On Sunday, September 25, 2022 4:03:50 PM EDT Ansgar wrote: > On Sun, 2022-09-25 at 11:17 -0700, John Darrah wrote: > > I'm tracking testing and with my most recent update I started getting > > the nag to update the Secure Boot dbx. When I click the graphical > > 'update' button it appears to update something, but the update button > > remains as if nothing changed. > > Some firmware updates, including DBX updates, are distributed via a > different service than apt: fwupd. The fwupdmgr program provides a > command-line interface; the most helpful commands are probably > "fwupdmgr get-updates" (get list of updates, i.e., equivalent to "apt > update"), "fwupdmgr update" (install updates) and "fwupdmgr get- > history" (history of installed firmware updates).
I follow exactly this process and get the following error. This started occurring about a week ago. Upgrade available for UEFI dbx from 77 to 217 UEFI dbx and all connected devices may not be usable while updating. Continue with update? [Y|n]: Y Downloading… [***************************************] Decompressing… [***************************************] Authenticating… [***************************************] Authenticating… [***************************************] Updating UEFI dbx… [***************************************] Verifying… [***************************************] Blocked executable in the ESP, ensure grub and shim are up to date: /boot/efi/ EFI/BOOT/shimx64.efi Authenticode checksum [af79b14064601bc0987d4747af1e914a228c05d622ceda03b7a4f67014fee767] is present in dbx I believe the error is due to the following bug reported in the upstream bug system. https://github.com/fwupd/fwupd/issues/5035 This particular bug doesn't appear in the Debian bugs for the package fwupd. I'm also running stable which has a terribly outdated version of fwupd. I'm on a Lenovo Thinkpad X1. I need to investigate a bit more before filing a bug report. -- JP
signature.asc
Description: This is a digitally signed message part.