OEM Priority Project

  1. Bug #1990179
  2. Comment #17

Comment 17 for bug 1990179

Revision history for this message
Harry G McGavran Jr (w5pny) wrote : Re: fwupd dbx datqabase bug fix

Regarding the request to do "sudo fwupdmgr update --verbose":

I have included that output below, but it may not show you much because before I really
knew what was happening when this error first occurred around a week ago now, google seraches
revealed that errors of this type might be gotten around by temprorarily removing the
offending file and then trying the update. Before doing that I would always get the same error
every time I did the fwupdmgr update. So, I temporarily removed /boot/efi/efi.factory/boot/bootx64.efi
and then the update succeeded, at least according to the fwupd code reports. So then
I moved bootx64.efi back where it belonged and the fwupd code has worked fine ever since.
Hence the log for the above fwupdmgr command probably won't help. BUT -- I did keep the
original error I was getting. That error follows:

╔══════════════════════════════════════════════════════════════════════════════╗
║ Upgrade UEFI dbx from 77 to 217? ║
╠══════════════════════════════════════════════════════════════════════════════╣
║ This updates the dbx to the latest release from Microsoft which adds ║
║ insecure versions of grub and shim to the list of forbidden signatures due ║
║ to multiple discovered security updates. ║
║ ║
║ UEFI dbx and all connected devices may not be usable while updating. ║
╚══════════════════════════════════════════════════════════════════════════════╝

Perform operation? [Y|n]: Y
Downloading… [***************************************]
Downloading… [***************************************]
Decompressing… [***************************************]
Decompressing… [***************************************]
Authenticating… [***************************************]
Authenticating… [***************************************]
Restarting device… [***************************************]
Writing… [***************************************]
Decompressing… [***************************************]
Blocked executable in the ESP, ensure grub and shim are up to date: /boot/efi/efi.factory/boot/bootx64.efi Authenticode checksum [2ea4cb6a1f1eb1d3dce82d54fde26ded243ba3e18de7c6d211902a594fe56788] is present in dbx

The output from the current runs of fwupdmgr update --verbose that was requested is:
(fwupdmgr:58481): GLib-DEBUG: 20:20:30.629: setenv()/putenv() are not thread-safe and should not be used after threads are created
(fwupdmgr:58481): GLib-GIO-DEBUG: 20:20:30.630: _g_io_module_get_default: Found default implementation dconf (DConfSettingsBackend) for ‘gsettings-backend’
(fwupdmgr:58481): dconf-DEBUG: 20:20:30.630: watch_fast: "/system/proxy/" (establishing: 0, active: 0)
(fwupdmgr:58481): dconf-DEBUG: 20:20:30.630: watch_fast: "/system/proxy/http/" (establishing: 0, active: 0)
(fwupdmgr:58481): dconf-DEBUG: 20:20:30.630: watch_fast: "/system/proxy/https/" (establishing: 0, active: 0)
(fwupdmgr:58481): dconf-DEBUG: 20:20:30.630: watch_fast: "/system/proxy/ftp/" (establishing: 0, active: 0)
(fwupdmgr:58481): dconf-DEBUG: 20:20:30.630: watch_fast: "/system/proxy/socks/" (establishing: 0, active: 0)
(fwupdmgr:58481): dconf-DEBUG: 20:20:30.630: unwatch_fast: "/system/proxy/" (active: 0, establishing: 1)
(fwupdmgr:58481): dconf-DEBUG: 20:20:30.630: unwatch_fast: "/system/proxy/http/" (active: 0, establishing: 1)
(fwupdmgr:58481): dconf-DEBUG: 20:20:30.630: unwatch_fast: "/system/proxy/https/" (active: 0, establishing: 1)
(fwupdmgr:58481): dconf-DEBUG: 20:20:30.630: unwatch_fast: "/system/proxy/ftp/" (active: 0, establishing: 1)
(fwupdmgr:58481): dconf-DEBUG: 20:20:30.630: unwatch_fast: "/system/proxy/socks/" (active: 0, establishing: 1)
(fwupdmgr:58481): GLib-DEBUG: 20:20:30.631: posix_spawn avoided (fd close requested)
(fwupdmgr:58481): GLib-GIO-DEBUG: 20:20:30.631: _g_io_module_get_default: Found default implementation libproxy (GLibproxyResolver) for ‘gio-proxy-resolver’
(fwupdmgr:58481): dconf-DEBUG: 20:20:30.641: watch_established: "/system/proxy/" (establishing: 0)
(fwupdmgr:58481): dconf-DEBUG: 20:20:30.641: watch_established: "/system/proxy/http/" (establishing: 0)
(fwupdmgr:58481): dconf-DEBUG: 20:20:30.641: watch_established: "/system/proxy/https/" (establishing: 0)
(fwupdmgr:58481): dconf-DEBUG: 20:20:30.641: watch_established: "/system/proxy/ftp/" (establishing: 0)
(fwupdmgr:58481): dconf-DEBUG: 20:20:30.641: watch_established: "/system/proxy/socks/" (establishing: 0)
(fwupdmgr:58481): Fwupd-DEBUG: 20:20:30.642: Emitting ::status-changed() [idle]
(fwupdmgr:58481): FuMain-DEBUG: 20:20:30.648: current version is 01.00.25.01: 01.00.25.01=same
(fwupdmgr:58481): FuMain-DEBUG: 20:20:30.650: current version is 01.21: 01.21=same
(fwupdmgr:58481): FuMain-DEBUG: 20:20:30.651: current version is 01.47: 01.47=same
(fwupdmgr:58481): FuMain-DEBUG: 20:20:30.652: current version is 05.06.03: 05.06.03=same
(fwupdmgr:58481): FuMain-DEBUG: 20:20:30.653: current version is 01.01.00.03: 01.01.00.03=same
(fwupdmgr:58481): FuMain-DEBUG: 20:20:30.654: current version is 10904106: 10904106=same, 10904105=older, 10904104=older
(fwupdmgr:58481): FuMain-DEBUG: 20:20:30.656: current version is 1.14.0: 1.14.0=same, 1.13.0=older, 1.12.1=older, 1.11.0=older, 1.10.1=older
(fwupdmgr:58481): FuMain-DEBUG: 20:20:30.657: No releases found: Device only supports version upgrades
(fwupdmgr:58481): FuMain-DEBUG: 20:20:30.657: skipping reboot check

Who knows if the dbx update really did happen or if it was even necessary for this platform.