** Description changed: + [SRU] 2.74.1: + https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/2138629 + + [ Impact ] + + On FDE installation, an official firmware updated (consisting of + multiple updates) fails. + + [ Test Plan ] + + 1. Reproduce with snapd deb < 2.74.1 + + Steps to reproduce: + - Download the daily resolute image from https://cdimages.ubuntu.com/ubuntu/daily-live/pending/. + - Install the iso in a VM and enable TPM-backed encryption, using swtpm and the OVMF vars provided by test-snapd-ovmf. + - Refresh firmware updates: + - fwupdmgr refresh + - Update firmware with "fwupdmgr update" + - On the update "UEFI CA from 2011 to 2023", choose "Y" and continue. + - snapd gives BadRequest + + 2. Prove fixed with snapd deb 2.74.1 + + Some steps as above, but do not expect the bad request, update must + succeed. + + + ---original--- + Performing a db update on fwupdmgr results in a BadRequest response from snapd in the "Prepare" stage. Using snapd version 2.74 snapd logs the following error: (Prepare for external EFI DB update) failed: cannot perform initial reseal of keys for Secureboot Key Database update: cannot add EFI secure boot and boot manager policy profiles: cannot process host variable modifier 0 for initial branch 0: cannot compute signature database update 0: cannot decode EFI_VARIABLE_AUTHENTICATION_2 structure of update: cannot check WIN_CERTIFICATE_UEFI_GUID.Hdr: unexpected WIN_CERTIFICATE.Revision (0x0) - - Notably snapd versions prior to 2.74 do not handle db updates, however I would arguably see this as a regression. + Notably snapd versions prior to 2.74 do not handle db updates, however I + would arguably see this as a regression. --- Steps to reproduce: 1. Download the daily resolute image from https://cdimages.ubuntu.com/ubuntu/daily-live/pending/. 2. Install the iso in a VM and enable TPM-backed encryption, using swtpm and the OVMF vars provided by test-snapd-ovmf. 3. Refresh firmware updates: $ fwupdmgr refresh 4. Update firmware: $ fwupdmgr update 5. On the update "UEFI CA from 2011 to 2023", choose "Y" and continue. 6. (snapd gives BadRequest) --- Machine specification: - Resolute Daily amd64 image (Pending, 2026-02-03 06:50) running on QEMU - swtpm with OVMF vars generated by test-snapd-ovmf version edk2-stable202411 (https://snapcraft.io/test-snapd-ovmf)
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2139611 Title: snapd fails to prepare db update, giving BadRequest To manage notifications about this bug go to: https://bugs.launchpad.net/fwupd/+bug/2139611/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
