Upgrading firmware via fwupdmgr results in following error:

$ fwupdmgr update

Devices with no available firmware updates: 
 • USB2.0 Hub
 • USB2.0 Hub
 • USB3.1 Hub
 • USB3.1 Hub
 • Integrated Camera
 • SSD 970 EVO Plus 1TB
 • UEFI Device Firmware
 • UEFI Device Firmware
 • UEFI Device Firmware
 • UEFI Device Firmware
 • UEFI Device Firmware
Devices with the latest available firmware version:
 • Prometheus
 • Prometheus IOTA Config
 • System Firmware
╔══════════════════════════════════════════════════════════════════════════════╗
║ Upgrade UEFI dbx from 77 to 217?                                             ║
╠══════════════════════════════════════════════════════════════════════════════╣
║ This updates the dbx to the latest release from Microsoft which adds         ║
║ insecure versions of grub and shim to the list of forbidden signatures due   ║
║ to multiple discovered security updates.                                     ║
║                                                                              ║
║ Before installing the update, fwupd will check for any affected executables  ║
║ in the ESP and will refuse to update if it finds any boot binaries signed    ║
║ with any of the forbidden signatures. If the installation fails, you will    ║
║ need to update shim and grub packages before the update can be deployed.     ║
║                                                                              ║
║ Once you have installed this dbx update, any DVD or USB installer images     ║
║ signed with the old signatures may not work correctly. You may have to       ║
║ temporarily turn off secure boot when using recovery or installation media,  ║
║ if new images have not been made available by your distribution.             ║
║                                                                              ║
╚══════════════════════════════════════════════════════════════════════════════╝

Perform operation? [Y|n]: 
Downloading…             [***************************************]
Downloading…             [***************************************]
Decompressing…           [***************************************]
Authenticating…          [***************************************]
Waiting…                 [***************************************]
Writing…                 [***************************************]
Decompressing…           [                                       ]
Blocked executable in the ESP, ensure grub and shim are up to date: /boot/efi/EFI/BOOT/BOOTX64.EFI Authenticode checksum [af79b14064601bc0987d4747af1e914a228c05d622ceda03b7a4f67014fee868] is present in dbx

How to proceed? I'm guessing /boot/efi/EFI/BOOT/BOOTX64.EFI needs to be replaced. Shall I pull it from latest debian installation image? Is that the only file that should be replaced? What's the chance for bricking the system?

$ uname -a
Linux p14s 6.1.0-1-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.4-1 (2023-01-07) x86_64 GNU/Linux

$ sudo tree /boot/efi/
/boot/efi/
└── EFI
    ├── BOOT
    │   ├── BOOTX64.EFI
    │   ├── fbx64.efi
    │   └── grubx64.efi
    └── debian
        ├── BOOTX64.CSV
        ├── fbx64.efi
        ├── fw
        │   └── fwupd-01453b71-da0c-4832-9f4f-e378245339c7.cap
        ├── fwupdx64.efi
        ├── grub.cfg
        ├── grubx64.efi
        ├── mmx64.efi
        └── shimx64.efi

--- **Edit:**

$ sudo efibootmgr -v | grep "Boot$(sudo efibootmgr -v | awk '/BootCurrent/{print $2}')"
Boot0000* debian	HD(1,GPT,488c1b76-c8f0-4e08-a48d-d4a0a3a4fa81,0x800,0x106000)/File(\EFI\debian\shimx64.efi)

Note File(\EFI\debian\shimx64.efi) -- does this imply the file /boot/efi/EFI/BOOT/BOOTX64.EFI fwupdmgr complained about is not even used?

I just freshly installed Fedora 41 and the Software Updater suggested me to update my Thinkpad's firmware (something with UEFI Secure Boot I think). I clicked download and install and restart, the system restarted on now I have already for almost one hour a black screen with fwupd-efi version 1.6 Reset System written in tiny white letters in the upper left corner of my screen. What does "fwupd-efi version 1.6 Reset System" mean? I think it got stuck there? What can I do to get out of this? Should I press enter? Should I power off my system? Does it try to tell me that it is resetting the system or does it try to tell me that I should reset the system?

I'm attempting to reinstall the firmware of a Dell XPS 15 9560, but get the following error:

# fwupdmgr reinstall
0.	Cancel
1.	a45df35ac0e948ee180fe216a5f703f32dda163f (System Firmware)
2.	8e1ddd96334dca0c0f1059c12c3ff08b15d3766a (TPM 1.2)
3.	362301da643102b9f38477387e2193e57abaa590 (UEFI dbx)
Choose device [0-3]: 1
╔══════════════════════════════════════════════════════════════════════════════╗
║ Reinstall System Firmware to 1.31.0?                                         ║
╠══════════════════════════════════════════════════════════════════════════════╣
║ This stable release fixes the following issues:                              ║
║                                                                              ║
║ • Firmware updates to address security vulnerabilities.                      ║
║                                                                              ║
║ XPS 15 9560 must remain plugged into a power source for the duration of the  ║
║ update to avoid damage.                                                      ║
╚══════════════════════════════════════════════════════════════════════════════╝
Perform operation? [Y|n]: 
Decompressing…           [                                       ]
Error opening file /sys/firmware/efi/efivars/BootOrder-8be4df61-93ca-11d2-aa0d-00e098032b8c: No such file or directory

Same issue if I download the .cab from [fwupd.org](https://fwupd.org/lvfs/devices/com.dell.uefi34578c72.firmware) , and run fwupdmgr local-install. What's the problem?

