Hey guys...Today gnome software prompted me to make un update about Secure boot DBX configuration update
The problem is that this applies to eufi users and my hp 15s doesnt have a eufi, It only has a classic bios
I can make gnome to stop trying to install it nor I cant clear the update tab list
what I tried so far is sudo apt-mark hold secureboot-db shim-signed fwupd-signed
THis is the output I got from the next restart
secure boot dbx configuration update failed to update system
Detailed errors from the package manager follow:
failed to build result for 362301da643102b9f38477387e2193e57abaa590
Can you install Linux Mint 22 and see if the DBX update works? Reason why I ask is because this problem either has to do with the BIOS (in which case you'll have to update your BIOS - you should try that first) or the version of Ubuntu being used (Zorin is based on 22.04 whereas Linux Mint is based on 24.04, and other users have reported no issues with DBX updates on Mint). EDIT: I checked for you, and I see that your BIOS should be at F.40 (Rev. A). Link: CLICK HERE. Good luck.
anglaro@hp-15s:~$ sudo fwupdmgr update
Devices with no available firmware updates:
β’ ELAN0791:00 04F3:30FD
β’ HP TrueVision HD Camera
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Upgrade UEFI dbx from 320 to 20241101? β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ£
β This updates the list of forbidden signatures (the "dbx") to the latest β
β release from Microsoft. β
β β
β An insecure version of Howyar's SysReturn software was added, due to a β
β security vulnerability that allowed an attacker to bypass UEFI Secure Boot. β
β β
β UEFI dbx and all connected devices may not be usable while updating. β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Perform operation? [Y|n]: y
Downloading⦠[***************************************]
Decompressing⦠[***************************************]
Decompressing⦠[***************************************]
Authenticating⦠[***************************************]
Authenticating⦠[***************************************]
Restarting device⦠[***************************************]
Writing⦠[***************************************]
Decompressing⦠[***************************************]
Blocked executable in the ESP, ensure grub and shim are up to date: no volumes of type c12a7328-f81f-11d2-ba4b-00a0c93ec93b
Should I leave it if it cant do it?
And as I pointed earlier I have bios and this update needs me to have a eufi which is really weird
Yeah, when it doesn't work, let it for the Moment. You could look if a BIOS Update for Your Machine is available and try that. As alternatives ... I've seen these:
Nothing like a widespread problem to bring out all the hidden Zorin OS users from the woodwork ... am seeing a lot of "(user) posted for the first time!" alerts ... haha.
If we merged all the various Threads that this issue spawned, then that would be some big Thread. Some have been trying to direct users to a specific "primary" Thread on this subject in an attempt to keep advice all together e.g. Problems with Secure boot but that may not be the primary thread now. Bit like GNU/Linux, multiple threads to keep on top of.
It might be good to take a page from Reddit (never thought I'd say that) and make a pinned "Secure Boot/DBX issues" megathread that neatly exposes all of the known troubleshooting stuff. Even if people continue making their own threads, having the initial responses consolidated would make life easier on everyone, and better justify closing redundant threads.
Brave A.I. search engine came back with (Zorin 17 is a fork of Ubuntu 22.04 hence why I used it in search criteria):
Ubuntu Uses FWUPD for DBX Update
Ubuntu may prompt users to update the UEFI dbx (Secure Boot Revocation Database) even if the system is not using UEFI, but this is typically a misconfiguration or a misunderstanding of the system's firmware settings. The UEFI dbx is part of the UEFI Secure Boot mechanism, which is designed to ensure that only signed and trusted firmware and operating system loaders are executed during the boot process. If the system is not using UEFI, it is likely using a traditional BIOS, which does not support UEFI Secure Boot. However, the fwupd tool, which is used to manage firmware updates, may still attempt to update the UEFI dbx if it detects that the system has UEFI firmware capabilities, even if they are not being utilized.2
In some cases, the system might be configured to use UEFI, but the Secure Boot feature is disabled. In such scenarios, the UEFI dbx update might still be prompted, but it is not necessary for the system to function correctly. If the system is not using UEFI, the UEFI dbx update is not required, and the user can safely ignore the prompt or disable the firmware update checks for the UEFI dbx.3
If the system is indeed using UEFI but Secure Boot is disabled, the UEFI dbx update is still not necessary, as Secure Boot is the feature that relies on the dbx database. Disabling Secure Boot means that the system will not enforce the restrictions imposed by the dbx, and therefore, updating the dbx is not required.4
In summary, if the system is not using UEFI, the UEFI dbx update is not necessary. If the system is using UEFI but Secure Boot is disabled, the update is also not required. The prompt to update the UEFI dbx may be a result of the fwupd tool detecting UEFI firmware capabilities, but it is not a mandatory update for systems that do not use UEFI or have Secure Boot disabled.