Hi guys I have installed ubuntu with the experimental full hardware backed encryption (learn more here).
When I try to update firmware:
itsme@Laptop:~$ fwupdmgr update
Devices with no available firmware updates:
• Integrated Webcam FHD
• TPM
Devices with the latest available firmware version:
• BG6 KIOXIA 512GB
╔══════════════════════════════════════════════════════════════════════════════╗
║ Upgrade System Firmware from 1.4.0 to 1.5.0? ║
╠══════════════════════════════════════════════════════════════════════════════╣
║ This stable release fixes the following issues: Initial BIOS release for ║
║ Latitude 5550,Precision 3590,Precision 3591 MTL. ║
║ ║
║ Latitude 5550 must remain plugged into a power source for the duration of ║
║ the update to avoid damage. ║
╚══════════════════════════════════════════════════════════════════════════════╝
Perform operation? [Y|n]: y
Decompressing… [ ]
Secure boot is enabled, but shim isn't installed to EFI/ubuntu/shimx64.efi
Someone told me to install this but I get:
itsmeagain@Laptop:~$ sudo apt install shim-signed
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:
The following packages have unmet dependencies:
boot-managed-by-snapd : Conflicts: grub-efi-amd64-signed but 1.202+2.12-1ubuntu7 is to be installed
Conflicts: shim-signed but 1.58+15.8-0ubuntu1 is to be installed
grub-efi-amd64-signed : Depends: grub-efi-amd64 but it is not going to be installed or
grub-pc but it is not going to be installed
Recommends: secureboot-db but it is not going to be installed
Cannot install grub-efi-amd64-signed on system as boot is managed by snapd.
E: Error, pkgProblemResolver::Resolve generated breaks, this may be caused by held packages.
I'm new to ubuntu, how to fix this please?
Here are more info you might need
Device Security Report
======================
Report details
Date generated: 2024-07-26 15:11:51
fwupd version: 1.9.16
System details
Hardware model: Dell Inc. Latitude 5550
Processor: Intel(R) Core(TM) Ultra 7 165U
OS: Ubuntu 24.04 LTS
Security level: HSI:0! (v1.9.16)
HSI-1 Tests
UEFI Platform Key: Pass (Valid)
TPM v2.0: Pass (Found)
UEFI Bootservice Variables: Pass (Locked)
Firmware BIOS Region: Pass (Locked)
MEI Key Manifest: Pass (Valid)
UEFI Secure Boot: Pass (Enabled)
Firmware Write Protection Lock: Pass (Enabled)
Platform Debugging: Pass (Not Enabled)
Intel Management Engine Manufacturing Mode: Pass (Locked)
BIOS Firmware Updates: Pass (Enabled)
Firmware Write Protection: Pass (Not Enabled)
TPM Platform Configuration: Pass (Valid)
Intel Management Engine Override: Pass (Locked)
Intel Management Engine Version: ! Fail
HSI-2 Tests
Platform Debugging: Pass (Locked)
Intel BootGuard ACM Protected: ! Fail (Not Valid)
IOMMU Protection: Pass (Enabled)
Intel BootGuard Fuse: Pass (Valid)
BIOS Rollback Protection: ! Fail (Not Enabled)
Intel BootGuard Verified Boot: ! Fail (Not Valid)
TPM Reconstruction: Pass (Valid)
Intel BootGuard: Pass (Enabled)
HSI-3 Tests
Suspend To RAM: Pass (Not Enabled)
Intel BootGuard Error Policy: ! Fail (Not Valid)
Pre-boot DMA Protection: Pass (Enabled)
Control-flow Enforcement Technology: Pass (Supported)
Suspend To Idle: Pass (Enabled)
HSI-4 Tests
Encrypted RAM: ! Fail (Not Enabled)
Supervisor Mode Access Prevention: Pass (Enabled)
Runtime Tests
Control-flow Enforcement Technology: ! Fail (Not Supported)
Firmware Updater Verification: Pass (Not Tainted)
Linux Swap: Pass (Encrypted)
Linux Kernel Verification: Pass (Not Tainted)
Linux Kernel Lockdown: Pass (Enabled)
Host security events
For information on the contents of this report, see https://fwupd.github.io/hsi.html
Also
yetmeagain@Laptop:~$ efibootmgr -v
BootCurrent: 0000
Timeout: 0 seconds
BootOrder: 0000
Boot0000* UEFI BG6 KIOXIA 512GB 2E9CTGYGZ0XU 1 HD(1,GPT,61615ba8-e2c4-4d47-b2a1-16e38b88b980,0x800,0x177000)/File(\EFI\Boot\BootX64.efi){auto_created_boot_option}
dp: 04 01 2a 00 01 00 00 00 00 08 00 00 00 00 00 00 00 70 17 00 00 00 00 00 a8 5b 61 61 c4 e2 47 4d b2 a1 16 e3 8b 88 b9 80 02 02 / 04 04 30 00 5c 00 45 00 46 00 49 00 5c 00 42 00 6f 00 6f 00 74 00 5c 00 42 00 6f 00 6f 00 74 00 58 00 36 00 34 00 2e 00 65 00 66 00 69 00 00 00 / 7f ff 04 00
data: 4e ac 08 81 11 9f 59 4d 85 0e e2 1a 52 2c 59 b2
Only thing in boot folder is this
