HI Guys
I have tried rebooting but will not install also If I check via terminal it does not show up!
Hi, you won’t see it in dnf because it’s supplied by fwupd. Run:
sudo fwupdmgr refresh ; sudo fwupdmgr get-updates
And if everything looks fine, execute the update with:
sudo fwupdmgr update
If it fails, you’ll get some feedback and be more likely able to figure out what’s wrong.
Then skip fwupdmgr refresh && part since it’s already up to date.
I see this from terminal
You just updated your BIOS (maybe it’ll help with issues from other topic), but UEFI dbx failed with error:
"Protocol" : "org.uefi.dbx",
"UpdateState" : 3,
"UpdateError" : "Blocked executable in the ESP, ensure grub and shim are up to date: no volumes of type c12a7328-f81f-11d2-ba4b-00a0c93ec93b",
Error should contain which executable is considered insecure (this dbx contains list of them)…
This’ll check if you really don’t have ESP partition
fwupdtool esp-list --verbose
Rerun it with admin rights: sudo fwupdtool esp-list --verbose
Try again sudo fwupdmgr update
This time don’t make a screenshot, but paste output here and format it with Ctrl+e.
Devices with no available firmware updates:
• THNSN5512GPUK NVMe TOSHIBA 512GB
Devices with the latest available firmware version:
• System Firmware
╔══════════════════════════════════════════════════════════════════════════════╗
║ Upgrade UEFI dbx from 83 to 217? ║
╠══════════════════════════════════════════════════════════════════════════════╣
║ This updates the dbx to the latest release from Microsoft which adds ║
║ insecure versions of grub and shim to the list of forbidden signatures due ║
║ to multiple discovered security updates. ║
║ ║
║ UEFI dbx and all connected devices may not be usable while updating. ║
╚══════════════════════════════════════════════════════════════════════════════╝
Perform operation? [Y|n]:
Downloading… [***************************************]
Downloading… [***************************************]
Decompressing… [***************************************]
Authenticating… [***************************************]
Waiting… [***************************************]
Writing… [***************************************]
Decompressing… [ ]
Blocked executable in the ESP, ensure grub and shim are up to date: no volumes of type c12a7328-f81f-11d2-ba4b-00a0c93ec93b
Make sure you’re up to date with all packages: sudo dnf dsync --refresh
fwupdmgr has access to EFI partition, reports some bad file (and blocks update because of it), but does not point to it - looks like a bug.
Report it here with output of sudo fwupdmgr update and sudo fwupdtool esp-list --verbose:
sudo dsync --refresh
[sudo] password for dale:
sudo: dsync: command not found
❯ sudo dsync --refresh
sudo: dsync: command not found
My bad, I ate dnf in first command 
sudo dnf dsync --refresh
Copr repo for fedy owned by kwizart 7.0 kB/s | 3.0 kB 00:00
Copr repo for PyCharm owned by phracek 11 kB/s | 3.6 kB 00:00
Fedora 36 - x86_64 8.5 kB/s | 21 kB 00:02
Fedora 36 openh264 (From Cisco) - x86_64 2.8 kB/s | 989 B 00:00
Fedora Modular 36 - x86_64 29 kB/s | 20 kB 00:00
Fedora 36 - x86_64 - Updates 23 kB/s | 12 kB 00:00
Fedora Modular 36 - x86_64 - Updates 32 kB/s | 13 kB 00:00
google-chrome 9.6 kB/s | 1.3 kB 00:00
microsoft-edge 17 kB/s | 3.0 kB 00:00
created by dnf config-manager from https://packages.microsoft.com/yumrepos/edge 19 kB/s | 3.0 kB 00:00
RPM Fusion for Fedora 36 - Free 34 kB/s | 7.7 kB 00:00
RPM Fusion for Fedora 36 - Free - Updates 41 kB/s | 7.0 kB 00:00
RPM Fusion for Fedora 36 - Nonfree 23 kB/s | 7.8 kB 00:00
RPM Fusion for Fedora 36 - Nonfree - NVIDIA Driver 44 kB/s | 7.3 kB 00:00
RPM Fusion for Fedora 36 - Nonfree - Steam 20 kB/s | 7.0 kB 00:00
RPM Fusion for Fedora 36 - Nonfree - Updates 40 kB/s | 7.1 kB 00:00
Dependencies resolved.
