I have had the following error message for a few minutes with this update, what can I do?
sudo fwupdmgr get-updates
Devices with no available firmware updates:
• KINGSTON SNVS1000G
• System Firmware
Devices that were not updated correctly:
• UEFI dbx (468 → 20241101)
Uploading firmware reports helps hardware vendors to quickly identify failing and successful updates on real devices.
I have an error too but it is at least clear what the issue is. My MSI B350 PC MATE board has no option to enable capsule updates that I can find so this firmware cannot be flashed by fwupd. I'm wondering if your system has that setting or not but also what the risks of not flashing a PC that only you or I actually have physical access to and never run that program on.
I tried adding the text here to a fwupd.conf file but it made no difference, the utility still checked for updates and returned the same error for the EFI capsule.
WARNING: UEFI capsule updates not available or enabled in firmware setup
See https://github.com/fwupd/fwupd/wiki/PluginFlag:capsules-unsupported for more information.
I'm actually more concerned that the updates are offered via Software Store and not the system software updater. there was no prompt for a password to initiate this update concerning EFI capsule contents.
I have now uninstalled fwupd and then installed the Snap Version 2.0.5 Stable.
Now everything seems to work.
Before was the dbx version 468
Since fwupd snap is the version 20241101
fwupdmgr get-updates
Devices with no available firmware updates:
• KINGSTON SNVS1000G
• System Firmware
Devices with the latest available firmware version:
• UEFI dbx
No updates available
This is how it works
I have no idea why this is the case 
Nice! I've switched to the snap version too and while it still cannot update the capsule on my board it got rid of the update from the list. It's also now showing my board has the latest DBX but nothing actually got flashed by it
WARNING: UEFI capsule updates not available or enabled in firmware setup
See https://github.com/fwupd/fwupd/wiki/PluginFlag:capsules-unsupported for more information.
Devices with no available firmware updates:
• Samsung SSD 970 EVO Plus 1TB
Devices with the latest available firmware version:
• UEFI dbx
No updates available
If you see the following at the beginning of the output, among other things,
WARNING: UEFI capsule updates not available or enabled in firmware setup
See http://github.com/fwupd/fwupd/wiki/PluginFlag:capsule-unsupported for more information.
this is an indication that you will not be able to update the dbx with fwupd.service in this case.
If this message does not appear and you get a display containing a UEFI dbx section of the following type,
|_UEFI dbx:
Device ID: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Summary: UEFI recocation database
Current version: x
Minimum version: x
Vendor: UEFI:Linux Foundation
Install Duration x second
GUID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
then the update should be possible on the system from Ubuntu in principle - but not guaranteed.
Alternative ways to install the dbx update
If the dbx update does not work via Ubuntu, this does not necessarily mean that it cannot be installed at all:
Alternative ways can be:
Firmware update from the manufacturer
If you also use Windows at the same time, you can try the update from Windows
Using keytool
Directly in the firmware setup of the computer
According to my observations and experience - which can by no means be conclusive and universally valid - it can be roughly said that the update of the dbx should generally be possible on computers that came pre-installed with at least Windows 10.
Computers that came pre-installed with Windows 8 may have restrictions on the NVRAMS with regard to dbx updates, e.g. there may not be enough space available for the dbx entries or other restrictions. On computers that were designed more for private use, it is often not possible to properly edit dbx entries on Windows 8 computers.
If Secure Boot is deactivated, then it is useless anyway whether the dbx - which is the subject of the dbx update - is up-to-date or not. Because without Secure Boot, it is not used for booting at all.
Yes I understood fwupd cannot be used, I do have the option of manually adding updates in the EFI shell via MSI's clickbios interface though. I'm not in a rush to do anything I just wanted rid of the update (the only reason I was messing with it) in the Software store list so it would not keep showing or attempting to apply it.
I removed windows from this machine as I found I was only booting Zorin these days anyway on it 
It was a self-build back in 2017/2018 and has only seen W10 or newer and linux over the years.
Technically I could indeed just remove fwupd altogether as I doubt Samsung will release any further updates to my 970 Evo Plus which is the only other device it detects.
I understand them.
I can no longer get the latest firmware either and am also considering uninstalling fwupd completely.
The best way for me with my old laptop was to disable fwupd and all services related...
I did this in the end:
sudo apt purge fwupd
sudo apt autoremove
That was before installing the snap version. Then after I ran the snap version to confirm it was my board not allowing flash updates I uninstalled that too via the Software store
hello i just ran into an issue with zorin os and there's an update about secure boot dbx configuration update and i can't update it. does anyone know how to fix it?
I had the same problem and doing this fixed the issue. Thank you very much!
just a little search here...
Thanks it worked fore me.