Re: Has anybody ever got fwupd apply a firmware update on reboot successfully with Secure Boot ?
Am 16.04.2021 17:20 schrieb Michael Pujos <pujos.michael@gmail.com>:
Hi,
On my Lenovo P72 laptop with Secure Boot enabled, I cannot get fwupdmgr to apply firmware updates that requires a reboot (BIOS, Intel ME, ...). What happens is that after fwupdmgr downloads the firmware and propose to reboot, the machine simply boots normally into grub. If I disable 'Secure Boot' in BIOS, it works properly and the Lenovo firmware updater is started on reboot.
If when fwupdmgr asks to reboot, I reply negatively and look at the modified startup with 'efibootmgr -v', it looks fine, with Bootnext starting the shim with fwupdx64.efi seemingly being chain loaded:
|BootNext: 0004 BootCurrent: 0002 Timeout: 0 seconds BootOrder: 0002,0003,0001,001B,0010,0011,0012,0013,0014,0000,0018,0019,001A,001C,001D,001E,001F,0020,0021,0022,0027,0004 Boot0000* Windows Boot Manager HD(8,GPT,ab16b902-fdd2-f945-b235-bf0f99a6d098,0x72853800,0x82000)/File(\EFI\Microsoft\Boot\bootmgfw.efi)WINDOWS.........x...B.C.D.O.B.J.E.C.T.=.{.9.d.e.a.8.6.2.c.-.5.c.d.d.-.4.e.7.0.-.a.c.c.1.-.f.3.2.b.3.4.4.d.4.7.9.5.}...e.............�... Boot0001* openSUSE Secure Boot HD(1,GPT,9a54bd14-137a-4800-9494-38ec72b3809a,0x800,0x82000)/File(EFI\opensuse\shim.efi) Boot0002* opensuse-secureboot HD(8,GPT,ab16b902-fdd2-f945-b235-bf0f99a6d098,0x72853800,0x82000)/File(\EFI\opensuse\shim.efi) Boot0003* openSUSE TEST HD(8,GPT,ab16b902-fdd2-f945-b235-bf0f99a6d098,0x72853800,0x82000)/File(\EFI\opensuse\shim.efi) Boot0004* Linux-Firmware-Updater HD(8,GPT,ab16b902-fdd2-f945-b235-bf0f99a6d098,0x72853800,0x82000)/File(\EFI\opensuse\shim.efi)\.f.w.u.p.d.x.6.4...e.f.i...|
I'm trying to determine if that issue is specific to my system, hence my question: has anyone got these updates working with Secure Boot ?
Yes, worked with a T480s and Leap15.2. Secure Boot is on. I think it was a BIOS update, not ME. It Rebooted, started BIOS update directly without starting grub. Mit freundlichen Grüßen, Andreas Vetter
participants (1)
-
Andreas Vetter