Re: UEFI Upgrade Fails

Jeffrey Walton Sat, 08 Apr 2023 18:34:30 -0700

On Sat, Apr 8, 2023 at 9:08 PM Jonathan Ryshpan <jonr...@pacbell.net> wrote:
>
> Discover, which I use for upgrades, reports problems with UEFI. There is an 
> update, which Discover refuses to install. Discover reports this message:
>
> UEFI DBX : Version 217 : Released on 4/8/23
>
> UEFI Secure Boot Forbidden Signature Database
>
> Insecure versions of software from Trend Micro, vmware, CPSD, Eurosoft, and 
> New Horizon Datasys Inc were added to the list of forbidden signatures due to 
> discovered security problems. This updates the dbx to the latest release from 
> Microsoft.
> Before installing the update, fwupd will check for any affected executables 
> in the ESP and will refuse to update if it finds any boot binaries signed 
> with any of the forbidden signatures.
> ...
>
> It looks like there is a new version of the UEFI boot system, which can't be 
> installed because of signature issues. Is this correct? Is it anything to 
> worry about? Can anything be done to fix the issue? Is the issue likely to be 
> fixed upstream?
>
> System Info:
>
> Operating System: Fedora Linux 37
>
> KDE Plasma Version: 5.27.4
>
> KDE Frameworks Version: 5.104.0
>
> Qt Version: 5.15.8
>
> Kernel Version: 6.2.9-200.fc37.x86_64 (64-bit)
>
> Graphics Platform: X11
>
> Processors: 8 × Intel® Core™ i7-4790K CPU @ 4.00GHz
>
> Memory: 15.5 GiB of RAM
>
> Graphics Processor: Mesa Intel® HD Graphics 4600
>
> Manufacturer: ASUS
>
> Product Name: All Series
>
>
> --
>
> Sincerely Jonathan Ryshpan <jonr...@pacbell.net>
>
> Common sense is the collection of prejudices
> acquired by the age of eighteen. -- Einstein


I don't use Discover. I use fwupdmgr directly. I have not seen
fwupdmgr refuse to update a component (sans no UEFI). Here's the
relevant piece of the script I run daily:

if command -v fwupdmgr >/dev/null 2>&1 ; then
    if fwupdmgr get-devices 2>&1 | grep -q -c 'UEFI ESRT device' ; then
        echo "Updating firmware"
        fwupdmgr refresh --force 1>/dev/null && \
            fwupdmgr update 1>/dev/null
    fi
fi

I also noticed the db was updated today.

Jeff
_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: UEFI Upgrade Fails

Reply via email to