fwupdmgr - 'ESP에서 실행 파일을 차단하고 grub 및 shim이 최신인지 확인하세요.'

fwupdmgr - 'ESP에서 실행 파일을 차단하고 grub 및 shim이 최신인지 확인하세요.'

펌웨어를 업그레이드하면 fwupdmgr다음 오류가 발생합니다.

$ fwupdmgr update

Devices with no available firmware updates: 
 • USB2.0 Hub
 • USB2.0 Hub
 • USB3.1 Hub
 • USB3.1 Hub
 • Integrated Camera
 • SSD 970 EVO Plus 1TB
 • UEFI Device Firmware
 • UEFI Device Firmware
 • UEFI Device Firmware
 • UEFI Device Firmware
 • UEFI Device Firmware
Devices with the latest available firmware version:
 • Prometheus
 • Prometheus IOTA Config
 • System Firmware
╔══════════════════════════════════════════════════════════════════════════════╗
║ Upgrade UEFI dbx from 77 to 217?                                             ║
╠══════════════════════════════════════════════════════════════════════════════╣
║ This updates the dbx to the latest release from Microsoft which adds         ║
║ insecure versions of grub and shim to the list of forbidden signatures due   ║
║ to multiple discovered security updates.                                     ║
║                                                                              ║
║ Before installing the update, fwupd will check for any affected executables  ║
║ in the ESP and will refuse to update if it finds any boot binaries signed    ║
║ with any of the forbidden signatures. If the installation fails, you will    ║
║ need to update shim and grub packages before the update can be deployed.     ║
║                                                                              ║
║ Once you have installed this dbx update, any DVD or USB installer images     ║
║ signed with the old signatures may not work correctly. You may have to       ║
║ temporarily turn off secure boot when using recovery or installation media,  ║
║ if new images have not been made available by your distribution.             ║
║                                                                              ║
╚══════════════════════════════════════════════════════════════════════════════╝

Perform operation? [Y|n]: 
Downloading…             [***************************************]
Downloading…             [***************************************]
Decompressing…           [***************************************]
Authenticating…          [***************************************]
Waiting…                 [***************************************]
Writing…                 [***************************************]
Decompressing…           [                                       ]
Blocked executable in the ESP, ensure grub and shim are up to date: /boot/efi/EFI/BOOT/BOOTX64.EFI Authenticode checksum [af79b14064601bc0987d4747af1e914a228c05d622ceda03b7a4f67014fee868] is present in dbx

어떻게 진행하나요? /boot/efi/EFI/BOOT/BOOTX64.EFI교체해야 할 것 같아요 . 최신 데비안 설치 이미지에서 추출해야 하나요? 이 파일만 교체해야 합니까? 시스템이 벽돌이 될 가능성은 얼마나 됩니까?

$ uname -a
Linux p14s 6.1.0-1-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.4-1 (2023-01-07) x86_64 GNU/Linux
$ sudo tree /boot/efi/
/boot/efi/
└── EFI
    ├── BOOT
    │   ├── BOOTX64.EFI
    │   ├── fbx64.efi
    │   └── grubx64.efi
    └── debian
        ├── BOOTX64.CSV
        ├── fbx64.efi
        ├── fw
        │   └── fwupd-01453b71-da0c-4832-9f4f-e378245339c7.cap
        ├── fwupdx64.efi
        ├── grub.cfg
        ├── grubx64.efi
        ├── mmx64.efi
        └── shimx64.efi

편집하다:

$ sudo efibootmgr -v | grep "Boot$(sudo efibootmgr -v | awk '/BootCurrent/{print $2}')"
Boot0000* debian    HD(1,GPT,488c1b76-c8f0-4e08-a48d-d4a0a3a4fa81,0x800,0x106000)/File(\EFI\debian\shimx64.efi)

참고 File(\EFI\debian\shimx64.efi)- 이것은 fwupdmgr이 불평하는 /boot/efi/EFI/BOOT/BOOTX64.EFI 파일이 사용 중이 아니라는 것을 의미합니까?

관련 정보