Ubuntu Server升級UEFI Firmware BIOS
一早登入系統,注意到有二行提醒文字,第一次看到 Ubuntu 的 firmware upgrade 因此留個筆記。
1 device has a firmware upgrade available.
Run `fwupdmgr get-upgrades` for more information.
執行一下 fwupdmgr get-upgrades 指令:
$ fwupdmgr get-upgrades
WARNING: UEFI capsule updates not available or enabled in firmware setup
See https://github.com/fwupd/fwupd/wiki/PluginFlag:capsules-unsupported for more information.
VMware20,1
│
└─UEFI dbx:
│ Device ID: 362301da643102b9f38477387e2193e57abaa590
│ Summary: UEFI revocation database
│ Current version: 298
│ Minimum Version: 298
│ Vendor: UEFI:Linux Foundation
│ Install Duration: 1 second
│ GUIDs: 3425d762-b684-51ab-8088-3f4175888c7a
│ d07ff664-b0e1-5f4e-a723-d7fbcbfcb94f
│ c6682ade-b5ec-57c4-b687-676351208742
│ f8ba2887-9411-5c36-9cee-88995bb39731
│ Device Flags: • Internal device
│ • Updatable
│ • Supported on remote server
│ • Needs a reboot after installation
│ • Only version upgrades are allowed
│ • Signed Payload
│
└─Secure Boot dbx:
New version: 20241101
Remote ID: lvfs
Release ID: 108324
Summary: UEFI Secure Boot Forbidden Signature Database
Variant: x64-compat
License: Proprietary
Size: 23.3 kB
Created: 2023-05-09
Urgency: High
Vendor: Linux Foundation
Duration: 1 second
Release Flags: • Is upgrade
Description:
This updates the list of forbidden signatures (the "dbx") to the latest release from Microsoft.
An insecure version of Howyar's SysReturn software was added, due to a security vulnerability that allowed an attacker to bypass UEFI Secure Boot.
簡單說,就是有個針對 BIOS 的攻擊。
fwupdmgr 指令速成
fwupdmgr 指令由 fwupd 套件提供。
$ sudo apt list fwupd
Listing... Done
fwupd/jammy-updates,now 1.7.9-1~22.04.3 amd64 [installed,automatic]
可以透過 fwupdmgr --help 快速取得參數與說明。
get-*get 開頭的都是讀取資訊,因此可以放心執行。例如get-upgrades來取得更新清單。download如果怕網路不穩,造成 BIOS 更新失敗,可以先下載更新檔,再進行更新。refresh更新 Metadata 資料。(不過看起系統會定期自動執行)update進行 BIOS 更新。
如果執行 fwupdmgr get-upgrades 之後,你覺得沒有問題,再執行一下 update 並重開機就完成更新了。
$ sudo fwupdmgr update
WARNING: UEFI capsule updates not available or enabled in firmware setup
See https://github.com/fwupd/fwupd/wiki/PluginFlag:capsules-unsupported for more information.
╔══════════════════════════════════════════════════════════════════════════════╗
║ Upgrade UEFI dbx from 298 to 20241101? ║
╠══════════════════════════════════════════════════════════════════════════════╣
║ This updates the list of forbidden signatures (the "dbx") to the latest ║
║ release from Microsoft. ║
║ ║
║ An insecure version of Howyar's SysReturn software was added, due to a ║
║ security vulnerability that allowed an attacker to bypass UEFI Secure Boot. ║
║ ║
║ UEFI dbx and all connected devices may not be usable while updating. ║
╚══════════════════════════════════════════════════════════════════════════════╝
Perform operation? [Y|n]: y
Downloading… [***************************************]
Downloading… [***************************************]
Decompressing… [***************************************]
Decompressing… [***************************************]
Authenticating… [***************************************]
Authenticating… [***************************************]
Restarting device… [***************************************]
Writing… [***************************************]
Decompressing… [***************************************]
Writing… [***************************************]
Restarting device… [***************************************]
Waiting… [***************************************]
Successfully installed firmware
An update requires a reboot to complete. Restart now? [y|N]: y
這樣就完成了Ubuntu 系統的 firmware upgrade。
沒有留言:
張貼留言
感謝您的留言,如果我的文章你喜歡或對你有幫助,按個「讚」或「分享」它,我會很高興的。