1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1105176: systemd-boot-efi-amd64-signed: Poor interaction with fwupd

    From =?utf-8?B?RGF2aWQgSMOkcmRlbWFu?=@21:1/5 to All on Mon May 12 22:30:01 2025
    Package: systemd-boot-efi-amd64-signed
    Version: 257.5-2
    Severity: normal

    Dear Maintainer,

    now that there is a signed version of systemd-boot, I decided to play
    around a bit and try to get it to work without disabling SecureBoot on
    my laptop.

    So, with some dpkg --force flags, I removed grub-efi-amd64-signed and
    installed systemd-boot, basically following the instructions from the
    wiki [1].

    Modulo complaints about essential packages being removed and shim having missing dependencies (which was expected, given that [1] is still
    pending).

    Rebooted, and all worked suprisingly well. Later I noticed that I had a
    pending fwupd firmware update (BIOS update). Ok, so I told fwupdtool to
    install the update and rebooted. The update wasn't installed.

    "fwupdtool get-history" claimed that the update had failed because EFI/systemd/shimx64.efi was missing (so fwupd seems to have some logic
    to determine which bootloader is in use). So I manually copied EFI/debian/shimx64.efi to EFI/systemd and tried again. This time it
    worked.

    I'm not sure if this should be considered a bug in fwupd or in
    systemd-boot.

    [1] https://wiki.debian.org/SecureBoot#Secure_Boot_setup_with_systemd-boot
    [2] https://salsa.debian.org/efi-team/shim-signed/-/merge_requests/3

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Luca Boccassi@21:1/5 to david@hardeman.nu on Wed May 21 23:30:01 2025
    Control: reassign -1 fwupd 2.0.8-3
    Control: retitle -1 fwupd: need to build with -Defi_os_dir=debian

    On Mon, 12 May 2025 20:17:46 +0000 "=?utf-8?B?RGF2aWQgSMOkcmRlbWFu?=" <david@hardeman.nu> wrote:
    Package: systemd-boot-efi-amd64-signed
    Version: 257.5-2
    Severity: normal

    Dear Maintainer,

    now that there is a signed version of systemd-boot, I decided to play
    around a bit and try to get it to work without disabling SecureBoot
    on
    my laptop.

    So, with some dpkg --force flags, I removed grub-efi-amd64-signed and installed systemd-boot, basically following the instructions from the
    wiki [1].

    Modulo complaints about essential packages being removed and shim
    having
    missing dependencies (which was expected, given that [1] is still
    pending).

    Rebooted, and all worked suprisingly well. Later I noticed that I had
    a
    pending fwupd firmware update (BIOS update). Ok, so I told fwupdtool
    to
    install the update and rebooted. The update wasn't installed.

    "fwupdtool get-history" claimed that the update had failed because EFI/systemd/shimx64.efi was missing (so fwupd seems to have some
    logic
    to determine which bootloader is in use). So I manually copied EFI/debian/shimx64.efi to EFI/systemd and tried again. This time it
    worked.

    I'm not sure if this should be considered a bug in fwupd or in
    systemd-boot.

    fwupd needs to be built with -Defi_os_dir=debian so that it looks for
    shim in the right place, which is \EFI\debian\

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)