[Bug 2114973] [NEW] Secure Boot DBX firmware update repeatedly requested after reboot, despite Secure Boot disabled and no pending updates
Stefan Chrobak
2114973 at bugs.launchpad.net
Thu Jun 19 11:08:26 UTC 2025
Public bug reported:
cat fwupd-logs.txt
Jun 18 13:37:27 stefan-ThinkPad-T480 systemd[1]: Starting Firmware update daemon...
Jun 18 13:37:31 stefan-ThinkPad-T480 systemd[1]: Started Firmware update daemon.
Jun 18 13:37:31 stefan-ThinkPad-T480 fwupd[4177]: 11:37:31:0536 FuPluginPciMei ME family not supported for 0:0.0.0.0
Jun 18 19:27:13 stefan-ThinkPad-T480 fwupd[4177]: 17:27:13:0919 FuPluginUpower failed to query lid state
Jun 18 19:27:13 stefan-ThinkPad-T480 fwupd[4177]: 17:27:13:0920 FuPluginUpower failed to query lid state
Jun 18 19:27:14 stefan-ThinkPad-T480 systemd[1]: Stopping Firmware update daemon...
Jun 18 19:27:14 stefan-ThinkPad-T480 systemd[1]: fwupd.service: Deactivated successfully.
Jun 18 19:27:14 stefan-ThinkPad-T480 systemd[1]: Stopped Firmware update daemon.
Jun 18 19:27:14 stefan-ThinkPad-T480 systemd[1]: fwupd.service: Consumed 2.247s CPU time.
-- Boot 985a624c36504e16afaa2e4cc527a4bb --
Jun 18 21:54:05 stefan-ThinkPad-T480 systemd[1]: Starting Firmware update daemon...
Jun 18 21:54:06 stefan-ThinkPad-T480 systemd[1]: Started Firmware update daemon.
Jun 18 21:54:06 stefan-ThinkPad-T480 fwupd[4139]: 19:54:06:0807 FuPluginPciMei ME family not supported for 0:0.0.0.0
Jun 18 22:30:38 stefan-ThinkPad-T480 fwupd[4139]: 20:30:38:0990 FuPluginPciMei ME family not supported for 0:0.0.0.0
Jun 18 22:53:04 stefan-ThinkPad-T480 fwupd[4139]: 20:53:04:0047 FuPluginUpower failed to query lid state
Jun 18 22:53:04 stefan-ThinkPad-T480 fwupd[4139]: 20:53:04:0047 FuPluginUpower failed to query lid state
Jun 18 22:53:04 stefan-ThinkPad-T480 systemd[1]: Stopping Firmware update daemon...
Jun 18 22:53:04 stefan-ThinkPad-T480 systemd[1]: fwupd.service: Deactivated successfully.
Jun 18 22:53:04 stefan-ThinkPad-T480 systemd[1]: Stopped Firmware update daemon.
Jun 18 22:53:04 stefan-ThinkPad-T480 systemd[1]: fwupd.service: Consumed 3.625s CPU time.
-- Boot 566a00a2417a42ee9cf53e06f5d0e88f --
Jun 19 00:50:58 stefan-ThinkPad-T480 systemd[1]: Starting Firmware update daemon...
Jun 19 00:50:59 stefan-ThinkPad-T480 systemd[1]: Started Firmware update daemon.
Jun 19 00:50:59 stefan-ThinkPad-T480 fwupd[4177]: 22:50:59:0977 FuPluginPciMei ME family not supported for 0:0.0.0.0
Jun 19 01:35:36 stefan-ThinkPad-T480 fwupd[4177]: 23:35:36:0739 FuPluginUpower failed to query lid state
Jun 19 01:35:36 stefan-ThinkPad-T480 fwupd[4177]: 23:35:36:0739 FuPluginUpower failed to query lid state
Jun 19 01:35:37 stefan-ThinkPad-T480 systemd[1]: Stopping Firmware update daemon...