I run Linux Mint 21.3 Cinnamon 64-bit, and I get strange error which I seemingly am unable to solve: > Failed to get releases for UEFI dbx: No releases found: Not compatible with org.freedesktop.fwupd version 1.7.9, requires >= 1.9.1

# systemctl status fwupd fwupd-refresh fwupd-refresh.timer

● fwupd.service - Firmware update daemon
     Loaded: loaded (/lib/systemd/system/fwupd.service; static)
     Active: active (running) since Fri 2024-04-12 23:23:49 CEST; 20min ago
       Docs: https://fwupd.org/ 
   Main PID: 458876 (fwupd)
      Tasks: 5 (limit: 37930)
     Memory: 54.1M
        CPU: 1.053s
     CGroup: /system.slice/fwupd.service
             └─458876 /usr/libexec/fwupd/fwupd

Apr 12 23:23:46 dell-7577 fwupd:   Guid:                 230c8b18-8d9b-53ec-838b-6cfc0383493a = 1.9.1
Apr 12 23:23:46 dell-7577 fwupd: 21:23:46:0956 FuEngine             failed to get releases for UEFI dbx: No releases found: Not compatible with org.freedesktop.fwupd version 1.7.9, requires >= 1.9.1
Apr 12 23:23:49 dell-7577 systemd: Started Firmware update daemon.
Apr 12 23:23:50 dell-7577 fwupd: 21:23:50:0466 FuEngine             failed to get releases for UEFI dbx: No releases found: Not compatible with org.freedesktop.fwupd version 1.7.9, requires >= 1.9.1
Apr 12 23:23:50 dell-7577 fwupd: 21:23:50:0543 FuEngine             failed to get releases for UEFI dbx: No releases found: Not compatible with org.freedesktop.fwupd version 1.7.9, requires >= 1.9.1

○ fwupd-refresh.service - Refresh fwupd metadata and update motd
     Loaded: loaded (/lib/systemd/system/fwupd-refresh.service; static)
     Active: inactive (dead) since Fri 2024-04-12 19:10:16 CEST; 4h 33min ago
TriggeredBy: ● fwupd-refresh.timer
       Docs: man:fwupdmgr(1)
   Main PID: 289668 (code=exited, status=2)
        CPU: 35ms

Apr 12 19:10:14 dell-7577 systemd: Starting Refresh fwupd metadata and update motd...
Apr 12 19:10:16 dell-7577 systemd: fwupd-refresh.service: Deactivated successfully.
Apr 12 19:10:16 dell-7577 systemd: Finished Refresh fwupd metadata and update motd.

● fwupd-refresh.timer - Refresh fwupd metadata regularly
     Loaded: loaded (/lib/systemd/system/fwupd-refresh.timer; enabled; vendor preset: enabled)
     Active: active (waiting) since Fri 2024-04-12 03:00:35 CEST; 20h ago
    Trigger: Sat 2024-04-13 13:34:01 CEST; 13h left
   Triggers: ● fwupd-refresh.service

Apr 12 03:00:35 dell-7577 systemd: Started Refresh fwupd metadata regularly.

Does anyone have a sound solution to this? *** **PS:** I have just removed fwupd from my system by running:

sudo apt-get purge 'fwupd*'

Therefore, I merely leave this question here for future readers.

# apt-get --simulate remove 'fwupd*'

...

The following package was automatically installed and is no longer required:
  libfwupdplugin5
Use 'apt autoremove' to remove it.
The following packages will be REMOVED:
  fwupd fwupd-signed
0 upgraded, 0 newly installed, 2 to remove and 0 not upgraded.
Remv fwupd [1.7.9-1~22.04.3]
Remv fwupd-signed [1.51.1~22.04.1+1.4-0ubuntu0.1]

It appears harmless to remove, but I am unsure if e.g. the OS needs it for something? *** For completeness, I attach the output of refresh command:

# fwupdmgr refresh

WARNING: UEFI capsule updates not available or enabled in firmware setup
  See https://github.com/fwupd/fwupd/wiki/PluginFlag:capsules-unsupported  for more information.
Updating lvfs
Downloading…             [***************************************]
Downloading…             [***************************************]
Downloading…             [***************************************]
Successfully downloaded new metadata: 0 local devices supported

Thank you for your answers in advance!

sudo fwupdmgr update fails with the error:

/usr/libexec/fwupd/efi/fwupdx64.efi and /usr/libexec/fwupd/efi/fwupdx64.efi.signed cannot be found

System information:

$ lsb_release -a
LSB Version:    core-11.1.0ubuntu4-noarch:security-11.1.0ubuntu4-noarch
Distributor ID: Ubuntu
Description:    Ubuntu 22.04.1 LTS
Release:    22.04
Codename:   jammy
$ uname -a
Linux  5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux

What are the possible reasons that running fwupdmgr verify fails?

