There are multiple user issues regarding this, appearing to affect multiple distributions:
Each of these is left intact rather than merging, due to some variance in those who successfully report a solution.
If you are experiencing a notification for Secure Boot dbx; please review an existing thread:
To see if it can help you.
on pop at the moment because this prob. it's a distro prob - too many users and different configurations having it.
I agree, since so many distros are affected by it.
However, I have heard from others that Linux Mint does not seem to... I personally do not use Snaps at all, and I removed snapd package. I also, have not gotten this error. And I should have.
Other users have linked this issue to Snap.
If you are not using Snap packages, at all, then you may benefit from
sudo apt remove snapd
That is interesting, because I did remove snap from my Zorin OS install long ago, and I still got the error. Updating my BIOS is what fixed it.
I feel better about being stumped over this pervasive issue, then. 
Using Brave A.I. search engine via Mojeek to get an update returns with:
Linux Secure Boot .dbx Update Issues
The latest updates and issues related to the .dbx file and Secure Boot failures for Linux users involve several key points. The .dbx file is part of the UEFI Secure Boot mechanism, which is used to maintain a list of revoked boot managers and other boot-related components.2 Users are encountering problems when trying to update the .dbx file, which can lead to persistent update notifications and potential boot issues.
One common issue is that the update fails due to the presence of blocked executables in the EFI System Partition (ESP). For example, users might see an error message indicating that the update is blocked because of the presence of a file like /boot/efi/EFI/Boot/shimx64.efi, which is signed with an older certificate that has been revoked.5 This can happen if the system is running an older version of GRUB or shim, which are not compatible with the latest .dbx updates.
Another issue is related to the Secure Boot configuration itself. If Secure Boot is not enabled, the update might fail, as the system might not be able to apply the necessary changes to the .dbx file.3 Additionally, some users have reported that the update fails due to incompatibilities with their current BitLocker configuration, which can interfere with the Secure Boot update process.2
To resolve these issues, users are advised to ensure that their system is up-to-date with the latest versions of GRUB and shim. This can be done using package managers like dnf or apt , depending on the distribution.3 If the update still fails, users might need to manually check the ESP for any blocked executables and remove or update them. In some cases, resetting the Secure Boot keys in the BIOS settings can also help.3
Furthermore, some users have found that the update can be bypassed using the fwupdmgr command, which provides more detailed output and can help identify the root cause of the failure.3 However, it is important to note that forcing the update without proper compatibility checks can lead to system instability or boot issues, especially if the system is not properly configured to handle the new .dbx updates.3
In summary, the latest .dbx issues for Linux users involve problems with updating the Secure Boot revocation database, which can be caused by outdated boot components, incorrect Secure Boot configurations, or incompatibilities with other system features like BitLocker. Ensuring that all components are up-to-date and properly configured is crucial to resolving these issues.235
AI-generated answer. Please verify critical facts.
discussion.fedoraproject.org
Can't update 'Secure Boot dbx Configuration Update' - Fedora Discussion
support.microsoft.com
Secure Boot DB and DBX variable update events - Microsoft Support
reddit.com
r/Fedora on Reddit: Why is it not updating? Secure boot dbx config update
github.com
Unable to update UEFI dbx while dual booting Ubuntu and Windows 11 · Issue #8710 · fwupd/fwupd
askubuntu.com
boot - Impossible to update UEFI dbx - Ask Ubuntu
answers.launchpad.net
Question #703205 “secure boot dbx config update” : Questions : Ubuntu
ubuntuforums.org
unable to update secure boot dbx
forum.zorin.com
Error configuration update
[Notice how A.I. interpreted my request for an 'update' of the situation!]
Using different search criteria and limiting it to the past week returns better results:
DBX Update Failure Dual Boot
The current status of the dbx update failure for dual-boot users of Windows and Linux involves several reported issues and potential solutions. Users have encountered problems where the UEFI dbx update fails to apply, leading to persistent notifications and potential boot issues. For example, on a laptop with dual-booting Ubuntu and Windows 11, the fwupd tool was unable to update the UEFI dbx, resulting in an ongoing update notification.3
In some cases, the failure to apply the dbx update can be resolved by ensuring that the GRUB and shim are up to date. If there is a blocked executable in the ESP, users have found that removing the specific file, such as /boot/efi/EFI/Boot/bkpbootx64.efi, can allow the update to proceed.4
Additionally, some users have reported success by resetting the Secure Boot keys through the BIOS settings. This involves re-enabling Secure Boot and performing a factory reset of the keys, which can sometimes resolve the issue.6
It is also important to note that the dbx update is part of the Secure Boot configuration and is managed by the fwupdmgr utility rather than traditional package managers. Users are advised to run commands such as sudo fwupdmgr refresh --force and sudo fwupdmgr update to check for and apply updates.3
If the update still fails, checking the firmware settings and ensuring that the system is not in a state that prevents the update from being applied, such as having an incompatible BitLocker configuration, may be necessary.2
Overall, while the dbx update failure can be frustrating, there are several steps users can take to resolve the issue, including updating GRUB and shim, resetting Secure Boot keys, and using the fwupdmgr utility to manage the update process.
