펌웨어를 업그레이드하면 fwupdmgr
다음 오류가 발생합니다.
$ fwupdmgr update
Devices with no available firmware updates:
• USB2.0 Hub
• USB2.0 Hub
• USB3.1 Hub
• USB3.1 Hub
• Integrated Camera
• SSD 970 EVO Plus 1TB
• UEFI Device Firmware
• UEFI Device Firmware
• UEFI Device Firmware
• UEFI Device Firmware
• UEFI Device Firmware
Devices with the latest available firmware version:
• Prometheus
• Prometheus IOTA Config
• System Firmware
╔══════════════════════════════════════════════════════════════════════════════╗
║ Upgrade UEFI dbx from 77 to 217? ║
╠══════════════════════════════════════════════════════════════════════════════╣
║ This updates the dbx to the latest release from Microsoft which adds ║
║ insecure versions of grub and shim to the list of forbidden signatures due ║
║ to multiple discovered security updates. ║
║ ║
║ Before installing the update, fwupd will check for any affected executables ║
║ in the ESP and will refuse to update if it finds any boot binaries signed ║
║ with any of the forbidden signatures. If the installation fails, you will ║
║ need to update shim and grub packages before the update can be deployed. ║
║ ║
║ Once you have installed this dbx update, any DVD or USB installer images ║
║ signed with the old signatures may not work correctly. You may have to ║
║ temporarily turn off secure boot when using recovery or installation media, ║
║ if new images have not been made available by your distribution. ║
║ ║
╚══════════════════════════════════════════════════════════════════════════════╝
Perform operation? [Y|n]:
Downloading… [***************************************]
Downloading… [***************************************]
Decompressing… [***************************************]
Authenticating… [***************************************]
Waiting… [***************************************]
Writing… [***************************************]
Decompressing… [ ]
Blocked executable in the ESP, ensure grub and shim are up to date: /boot/efi/EFI/BOOT/BOOTX64.EFI Authenticode checksum [af79b14064601bc0987d4747af1e914a228c05d622ceda03b7a4f67014fee868] is present in dbx
어떻게 진행하나요? /boot/efi/EFI/BOOT/BOOTX64.EFI
교체해야 할 것 같아요 . 최신 데비안 설치 이미지에서 추출해야 하나요? 이 파일만 교체해야 합니까? 시스템이 벽돌이 될 가능성은 얼마나 됩니까?
$ uname -a
Linux p14s 6.1.0-1-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.4-1 (2023-01-07) x86_64 GNU/Linux
$ sudo tree /boot/efi/
/boot/efi/
└── EFI
├── BOOT
│ ├── BOOTX64.EFI
│ ├── fbx64.efi
│ └── grubx64.efi
└── debian
├── BOOTX64.CSV
├── fbx64.efi
├── fw
│ └── fwupd-01453b71-da0c-4832-9f4f-e378245339c7.cap
├── fwupdx64.efi
├── grub.cfg
├── grubx64.efi
├── mmx64.efi
└── shimx64.efi
편집하다:
$ sudo efibootmgr -v | grep "Boot$(sudo efibootmgr -v | awk '/BootCurrent/{print $2}')"
Boot0000* debian HD(1,GPT,488c1b76-c8f0-4e08-a48d-d4a0a3a4fa81,0x800,0x106000)/File(\EFI\debian\shimx64.efi)
참고 File(\EFI\debian\shimx64.efi)
- 이것은 fwupdmgr이 불평하는 /boot/efi/EFI/BOOT/BOOTX64.EFI 파일이 사용 중이 아니라는 것을 의미합니까?