Public bug reported: The firmware blobs in cabinet archive are presently LVFS signed with gpg and pkcs7, if libjcat at compilation time without one then the blobs signed with both can't be verified.
Impact is fwupd daemon will fail the firmware install immediately because OnlyTrusted=true is defaulted to verifying the signature for daemon. We need uprev libjcat at least 0.1.4 onward to fix this issue. Issue is reproducible with fwupd 1.7.4 -> https://launchpad.net/~ycheng-twn/+archive/ubuntu/fwupd174 $ fwupdmgr --version client version: 1.7.4 compile-time dependency versions gusb: 0.3.4 daemon version: 1.7.4 $ dpkg -l | grep libjcat ii libjcat1:amd64 0.1.3-2 amd64 JSON catalog library ** Affects: fwupd (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1961864 Title: fwupd daemon failed verifying firmware signature To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/fwupd/+bug/1961864/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