Jun 19 01:35:37 stefan-ThinkPad-T480 systemd[1]: fwupd.service: Deactivated successfully.
Jun 19 01:35:37 stefan-ThinkPad-T480 systemd[1]: Stopped Firmware update daemon.
Jun 19 01:35:37 stefan-ThinkPad-T480 systemd[1]: fwupd.service: Consumed 1.037s CPU time.
-- Boot d1604954efb440efb35d09b6bcc96b3b --
Jun 19 11:56:58 stefan-ThinkPad-T480 systemd[1]: Starting Firmware update daemon...
Jun 19 11:57:02 stefan-ThinkPad-T480 systemd[1]: Started Firmware update daemon.
Jun 19 11:57:03 stefan-ThinkPad-T480 fwupd[4160]: 09:57:03:0034 FuPluginPciMei ME family not supported for 0:0.0.0.0
Jun 19 12:14:57 stefan-ThinkPad-T480 fwupd[4160]: 10:14:57:0356 FuPluginUpower failed to query lid state
Jun 19 12:14:57 stefan-ThinkPad-T480 fwupd[4160]: 10:14:57:0356 FuPluginUpower failed to query lid state
Jun 19 12:14:57 stefan-ThinkPad-T480 systemd[1]: Stopping Firmware update daemon...
Jun 19 12:14:57 stefan-ThinkPad-T480 systemd[1]: fwupd.service: Deactivated successfully.
Jun 19 12:14:57 stefan-ThinkPad-T480 systemd[1]: Stopped Firmware update daemon.
Jun 19 12:14:57 stefan-ThinkPad-T480 systemd[1]: fwupd.service: Consumed 1.287s CPU time.
-- Boot 2621361670904dbeae54b12fc96a2514 --
Jun 19 12:15:47 stefan-ThinkPad-T480 systemd[1]: Starting Firmware update daemon...
Jun 19 12:15:51 stefan-ThinkPad-T480 systemd[1]: Started Firmware update daemon.
Jun 19 12:15:51 stefan-ThinkPad-T480 fwupd[4027]: 10:15:51:0523 FuPluginPciMei ME family not supported for 0:0.0.0.0
Jun 19 12:21:03 stefan-ThinkPad-T480 fwupd[4027]: 10:21:03:0642 FuPluginPciMei ME family not supported for 0:0.0.0.0
Jun 19 12:23:59 stefan-ThinkPad-T480 fwupd[4027]: 10:23:59:0025 FuPluginUpower failed to query lid state
Jun 19 12:23:59 stefan-ThinkPad-T480 fwupd[4027]: 10:23:59:0025 FuPluginUpower failed to query lid state
Jun 19 12:23:59 stefan-ThinkPad-T480 systemd[1]: Stopping Firmware update daemon...
Jun 19 12:23:59 stefan-ThinkPad-T480 systemd[1]: fwupd.service: Deactivated successfully.
Jun 19 12:23:59 stefan-ThinkPad-T480 systemd[1]: Stopped Firmware update daemon.
Jun 19 12:23:59 stefan-ThinkPad-T480 systemd[1]: fwupd.service: Consumed 2.084s CPU time.
-- Boot 539aecd3f04e4a42b019af836abb4c5f --
Jun 19 12:24:42 stefan-ThinkPad-T480 systemd[1]: Starting Firmware update daemon...
Jun 19 12:24:44 stefan-ThinkPad-T480 systemd[1]: Started Firmware update daemon.
Jun 19 12:24:44 stefan-ThinkPad-T480 fwupd[4027]: 10:24:44:0207 FuPluginPciMei ME family not supported for 0:0.0.0.0
Jun 19 12:25:29 stefan-ThinkPad-T480 fwupd[4027]: 10:25:29:0350 FuPluginUpower failed to query lid state
Jun 19 12:25:29 stefan-ThinkPad-T480 fwupd[4027]: 10:25:29:0350 FuPluginUpower failed to query lid state
Jun 19 12:25:29 stefan-ThinkPad-T480 systemd[1]: Stopping Firmware update daemon...
