Re: firmware: secure boot dbx with software-center but not apt?

To: steven.timorol@disroot.org
Cc: debian-user@lists.debian.org
Subject: Re: firmware: secure boot dbx with software-center but not apt?
From: Steve McIntyre <steve@einval.com>
Date: Mon, 19 Sep 2022 23:13:54 +0100
Message-id: <[🔎] E1oaP1W-009wNR-KE@mail.einval.com>
In-reply-to: <[🔎] adc8d7d056b6c07a5e0b65d2fe92f0821bc04e15.camel@disroot.org>

Hi Steven!

Steven Timorol <steven.timorol@disroot.org> wrote:
>
>i get a message from 'gnome-software'
>to update my firmware:
>"
>update configuration secure boot dbx:
>Version 217:
>This updates the dbx to the latest release from Microsoft which adds
>insecure versions of grub and shim to the list of forbidden signatures
>due to multiple discovered security updates.
>"
>but on the contrary
>apt update/upgrade does not show anything to be updated
>
>so what is this? 
>and why doesn't apt show anything?

gnome-software is talking to fwupd, which looks for updates to device
firmware. DBX is the method used by UEFI firmware to block execution
of known-bad and known-vulnerable UEFI binaries when running with
Secure Boot enabled.

Apt does not know show anything here as the DBX is not a package, it's
a lower-level update to firmware.

Does that help?

-- 
Steve McIntyre, Cambridge, UK.                                steve@einval.com
"We're the technical experts.  We were hired so that management could
 ignore our recommendations and tell us how to do our jobs."  -- Mike Andrews

Reply to:

Follow-Ups:
- Re: firmware: secure boot dbx with software-center but not apt?
  - From: Steven Timorol <steven.timorol@disroot.org>

References:
- firmware: secure boot dbx with software-center but not apt?
  - From: Steven Timorol <steven.timorol@disroot.org>

Prev by Date: Re: question re tar
Next by Date: Verify a mirror?
Previous by thread: firmware: secure boot dbx with software-center but not apt?
Next by thread: Re: firmware: secure boot dbx with software-center but not apt?
Index(es):
- Date
- Thread