmgr update" (install updates) and "fwupdmgr get-
> history" (history of installed firmware updates).

I follow exactly this process and get the following error. This started 
occurring about a week ago.

Upgrade available for UEFI dbx from 77 to 217
UEFI dbx and all connected devices may not be usable while updating. Continue 
with update? [Y|n]: Y
Downloading…             [***************************************]
Decompressing…           [***************************************]
Authenticating…          [***************************************]
Authenticating…          [***************************************]
Updating UEFI dbx…       [***************************************]
Verifying…               [***************************************]
Blocked executable in the ESP, ensure grub and shim are up to date: /boot/efi/
EFI/BOOT/shimx64.efi Authenticode checksum 
[af79b14064601bc0987d4747af1e914a228c05d622ceda03b7a4f67014fee767] is present 
in dbx

I believe the error is due to the following bug reported in the upstream bug 


This particular bug doesn't appear in the Debian bugs for the package fwupd. 
I'm also running stable which has a terribly outdated version of fwupd. I'm on 
a Lenovo Thinkpad X1. I need to investigate a bit more before filing a bug 


Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: