On Sat, 2023-04-08 at 20:03 -0700, Samuel Sieb wrote: > > > > It looks like there is a new version of the UEFI boot system, > > > > which > > > > can't be installed because of signature issues. Is this correct? > > > > Is > > > > it anything to worry about? Can anything be done to fix the > > > > issue? Is > > > > the issue likely to be fixed upstream? > > > > > > I don't use Discover. I use fwupdmgr directly. I have not seen > > > fwupdmgr refuse to update a component (sans no UEFI). Here's the > > > relevant piece of the script I run daily: > > > > > > if command -v fwupdmgr >/dev/null 2>&1 ; then > > > if fwupdmgr get-devices 2>&1 | grep -q -c 'UEFI ESRT device' ; > > > then > > > echo "Updating firmware" > > > fwupdmgr refresh --force 1>/dev/null && \ > > > fwupdmgr update 1>/dev/null > > > fi > > > fi > > > > > > I also noticed the db was updated today. > > > > Very interesting. After running by hand the parts of your script > > that > > test whether an update is necessary (It is.), I ran the actual > > update > > and got the following output. As you see, I replied "n"; would it be > > dangerous to try "Y"? > > That sounds quite safe. Do you even use any software from those > companies? (Things that boot directly.) One of them may be the author my system's firmware. I don't know who wrote it.
> > BTW: I've been seeing the error message for about a week. > > > What error message? The following message. I should have written "warning" rather than "error". $ fwupdmgr update Devices with no available firmware updates: • System Firmware • WDC WD2005FBYZ-01YCBB2 • WDC WD20EFRX-68EUZN0 ╔═══════════════════════════════════════════════════════════════════════ ═══════╗ ║ Upgrade UEFI dbx from 217 to 220? ║ ╠═══════════════════════════════════════════════════════════════════════ ═══════╣ ║ Insecure versions of software from Trend Micro, vmware, CPSD, Eurosoft, and ║ ║ New Horizon Datasys Inc were added to the list of forbidden signatures due ║ ║ to discovered security problems. This updates the dbx to the latest release ║ ║ from Microsoft. ║ ║ ║ ║ Before installing the update, fwupd will check for any affected executables ║ ║ in the ESP and will refuse to update if it finds any boot binaries signed ║ ║ with any of the forbidden signatures. ║ ║ ║ ╚═══════════════════════════════════════════════════════════════════════ ═══════╝ Perform operation? [Y|n]: n Request canceled -- Sincerely Jonathan Ryshpan <jonr...@pacbell.net> The Website you seek Cannot be located, but Countless more exist.
_______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
