Bug ID | 1129466 |
---|---|
Summary | fwupd cannot update BIOS with UEFI Secure Boot enabled because of missing fwupdx64.efi.signed |
Classification | openSUSE |
Product | openSUSE Tumbleweed |
Version | Current |
Hardware | Other |
OS | Other |
Status | NEW |
Severity | Normal |
Priority | P5 - None |
Component | Other |
Assignee | bnc-team-screening@forge.provo.novell.com |
Reporter | pujos.michael@gmail.com |
QA Contact | qa-bugs@suse.de |
Found By | --- |
Blocker | --- |
fwdupd 1.2.3-2.1 cannot update the BIOS on my laptop because of this error: $fwupdmgr get-devices ... 20MBCTO1WW System Firmware DeviceId: 65b6a9dc7b7df18bdff003584b51bf21373e3aa6 Guid: 1e1fe415-74e8-49e1-9508-106b3d13d50d Guid: 230c8b18-8d9b-53ec-838b-6cfc0383493a Guid: 171800c9-1a51-5fd9-a32b-7b3999cb1c4e Plugin: uefi Flags: internal|require-ac|supported|registered|needs-reboot Version: 0.1.18 VersionLowest: 0.1.0 Icon: computer Created: 2019-03-15 UpdateError: /usr/lib/fwupd/efi/fwupdx64.efi.signed cannot be found Apparently, if Secure Boot is enabled (my case and I believe TW default on UEFI installs), it looks for /usr/lib/fwupd/efi/fwupdx64.efi.signed. This file is missing but it turns out that /usr/lib/fwupd/efi/fwupdx64.efi is present AND signed: $pesign -S -i /usr/lib/fwupd/efi/fwupdx64.efi --------------------------------------------- certificate address is 0x7f0e55679f78 Content was not encrypted. Content is detached; signature cannot be verified. The signer's common name is openSUSE Secure Boot Signkey The signer's email address is build@opensuse.org Signing time: Tue Mar 05, 2019 There were certs or crls included. --------------------------------------------- So the fix is simply so make a symlink and restart fwupd so it sees the change: $ln -s /usr/lib/fwupd/fwupdx64.efi /usr/lib/fwupd/fwupdx64.efi.signed $systemctl restart fwupd Then the error goes away in 'fwupdmgr get-devices' and you can supposedly update with 'fwupdmgr update' (didn't try it at updating the BIOS is rather scary and I do not absolutely need this update currently). So I think the package should be updated to make the symlink (or rename the file if keeping fwupdx64.efi is unecessary).