hi i saw a dbx update from discover and decided to run fwupdmgr update in a terminal and reboot now i had secure boot enabled it stop progressing beyond the manufacturer logo and could only know boot without secure boot is there some command i need to run in order to restore secure boot
You should be able to restore secure boot from your BIOS.
On most systems press F2 or F8 at boot-time and have a poke around.
i am on a laptop so i only have a single toggle for secure boot
i got the secure boot error years before but know i doesn’t progress beyond the manufacture logo while nothing is connected but it does continue to liveusb fedora grub menu
from what i know the dbx update is about revoking leaked certificates so i need to resign the efi files in my esp and i need a command to do that but i don’t know the command
Why do you think that?
Your locally signed modules are checked against the imported keys that were created locally and those are not related to the revoked certificates.
As I understand it, only the shim used for booting fedora would potentially have a certificate that may have been revoked, and that would be related to the kernel itself.
so maybe it is an issue with my bios taking a super long time (more than 2 minutes) and nothing else thank you for your comment
one more question:
on laptops that doesn’t let you self sign like mine (i installed sbctl and couldn’t enroll the keys, sbctl status shows setup mode is disabled) could you get nvidia propreitary drivers with secure boot
I think it is important that we know more about the hardware. The term “laptop” is pretty generic and relates to a lot of different machines.
Please show us the output of inxi -Fzxx (as preformatted text)
I use secure boot with the nvidia drivers regularly on all my machines.
type or paste code hereSystem:
Kernel: 6.12.11-200.fc41.x86_64 arch: x86_64 bits: 64 compiler: gcc
v: 14.2.1
Console: pty pts/4 wm: kwin_wayland DM: SDDM Distro: Fedora Linux 41 (KDE
Plasma)
Machine:
Type: Laptop System: TOSHIBA product: SATELLITE L50-C v: PSKWSE-00Q00PTE
serial: <filter>
Mobo: FF50 model: 06F2 v: Type2 - Board Version serial: <filter>
part-nu: PSKWSE UEFI: INSYDE v: 5.30 date: 03/25/2016
Battery:
ID-1: BAT1 charge: 29.8 Wh (98.0%) condition: 30.4/37.4 Wh (81.1%)
volts: 16.0 min: 14.4 model: Panasonic PA5185U-1BRS serial: N/A
status: discharging
CPU:
Info: dual core model: Intel Core i5-5200U bits: 64 type: MT MCP
arch: Broadwell rev: 4 cache: L1: 128 KiB L2: 512 KiB L3: 3 MiB
Speed (MHz): avg: 2700 min/max: 500/2700 cores: 1: 2700 2: 2700 3: 2700
4: 2700 bogomips: 17557
Flags: avx avx2 ht lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx
Graphics:
Device-1: Intel HD Graphics 5500 vendor: Toshiba driver: i915 v: kernel
arch: Gen-8 ports: active: eDP-1 empty: HDMI-A-1 bus-ID: 00:02.0
chip-ID: 8086:1616
Device-2: NVIDIA GM108M [GeForce 930M] vendor: Toshiba driver: nouveau
v: kernel arch: Maxwell pcie: speed: 2.5 GT/s lanes: 4 bus-ID: 08:00.0
chip-ID: 10de:1346
Display: unspecified server: X.Org v: 24.1.4 with: Xwayland v: 24.1.4
compositor: kwin_wayland driver: dri: iris gpu: i915 display-ID: :0
screens: 1
Screen-1: 0 s-res: 1366x768 s-dpi: 96
Monitor-1: eDP-1 model: ChiMei InnoLux 0x15ca res: 1366x768 hz: 60
dpi: 101 diag: 394mm (15.5")
API: EGL v: 1.5 platforms: device: 0 drv: iris device: 1 drv: nouveau
