On Sat, 2023-04-08 at 20:03 -0700, Samuel Sieb wrote:
It looks like there is a new version of the UEFI boot system, whichcan't be installed because of signature issues. Is this correct? Isit anything to worry about? Can anything be done to fix the issue? Isthe issue likely to be fixed upstream?I don't use Discover. I use fwupdmgr directly. I have not seenfwupdmgr refuse to update a component (sans no UEFI). Here's therelevant piece of the script I run daily:if command -v fwupdmgr >/dev/null 2>&1 ; thenif fwupdmgr get-devices 2>&1 | grep -q -c 'UEFI ESRT device' ; thenecho "Updating firmware"fwupdmgr refresh --force 1>/dev/null && \fwupdmgr update 1>/dev/nullfifiI also noticed the db was updated today.Very interesting. After running by hand the parts of your script thattest whether an update is necessary (It is.), I ran the actual updateand got the following output. As you see, I replied "n"; would it bedangerous to try "Y"?That sounds quite safe. Do you even use any software from thosecompanies? (Things that boot directly.)
One of them may be the author my system's firmware. I don't know who wrote it.
BTW: I've been seeing the error message for about a week.
What error message?
The following message. I should have written "warning" rather than "error".
$ fwupdmgr update
Devices with no available firmware updates:
• System Firmware
• WDC WD2005FBYZ-01YCBB2
• WDC WD20EFRX-68EUZN0
╔══════════════════════════════════════════════════════════════════════════════╗
║ Upgrade UEFI dbx from 217 to 220? ║
╠══════════════════════════════════════════════════════════════════════════════╣
║ Insecure versions of software from Trend Micro, vmware, CPSD, Eurosoft, and ║
║ New Horizon Datasys Inc were added to the list of forbidden signatures due ║
║ to discovered security problems. This updates the dbx to the latest release ║
║ from Microsoft. ║
║ ║
║ Before installing the update, fwupd will check for any affected executables ║
║ in the ESP and will refuse to update if it finds any boot binaries signed ║
║ with any of the forbidden signatures. ║
║ ║
╚══════════════════════════════════════════════════════════════════════════════╝
Perform operation? [Y|n]: n
Request canceled
Devices with no available firmware updates:
• System Firmware
• WDC WD2005FBYZ-01YCBB2
• WDC WD20EFRX-68EUZN0
╔══════════════════════════════════════════════════════════════════════════════╗
║ Upgrade UEFI dbx from 217 to 220? ║
╠══════════════════════════════════════════════════════════════════════════════╣
║ Insecure versions of software from Trend Micro, vmware, CPSD, Eurosoft, and ║
║ New Horizon Datasys Inc were added to the list of forbidden signatures due ║
║ to discovered security problems. This updates the dbx to the latest release ║
║ from Microsoft. ║
║ ║
║ Before installing the update, fwupd will check for any affected executables ║
║ in the ESP and will refuse to update if it finds any boot binaries signed ║
║ with any of the forbidden signatures. ║
║ ║
╚══════════════════════════════════════════════════════════════════════════════╝
Perform operation? [Y|n]: n
Request canceled
--
Sincerely Jonathan Ryshpan <jonrysh@xxxxxxxxxxx> The Website you seek Cannot be located, but Countless more exist.
_______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
