On restart, issue persists. The motherboard is an ASRock H110M-HDS.
Issue also present on a seperate second computer. A surface Go 1 (4GB and Intel Pentium version).
Have you tried updating your BIOS?
BIOS up to date.
I saw some other comments so updated to the most recent BIOS (on the ASRock) before I did the troubleshooting steps above.
Thanks for replying. Gotcha.
1 Like
Following.. I have this error for my Dell OptiPlex desktop (updated BIOS recently, throwing the error now), but not my other machine..
Following as well. I have this issue on my install on my HP pc.
For what it's worth, here are my two bits to try and help with the problem:
-
Motherboard make/model: Gigabyte B360M-DS3H.
-
BIOS revision: F14 (previous); F19 (current after updating).
-
The DBX error disappeared after I updated my BIOS.
-
It does not reappear when Secure Boot is enabled/disabled.
That's all from me. I know it's not much, but it may help ... ? Good luck to all.
P.S.: If the Zorin Group wants to look at the BIOS page: CLICK HERE.
There are notes for each BIOS revision that might be helpful (especially F17's).
Last thing from me. I asked Google Gemini about my situation. See below:
It's great that updating your Gigabyte B360M-DS3H motherboard's BIOS resolved the DBX error on Zorin OS! This isn't an uncommon fix for such issues, and here's a breakdown of why it likely worked:
What is DBX?
DBX stands for "Forbidden Signature Database" (or "signature database blacklist"). It's a crucial component of UEFI Secure Boot.
** Secure Boot is a security standard that helps ensure your PC boots only using software trusted by the PC manufacturer. It's designed to prevent malicious software (like rootkits) from loading during the boot process.*
** The DBX contains a list of revoked (blacklisted) digital signatures for bootloaders and drivers that are known to be vulnerable or malicious. If a boot component tries to load and its signature is found in the DBX, Secure Boot will block it, preventing your system from booting or updating properly.*
Why a BIOS Update Fixed the DBX Error:
1. Outdated DBX List: Your original BIOS likely had an older version of the DBX list. Over time, new vulnerabilities are discovered in legitimate boot components (like GRUB, the Linux bootloader), and their signatures are added to the DBX by organizations like Microsoft to ensure system security. If your system tried to apply an update (like a Secure Boot DBX configuration update in Zorin OS) that included entries for newly blacklisted signatures, but your current BIOS's DBX was too old to properly handle or integrate them, it could lead to an error.
2. Firmware Bug/Incompatibility: BIOS firmware, especially on older versions, can sometimes have bugs or incompatibilities that interfere with the proper functioning of Secure Boot or the fwupd utility (which Zorin OS, being Ubuntu-based, uses for firmware updates). A newer BIOS update often includes fixes for these types of issues, improving the stability and compatibility of the firmware with current operating systems and their security features.
3. Updated Secure Boot Implementation: A new BIOS might include an updated or revised implementation of Secure Boot itself. This can involve changes to how the DBX is managed, how keys are handled, or general improvements to the secure boot process, which could resolve the previous issues you were experiencing.
4. Fresh Start for Secure Boot Keys: When you update your BIOS, it often resets certain UEFI settings to their defaults. This can sometimes involve resetting or re-initializing the Secure Boot keys and databases (PK, KEK, DB, and DBX). This essentially gives Secure Boot a "clean slate," allowing it to properly integrate the latest revocation lists without conflicts from older, problematic entries or configurations.
In summary, your BIOS update likely provided a more up-to-date, stable, and compatible Secure Boot environment, allowing Zorin OS to successfully update its DBX configuration without encountering the previous errors.
It's always recommended to keep your motherboard's BIOS updated to the latest stable version, especially when encountering issues related to boot, security, or hardware compatibility.
Also - does anyone know if this error has cropped up recently on other distributions? Linux Mint, Ubuntu, etc ... I haven't seen anything emerge in the headlines on the Linux news sites I frequent now and then (e.g., LXer, Phoronix, and so on). I just now checked Linux Mint's forum briefly, too, and didn't see any mention of the DBX error. Might help to collaborate with other affected distros.
OK, so one last (LAST) thing. I just now found this Reddit post: CLICK HERE. A potential solution is to go into the motherboard settings and clear the secure boot keys. Multiple people in this thread reported that it worked for them. Worth a try. This tracks with part of what Google Gemini said in its response to me (see above post from earlier); that a BIOS update resets the secure boot keys, so ... yeah.
I'm always scared to clear the boot keys on my ASUS motherboard in case I can't boot from any drive I put in my Hot Swap Bay including Windows 7 Pro.
This Linux security article is particularly worrying as only the first cve has been fixed, not the second and what is noteworthy is the second vulnerability particularly affects GNU/Linux. Is this delay by MS an attempt to be rid of the opposition?
1 Like
At the risk of contributing to the need to splinter this thread, I just, just had a similar situation with the man who delivered my lunch. I haven't even started eating; that's how recent it was. Some of you may have seen "aaron" as my username in screenshots. That is my first name. The delivery guy did the "AA-ron" gag from the famous Key and Peele sketch, and was stunned that I don't just dislike that sketch, but Key and Peele broadly. They rattled off other sketch comic teams. "No, not funny. Don't like them either. Nope." "Whaaaaaaaaaaaa?"
2 Likes