Re: UEFI Upgrade Fails

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 4/8/23 19:09, Jonathan Ryshpan wrote:

On Sat, 2023-04-08 at 21:32 -0400, Jeffrey Walton wrote:
On Sat, Apr 8, 2023 at 9:08 PM Jonathan Ryshpan <jonrysh@xxxxxxxxxxx <mailto:jonrysh@xxxxxxxxxxx>> wrote:
Discover, which I use for upgrades, reports problems with UEFI. There is an update, which Discover refuses to install. Discover reports this message: 

UEFI DBX : Version 217 : Released on 4/8/23

UEFI Secure Boot Forbidden Signature Database
Insecure versions of software from Trend Micro, vmware, CPSD, Eurosoft, and New Horizon Datasys Inc were added to the list of forbidden signatures due to discovered security problems. This updates the dbx to the latest release from Microsoft. Before installing the update, fwupd will check for any affected executables in the ESP and will refuse to update if it finds any boot binaries signed with any of the forbidden signatures. 
...
It looks like there is a new version of the UEFI boot system, which can't be installed because of signature issues. Is this correct? Is it anything to worry about? Can anything be done to fix the issue? Is the issue likely to be fixed upstream? 

I don't use Discover. I use fwupdmgr directly. I have not seen
fwupdmgr refuse to update a component (sans no UEFI). Here's the
relevant piece of the script I run daily:

if command -v fwupdmgr >/dev/null 2>&1 ; then
    if fwupdmgr get-devices 2>&1 | grep -q -c 'UEFI ESRT device' ; then
        echo "Updating firmware"
        fwupdmgr refresh --force 1>/dev/null && \
            fwupdmgr update 1>/dev/null
    fi
fi

I also noticed the db was updated today.
Very interesting. After running by hand the parts of your script that test whether an update is necessary (It is.), I ran the actual update and got the following output. As you see, I replied "n"; would it be dangerous to try "Y"?
That sounds quite safe. Do you even use any software from those companies? (Things that boot directly.) 


BTW: I've been seeing the error message for about a week.


What error message?
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux