Bug#1105176: systemd-boot-efi-amd64-signed: Poor interaction with fwupd
David Härdeman
david at hardeman.nu
Mon May 12 21:17:46 BST 2025
Package: systemd-boot-efi-amd64-signed
Version: 257.5-2
Severity: normal
Dear Maintainer,
now that there is a signed version of systemd-boot, I decided to play
around a bit and try to get it to work without disabling SecureBoot on
my laptop.
So, with some dpkg --force flags, I removed grub-efi-amd64-signed and
installed systemd-boot, basically following the instructions from the
wiki [1].
Modulo complaints about essential packages being removed and shim having
missing dependencies (which was expected, given that [1] is still
pending).
Rebooted, and all worked suprisingly well. Later I noticed that I had a
pending fwupd firmware update (BIOS update). Ok, so I told fwupdtool to
install the update and rebooted. The update wasn't installed.
"fwupdtool get-history" claimed that the update had failed because
EFI/systemd/shimx64.efi was missing (so fwupd seems to have some logic
to determine which bootloader is in use). So I manually copied
EFI/debian/shimx64.efi to EFI/systemd and tried again. This time it
worked.
I'm not sure if this should be considered a bug in fwupd or in
systemd-boot.
[1] https://wiki.debian.org/SecureBoot#Secure_Boot_setup_with_systemd-boot
[2] https://salsa.debian.org/efi-team/shim-signed/-/merge_requests/3
More information about the Pkg-systemd-maintainers
mailing list