Re: UEFI Upgrade Fails

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sat, Apr 8, 2023 at 9:08 PM Jonathan Ryshpan <jonrysh@xxxxxxxxxxx> wrote:
>
> Discover, which I use for upgrades, reports problems with UEFI. There is an update, which Discover refuses to install. Discover reports this message:
>
> UEFI DBX : Version 217 : Released on 4/8/23
>
> UEFI Secure Boot Forbidden Signature Database
>
> Insecure versions of software from Trend Micro, vmware, CPSD, Eurosoft, and New Horizon Datasys Inc were added to the list of forbidden signatures due to discovered security problems. This updates the dbx to the latest release from Microsoft.
> Before installing the update, fwupd will check for any affected executables in the ESP and will refuse to update if it finds any boot binaries signed with any of the forbidden signatures.
> ...
>
> It looks like there is a new version of the UEFI boot system, which can't be installed because of signature issues. Is this correct? Is it anything to worry about? Can anything be done to fix the issue? Is the issue likely to be fixed upstream?
>
> System Info:
>
> Operating System: Fedora Linux 37
>
> KDE Plasma Version: 5.27.4
>
> KDE Frameworks Version: 5.104.0
>
> Qt Version: 5.15.8
>
> Kernel Version: 6.2.9-200.fc37.x86_64 (64-bit)
>
> Graphics Platform: X11
>
> Processors: 8 × Intel® Core™ i7-4790K CPU @ 4.00GHz
>
> Memory: 15.5 GiB of RAM
>
> Graphics Processor: Mesa Intel® HD Graphics 4600
>
> Manufacturer: ASUS
>
> Product Name: All Series
>
>
> --
>
> Sincerely Jonathan Ryshpan <jonrysh@xxxxxxxxxxx>
>
> Common sense is the collection of prejudices
> acquired by the age of eighteen. -- Einstein

I don't use Discover. I use fwupdmgr directly. I have not seen
fwupdmgr refuse to update a component (sans no UEFI). Here's the
relevant piece of the script I run daily:

if command -v fwupdmgr >/dev/null 2>&1 ; then
    if fwupdmgr get-devices 2>&1 | grep -q -c 'UEFI ESRT device' ; then
        echo "Updating firmware"
        fwupdmgr refresh --force 1>/dev/null && \
            fwupdmgr update 1>/dev/null
    fi
fi

I also noticed the db was updated today.

Jeff
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux