[Bug 2111199] Re: fwupd is incompatible with secure boot (regression)

Andreas Hasenack 2111199 at bugs.launchpad.net
Sat Jun 28 19:41:56 UTC 2025 

I applied that patch, rebuilt fwupd, and rebooted. This reboot was to
attempt to apply the update that previous fwupd had downloaded. This was
needed, otherwise fwupd wouldn't attempt to apply the update again
(unless there is some --force flag).

After reboot, as expected the update wasn't applied, and get-history showed the failure:
  │   Update Error:       failed to run update on reboot: expected 0.1.50 and got 0.1.49

I then ran fwupdmgr update again, it again downloaded the update, asked
to reboot, and prior to that I checked the boot entry, and it's fixed
now:

Boot0001* Linux-Firmware-Updater
HD(1,GPT,0fa5e368-f741-4510-a481-fac2e4ba4e05,0x800,0x219800)/File(\EFI\ubuntu\shimx64.efi)
File(.\fwupdx64.efi)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to fwupd-signed in Ubuntu.
https://bugs.launchpad.net/bugs/2111199

Title:
  fwupd is incompatible with secure boot (regression)

Status in fwupd package in Ubuntu:
  Confirmed
Status in fwupd-signed package in Ubuntu:
  Confirmed

Bug description:
  I upgraded very recently from 24.10 to 25.04 and I noticed that
  firmware updates via fwupdmgr were failing:

  sudo fwupdmgr refresh --force && sudo fwupdmgr update

  showed 2 updates but, after a few 'Y' and a reboot, they were not
  applied and fwupdmgr get-history showed both as "failed to update on
  reboot".

  Also, in hindsight, I wasn't seeing a message stating "fwupd-efi
  running" (I'm not 100% sure about the message, when the updates are
  applied successfully it is shown just for a split-second) on the
  bootstrap splashscreen when rebooting to apply the firmware updates.

  Disabling secure boot in the bios settings, running fwupdmgr again
  rebooting once more let them apply but this is a regression: on ubuntu
  24.10 fwupdmgr was able to apply updates with secure boot enabled on
  this system.

  ProblemType: Bug
  DistroRelease: Ubuntu 25.04
  Package: fwupd-signed 1.55+1.7-1
  ProcVersionSignature: Ubuntu 6.14.0-15.15-generic 6.14.0
  Uname: Linux 6.14.0-15-generic x86_64
  ApportVersion: 2.32.0-0ubuntu5
  Architecture: amd64
  CasperMD5CheckMismatches: ./.disk/casper-uuid-oem ./boot/grub/efi.img ./boot/grub/grub.cfg ./casper/initrd
  CasperMD5CheckResult: fail
  CurrentDesktop: ubuntu:GNOME
  Date: Sun May 18 14:15:36 2025
  DistributionChannelDescriptor:
   # This is the distribution channel descriptor for the OEM CDs
   # For more information see http://wiki.ubuntu.com/DistributionChannelDescriptor
   canonical-oem-sutton-jammy-amd64-20231024-582
  InstallationDate: Installed on 2023-10-31 (565 days ago)
  InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - pc-sutton-jammy-amd64-20231024-582
  SourcePackage: fwupd-signed
  UpgradeStatus: Upgraded to plucky on 2025-05-17 (1 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/fwupd/+bug/2111199/+subscriptions

More information about the foundations-bugs mailing list