AI-generated answer. Please verify critical facts.
discussion.fedoraproject.org
Secure Boot dbx update? - Fedora Discussion
support.microsoft.com
Secure Boot DB and DBX variable update events - Microsoft Support
github.com
Unable to update UEFI dbx while dual booting Ubuntu and Windows 11 · Issue #8710 · fwupd/fwupd
askubuntu.com
grub2 - Secure Boot dbx Configuration Update 77 - 371 Ubuntu 23.10 - Ask Ubuntu
unix.stackexchange.com
linux - 'Secure Boot dbx Configuration Update' prompt on gui but terminal says everything is up to date. What is it? Is it safe to install? - Unix & Linux Stack Exchange
reddit.com
r/Ubuntu on Reddit: UEFI dbx
@zoran Let's keep to the facts, the problem is not a distro problem, but one created by Microsoft with poor construction of secure boot and certificates that are out of date. However, compounding the issue is Snapd, as Ubuntu users also face this issue, and as all should know by now Ubuntu made the wrong decision to replace apt with snap. One could argue that Zorin also made the wrong decision in adopting Snap in Zorin 17, as well as Flatpak. This is one of the reasons why I prefer Q4OS - Flatpak is available for those that want it, it is not present by default. And better still is PCLOS Debian.
I appreciate it is not possible for Notebook users to have separate hard drives, but for Desktop users I would no longer recommend dual-booting on the same drive as Windows. That said Notebook users could use an external drive for their OS of choice. If possible (and I am aware some users need Windows), months ago somone online suggested that the best way to run Windows is as a VM inside of GNU/Linux (But you would need at least 32 Gb of RAM as Windows 11 requires a minimum of 12 Gb of RAM to run and you can't exceed more than half of your physical RAM as you would crash the host OS.)
Same PC, installed Zorin MBR and GPT and got same update error. Since then, installed Mint, KDE Neon, and Pop without update problem.
That looks like OpenAI output, which is designed to affirm and validate user input.
Let's look around the web:
https://www.reddit.com/r/Ubuntu/comments/1jaazp6/uefi_dbx_update_forever_notification_keeps/
https://www.reddit.com/r/Fedora/comments/13uyufy/fedora_38_update_does_not_seem_to_install/
Now, I do realize that the dates are widespread. And there is Ubuntu 22.04 and 24.04 affected.
But what I am looking at are the Secure Boot dbx version numbers.
When I said that "I have seen reports of other distros", I was being quite honest.
It is not a deflection.
It was just some firsthand field research and a conclusion based on the results. Thought it might be useful.
Any information helps and observations are the first step.
But Pop_OS does not support secure boot:
And Mint does not include Snapd.
I do not know why KDE Neon had no issue. It is possible that the firmware updater had not yet had time to check.
Or, there may be something else.
All of the above are clues, for this current mystery.
But this isn't a Snap Package. The interesting thing here is: You have linked a Comment from me (3rd from above) in Your initial Comment and there I have linked to a Comment from @Dexxa who had a Problem like this in the Past and uninstalled fwupd and installed the Snap Version and then it works.
And on Linux Mint - without Snap - isn't a Problem, too. Maybe, because the Snap Version and the normal Version what Linux Mint with Ubuntu 24 LTS Base uses is a newer/higher Version than the fwupd Package in Zorin 17 with Ubuntu 22 LTS as Base.
Now, it would be interesting to know, if on Ubuntu 22 LTS direct this Issues exists, too.
KDE Neon uses now Ubuntu 24 LTS as Base, too. So, maybe the Base could be a Point. Or Plasma has its own built-in Firmware Tool?
Perhaps a purge and reinstall of the .deb version might resolve the issue?
this last month no pop dbx update problems. some, earlier around march, which coincides with the 20241101 release
Ubuntu 22.04 DBX Fix
Ubuntu 22.04 has not been explicitly mentioned as having a .dbx fwupd fix in the provided context. However, there are several references to issues and updates related to the UEFI Secure Boot dbx and fwupd on Ubuntu systems. For example, users have reported problems with updating the UEFI dbx on Ubuntu 22.04, and some have suggested that updating to a newer version of Ubuntu, such as 22.04 LTS or 22.10, might resolve these issues.