Nothing to do.
Complete!
❯ sudo fwupdmgr update
Devices with no available firmware updates:
• THNSN5512GPUK NVMe TOSHIBA 512GB
Devices with the latest available firmware version:
• System Firmware
╔══════════════════════════════════════════════════════════════════════════════╗
║ Upgrade UEFI dbx from 83 to 217? ║
╠══════════════════════════════════════════════════════════════════════════════╣
║ This updates the dbx to the latest release from Microsoft which adds ║
║ insecure versions of grub and shim to the list of forbidden signatures due ║
║ to multiple discovered security updates. ║
║ ║
║ UEFI dbx and all connected devices may not be usable while updating. ║
╚══════════════════════════════════════════════════════════════════════════════╝
Perform operation? [Y|n]:
Downloading… [***************************************]
Decompressing… [***************************************]
Authenticating… [***************************************]
Decompressing… [ ]
Blocked executable in the ESP, ensure grub and shim are up to date: no volumes of type c12a7328-f81f-11d2-ba4b-00a0c93ec93b
❯ sudo fwupdtool esp-list --verbose:
Failed to parse arguments: Unknown option --verbose:
You accidentally copied a colon and command didn’t work. Anyway, you need to open new issue for fwupd and paste that output there.
14:12:25:0843 FuDebug Verbose debugging enabled (on console 1)
14:12:25:0854 FuVolume device /org/freedesktop/UDisks2/block_devices/nvme0n1p2, type: 0x83, internal: 1, fs: ext4
14:12:25:0857 FuVolume device /org/freedesktop/UDisks2/block_devices/nvme0n1p3, type: 0x83, internal: 1, fs: btrfs
14:12:25:0859 FuVolume device /org/freedesktop/UDisks2/block_devices/nvme0n1p1, type: ebd0a0a2-b9e5-4433-87c0-68b6b72699c7, internal: 1, fs: vfat
14:12:25:0860 FuMain no volumes of type c12a7328-f81f-11d2-ba4b-00a0c93ec93b, falling back to ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
14:12:25:0871 FuVolume device /org/freedesktop/UDisks2/block_devices/nvme0n1p2, type: 0x83, internal: 1, fs: ext4
14:12:25:0873 FuVolume device /org/freedesktop/UDisks2/block_devices/nvme0n1p3, type: 0x83, internal: 1, fs: btrfs
14:12:25:0875 FuVolume device /org/freedesktop/UDisks2/block_devices/nvme0n1p1, type: ebd0a0a2-b9e5-4433-87c0-68b6b72699c7, internal: 1, fs: vfat
Selected volume: /org/freedesktop/UDisks2/block_devices/nvme0n1p1
/boot/efi/EFI/BOOT/BOOTIA32.EFI
/boot/efi/EFI/BOOT/BOOTX64.EFI
/boot/efi/EFI/BOOT/fbia32.efi
/boot/efi/EFI/BOOT/fbx64.efi
/boot/efi/EFI/fedora/grub.cfg
/boot/efi/EFI/fedora/fw/fwupd-34578c72-11dc-4378-bc7f-b643866f598c.cap
/boot/efi/EFI/fedora/fwupdx64.efi
/boot/efi/EFI/fedora/BOOTIA32.CSV
/boot/efi/EFI/fedora/BOOTX64.CSV
/boot/efi/EFI/fedora/gcdia32.efi
/boot/efi/EFI/fedora/gcdx64.efi
/boot/efi/EFI/fedora/grubia32.efi
/boot/efi/EFI/fedora/grubx64.efi
/boot/efi/EFI/fedora/mmia32.efi
/boot/efi/EFI/fedora/mmx64.efi
/boot/efi/EFI/fedora/shim.efi
/boot/efi/EFI/fedora/shimia32.efi
/boot/efi/EFI/fedora/shimx64.efi
/boot/efi/System/Library/CoreServices/SystemVersion.plist
/boot/efi/mach_kernel
❯
Cheers for help reported it
FYI
The issue is that fu_uefi_dbx_signature_list_validate() is only checking for FU_VOLUME_KIND_ESP and needs to fall back to FU_VOLUME_KIND_BDP