[Bug 2111199] [NEW] fwupd is incompatible with secure boot (regression)

mikbini 2111199 at bugs.launchpad.net
Sun May 18 12:24:37 UTC 2025 

Public bug reported:

I upgraded very recently from 24.10 to 25.04 and I noticed that firmware
updates via fwupdmgr were failing:

sudo fwupdmgr refresh --force && sudo fwupdmgr update

showed 2 updates but, after a few 'Y' and a reboot, they were not
applied and fwupdmgr get-history showed both as "failed to update on
reboot".

Disabling secure boot in the bios settings, running fwupdmgr again
rebooting once more let them apply but this is a regression: on ubuntu
24.10 fwupdmgr was able to apply updates with secure boot enabled on
this system.

ProblemType: Bug
DistroRelease: Ubuntu 25.04
Package: fwupd-signed 1.55+1.7-1
ProcVersionSignature: Ubuntu 6.14.0-15.15-generic 6.14.0
Uname: Linux 6.14.0-15-generic x86_64
ApportVersion: 2.32.0-0ubuntu5
Architecture: amd64
CasperMD5CheckMismatches: ./.disk/casper-uuid-oem ./boot/grub/efi.img ./boot/grub/grub.cfg ./casper/initrd
CasperMD5CheckResult: fail
CurrentDesktop: ubuntu:GNOME
Date: Sun May 18 14:15:36 2025
DistributionChannelDescriptor:
 # This is the distribution channel descriptor for the OEM CDs
 # For more information see http://wiki.ubuntu.com/DistributionChannelDescriptor
 canonical-oem-sutton-jammy-amd64-20231024-582
InstallationDate: Installed on 2023-10-31 (565 days ago)
InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - pc-sutton-jammy-amd64-20231024-582
SourcePackage: fwupd-signed
UpgradeStatus: Upgraded to plucky on 2025-05-17 (1 days ago)

** Affects: fwupd-signed (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug plucky wayland-session

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to fwupd-signed in Ubuntu.
https://bugs.launchpad.net/bugs/2111199

Title:
  fwupd is incompatible with secure boot (regression)

Status in fwupd-signed package in Ubuntu:
  New

Bug description:
  I upgraded very recently from 24.10 to 25.04 and I noticed that
  firmware updates via fwupdmgr were failing:

  sudo fwupdmgr refresh --force && sudo fwupdmgr update

  showed 2 updates but, after a few 'Y' and a reboot, they were not
  applied and fwupdmgr get-history showed both as "failed to update on
  reboot".

  Disabling secure boot in the bios settings, running fwupdmgr again
  rebooting once more let them apply but this is a regression: on ubuntu
  24.10 fwupdmgr was able to apply updates with secure boot enabled on
  this system.

  ProblemType: Bug
  DistroRelease: Ubuntu 25.04
  Package: fwupd-signed 1.55+1.7-1
  ProcVersionSignature: Ubuntu 6.14.0-15.15-generic 6.14.0
  Uname: Linux 6.14.0-15-generic x86_64
  ApportVersion: 2.32.0-0ubuntu5
  Architecture: amd64
  CasperMD5CheckMismatches: ./.disk/casper-uuid-oem ./boot/grub/efi.img ./boot/grub/grub.cfg ./casper/initrd
  CasperMD5CheckResult: fail
  CurrentDesktop: ubuntu:GNOME
  Date: Sun May 18 14:15:36 2025
  DistributionChannelDescriptor:
   # This is the distribution channel descriptor for the OEM CDs
   # For more information see http://wiki.ubuntu.com/DistributionChannelDescriptor
   canonical-oem-sutton-jammy-amd64-20231024-582
  InstallationDate: Installed on 2023-10-31 (565 days ago)
  InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - pc-sutton-jammy-amd64-20231024-582
  SourcePackage: fwupd-signed
  UpgradeStatus: Upgraded to plucky on 2025-05-17 (1 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/fwupd-signed/+bug/2111199/+subscriptions

More information about the foundations-bugs mailing list