[Bug 2111199] Re: fwupd is incompatible with secure boot (regression)

Andreas Hasenack 2111199 at bugs.launchpad.net
Sat Jun 28 20:00:12 UTC 2025 

I don't believe this affects fwupd-signed, since that package contains
the signed .efi app, and that hasn't changed. It's the boot entry that
is being created incorrectly. But I'll leave those tasks open for now,
waiting for input from the maintainer.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to fwupd-signed in Ubuntu.
https://bugs.launchpad.net/bugs/2111199

Title:
  fwupd is incompatible with secure boot (regression)

Status in fwupd package in Ubuntu:
  Fix Released
Status in fwupd-signed package in Ubuntu:
  Confirmed
Status in fwupd source package in Plucky:
  Confirmed
Status in fwupd-signed source package in Plucky:
  New
Status in fwupd source package in Questing:
  Fix Released
Status in fwupd-signed source package in Questing:
  Confirmed

Bug description:
  I upgraded very recently from 24.10 to 25.04 and I noticed that
  firmware updates via fwupdmgr were failing:

  sudo fwupdmgr refresh --force && sudo fwupdmgr update

  showed 2 updates but, after a few 'Y' and a reboot, they were not
  applied and fwupdmgr get-history showed both as "failed to update on
  reboot".

  Also, in hindsight, I wasn't seeing a message stating "fwupd-efi
  running" (I'm not 100% sure about the message, when the updates are
  applied successfully it is shown just for a split-second) on the
  bootstrap splashscreen when rebooting to apply the firmware updates.

  Disabling secure boot in the bios settings, running fwupdmgr again
  rebooting once more let them apply but this is a regression: on ubuntu
  24.10 fwupdmgr was able to apply updates with secure boot enabled on
  this system.

  ProblemType: Bug
  DistroRelease: Ubuntu 25.04
  Package: fwupd-signed 1.55+1.7-1
  ProcVersionSignature: Ubuntu 6.14.0-15.15-generic 6.14.0
  Uname: Linux 6.14.0-15-generic x86_64
  ApportVersion: 2.32.0-0ubuntu5
  Architecture: amd64
  CasperMD5CheckMismatches: ./.disk/casper-uuid-oem ./boot/grub/efi.img ./boot/grub/grub.cfg ./casper/initrd
  CasperMD5CheckResult: fail
  CurrentDesktop: ubuntu:GNOME
  Date: Sun May 18 14:15:36 2025
  DistributionChannelDescriptor:
   # This is the distribution channel descriptor for the OEM CDs
   # For more information see http://wiki.ubuntu.com/DistributionChannelDescriptor
   canonical-oem-sutton-jammy-amd64-20231024-582
  InstallationDate: Installed on 2023-10-31 (565 days ago)
  InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - pc-sutton-jammy-amd64-20231024-582
  SourcePackage: fwupd-signed
  UpgradeStatus: Upgraded to plucky on 2025-05-17 (1 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/fwupd/+bug/2111199/+subscriptions

More information about the foundations-bugs mailing list