Announcement

**claydoh** · Jan 23, 2024, 01:12 PM

This looks to be a firmware (BIOS related?) update, so it isn't something from neon's repos, nor Ubuntu's, but from your manufacturer. Discover is able to handle some firmware updates via fwupdmgr.

I have no idea what the fix may be, though this error is not uncommon, nor specific to *buntu.
You can un-check firmware updates in Discover's settings, at least to keep the update from prompting you for this.

running
fwupdmgr update
might provide some extra information for debugging purposes, at least to see what the firmware is for, maybe.

**marco07** · Jan 23, 2024, 05:44 PM

FYI, here is what your suggested command produces. As you see I answered "Y" and got the same message as in discover. However, the boxed info is helpful.

marco@t540p:~$ fwupdmgr update
Devices with no available firmware updates:
• HGST HTS725050A7E630
• System Firmware
• UEFI Device Firmware
• intel-spi
╔═════════════════════════════════════════════════ ═════════════════════════════╗
║ Upgrade UEFI dbx from 190 to 371? ║
╠═════════════════════════════════════════════════ ═════════════════════════════╣
║ Insecure versions of the Microsoft Windows boot manager affected by Black ║
║ Lotus were added to the list of forbidden signatures due to a discovered ║
║ security problem.This updates the dbx to the latest release from Microsoft. ║
║ ║
║ Before installing the update, fwupd will check for any affected executables ║
║ in the ESP and will refuse to update if it finds any boot binaries signed ║
║ with any of the forbidden signatures.Applying this update may also cause ║
║ some Windows install media to not start correctly. ║
║ ║
╚═════════════════════════════════════════════════ ═════════════════════════════╝
Perform operation? [Y|n]: Y
Decompressing… [ ]
Blocked executable in the ESP, ensure grub and shim are up to date: /boot/efi/EFI/Microsoft/Boot/bootmgfw.efi Authenticode checksum [6582dccb8b305efe0bbbafdcc7d295a6a8bf1df0397e1a8ac7 36e9098a2a64c0] is present in dbx
marco@t540p:~$

**claydoh** · Jan 23, 2024, 06:50 PM

You might look here for details that may help:
https://askubuntu.com/questions/1491...1-ubuntu-23-10

Show us more details, and we can see if deleting that file in the error is safe to do.

**marco07** · Jan 23, 2024, 07:57 PM

claydoh. Thanks! The information provided in the your above given link and the link given in those information helped. The upgrade was successful!

Here is the recommendation given in the bottom of the 2nd link that I followed to solve my issue:

I was having the same issue. I just moved all of the offending files reported by the upgrade into a safe place outside of the boot folder. One you ensure everything works correctly, you can delete the files you moved.

In your case it would be something like this:

$ sudo mv /boot/efi/EFI/Boot/shimx64.efi ~/Documents
$ sudo fwupdmgr update

If you get another error after running fwupdmgr move the file it complains about to your Documents folder. I had to move 3 "Blocked Executable" files before the update utility worked. Once the update succeeds, make sure grub is up to date:

$ sudo update-grub

Now you can reboot and everything should work as normal. You can delete the efi folders quarantined in your Documents folder.

Ofcource, I changed the name of moved file to those of my complaining files in respond to " sudo fwupdmgr update". I had to move two files before a successful upgrade.
I am hoping that this will help those who may end up with similar issue.

Announcement

Today's Neon Update Package

Today's Neon Update Package

Comment

Comment

Comment

Comment