Secure Boot keeps resetting upon systemd-boot upgrades

I’m too lazy to set up a custom secure boot config and I already have one installed through GNOME Software which also magically downgrades every time this happens. I would like to make Secure Boot always disabled.

It doesn’t become enabled every time I restart, it only happens every time some important package is upgraded (which I suspect to be systemd-boot), so I also don’t need the GNOME Software config anyway.

Secure boot is generally a BIOS setting. It shouldn’t be changing when the software in your system changes.

Can you describe in more detail what the issue you are having is?

It is changing every time I upgrade systemd-boot, which does copy an efi so I’m pretty sure that also affects the BIOS. And yes, I am changing ti in the BIOS. The issue is exactly as I said. In which part exactly would you like more detail?

Sorry if I’m a bit aggressive, I’m currently a bit frustrated over a lack of communication in a personal project.

It shouldn’t. It is just copying updated files to /efi. If that causes your secure boot settings to reset, there is possibly something wrong with your BIOS/firmware. Have you checked for any available BIOS updates?

I cannot find information on what the latest version of my BIOS should be. It’s the preinstalled one on the GWTC51427 and the current BIOS Version it displays is “CC-BI-14.1-TU140ALR110-ADB60A-259-N”. The top of it says “Aptio Setup - AMI”. However it says it was built on 2022-04-24 so I doubt the BIOS version is the problem.

What specifically is this package? It seems like uninstalling this would be a logical place to start.

You may be conflating EFI and UEFI. The EFI is a partition on your hard disk, and is not related to the BIOS.

Are you sure it is systemd-boot, and not something that is triggering an initramfs rebuild like updating the kernel? You can test be reinstalling systemd-boot and see if it causes the issue. Then reinstall the kernel and test.

I am pretty sure systemd-boot cannot change settings in the BIOS. In general, is uncommon for user space tools to be able to change UEFI/BIOS settings. If you do have software installed which can enable secure boot from user space, my guess would be it is whatever that secure boot configuration package you installed is.

I think the op is speaking about fwupd in Gnome:

image949×406 86.9 KB

I would just uninstall gnome-software package to see if the problem persists…

Here are the upgrade logs for last time this happened:

