Skip to main content
Start a Conversation

Unsolved

P

pukacura

1 Message

1266

November 4th, 2022 01:00

unable to upgrade uefi dbx to 217

hello

i cant upgrade my del g15 1511 to the latest uefi dbx 217 that microsoft provided. my laptop is a linux ubuntu system so im not sure why windows has to provide this update. 

the mistake i get is that shim and grub are not to date where i know that everything works just fine with them. i hope i get a solution from those who have the same issue and found a solution

the mistake goes like this:
sudo fwupdmgr update
Devices with no available firmware updates:
• DELL0A71:00 04F3:317E
• UEFI Device Firmware
• UEFI Device Firmware
Devices with the latest available firmware version:
• PM991a NVMe Samsung 512GB
• System Firmware
╔══════════════════════════════════════════════════════════════════════════════╗
║ Upgrade UEFI dbx from 77 to 217? ║
╠══════════════════════════════════════════════════════════════════════════════╣
║ This updates the dbx to the latest release from Microsoft which adds ║
║ insecure versions of grub and shim to the list of forbidden signatures due ║
║ to multiple discovered security updates. ║
║ ║
║ Before installing the update, fwupd will check for any affected executables ║
║ in the ESP and will refuse to update if it finds any boot binaries signed ║
║ with any of the forbidden signatures.If the installation fails, you will ║
║ need to update shim and grub packages before the update can be deployed. ║
║ ║
║ Once you have installed this dbx update, any DVD or USB installer images ║
║ signed with the old signatures may not work correctly.You may have to ║
║ temporarily turn off secure boot when using recovery or installation media, ║
║ if new images have not been made available by your distribution. ║
║ ║
║ UEFI dbx and all connected devices may not be usable while updating. ║
╚══════════════════════════════════════════════════════════════════════════════╝
Perform operation? [Y|n]: y
Downloading… [***************************************]
Downloading… [***************************************]
Decompressing… [***************************************]
Decompressing… [***************************************]
Authenticating… [***************************************]
Authenticating… [***************************************]
Restarting device… [***************************************]
Writing… [***************************************]
Decompressing… [***************************************]
Blocked executable in the ESP, ensure grub and shim are up to date: /boot/efi/efi.factory/boot/bootx64.efi Authenticode checksum [2ea4cb6a1f1eb1d3dce82d54fde26ded243ba3e18de7c6d211902a594fe56788] is present in dbx

please help me

 

1 person also has this problem

guimota

1 Message

December 8th, 2022 05:00

I also have the same problem in a Dell Inspiron 14 notebook. My shimx64.efi file is from 2019 and the system is preventing me to update secure box dbx. It suggests updating shim and grub and trying it again, but I have no idea about how to do that low level updates safely.

 

DellLinuxFan

7 Posts

January 2nd, 2023 08:00

The file /boot/efi/efi.factory/boot/bootx64.efi is left over from some initial setup long ago.

Move the file to your home directory (just in case it is needed for something) and that will allow the update to succeed.

Was this post helpful?

View All

No Events found!

Top