Hello,
I recently updated UEFI dbx from gnome firmware and since then I cannot boot anymore with Secure Boot enabled.
Installed version is 20241101, it was 2023xxxx before
Do you have any idea of what I could do ?
I’m running Fedora 42 on an AMD Thinkpad
Thank you very much
Luca
Ok, after some more tinkering it looks like resetting secure boot keys in bios did the trick and it is now correctly booting.
Then is it a bad update the one that’s pushed by gnome firmware ?
Feels pretty weird that updating secure boot keys locks you out from booting
It shows now the 20230301 version
UEFI dbx is just the revocation list file. If 20241101 breaks but 20230301 works then it kinda sounds like you may need to update your firmware.
I’ve got an AMD ThinkPad using 20241101. I was fairly obsessive about checking to keep the firmware up to date for a while… I cut my teeth in IT as an intern for Lenovo doing firmware testing for servers… but alas it looks like they may have stopped supporting my old, cheap ThinkPad.
If your ThinkPad isn’t supported via LVFS like mine isn’t:
https://pcsupport.lenovo.com > Type in your model into the search bar > Downloads (Drivers or Software) > Manual Update > BIOS/UEFI
Not a bad update.
The local keys for secure booting are not part of the update and the update resets those keys to factory default.
It is standard to need to re-import the locally defined keys into bios after an update of that sort.