Package: fwupdate Version: 12-4+deb10u1 Severity: important Newer requirements for UEFI Secure Boot include signed binaries containing SBAT metadata [1]. We'll need to update fwupdate in buster to include that, and we'll also need to re-sign it using our rotated signing keys.
[1] https://github.com/rhboot/shim/blob/main/SBAT.md -- System Information: Debian Release: 10.8 APT prefers stable-debug APT policy: (500, 'stable-debug'), (500, 'stable'), (500, 'oldstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-14-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages fwupdate depends on: ii e2fsprogs 1.44.5-1+deb10u3 ii efibootmgr 15-1 ii libc6 2.28-10 ii libefiboot1 37-2+deb10u1 ii libefivar1 37-2+deb10u1 ii libfwup1 12-4+deb10u1 ii libpopt0 1.16-12 ii libsmbios-c2 2.4.1-1 Versions of packages fwupdate recommends: ii fwupdate-amd64-signed [fwupdate-signed] 12+4+deb10u1 fwupdate suggests no packages. -- no debconf information