$ fwupdmgr verify 230c8b18-8d9b-53ec-838b-6cfc0383493a
Reading…                 [-                                      ]Selected device: Lite (bios)
Reading…                 [                   -                   ]failed to verify Lite (bios): For Lite (bios) 8.20 expected 73f0b38cbd5fdc45cb259bead04b00413e162328|a22b9f14078b406efc4442a21be1ad8cbfc6ef6c3bd3e6440c651129fd555df7, got 9e365aa2206158c8e7fa09b538d1166c5e522acd|5bd6570571bd28fd54bf5a28b2cd4e561002cfcd1a5b7d16a43767ec273f327f

Is it safe to execute fwupdmgr verify-update to "accept" the mismatching checksums? Why would they not match in the first place?

I run LinuxMint21 and when I run fwupdmgr update, it exit with 1 (error). But there's no error on STDERR. Any clue? My system is up to date.

$ uname -a
Linux box 5.15.0-67-generic #74-Ubuntu SMP Wed Feb 22 14:14:39 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux

# tree /boot/efi/
/boot/efi/
└── EFI
    ├── BOOT
    │   ├── BOOTX64.EFI
    │   ├── fbx64.efi
    │   └── mmx64.efi
    ├── debian
    │   ├── BOOTX64.CSV
    │   ├── fbx64.efi
    │   ├── grub.cfg
    │   ├── grubx64.efi
    │   ├── mmx64.efi
    │   └── shimx64.efi
    └── ubuntu
        ├── BOOTX64.CSV
        ├── fw
        │   └── fwupd-0123456789abcdef.cap
        ├── fwupdx64.efi
        ├── grub.cfg
        ├── grubx64.efi
        ├── mmx64.efi
        └── shimx64.efi

5 directories, 16 files

and

# fwupdmgr update
Devices with no available firmware updates: 
 • UEFI Device Firmware
 • UEFI Device Firmware
 • UEFI Device Firmware
Devices with the latest available firmware version:
 • MZVLB512HBJQ-000L7
 • System Firmware
╔══════════════════════════════════════════════════════════════════════════════╗
║ Upgrade UEFI dbx from 77 to 217?                                             ║
╠══════════════════════════════════════════════════════════════════════════════╣
║ This updates the dbx to the latest release from Microsoft which adds         ║
║ insecure versions of grub and shim to the list of forbidden signatures due   ║
║ to multiple discovered security updates.                                     ║
║                                                                              ║
║ Before installing the update, fwupd will check for any affected executables  ║
║ in the ESP and will refuse to update if it finds any boot binaries signed    ║
║ with any of the forbidden signatures.If the installation fails, you will     ║
║ need to update shim and grub packages before the update can be deployed.     ║
║                                                                              ║
║ Once you have installed this dbx update, any DVD or USB installer images     ║
║ signed with the old signatures may not work correctly.You may have to        ║
║ temporarily turn off secure boot when using recovery or installation media,  ║
║ if new images have not been made available by your distribution.             ║
║                                                                              ║
║ UEFI dbx and all connected devices may not be usable while updating.         ║
╚══════════════════════════════════════════════════════════════════════════════╝

Perform operation? [Y|n]: 
Downloading…             [***************************************]
Downloading…             [***************************************]
Decompressing…           [***************************************]
Decompressing…           [***************************************]
Authenticating…          [***************************************]
Authenticating…          [***************************************]
Restarting device…       [***************************************]
Writing…                 [***************************************]
Decompressing…           [***************************************]
Blocked executable in the ESP, ensure grub and shim are up to date: /boot/efi/EFI/debian/shimx64.efi Authenticode checksum [0123456789abcdef] is present in dbx

And:

# fwupdmgr --version
runtime   org.freedesktop.fwupd         1.7.9
runtime   com.dell.libsmbios            2.4
compile   org.freedesktop.gusb          0.3.10
runtime   org.kernel                    5.15.0-67-generic
compile   com.hughsie.libjcat           0.1.9
compile   org.freedesktop.fwupd         1.7.9
runtime   org.freedesktop.gusb          0.3.10

The error is there:

# fwupdmgr get-upgrades
│
└─UEFI dbx:
  │   Device ID:          0123456789abcdef
  │   Summary:            UEFI revocation database
  │   Current version:    77
  │   Minimum Version:    77
  │   Vendor:             UEFI:Linux Foundation
  │   Install Duration:   1 second
  │   Update State:       Transient failure
  │   Update Error:       Blocked executable in the ESP, ensure grub and shim are up to date: /boot/efi/EFI/debian/shimx64.efi Authenticode checksum [0123456789abcdef] is present in dbx