Jun 19 12:25:29 stefan-ThinkPad-T480 systemd[1]: fwupd.service: Deactivated successfully.
Jun 19 12:25:29 stefan-ThinkPad-T480 systemd[1]: Stopped Firmware update daemon.
Jun 19 12:25:29 stefan-ThinkPad-T480 systemd[1]: fwupd.service: Consumed 1.295s CPU time.
-- Boot 462695bedeb14c31a4c1a1b2dd1e50f9 --
Jun 19 12:26:10 stefan-ThinkPad-T480 systemd[1]: Starting Firmware update daemon...
Jun 19 12:26:12 stefan-ThinkPad-T480 systemd[1]: Started Firmware update daemon.
Jun 19 12:26:12 stefan-ThinkPad-T480 fwupd[4017]: 10:26:12:0182 FuPluginPciMei ME family not supported for 0:0.0.0.0
lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04.5 LTS
Release: 22.04
Codename: jammy
mokutil --sb-state
SecureBoot disabled
fwupdmgr get-updates
Devices with no available firmware updates:
• UEFI Device Firmware
• UEFI Device Firmware
• UEFI Device Firmware
Devices with the latest available firmware version:
• Embedded Controller
• MZVLW512HMJP-000L7
• System Firmware
• Thunderbolt host controller
sudo ls -l /boot/efi/EFI/ubuntu/
insgesamt 4408
-rwx------ 1 root root 108 Mai 28 11:37 BOOTX64.CSV
drwx------ 2 root root 4096 Apr 20 11:25 fw
-rwx------ 1 root root 64280 Mär 7 2023 fwupdx64.efi
-rwx------ 1 root root 117 Mai 28 11:37 grub.cfg
-rwx------ 1 root root 2602888 Mai 28 11:37 grubx64.efi
-rwx------ 1 root root 856280 Mai 28 11:37 mmx64.efi
-rwx------ 1 root root 966664 Mai 28 11:37 shimx64.efi
**Issue:**
Ubuntu 24.04 keeps prompting to apply a Secure Boot DBX firmware update on every reboot, even though Secure Boot is disabled and no pending update files exist in the EFI partition.
**System:**
- Device: Lenovo ThinkPad T480
- Ubuntu Version: [Insert output of `lsb_release -a` here]
- Secure Boot Status: Disabled (`mokutil --sb-state`)
- fwupd version: [Insert output of `fwupdmgr --version` if possible]
**What I tried:**
- Deleted all fwupd-related EFI files in /boot/efi/EFI/ubuntu/
- Removed `/var/lib/fwupd/pending.dbx` and other related cached files
- Ran `sudo update-grub`
- Rebooted multiple times
- Despite this, the system keeps showing the “configuration update for Secure Boot DBX is needed” dialog after every login
**Output of `fwupdmgr get-updates`:**
(Still lists the UEFI dbx update as pending)
**Expected behavior:**
Once Secure Boot is disabled and all update files are removed, fwupd should recognize that the DBX update cannot be applied and stop prompting for a reboot/update.
Let me know if further logs or debug output are needed.
ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: fwupd 1.7.9-1~22.04.3
ProcVersionSignature: Ubuntu 6.8.0-60.63~22.04.1-generic 6.8.12
Uname: Linux 6.8.0-60-generic x86_64
ApportVersion: 2.20.11-0ubuntu82.8
Architecture: amd64
CasperMD5CheckResult: pass
CurrentDesktop: ubuntu:GNOME
Date: Thu Jun 19 12:55:42 2025
InstallationDate: Installed on 2023-08-24 (664 days ago)
InstallationMedia: Ubuntu 22.04.3 LTS "Jammy Jellyfish" - Release amd64 (20230807.2)
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=de_DE.UTF-8
SHELL=/bin/bash
SourcePackage: fwupd
UpgradeStatus: No upgrade log present (probably fresh install)
** Affects: fwupd (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug jammy third-party-packages wayland-session
** Attachment added: "fwupd-logs.txt"
https://bugs.launchpad.net/bugs/2114973/+attachment/5884573/+files/fwupd-logs.txt
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to fwupd in Ubuntu.
https://bugs.launchpad.net/bugs/2114973
Title:
Secure Boot DBX firmware update repeatedly requested after reboot,
despite Secure Boot disabled and no pending updates
Status in fwupd package in Ubuntu:
New
Bug description:
cat fwupd-logs.txt
Jun 18 13:37:27 stefan-ThinkPad-T480 systemd[1]: Starting Firmware update daemon...
