[Bug 2111199] Re: fwupd is incompatible with secure boot (regression)

Andreas Hasenack 2111199 at bugs.launchpad.net
Sat Jun 28 17:22:08 UTC 2025 

I have the exact same issue. There is a firmware update, that is
detected, downloaded, placed in the right path[1], the uefi boot is
changed to boot into the firmware updater, but nothing happens.

Output of efibootmgr verbose attached, otherwise LP will mess with the
layout. But I can say already that a new entry was created for Linux-
Firmware-Updater, and that BootNext is now pointing at it.



1. /boot/efi/EFI/ubuntu/fw/fwupd-34d84f45-4685-4019-b7e3-dba67b96ef7d.cap

** Attachment added: "efibootmgr.txt"
   https://bugs.launchpad.net/ubuntu/+source/fwupd/+bug/2111199/+attachment/5886694/+files/efibootmgr.txt

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to fwupd-signed in Ubuntu.
https://bugs.launchpad.net/bugs/2111199

Title:
  fwupd is incompatible with secure boot (regression)

Status in fwupd package in Ubuntu:
  Confirmed
Status in fwupd-signed package in Ubuntu:
  Confirmed

Bug description:
  I upgraded very recently from 24.10 to 25.04 and I noticed that
  firmware updates via fwupdmgr were failing:

  sudo fwupdmgr refresh --force && sudo fwupdmgr update

  showed 2 updates but, after a few 'Y' and a reboot, they were not
  applied and fwupdmgr get-history showed both as "failed to update on
  reboot".

  Also, in hindsight, I wasn't seeing a message stating "fwupd-efi
  running" (I'm not 100% sure about the message, when the updates are
  applied successfully it is shown just for a split-second) on the
  bootstrap splashscreen when rebooting to apply the firmware updates.

  Disabling secure boot in the bios settings, running fwupdmgr again
  rebooting once more let them apply but this is a regression: on ubuntu
  24.10 fwupdmgr was able to apply updates with secure boot enabled on
  this system.

  ProblemType: Bug
  DistroRelease: Ubuntu 25.04
  Package: fwupd-signed 1.55+1.7-1
  ProcVersionSignature: Ubuntu 6.14.0-15.15-generic 6.14.0
  Uname: Linux 6.14.0-15-generic x86_64
  ApportVersion: 2.32.0-0ubuntu5
  Architecture: amd64
  CasperMD5CheckMismatches: ./.disk/casper-uuid-oem ./boot/grub/efi.img ./boot/grub/grub.cfg ./casper/initrd
  CasperMD5CheckResult: fail
  CurrentDesktop: ubuntu:GNOME
  Date: Sun May 18 14:15:36 2025
  DistributionChannelDescriptor:
   # This is the distribution channel descriptor for the OEM CDs
   # For more information see http://wiki.ubuntu.com/DistributionChannelDescriptor
   canonical-oem-sutton-jammy-amd64-20231024-582
  InstallationDate: Installed on 2023-10-31 (565 days ago)
  InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - pc-sutton-jammy-amd64-20231024-582
  SourcePackage: fwupd-signed
  UpgradeStatus: Upgraded to plucky on 2025-05-17 (1 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/fwupd/+bug/2111199/+subscriptions

More information about the foundations-bugs mailing list