Re: Windows Secure Boot certificate expiration (June 2026)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wednesday, 09 July 2025 at 14:06, Michael Catanzaro wrote:
> On Wed, Jul 9 2025 at 11:28:19 AM +02:00:00, Gerd Hoffmann
> <kraxel@xxxxxxxxxx> wrote:
> > Problem with that is not so much linux, but that a KEK update has never
> > happened before so there are chances that bios vendors messed up things
> > and updating the KEK doesn't work.  Also not sure how good older
> > hardware is covered.
> 
> I received a KEK update for my laptop just yesterday via GNOME Software.
> Checking with 'fwupdmgr get-history' I can see the update description: "This
> updates the UEFI Signature Database (the "KEK") to the latest release from
> Microsoft, signed by LENOVO." Nice when things just work.
> 
> But it's clearly a Thinkpad-specific update, so this does no good for most
> of our users.

Well, I got one from Linux Foundation:

│ └─Secure Boot KEK Configuration Update:
│       New version:      2023
│       Remote ID:        lvfs
│       Release ID:       114286
│       Summary:          UEFI Secure Boot Key Exchange Key
│       Variant:          MCJ
│       Licence:          Proprietary
│       Size:             2.5 kB
│       Created:          2025-04-29
│       Urgency:          High
│       Vendor:           Linux Foundation
│       Release Flags:    • Trusted metadata
│                         • Is upgrade
│       Description:      
│       This updates the UEFI Signature Database (the "KEK") to the latest release from Microsoft, signed by Root Agency.
│       Checksum:         36ea945cf1cf357df5ff30096e228dcab4c83f9e3438ecb475a3e10af19ff44f

I can't install it, however:
failed to write-firmware: failed to write (null): failed to write data to efivarsfs: Error writing to file descriptor: Invalid argument

Is this one of the cases of firmware/mainboard vendor messing up? Or do
I need to disable SecureBoot to update the KEK?

Regards,
Dominik
-- 
Fedora   https://fedoraproject.org
Deep in the human unconscious is a pervasive need for a logical universe that
makes sense. But the real universe is always one step beyond logic.
        -- from "The Sayings of Muad'Dib" by the Princess Irulan
-- 
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux