Bug#1027486: "Blocked executable in the ESP", internal dbus error message about a device that the machine doesn't have

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1027486: "Blocked executable in the ESP", internal dbus error message about a device that the machine doesn't have
From: Marc Haber <mh+debian-packages@zugschlus.de>
Date: Sun, 01 Jan 2023 15:26:20 +0100
Message-id: <[🔎] 167258318055.1134229.11007548316656952633.reportbug@fan.zugschlus.de>
Reply-to: Marc Haber <mh+debian-packages@zugschlus.de>, 1027486@bugs.debian.org

Package: fwupd
Version: 1.8.8-3
Severity: normal

Hi,

this is what fwupdmgr does on my desktop box:

1 [66/4825]mh@fan:~ $ sudo fwupdmgr update
Devices with no available firmware updates:
 • SSD 840 EVO 1TB
 • ST4000DM000-1F2168
 • System Firmware
 • USB2.0 Hub
╔══════════════════════════════════════════════════════════════════════════════╗
║ Upgrade UEFI dbx from 77 to 217?                                             ║
╠══════════════════════════════════════════════════════════════════════════════╣
║ This updates the dbx to the latest release from Microsoft which adds         ║
║ insecure versions of grub and shim to the list of forbidden signatures due   ║
║ to multiple discovered security updates.                                     ║
║                                                                              ║
║ Before installing the update, fwupd will check for any affected executables  ║
║ in the ESP and will refuse to update if it finds any boot binaries signed    ║
║ with any of the forbidden signatures. If the installation fails, you will    ║
║ need to update shim and grub packages before the update can be deployed.     ║
║                                                                              ║
║ Once you have installed this dbx update, any DVD or USB installer images     ║
║ signed with the old signatures may not work correctly. You may have to       ║
║ temporarily turn off secure boot when using recovery or installation media,  ║
║ if new images have not been made available by your distribution.             ║
║                                                                              ║
╚══════════════════════════════════════════════════════════════════════════════╝

Perform operation? [Y|n]: y
Downloading…             [***************************************]
Downloading…             [***************************************]
Decompressing…           [***************************************]
Authenticating…          [***************************************]
Decompressing…           [                                       ]
Blocked executable in the ESP, ensure grub and shim are up to date: GDBus.Error:org.freedesktop.DBus.Error.UnknownMethod: Object does not exist at path “/org/freedesktop/UDisks2/block_devices/sde1”

I dont like this very much for multiple reasons:

- the software should not let a raw DBUS error message go through to the
  user's terminal
- the software should make a better effort to say which executable is
  blocked
- the system in question does not have an sde device. sde1 does not exist.
  So the software should ignore this error and continue.

Before this showstopper condition was met, the software was giving the
same error message for /dev/sdb1. That partition exists and had the esp
bit set, but was not even formatted. Resetting the esp bit on the partition
didn't heal the issue, it was necessary to put a filesystem on it.

But on a nonexistent device, I cannot put a filesystem.

Greetings
Marc

-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'stable-security'), (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.1-zgws1 (SMP w/12 CPU threads; PREEMPT)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), LANGUAGE=en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages fwupd depends on:
ii  adduser                3.130
ii  libarchive13           3.6.2-1
ii  libc6                  2.36-7
ii  libcbor0.8             0.8.0-2+b1
ii  libcurl3-gnutls        7.87.0-1
ii  libefiboot1            37-6
ii  libflashrom1           1.2-5
ii  libfwupd2              1.8.8-3
ii  libgcab-1.0-0          1.5-1
ii  libglib2.0-0           2.74.4-1
ii  libgnutls30            3.7.8-4
ii  libgudev-1.0-0         237-2
ii  libgusb2               0.3.10-1
ii  libjcat1               0.1.9-1
ii  libjson-glib-1.0-0     1.6.6-1
ii  liblzma5               5.4.0-0.1
ii  libmbim-glib4          1.28.2-1
ii  libmbim-proxy          1.28.2-1
ii  libmm-glib0            1.20.2-1
ii  libpolkit-gobject-1-0  122-1
ii  libprotobuf-c1         1.4.1-1+b1
ii  libqmi-glib5           1.32.2-1
ii  libqmi-proxy           1.32.2-1
ii  libsmbios-c2           2.4.3-1
ii  libsqlite3-0           3.40.1-1
ii  libsystemd0            252.4-1
ii  libtss2-esys-3.0.2-0   3.2.1-2
ii  libxmlb2               0.3.10-2
ii  shared-mime-info       2.2-1

Versions of packages fwupd recommends:
pn  bolt           <none>
ii  dbus           1.14.4-1
pn  fwupd-signed   <none>
ii  jq             1.6-2.1
ii  python3        3.10.6-3+b1
pn  secureboot-db  <none>
ii  udisks2        2.9.4-4

Versions of packages fwupd suggests:
pn  gir1.2-fwupd-2.0  <none>

-- Configuration Files:
/etc/fwupd/redfish.conf [Errno 13] Permission denied: '/etc/fwupd/redfish.conf'

-- no debconf information

Reply to:

Next by Date: Bug#968997: fwupdmgr: "Successfully" updates BIOS firmware, no effect on reboot
Next by thread: Bug#968997: fwupdmgr: "Successfully" updates BIOS firmware, no effect on reboot
Index(es):
- Date
- Thread