Andreas Proschofsky

Does #followerpower work around here? Let's give this a try.

In general I'm a huge fan of LVFS / fwupd. Being able to easily update all sorts of firmware on #Linux is great (and very relevant for real-world security).

But (you saw that "but" coming for miles, right? ;) ). Since a recent reinstall of my system ( #Fedora #Silverblue ) updates only work if I disable Secure Boot - which is bad from a security viewpoint.

Anyone got an idea how to fix this? Searching the web got me nowhere.

Nov 9, 2022 at 11:13amWeb
Show threadFabio ValentiniNov 9, 2022

@suka_hiroaki You mean firmware updates only work if you disable secure boot?

That sounds like the binaries responsible weren't signed with the proper UEFI keys. In general, this shouldn't happen, since packages that contain UEFI binaries signed with the Microsoft keys can only be built by select people, and they should know what they're doing, but mistakes can happen ... I'd report this as a bug against the fwupd package in Fedora

Show threadAndreas ProschofskyNov 9, 2022
@decathorpe Yes. But I doubt this is about UEFI keys. The problem popped up after a reinstall of the system, it worked flawlessly before. The system reboots but never applies the update. Fwupdmgr gives "failed to run update on reboot" as reason - and reports the bug (while noting this is a know issue IIRC). But if you search you will already find loads of similiar bugs - but no real solution
Show threadFabio ValentiniNov 9, 2022
@suka_hiroaki Hum ... the layout of files in the /boot and /boot/efi mount points has been unreliable for me as well, maybe it just puts the files into the wrong place on a clean install, but upgraded systems are grandfathered in with the correct ones?
Show threadAndreas ProschofskyNov 9, 2022
@decathorpe Yeah, that's what I was guessing. Or maybe something in the efivars. Just can't figure out what and it's driving me up crazy (kinda 😆 ). Guess I'll have to do a 1:1 comparison with another system at one point.