Additionally, there are mentions of specific versions of fwupd and the need to ensure that grub and shim are up to date to avoid conflicts during the update process. It is also noted that the issue with the dbx update might be related to the version of fwupd being used, and that updating fwupd could potentially resolve the problem.
Therefore, while there is no direct mention of a .dbx fwupd fix for Ubuntu 22.04, there are indications that updating to a newer version of Ubuntu or ensuring that fwupd is up to date might help address the issue.
AI-generated answer. Please verify critical facts.
[
Unable to update UEFI dbx while dual booting Ubuntu and Windows 11 · Issue #8710 · fwupd/fwupd
](Unable to update UEFI dbx while dual booting Ubuntu and Windows 11 · Issue #8710 · fwupd/fwupd · GitHub)[
blogs.gnome.org
Updating Secure Boot dbx with fwupd and the LVFS – Technical Blog of Richard Hughes
](Updating Secure Boot dbx with fwupd and the LVFS – Technical Blog of Richard Hughes)[
askubuntu.com
boot - Impossible to update UEFI dbx - Ask Ubuntu
](https://askubuntu.com/questions/1429678/impossible-to-update-uefi-dbx)[
reddit.com
r/Ubuntu on Reddit: Firmware update available for UEFI dbx
](https://www.reddit.com/r/Ubuntu/comments/1j2ro00/firmware_update_available_for_uefi_dbx/)[
answers.launchpad.net
Question #703205 “secure boot dbx config update” : Questions : Ubuntu
](https://answers.launchpad.net/ubuntu/+question/703205)
One Thing what maybe could be worth a Try: I saw that for fwupd exists a GTK Front-End to use it graphically. You can install it with sudo apt install gnome-firmware
apt show gnome-firmware
Package: gnome-firmware
Version: 41.0-1
Priority: optional
Section: universe/gnome
Origin: Ubuntu
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Original-Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 180 kB
Depends: libc6 (>= 2.34), libfwupd2 (>= 1.6.2), libglib2.0-0 (>= 2.37.3), libgtk-3-0 (>= 3.22.29), libhandy-1-0 (>= 1.2.0), libxmlb2 (>= 0.1.0), fwupd (>= 1.5.5)
Homepage: https://gitlab.gnome.org/hughsie/gnome-firmware-updater
Task: ubuntu-mate-desktop
Download-Size: 49,1 kB
APT-Sources: http://archive.ubuntu.com/ubuntu jammy/universe amd64 Packages
Description: GTK front end for fwupd
This application can:
.
- Upgrade, Downgrade, & Reinstall firmware on devices supported by fwupd.
- Unlock locked fwupd devices
- Verify firmware on supported devices
- Display all releases for a fwupd device
there's too many variations. decided to check... and this particular example, not getting update error message. simply put, the way the dbx update being applied is not compatible with secure boot
UEFI Firmware Update in Legacy BIOS Mode
The warning "UEFI firmware cannot be updated in legacy BIOS mode" appears when the system is running in legacy BIOS mode, which typically occurs if the UEFI firmware is in "CSM compatibility mode".5 In this mode, UEFI runtime functions, including the ability to schedule firmware updates, are not available. This warning can be ignored if UEFI firmware updates are not required. To resolve this, ensure the system is set to UEFI mode, and the OS drive is formatted as GPT rather than MBR.4 If the system is set to legacy BIOS mode, it may prevent certain functionalities, such as firmware updates, and switching to UEFI mode is recommended.5
AI-generated answer. Please verify critical facts.
learn.microsoft.com
Boot to UEFI Mode or Legacy BIOS mode | Microsoft Learn
makeuseof.com
5 Ways to Fix Missing UEFI Firmware Settings in Windows 10
askubuntu.com
boot - How to change ubuntu install from legacy to uefi - Ask Ubuntu
support.faceit.com
Warning: Your BIOS Mode is set to Legacy. Please set it to UEFI. – FACEIT
github.com
Firmware can not be updated in legacy BIOS mode, wiki instructions don't work · Issue #6278 · fwupd/fwupd
superuser.com
I have UEFI firmware, however
just to add... on another pc, got error message with both mbr and gpt zorin installs. whereas with pop, installed mbr, firmware is now updated to a newer version than the zorin version - 20250507
