Re: firmware: secure boot dbx with software-center but not apt?
Hi Steven!
Steven Timorol <steven.timorol@disroot.org> wrote:
>
>i get a message from 'gnome-software'
>to update my firmware:
>"
>update configuration secure boot dbx:
>Version 217:
>This updates the dbx to the latest release from Microsoft which adds
>insecure versions of grub and shim to the list of forbidden signatures
>due to multiple discovered security updates.
>"
>but on the contrary
>apt update/upgrade does not show anything to be updated
>
>so what is this?
>and why doesn't apt show anything?
gnome-software is talking to fwupd, which looks for updates to device
firmware. DBX is the method used by UEFI firmware to block execution
of known-bad and known-vulnerable UEFI binaries when running with
Secure Boot enabled.
Apt does not know show anything here as the DBX is not a package, it's
a lower-level update to firmware.
Does that help?
--
Steve McIntyre, Cambridge, UK. steve@einval.com
"We're the technical experts. We were hired so that management could
ignore our recommendations and tell us how to do our jobs." -- Mike Andrews
Reply to: