@mario, I turn secure boot on, and boot into OS, then run the fwupdmgr install command, then reboot, then I saw the failure.
One more thing, for new shim + groovy grub, I found the same failure happens if I use groovy/grub
1.155+2.04-1ubuntu35 as boot into OS (so I can't boot into OS with this grub), however if I use groovy/grub 1.167+2.04-1ubuntu44 from the update channel, then I can boot into OS.
Feel free to ask questions if anyone wants to reproduce and doesn't know certain steps in detail, or you want to know my steps in more detail as reviewing.
A full running session is here:
root@u-Latitude-5300:~# sh run.sh ; exit
+ dpkg -l
+ grep shim
ii shim 15.4-0ubuntu1 amd64 boot loader to chain-load signed boot loaders under Secure Boot
ii shim-signed 1.46+15.4-0ubuntu1 amd64 Secure Boot chain-loading bootloader (Microsoft-signed binary)
+ + grep fwupd
echo please run reboot 1.4.7-0~20.10.1 amd64 Firmware update daemon
ii fwupd-signed 1.30.1+1.4.7-0~20.10.1 amd64 Linux Firmware Updater EFI signed binary
ii libfwupd2:amd64 1.4.7-0~20.10.1 amd64 Firmware update daemon library
ii libfwupdplugin1:amd64 1.4.7-0~20.10.1 amd64 Firmware update daemon plugin library
+ fwupdmgr install 9da74134678173a97e2d3eb4a79f0beba0e43e85155777e040396bad6b70d0b4-firmware.cab --allow-reinstall
Decompressing… [***************************************]
Authenticating… [***************************************]
Installing on System Firmware… / ]
Scheduling… [***************************************]
Successfully installed firmware
An update requires a reboot to complete. Restart now? [y|N]: n
+ md5sum /usr/libexec/fwupd/efi/fwupdx64.efi.signed /boot/efi/EFI/ubuntu/fwupdx64.efi
e3a387f8f87852e670d105145cb96168 /usr/libexec/fwupd/efi/fwupdx64.efi.signed
e3a387f8f87852e670d105145cb96168 /boot/efi/EFI/ubuntu/fwupdx64.efi
+ mokutil --sb
SecureBoot enabled
+ echo please run reboot
please run reboot
@mario, I turn secure boot on, and boot into OS, then run the fwupdmgr install command, then reboot, then I saw the failure.
One more thing, for new shim + groovy grub, I found the same failure happens if I use groovy/grub 04-1ubuntu35 as boot into OS (so I can't boot into OS with this grub), however if I use groovy/grub 1.167+2. 04-1ubuntu44 from the update channel, then I can boot into OS.
1.155+2.
Feel free to ask questions if anyone wants to reproduce and doesn't know certain steps in detail, or you want to know my steps in more detail as reviewing.
A full running session is here:
root@u- Latitude- 5300:~# sh run.sh ; exit 1.4.7-0~ 20.10.1 amd64 Linux Firmware Updater EFI signed binary :amd64 1.4.7-0~20.10.1 amd64 Firmware update daemon plugin library 97e2d3eb4a79f0b eba0e43e8515577 7e040396bad6b70 d0b4-firmware. cab --allow-reinstall ******* ******* ******* ******* *****] ******* ******* ******* ******* *****] ******* ******* ******* ******* *****]
+ dpkg -l
+ grep shim
ii shim 15.4-0ubuntu1 amd64 boot loader to chain-load signed boot loaders under Secure Boot
ii shim-signed 1.46+15.4-0ubuntu1 amd64 Secure Boot chain-loading bootloader (Microsoft-signed binary)
+ + grep fwupd
echo please run reboot 1.4.7-0~20.10.1 amd64 Firmware update daemon
ii fwupd-signed 1.30.1+
ii libfwupd2:amd64 1.4.7-0~20.10.1 amd64 Firmware update daemon library
ii libfwupdplugin1
+ fwupdmgr install 9da74134678173a
Decompressing… [******
Authenticating… [******
Installing on System Firmware… / ]
Scheduling… [******
Successfully installed firmware
An update requires a reboot to complete. Restart now? [y|N]: n fwupd/efi/ fwupdx64. efi.signed /boot/efi/ EFI/ubuntu/ fwupdx64. efi 670d105145cb961 68 /usr/libexec/ fwupd/efi/ fwupdx64. efi.signed 670d105145cb961 68 /boot/efi/ EFI/ubuntu/ fwupdx64. efi
+ md5sum /usr/libexec/
e3a387f8f87852e
e3a387f8f87852e
+ mokutil --sb
SecureBoot enabled
+ echo please run reboot
please run reboot