Bug#1032373: fwupd: Can't update in Secure Boot mode on Thinkpad Carbon X1 Gen5
Hey Russell,
On Sun, Mar 05, 2023 at 11:11:18PM +1100, Russell Coker wrote:
>Package: fwupd
>Version: 1.8.12-2
>Severity: normal
>
>I have a Thinkpad Carbon X1 Gen5 running Debian/Testing with the fwupd from
>Unstable with Secure Boot enabled. I believe that we should get everything
>working with Secure Boot enabled and to the largest extent possible have
>Debian working with all security features.
>
>When I install updates with the "fwupdmgr" program it looks like it is all
>working well, the updates are installed and it prompts to reboot the system.
>
>When I boot up I get a screen with white text on blue background saying
>"Verification failed: (0x1A) Security Violation" which according to various
>pages Google turns up means it's a secure boot issue.
Yes, that sounds like a correct diagnosis.
>I have the fwupd-amd64-signed package installed, but the version doesn't seem
>to match, is there a problem with this?
>
># dpkg -l fwupd\*|grep ^ii
>ii fwupd 1.8.12-2 amd64 Firmware update daemon
>ii fwupd-amd64-signed 1:1.4+1 amd64 Tools to manage UEFI firmware updates (signed)
>ii fwupdate 12-7 amd64 Transitional package for fwupd
Nope, this should be fine. The fwupd folks moved the fwupd UEFI
support out into a separate source package a while back, hence the
distinct versioning. (Compare https://tracker.debian.org/pkg/fwupd
with https://tracker.debian.org/pkg/fwupd-efi).
I'm not sure what exactly might be happening here to cause your
problem. Could you run the following for me and report the output
please?
# find /boot/efi/ -type f | xargs sha256sum
I'd like to double-check exactly what things you have in the ESP...
--
Steve McIntyre, Cambridge, UK. steve@einval.com
Welcome my son, welcome to the machine.
Reply to: