[Bug 1226017] New: fwupd fails TPM fw upgrade with 'Secure boot is enabled, but shim isn't installed to EFI/opensuse/shim.efi'
https://bugzilla.suse.com/show_bug.cgi?id=1226017 Bug ID: 1226017 Summary: fwupd fails TPM fw upgrade with 'Secure boot is enabled, but shim isn't installed to EFI/opensuse/shim.efi' Classification: openSUSE Product: openSUSE Aeon Version: Current Hardware: x86-64 OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Base Assignee: rbrown@suse.com Reporter: anselm.gora@gmail.com QA Contact: qa-bugs@suse.de Target Milestone: --- Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Build Identifier: fwupd expects to find EFI/opensuse/shim.efi while on openSUSE Aeon the path is EFI/systemd/shim.efi https://github.com/fwupd/fwupd/blob/eb3d26079d7b0e6f0db70b066fcb7b31ac7bcecf... fwupd seems to use os release ID but it's also a build option: https://github.com/fwupd/fwupd/blob/eb3d26079d7b0e6f0db70b066fcb7b31ac7bcecf... Tumbleweed seems to patch it: https://build.opensuse.org/projects/openSUSE:Factory/packages/fwupd/files/fw... Reproducible: Always -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1226017 Gora <anselm.gora@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|rbrown@suse.com |glin@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1226017 https://bugzilla.suse.com/show_bug.cgi?id=1226017#c1 --- Comment #1 from Gora <anselm.gora@gmail.com> --- Created attachment 875345 --> https://bugzilla.suse.com/attachment.cgi?id=875345&action=edit os-release -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1226017 https://bugzilla.suse.com/show_bug.cgi?id=1226017#c2 --- Comment #2 from Gora <anselm.gora@gmail.com> --- Created attachment 875346 --> https://bugzilla.suse.com/attachment.cgi?id=875346&action=edit /boot/ layout on Aeon -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1226017 https://bugzilla.suse.com/show_bug.cgi?id=1226017#c5 Richard Brown <rbrown@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |rbrown@suse.com --- Comment #5 from Richard Brown <rbrown@suse.com> --- (In reply to Tseng from comment #4)
Would you please check where the cap/cab of updated shim location is ?
It doesn't look like the cap/cab is present at all on any systemd-boot installation (tested on both MicroOS and Aeon)
$ls /boot/efi/EFI/opensuse/fw
This path does not exist, all *SUSE distributions using systemd-boot do not have an 'opensuse' path, but only a systemd path.
$ls /boot/efi/EFI/systemd/fw
ls /boot/efi/EFI/systemd/fw ls: cannot access '/boot/efi/EFI/systemd/fw': No such file or directory ls -lh /boot/efi/EFI/systemd/ total 2.0M -rwxr-xr-x. 1 root root 827K Mar 14 06:58 MokManager.efi -rwxr-xr-x. 1 root root 64 Jun 7 01:06 boot.csv -rwxr-xr-x. 1 root root 96K May 31 13:37 grub.efi -rwxr-xr-x. 1 root root 14 Jun 7 01:06 installed_by_sdbootutil -rwxr-xr-x. 1 root root 913K Mar 14 06:58 shim.efi
$fwupdmgr --version
fwupdmgr --version compile com.hughsie.libxmlb 0.3.18 compile com.hughsie.libjcat 0.2.1 compile org.freedesktop.fwupd 1.9.20 runtime org.freedesktop.fwupd-efi 1.3 compile org.freedesktop.gusb 0.4.8 runtime com.hughsie.libxmlb 0.3.x runtime com.hughsie.libjcat 0.2.1 runtime org.freedesktop.gusb 0.4.8 runtime org.kernel 6.9.3-1-default runtime org.freedesktop.fwupd 1.9.20 efivar -l|grep fw 0abba7dc-e516-4167-bbf5-4d9d1c739416-fwupd-7ceaf7a8-0611-4480-9e30-64d8de420c7c-0 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1226017 https://bugzilla.suse.com/show_bug.cgi?id=1226017#c6 --- Comment #6 from Gora <anselm.gora@gmail.com> --- (In reply to Tseng from comment #4)
Would you please check where the cap/cab of updated shim location is ? $ls /boot/efi/EFI/opensuse/fw $ls /boot/efi/EFI/systemd/fw $fwupdmgr --version
Hi, it's fwupdmgr (or fwupdmgr via Gnome Software) that creates the opensuse dir:
ls -lh /boot/efi/EFI/opensuse/fw/ total 320K -rwxr-xr-x. 1 root root 279K Jun 11 12:40 fwupd-01ae569c-30cd-44bc-8437-5e329c6a391c.cap
sudo rm -rf /boot/efi/EFI/opensuse/
sudo fwupdmgr update Devices with no available firmware updates: • Integrated Camera • Lexar SSD NM790 4TB • Prometheus IOTA Config • UEFI Device Firmware • UEFI Device Firmware • UEFI Device Firmware • UEFI Device Firmware • UEFI Device Firmware • UEFI Device Firmware • UEFI Device Firmware • UEFI Device Firmware Devices with the latest available firmware version: • Embedded Controller • Prometheus • System Firmware ╔══════════════════════════════════════════════════════════════════════════════╗ ║ Upgrade TPM from 7.2.768 to 7.2.769? ║ ╠══════════════════════════════════════════════════════════════════════════════╣ ║ This stable release fixes the following issues: ║ ║ ║ ║ • This version tpm firmware fixed system hang up issue ║ ║ ║ ║ 21CK002RGE must remain plugged into a power source for the duration of the ║ ║ update to avoid damage. ║ ╚══════════════════════════════════════════════════════════════════════════════╝ Perform operation? [Y|n]: Y Decompressing… [ ] Less than one minute remaining… Secure boot is enabled, but shim isn't installed to EFI/opensuse/shim.efi
ls -lh /boot/efi/EFI/ total 192K drwxr-xr-x. 2 root root 64K Jun 8 14:35 BOOT drwxr-xr-x. 3 root root 64K Jun 11 12:41 opensuse drwxr-xr-x. 2 root root 64K Jun 8 14:35 systemd ls -lh /boot/efi/EFI/opensuse/fw/ total 320K -rwxr-xr-x. 1 root root 279K Jun 11 12:41 fwupd-01ae569c-30cd-44bc-8437-5e329c6a391c.cap
(In reply to Tseng from comment #4)
Would you please check where the cap/cab of updated shim location is ? $ls /boot/efi/EFI/opensuse/fw $ls /boot/efi/EFI/systemd/fw $fwupdmgr --version
compile com.hughsie.libxmlb 0.3.18 compile com.hughsie.libjcat 0.2.1 compile org.freedesktop.fwupd 1.9.20 runtime org.freedesktop.fwupd-efi 1.3 compile org.freedesktop.gusb 0.4.8 runtime com.hughsie.libxmlb 0.3.x runtime com.hughsie.libjcat 0.2.1 runtime org.freedesktop.gusb 0.4.8 runtime org.kernel 6.9.3-1-default runtime org.freedesktop.fwupd 1.9.20 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1226017 https://bugzilla.suse.com/show_bug.cgi?id=1226017#c7 Mike Watkins <solutionroute@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |solutionroute@gmail.com --- Comment #7 from Mike Watkins <solutionroute@gmail.com> --- Same fwupd issue. /boot # find . | grep cap ./efi/EFI/opensuse/fw/fwupd-85686610-06c3-4be4-97c5-565e3d149fc9.cap /boot # find . | grep shim ./efi/EFI/systemd/shim.efi Dell Latitude 7420. Updated Aeon today. fwupdmgr --version compile com.hughsie.libxmlb 0.3.18 compile com.hughsie.libjcat 0.2.1 compile org.freedesktop.fwupd 1.9.20 runtime org.freedesktop.fwupd-efi 1.3 compile org.freedesktop.gusb 0.4.8 runtime com.hughsie.libxmlb 0.3.x runtime com.hughsie.libjcat 0.2.1 runtime org.freedesktop.gusb 0.4.8 runtime org.kernel 6.9.3-1-default runtime org.freedesktop.fwupd 1.9.20 -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com