-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
rhel-7.9, rhel-8.9.0, rhel-9.3.0
-
None
-
None
-
Critical
-
rhel-sst-display-hardware-multimedia
-
ssg_display
-
2
-
False
-
-
None
-
None
-
None
-
None
-
All
-
None
What were you trying to do that didn't work?
Try to update the DBX database like written on:
Please provide the package NVR for which bug is seen:
fwupd-1.8.16-1.el9.x86_64
How reproducible:
Every time
Steps to reproduce
fwupdmgr get-details /usr/share/dbxtool/DBXUpdate-20230509-x64.cab
Expected results
Working update of the dbx data base
Actual results
fwupdmgr get-details /usr/share/dbxtool/DBXUpdate-20230509-x64.cab Decompressing... [ - ] VMware, Inc. VMware7,1 │ └─UEFI dbx: │ Device ID: 362301da643102b9f38477387e2193e57abaa590 │ Summary: UEFI revocation database │ Description: │ Updating the UEFI dbx prevents starting EFI binaries with known security issues. │ Current version: 77 │ Minimum Version: 77 │ Vendor: UEFI:Linux Foundation │ Install Duration: 1 second │ Update Error: Not compatible with org.freedesktop.fwupd version 1.8.16, requires >= 1.9.1 │ GUIDs: c6682ade-b5ec-57c4-b687-676351208742 │ f8ba2887-9411-5c36-9cee-88995bb39731 │ Device Flags: • Internal device │ • Needs a reboot after installation │ • Device is usable for the duration of the update │ • Updatable │ • Only version upgrades are allowed │ • Signed Payload │ └─Secure Boot dbx: New version: 371 Summary: UEFI Secure Boot Forbidden Signature Database Variant: x64 License: Proprietary Size: 21.2 kB Urgency: High Release Flags: • Trusted payload • Trusted metadata Description: Insecure versions of the Microsoft Windows boot manager affected by Black Lotus were added to the list of forbidden signatures due to a discovered security problem. This updates the dbx to the latest release from Microsoft. Before installing the update, fwupd will check for any affected executables in the ESP and will refuse to update if it finds any boot binaries signed with any of the forbidden signatures. Applying this update may also cause some Windows install media to not start correctly. Issue: CVE-2022-21894
So an update of fwupd will be needed for RHEL-9/8/7.