device: 2 drv: swrast gbm: drv: iris surfaceless: drv: iris x11: drv: iris
inactive: wayland
API: OpenGL v: 4.6 compat-v: 4.3 vendor: intel mesa v: 24.3.4 glx-v: 1.4
direct-render: yes renderer: Mesa Intel HD Graphics 5500 (BDW GT2)
device-ID: 8086:1616
API: Vulkan v: 1.4.304 surfaces: xcb,xlib device: 0 type: integrated-gpu
driver: N/A device-ID: 8086:1616 device: 1 type: cpu driver: N/A
device-ID: 10005:0000
Info: Tools: api: clinfo, eglinfo, glxinfo, vulkaninfo
de: kscreen-console,kscreen-doctor wl: wayland-info x11: xdriinfo,
xdpyinfo, xprop, xrandr
Audio:
Device-1: Intel Broadwell-U Audio vendor: Toshiba driver: snd_hda_intel
v: kernel bus-ID: 00:03.0 chip-ID: 8086:160c
Device-2: Intel Wildcat Point-LP High Definition Audio vendor: Toshiba
driver: snd_hda_intel v: kernel bus-ID: 00:1b.0 chip-ID: 8086:9ca0
Device-3: Barco Display Systems USBZH3-ENC
driver: hid-generic,snd-usb-audio,usbhid type: USB rev: 1.1 speed: 12 Mb/s
lanes: 1 bus-ID: 1-1:36 chip-ID: 0600:8116
API: ALSA v: k6.12.11-200.fc41.x86_64 status: kernel-api
Server-1: PipeWire v: 1.2.7 status: off with: 1: pipewire-pulse
status: active 2: wireplumber status: active 3: pipewire-alsa type: plugin
4: pw-jack type: plugin
Network:
Device-1: Intel Wireless 3160 driver: iwlwifi v: kernel pcie:
speed: 2.5 GT/s lanes: 1 bus-ID: 07:00.0 chip-ID: 8086:08b3
IF: wlp7s0 state: up mac: <filter>
Drives:
Local Storage: total: 465.76 GiB used: 6.48 GiB (1.4%)
ID-1: /dev/sda vendor: Samsung model: SSD 860 EVO 500GB size: 465.76 GiB
speed: 6.0 Gb/s serial: <filter> temp: 34 C
Partition:
ID-1: / size: 464.17 GiB used: 6.09 GiB (1.3%) fs: btrfs dev: /dev/sda3
ID-2: /boot size: 973.4 MiB used: 381.8 MiB (39.2%) fs: ext4
dev: /dev/sda2
ID-3: /boot/efi size: 598.8 MiB used: 19.3 MiB (3.2%) fs: vfat
dev: /dev/sda1
ID-4: /home size: 464.17 GiB used: 6.09 GiB (1.3%) fs: btrfs
dev: /dev/sda3
Swap:
ID-1: swap-1 type: zram size: 7.66 GiB used: 256 KiB (0.0%) priority: 100
dev: /dev/zram0
Sensors:
System Temperatures: cpu: 60.0 C mobo: N/A
Fan Speeds (rpm): N/A
Info:
Memory: total: 8 GiB available: 7.66 GiB used: 5 GiB (65.3%) igpu: 32 MiB
Processes: 302 Power: uptime: 4h 24m wakeups: 2 Init: systemd v: 256
target: graphical (5) default: graphical
Packages: pm: rpm pkgs: N/A note: see --rpm Compilers: N/A Shell: Sudo
v: 1.9.15p5 running-in: konsole inxi: 3.3.37
Thank you.
Checking firmware for that laptop it would appear you have the latest available.
The GPU appears to be supported by the latest nvidia drivers.
I have never tried sbctl and it does not appear to come from a fedora repo.
Instead I follow the instructions from rpmfusion or the ones in the file /usr/share/doc/akmods/README.secureboot for signing the modules and enrolling the key into the bios.
Have you tried using the fwupdmgr command to update all possible firmware on your system?
The following commands are useful for firmware
sudo fwupdmgr get-devices to see the details of devices
sudo fwupdmgr get-updates to see what updates are available
sudo fwupdmgr update to perform the updates.
To use sbctl you first need to bring the system into setup-mode, which in essence is to whipe out the current installed keys in the pk, the kek and the db keystore. This is done in the UEFI setup utility which may or may not be possible on a given system.
Doing this can be a bit risky and the system may not work after that.