Jun 18 13:37:31 stefan-ThinkPad-T480 systemd[1]: Started Firmware update daemon.
Jun 18 13:37:31 stefan-ThinkPad-T480 fwupd[4177]: 11:37:31:0536 FuPluginPciMei ME family not supported for 0:0.0.0.0
Jun 18 19:27:13 stefan-ThinkPad-T480 fwupd[4177]: 17:27:13:0919 FuPluginUpower failed to query lid state
Jun 18 19:27:13 stefan-ThinkPad-T480 fwupd[4177]: 17:27:13:0920 FuPluginUpower failed to query lid state
Jun 18 19:27:14 stefan-ThinkPad-T480 systemd[1]: Stopping Firmware update daemon...
Jun 18 19:27:14 stefan-ThinkPad-T480 systemd[1]: fwupd.service: Deactivated successfully.
Jun 18 19:27:14 stefan-ThinkPad-T480 systemd[1]: Stopped Firmware update daemon.
Jun 18 19:27:14 stefan-ThinkPad-T480 systemd[1]: fwupd.service: Consumed 2.247s CPU time.
-- Boot 985a624c36504e16afaa2e4cc527a4bb --
Jun 18 21:54:05 stefan-ThinkPad-T480 systemd[1]: Starting Firmware update daemon...
Jun 18 21:54:06 stefan-ThinkPad-T480 systemd[1]: Started Firmware update daemon.
Jun 18 21:54:06 stefan-ThinkPad-T480 fwupd[4139]: 19:54:06:0807 FuPluginPciMei ME family not supported for 0:0.0.0.0
Jun 18 22:30:38 stefan-ThinkPad-T480 fwupd[4139]: 20:30:38:0990 FuPluginPciMei ME family not supported for 0:0.0.0.0
Jun 18 22:53:04 stefan-ThinkPad-T480 fwupd[4139]: 20:53:04:0047 FuPluginUpower failed to query lid state
Jun 18 22:53:04 stefan-ThinkPad-T480 fwupd[4139]: 20:53:04:0047 FuPluginUpower failed to query lid state
Jun 18 22:53:04 stefan-ThinkPad-T480 systemd[1]: Stopping Firmware update daemon...
Jun 18 22:53:04 stefan-ThinkPad-T480 systemd[1]: fwupd.service: Deactivated successfully.
Jun 18 22:53:04 stefan-ThinkPad-T480 systemd[1]: Stopped Firmware update daemon.
Jun 18 22:53:04 stefan-ThinkPad-T480 systemd[1]: fwupd.service: Consumed 3.625s CPU time.
-- Boot 566a00a2417a42ee9cf53e06f5d0e88f --
Jun 19 00:50:58 stefan-ThinkPad-T480 systemd[1]: Starting Firmware update daemon...
Jun 19 00:50:59 stefan-ThinkPad-T480 systemd[1]: Started Firmware update daemon.
Jun 19 00:50:59 stefan-ThinkPad-T480 fwupd[4177]: 22:50:59:0977 FuPluginPciMei ME family not supported for 0:0.0.0.0
Jun 19 01:35:36 stefan-ThinkPad-T480 fwupd[4177]: 23:35:36:0739 FuPluginUpower failed to query lid state
Jun 19 01:35:36 stefan-ThinkPad-T480 fwupd[4177]: 23:35:36:0739 FuPluginUpower failed to query lid state
Jun 19 01:35:37 stefan-ThinkPad-T480 systemd[1]: Stopping Firmware update daemon...
