Announcement

Collapse
No announcement yet.

The input is not of cabinet format?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    [SOLVED] The input is not of cabinet format?

    Routinely taking updates offered by Discover. But now I have an update that apparently I can't get to go.

    The offer is:

    UEFI dbx 13.5 KiB
    Update to new version 217

    I press the Update button and get this message:
    "The input is not of cabinet format"

    and it won't update; but it stays there and pops up the following day; gone on for a few days now

    Any ideas about this? I think the UEFI is important, but haven't had time to look into what this one is specifically.
    Last edited by Qqmike; Mar 24, 2023, 10:29 AM.
    An intellectual says a simple thing in a hard way. An artist says a hard thing in a simple way. Charles Bukowski

    #2
    That is a firmware update for some piece of hardware on your system, not related to debs or anything else.
    It IS related to the UEFi database in your BIOS, specifically related to secure boot.
    You can check for better errors by looking at it directly:
    Code:
    sudo fwupdmgr refresh​
    sudo fwupdmgr update
    This might successfully install the firmware, or give the same error.
    it is either a bug in the vendor's firmnware, or in fwupdmgr.

    This post has a decent description of what the update is for
    https://unix.stackexchange.com/quest...says-everythin

    it is odd that you are seeing this now, as this was updated some time ago, last fall iirc.
    Have you updated your bios recently?
    But one way around this may be to simply disable secure boot, unless your system absolutely requires it for some reason.

    Comment


      #3
      Thanks.

      Well, I did the best I could trying to decipher the firmware geek talk.
      First, I always have Secure Boot turned OFF; so maybe this doesn't even affect my system.
      Second, I did try to take the UEFI dbx upgrade, to upgrade from version 77 to the new one 217, and I * think * it worked OK.

      fyi, fwiw, here's highlights from what I did (I copied everything from Konsole and have retained the full copy):

      Code:
      ~$ sudo apt-get upgrade
      This showed that my GRUB stuff is up to date. (It also showed 3 packages (unrelated to GRUB) I could remove, and I did so) .

      It looks like my dbx version was 77 (whereas the new one is 217 as showed by Discover):

      Code:
      [COLOR=#5454ff][FONT=monospace][B]~[/B][/FONT][/COLOR][COLOR=#000000][FONT=monospace]$ fwupdmgr get-devices [/FONT][/COLOR]
      [FONT=monospace][B]UEFI dbx[/B]:
      Device ID: 362301da643102b9f38477387e2193e57abaa590
      Summary: UEFI revocation database
      [B]Current [B]version: 77[/B][/B]
      Minimum Version: 77
      Vendor: [B]UEFI:Linux Foundation[/B]
      Install Duration: 1 second
      GUIDs: fda6234b-adcb-5105-8515-9af647d29775
      f8ff0d50-c757-5dc3-951a-39d86e16f419
      c6682ade-b5ec-57c4-b687-676351208742
      f8ba2887-9411-5c36-9cee-88995bb39731
      7d5759e5-9aa0-5f0c-abd6-7439bb11b9f6
      0c7691e1-b6f2-5d71-bc9c-aabee364c916
      Device Flags: • Internal device
      • Updatable
      • Supported on remote server
      • Needs a reboot after installation
      • Only version upgrades are allowed
      • Signed Payload [/FONT]


      Trying to to get updates: The new version is 217:

      Code:
      [FONT=monospace][COLOR=#5454ff][B]~[/B][/COLOR][COLOR=#000000]$ fwupdmgr get-updates [/COLOR]
      Devices with no available firmware updates:
      • SSD 870 EVO 500GB
      • System Firmware
      System Product Name [/FONT]
      ​
      [FONT=monospace]│
      └─[B]UEFI dbx[/B]:
      │ Device ID: 362301da643102b9f38477387e2193e57abaa590
      │ Summary: UEFI revocation database
      │ [B]Current [B]version: 77[/B][/B]
      │ Minimum Version: 77
      │ Vendor: UEFI:Linux Foundation
      │ Install Duration: 1 second
      │ GUIDs: fda6234b-adcb-5105-8515-9af647d29775
      │ f8ff0d50-c757-5dc3-951a-39d86e16f419
      │ c6682ade-b5ec-57c4-b687-676351208742
      │ f8ba2887-9411-5c36-9cee-88995bb39731
      │ 7d5759e5-9aa0-5f0c-abd6-7439bb11b9f6
      │ 0c7691e1-b6f2-5d71-bc9c-aabee364c916
      │ Device Flags: • Internal device
      │ • Updatable
      │ • Supported on remote server
      │ • Needs a reboot after installation
      │ • Only version upgrades are allowed
      │ • Signed Payload
      │
      ├─[B][B]Secure Boot dbx:
      │ New version: 217[/B][/B]
      │ Remote ID: lvfs
      │ Release ID: 15179
      │ Summary: UEFI Secure Boot Forbidden Signature[/FONT]
      ​
      [FONT=monospace]Database
      │ Variant: x64
      │ License: Proprietary
      │ Size: 13.8 kB
      │ Created: 2020-07-29
      │ [B][B]Urgency: High
      │ Vendor: Linux Foundation[/B][/B]
      │ Duration: 1 second
      │ Release Flags: • Is upgrade
      │ Description:
      │ This updates the dbx to the latest release from Microsoft which adds insecure versions of grub and shi
      m to the list of forbidden signatures due to multiple discovered security updates.
      │
      │ Before installing the update, fwupd will check for any affected executables in the ESP and will refuse
      to update if it finds any boot binaries signed with any of the forbidden signatures.If the installation fails
      , you will need to update shim and grub packages before the update can be deployed.
      │
      │ Once you have installed this dbx update, any DVD or USB installer images signed with the old signature
      s may not work correctly.You may have to temporarily turn off secure boot when using recovery or installation
      media, if new images have not been made available by your distribution. [/FONT]


      Doing the upgrade from version 77 to the new one 217:


      Code:
      [FONT=monospace][B][COLOR=#5454ff]~[/COLOR][COLOR=#000000]$ fwupdmgr update [/COLOR][/B]
      Decompressing… [- ]Devices with no available firmware updates:
      • SSD 870 EVO 500GB
      • System Firmware
      ╔═════════════════════════════════════════════════ ═════════════════════════════╗
      ║ [B][B]Upgrade UEFI dbx from 77 to 217?[/B][/B][/FONT][B][/B]
      
      
      ║ [FONT=monospace]This updates the dbx to the latest release from Microsoft which adds ║
      ║ insecure versions of grub and shim to the list of forbidden signatures due ║
      ║ to multiple discovered security updates. ║ ║
      ║ Before installing the update, fwupd will check for any affected executables ║
      ║ in the ESP and will refuse to update if it finds any boot binaries signed ║
      ║ with any of the forbidden signatures.If the installation fails, you will ║
      ║ need to update shim and grub packages before the update can be deployed. ║
      ║ ║
      ║ Once you have installed this dbx update, any DVD or USB installer images ║
      ║ signed with the old signatures may not work correctly.You may have to ║
      ║ temporarily turn off secure boot when using recovery or installation media, ║
      ║ if new images have not been made available by your distribution. ║ ║
      ║ UEFI dbx and all connected devices may not be usable while updating. ║ [/FONT]
      Code:
      [FONT=monospace][B][B]Perform operation? [Y|n]: y[/B][/B]
      Downloading… [***************************************]
      Authenticating… [***************************************]
      Restarting device… [***************************************]
      Writing… [***************************************]
      -- etc etc  -
      [[B]B]Successfully installed firmware[/B][/B]
      
      [B][B]An update requires a reboot to complete. Restart now? [y|N]: y[/B] [/B][/FONT]

      A final check after re-booting:


      Code:
      [FONT=monospace][COLOR=#5454ff][B]~[/B][/COLOR][COLOR=#000000][B]$ fwupdmgr get-updates[/B] [/COLOR]
      Devices with no available firmware updates:
      • SSD 870 EVO 500GB
      • System Firmware
      [B][B]Devices with the latest available firmware version:
      • UEFI dbx
      No updates available [/B][/B][/FONT][B][/B]

      ​(Boy, my effort to format by bolding sucks! BOLD wouldn't stick in the Code boxes.)
      Last edited by Qqmike; Mar 18, 2023, 10:10 AM.
      An intellectual says a simple thing in a hard way. An artist says a hard thing in a simple way. Charles Bukowski

      Comment


        #4
        Originally posted by Qqmike View Post
        Boy, my effort to format by bolding sucks! BOLD wouldn't stick in the Code boxes.
        Yes, that is to be expected, and by design, for code blocks.
        Quotes are fine if you want to use custom formatting.

        It all looks good, and successful.
        If one wants, firmware updates can be disabled in Discover.
        They are not managed using apt. Like flatpak/snap/KDE Store themes and addons, these are completely separate from normal system updates. Discover and Gnome Software do offer this extra functionality. though.

        Comment


          #5
          Thanks, claydoh, for everything here. I wouldn't learn about this unless I had this problem. And you confirmed something I did catch: this UEFI_dbx thing is not even handled by apt.

          If you don't use Secure Booting, it looks like this issue is moot.
          OTOH, I'm punchy about NOT upgrading the dbx thing because who knows what else could be affected down the road by not doing so.
          BTW, there were maybe 3 previous upgrades to dbx beyond MY (old) version of 77. It looks like my system automatically passed on those because I had always set Secure Boot to OFF.
          But, upon installing 22.04 recently, something with Discover may have changed, and now it informs me of the dbx.

          Thanks, again.
          An intellectual says a simple thing in a hard way. An artist says a hard thing in a simple way. Charles Bukowski

          Comment

          Working...
          X