Hey Russell, On Sun, Mar 05, 2023 at 11:11:18PM +1100, Russell Coker wrote: >Package: fwupd >Version: 1.8.12-2 >Severity: normal > >I have a Thinkpad Carbon X1 Gen5 running Debian/Testing with the fwupd from >Unstable with Secure Boot enabled. I believe that we should get everything >working with Secure Boot enabled and to the largest extent possible have >Debian working with all security features. > >When I install updates with the "fwupdmgr" program it looks like it is all >working well, the updates are installed and it prompts to reboot the system. > >When I boot up I get a screen with white text on blue background saying >"Verification failed: (0x1A) Security Violation" which according to various >pages Google turns up means it's a secure boot issue.
Yes, that sounds like a correct diagnosis. >I have the fwupd-amd64-signed package installed, but the version doesn't seem >to match, is there a problem with this? > ># dpkg -l fwupd\*|grep ^ii >ii fwupd 1.8.12-2 amd64 Firmware update >daemon >ii fwupd-amd64-signed 1:1.4+1 amd64 Tools to manage >UEFI firmware updates (signed) >ii fwupdate 12-7 amd64 Transitional >package for fwupd Nope, this should be fine. The fwupd folks moved the fwupd UEFI support out into a separate source package a while back, hence the distinct versioning. (Compare https://tracker.debian.org/pkg/fwupd with https://tracker.debian.org/pkg/fwupd-efi). I'm not sure what exactly might be happening here to cause your problem. Could you run the following for me and report the output please? # find /boot/efi/ -type f | xargs sha256sum I'd like to double-check exactly what things you have in the ESP... -- Steve McIntyre, Cambridge, UK. st...@einval.com Welcome my son, welcome to the machine.