Jun 19 01:35:37 stefan-ThinkPad-T480 systemd[1]: fwupd.service: Deactivated successfully.
Jun 19 01:35:37 stefan-ThinkPad-T480 systemd[1]: Stopped Firmware update daemon.
Jun 19 01:35:37 stefan-ThinkPad-T480 systemd[1]: fwupd.service: Consumed 1.037s CPU time.
-- Boot d1604954efb440efb35d09b6bcc96b3b --
Jun 19 11:56:58 stefan-ThinkPad-T480 systemd[1]: Starting Firmware update daemon...
Jun 19 11:57:02 stefan-ThinkPad-T480 systemd[1]: Started Firmware update daemon.
Jun 19 11:57:03 stefan-ThinkPad-T480 fwupd[4160]: 09:57:03:0034 FuPluginPciMei ME family not supported for 0:0.0.0.0
Jun 19 12:14:57 stefan-ThinkPad-T480 fwupd[4160]: 10:14:57:0356 FuPluginUpower failed to query lid state
Jun 19 12:14:57 stefan-ThinkPad-T480 fwupd[4160]: 10:14:57:0356 FuPluginUpower failed to query lid state
Jun 19 12:14:57 stefan-ThinkPad-T480 systemd[1]: Stopping Firmware update daemon...
Jun 19 12:14:57 stefan-ThinkPad-T480 systemd[1]: fwupd.service: Deactivated successfully.
Jun 19 12:14:57 stefan-ThinkPad-T480 systemd[1]: Stopped Firmware update daemon.
Jun 19 12:14:57 stefan-ThinkPad-T480 systemd[1]: fwupd.service: Consumed 1.287s CPU time.
-- Boot 2621361670904dbeae54b12fc96a2514 --
Jun 19 12:15:47 stefan-ThinkPad-T480 systemd[1]: Starting Firmware update daemon...
Jun 19 12:15:51 stefan-ThinkPad-T480 systemd[1]: Started Firmware update daemon.
Jun 19 12:15:51 stefan-ThinkPad-T480 fwupd[4027]: 10:15:51:0523 FuPluginPciMei ME family not supported for 0:0.0.0.0
Jun 19 12:21:03 stefan-ThinkPad-T480 fwupd[4027]: 10:21:03:0642 FuPluginPciMei ME family not supported for 0:0.0.0.0
Jun 19 12:23:59 stefan-ThinkPad-T480 fwupd[4027]: 10:23:59:0025 FuPluginUpower failed to query lid state
Jun 19 12:23:59 stefan-ThinkPad-T480 fwupd[4027]: 10:23:59:0025 FuPluginUpower failed to query lid state
Jun 19 12:23:59 stefan-ThinkPad-T480 systemd[1]: Stopping Firmware update daemon...
Jun 19 12:23:59 stefan-ThinkPad-T480 systemd[1]: fwupd.service: Deactivated successfully.
Jun 19 12:23:59 stefan-ThinkPad-T480 systemd[1]: Stopped Firmware update daemon.
Jun 19 12:23:59 stefan-ThinkPad-T480 systemd[1]: fwupd.service: Consumed 2.084s CPU time.
-- Boot 539aecd3f04e4a42b019af836abb4c5f --
Jun 19 12:24:42 stefan-ThinkPad-T480 systemd[1]: Starting Firmware update daemon...
Jun 19 12:24:44 stefan-ThinkPad-T480 systemd[1]: Started Firmware update daemon.
Jun 19 12:24:44 stefan-ThinkPad-T480 fwupd[4027]: 10:24:44:0207 FuPluginPciMei ME family not supported for 0:0.0.0.0
Jun 19 12:25:29 stefan-ThinkPad-T480 fwupd[4027]: 10:25:29:0350 FuPluginUpower failed to query lid state
Jun 19 12:25:29 stefan-ThinkPad-T480 fwupd[4027]: 10:25:29:0350 FuPluginUpower failed to query lid state
Jun 19 12:25:29 stefan-ThinkPad-T480 systemd[1]: Stopping Firmware update daemon...
