Issue

What were you trying to do that didn't work? Try to update the DBX database like written on: https://access.redhat.com/documentation/de-de/red_hat_enterprise_linux/9/html/managing_monitoring_and_updating_the_kernel/updating-the-secure-boot-revocation-list_managing-monitoring-and-updating-the-kernel Please provide the package NVR for which bug is seen: fwupd-1.8.16-1.el9.x86_64 How reproducible: Every time Steps to reproduce fwupdmgr get-details /usr/share/dbxtool/DBXUpdate-20230509-x64.cab Expected results Working update of the dbx data base Actual results fwupdmgr get-details /usr/share/dbxtool/DBXUpdate-20230509-x64.cab  Decompressing... [ - ] VMware, Inc. VMware7,1 │ └─UEFI dbx: │ Device ID: 362301da643102b9f38477387e2193e57abaa590 │ Summary: UEFI revocation database │ Description: │ Updating the UEFI dbx prevents starting EFI binaries with known security issues. │ Current version: 77 │ Minimum Version: 77 │ Vendor: UEFI:Linux Foundation │ Install Duration: 1 second │ Update Error: Not compatible with org.freedesktop.fwupd version 1.8.16, requires >= 1.9.1 │ GUIDs: c6682ade-b5ec-57c4-b687-676351208742 │ f8ba2887-9411-5c36-9cee-88995bb39731 │ Device Flags: • Internal device │ • Needs a reboot after installation │ • Device is usable for the duration of the update │ • Updatable │ • Only version upgrades are allowed │ • Signed Payload │ └─Secure Boot dbx: New version: 371 Summary: UEFI Secure Boot Forbidden Signature Database Variant: x64 License: Proprietary Size: 21.2 kB Urgency: High Release Flags: • Trusted payload • Trusted metadata Description: Insecure versions of the Microsoft Windows boot manager affected by Black Lotus were added to the list of forbidden signatures due to a discovered security problem. This updates the dbx to the latest release from Microsoft. Before installing the update, fwupd will check for any affected executables in the ESP and will refuse to update if it finds any boot binaries signed with any of the forbidden signatures. Applying this update may also cause some Windows install media to not start correctly. Issue: CVE-2022-21894 So an update of fwupd will be needed for RHEL-9/8/7.

Release Notes

No. of Comments

Resolution

Unresolved