Update in software centre

Gillsman · June 13, 2025, 3:14pm

I am running Zorin 17.3, today I have seen an available update in the software manager for "secure boot dbx configuration update"
I am reluctant to install this as I am not sure what changes this will do to my system & if I really need it.
Obviously I can see it's to do with secure boot, but I'm afraid it could cause future issues either booting the system or maybe preventing things like external drives from working or maybe even worse.
If someone could enlighten me in simple language (my Linux knowledge is limited) what this is intended to do, if it could potentially cause more problems than it solves & if as a normal casual user I really even need it.
Can I also thank everyone on here that gives their time & expertise to those of us that are struggling with an issue.

Forpli · June 13, 2025, 3:26pm

Do you have Dualboot with Windows?
If you only have Zorin installed it is better to disable secure boot in your BIOS/UEFI because it is a function for Windows. Then you don't need this update.

zenzen · June 13, 2025, 3:38pm

This article will explain this in more detail than I ever could:

In cases like this you can install something like Timeshift, which is a tool to make snapshots of your system at a certain point in time. Later, you can rollback your configuration to a previous snapshot in case things go wrong.

For example, make a snapshot before updating or installing something. If after proceeding with that update you notice that something is wrong, you can rollback to the last snapshot where you didn't yet have that update installed and thus avoiding the problem. Like a checkpoint in a video game.

When it comes to boot and firmware updates... it's possible that even Timeshift isn't capable of giving you an easy way to solve this, since these updates are at a lower-level. But, it's worth giving it a try anyway.

As the article I linked to explains, this is a security fix. You don't have to apply it if you don't want to, if for some reason you need to be sure your computer works "as is" right now. For example if you have a presentation next week or whatever. Just hold on to this update until you're comfortable.

Gillsman · June 13, 2025, 4:40pm

Thank you Zenzen and Florpi
that's pretty much as I thought, I do have timeshift but I had guessed it couldn't help with a low level update, I assume this update gets installed at bios level or something like that, so yes I will take the advice and disable secure boot in my bios and take no further notice of it.

Ponce-De-Leon · June 13, 2025, 5:27pm

We have here another User with that Update what makes a bit Trouble:

swarfendor437 · June 13, 2025, 10:04pm

And I posted a possible solution but not sure if it will work with the latest CVE that has been posted:

https://askubuntu.com/questions/1429678/impossible-to-update-uefi-dbx

zabadabadoo · June 14, 2025, 9:11am

Seems to be affecting a few people.
See this: Secure Boot Update failed
Read there that Aravisian has flagged the issue to Zorin devs.

AZorin · June 16, 2025, 9:59pm

It looks like this firmware update might have been getting stuck on your installation. To try and resolve this issue, please first install the latest updates from the Software Updater or by opening the Terminal (Ctrl+Alt+T) and entering these two commands:

sudo apt update

sudo apt dist-upgrade

After installing these updates, restart your computer before continuing.

Next, it should be possible to manually install this firmware update and clear the pending database afterwards – so this message shouldn't appear again – by opening the Terminal and entering these four commands:

sudo fwupdmgr refresh

sudo fwupdmgr get-updates

sudo fwupdmgr update

sudo rm /var/lib/fwupd/pending.db

Afterwards, restart the computer to apply the changes.

If this didn't resolve the issue, could you please post the text output after running the four commands (directly above) in the Terminal? If possible, please also include the text output from the following command as well:

fwupdmgr get-devices

In addition, could you please let us know if you've made some prior modification(s) to Zorin OS after installing it to your computer? These modifications may include one or more of the following:

adding third-party software repositories to your system
manually editing any system files
executing unofficial scripts/commands

This information would help us to troubleshoot the issue.

Annapox · June 28, 2025, 1:20pm

I'm not the OP, but I'm having the same issue. I tried the above, and while I no longer get the popup saying the update failed, the Updates section of the Software app still shows that the update hasn't happened yet. Clicking the Update button still doesn't work (for this particular update; other updates seem to work fine).

The only modification I've made to the OS (if it counts; I'm not sure) was to make Zorin OS store the local time instead of UTC. I have my computer dual-booted with Windows 11 (Windows was there first, in case it matters), so I had to do that in order to get the Windows side of my computer to keep time correctly. The command I used was:

timedatectl set-local-rtc 1 --adjust-system-clock

Any advice would be greatly appreciated.

Forpli · June 28, 2025, 1:22pm

There is a new solution for this problem from the zorin group:

Annapox · June 28, 2025, 1:37pm

Thank you for the link! This appears to have worked.