Jun 19 12:25:29 stefan-ThinkPad-T480 systemd[1]: fwupd.service: Deactivated successfully.
Jun 19 12:25:29 stefan-ThinkPad-T480 systemd[1]: Stopped Firmware update daemon.
Jun 19 12:25:29 stefan-ThinkPad-T480 systemd[1]: fwupd.service: Consumed 1.295s CPU time.
-- Boot 462695bedeb14c31a4c1a1b2dd1e50f9 --
Jun 19 12:26:10 stefan-ThinkPad-T480 systemd[1]: Starting Firmware update daemon...
Jun 19 12:26:12 stefan-ThinkPad-T480 systemd[1]: Started Firmware update daemon.
Jun 19 12:26:12 stefan-ThinkPad-T480 fwupd[4017]: 10:26:12:0182 FuPluginPciMei ME family not supported for 0:0.0.0.0
lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04.5 LTS
Release: 22.04
Codename: jammy
mokutil --sb-state
SecureBoot disabled
fwupdmgr get-updates
Devices with no available firmware updates:
• UEFI Device Firmware
• UEFI Device Firmware
• UEFI Device Firmware
Devices with the latest available firmware version:
• Embedded Controller
• MZVLW512HMJP-000L7
• System Firmware
• Thunderbolt host controller
sudo ls -l /boot/efi/EFI/ubuntu/
insgesamt 4408
-rwx------ 1 root root 108 Mai 28 11:37 BOOTX64.CSV
drwx------ 2 root root 4096 Apr 20 11:25 fw
-rwx------ 1 root root 64280 Mär 7 2023 fwupdx64.efi
-rwx------ 1 root root 117 Mai 28 11:37 grub.cfg
-rwx------ 1 root root 2602888 Mai 28 11:37 grubx64.efi
-rwx------ 1 root root 856280 Mai 28 11:37 mmx64.efi
-rwx------ 1 root root 966664 Mai 28 11:37 shimx64.efi
**Issue:**
Ubuntu 24.04 keeps prompting to apply a Secure Boot DBX firmware update on every reboot, even though Secure Boot is disabled and no pending update files exist in the EFI partition.
**System:**
- Device: Lenovo ThinkPad T480
- Ubuntu Version: [Insert output of `lsb_release -a` here]
- Secure Boot Status: Disabled (`mokutil --sb-state`)
- fwupd version: [Insert output of `fwupdmgr --version` if possible]
**What I tried:**
- Deleted all fwupd-related EFI files in /boot/efi/EFI/ubuntu/
- Removed `/var/lib/fwupd/pending.dbx` and other related cached files
- Ran `sudo update-grub`
- Rebooted multiple times
- Despite this, the system keeps showing the “configuration update for Secure Boot DBX is needed” dialog after every login
**Output of `fwupdmgr get-updates`:**
(Still lists the UEFI dbx update as pending)
**Expected behavior:**
Once Secure Boot is disabled and all update files are removed, fwupd should recognize that the DBX update cannot be applied and stop prompting for a reboot/update.
Let me know if further logs or debug output are needed.
ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: fwupd 1.7.9-1~22.04.3
ProcVersionSignature: Ubuntu 6.8.0-60.63~22.04.1-generic 6.8.12
Uname: Linux 6.8.0-60-generic x86_64
ApportVersion: 2.20.11-0ubuntu82.8
Architecture: amd64
CasperMD5CheckResult: pass
CurrentDesktop: ubuntu:GNOME
Date: Thu Jun 19 12:55:42 2025
InstallationDate: Installed on 2023-08-24 (664 days ago)
InstallationMedia: Ubuntu 22.04.3 LTS "Jammy Jellyfish" - Release amd64 (20230807.2)
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=de_DE.UTF-8
SHELL=/bin/bash
SourcePackage: fwupd
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/fwupd/+bug/2114973/+subscriptions
More information about the foundations-bugs
mailing list