[2023-09-08T17:24:42-0400] [PACMAN] Running 'pacman -S -y --config /etc/pacman.conf --'
[2023-09-08T17:24:42-0400] [PACMAN] synchronizing package lists
[2023-09-08T17:25:48-0400] [PACMAN] Running 'pacman -S -y -u --ignore uxplay --config /etc/pacman.conf --'
[2023-09-08T17:25:48-0400] [PACMAN] synchronizing package lists
[2023-09-08T17:25:48-0400] [PACMAN] starting full system upgrade
[2023-09-08T17:26:00-0400] [ALPM] transaction started
[2023-09-08T17:26:01-0400] [ALPM] upgraded systemd-libs (254.1-1 -> 254.2-1)
[2023-09-08T17:26:01-0400] [ALPM] upgraded systemd (254.1-1 -> 254.2-1)
[2023-09-08T17:26:02-0400] [ALPM] upgraded mesa (1:23.1.6-4 -> 1:23.1.7-1)
[2023-09-08T17:26:02-0400] [ALPM] upgraded glib2 (2.76.5-1 -> 2.76.5-2)
[2023-09-08T17:26:02-0400] [ALPM] upgraded freerdp (2:2.10.0-4 -> 2:2.11.1-1)
[2023-09-08T17:26:02-0400] [ALPM] upgraded glib2-docs (2.76.5-1 -> 2.76.5-2)
[2023-09-08T17:26:03-0400] [ALPM] upgraded iproute2 (6.4.0-1 -> 6.5.0-1)
[2023-09-08T17:26:03-0400] [ALPM] upgraded lib32-glib2 (2.76.5-1 -> 2.76.5-2)
[2023-09-08T17:26:03-0400] [ALPM] upgraded lib32-mesa (1:23.1.6-4 -> 1:23.1.7-1)
[2023-09-08T17:26:03-0400] [ALPM] upgraded lib32-systemd (254.1-1 -> 254.2-1)
[2023-09-08T17:26:03-0400] [ALPM] upgraded lib32-vulkan-intel (1:23.1.6-4 -> 1:23.1.7-1)
[2023-09-08T17:26:03-0400] [ALPM] upgraded multipath-tools (0.9.5-1 -> 0.9.6-1)
[2023-09-08T17:26:03-0400] [ALPM] upgraded npm (9.8.1-1 -> 10.0.0-1)
[2023-09-08T17:26:03-0400] [ALPM] upgraded python-future (0.18.3-1 -> 0.18.3-2)
[2023-09-08T17:26:03-0400] [ALPM] upgraded systemd-sysvcompat (254.1-1 -> 254.2-1)
[2023-09-08T17:26:03-0400] [ALPM] upgraded vulkan-intel (1:23.1.6-4 -> 1:23.1.7-1)
[2023-09-08T17:26:03-0400] [ALPM] transaction completed
[2023-09-08T17:26:03-0400] [ALPM] running '20-systemd-sysusers.hook'...
[2023-09-08T17:26:03-0400] [ALPM] running '30-systemd-catalog.hook'...
[2023-09-08T17:26:04-0400] [ALPM] running '30-systemd-daemon-reload.hook'...
[2023-09-08T17:26:04-0400] [ALPM] running '30-systemd-hwdb.hook'...
[2023-09-08T17:26:04-0400] [ALPM] running '30-systemd-sysctl.hook'...
[2023-09-08T17:26:04-0400] [ALPM] running '30-systemd-tmpfiles.hook'...
[2023-09-08T17:26:04-0400] [ALPM] running '30-systemd-udev-reload.hook'...
[2023-09-08T17:26:04-0400] [ALPM] running '30-systemd-update.hook'...
[2023-09-08T17:26:04-0400] [ALPM] running 'dbus-reload.hook'...
[2023-09-08T17:26:04-0400] [ALPM] running 'eos-reboot-required.hook'...
[2023-09-08T17:26:04-0400] [ALPM] running 'rebuild-detector.hook'...
[2023-09-08T17:26:06-0400] [ALPM] running 'systemd-boot.hook'...
[2023-09-08T17:26:06-0400] [ALPM-SCRIPTLET] Copied "/usr/lib/systemd/boot/efi/systemd-bootx64.efi" to "/efi/EFI/systemd/systemd-bootx64.efi".
[2023-09-08T17:26:06-0400] [ALPM-SCRIPTLET] Copied "/usr/lib/systemd/boot/efi/systemd-bootx64.efi" to "/efi/EFI/BOOT/BOOTX64.EFI".

And here are the logs directly before that:

[2023-09-07T19:08:26-0400] [PACMAN] Running 'pacman -S -y -u --config /etc/pacman.conf --'
[2023-09-07T19:08:26-0400] [PACMAN] synchronizing package lists
[2023-09-07T19:08:26-0400] [PACMAN] starting full system upgrade
[2023-09-07T19:09:14-0400] [ALPM] transaction started
[2023-09-07T19:09:14-0400] [ALPM] upgraded alsa-card-profiles (1:0.3.79-1 -> 1:0.3.79-2)
[2023-09-07T19:09:14-0400] [ALPM] upgraded alsa-ucm-conf (1.2.9-1 -> 1.2.10-2)
[2023-09-07T19:09:14-0400] [ALPM] upgraded alsa-lib (1.2.9-1 -> 1.2.10-1)
[2023-09-07T19:09:14-0400] [ALPM] upgraded hwdata (0.373-1 -> 0.374-1)
[2023-09-07T19:09:14-0400] [ALPM] upgraded alsa-utils (1.2.9-1 -> 1.2.10-1)
[2023-09-07T19:09:14-0400] [ALPM] upgraded dbus (1.14.8-1 -> 1.14.10-1)
[2023-09-07T19:09:14-0400] [ALPM] upgraded libnghttp2 (1.55.1-1 -> 1.56.0-1)
[2023-09-07T19:09:14-0400] [ALPM] upgraded ca-certificates-mozilla (3.92-1 -> 3.93-1)
[2023-09-07T19:09:14-0400] [ALPM] upgraded libnl (3.7.0-3 -> 3.8.0-1)
[2023-09-07T19:09:14-0400] [ALPM] upgraded android-tools (34.0.1-3 -> 34.0.4-1)
[2023-09-07T19:09:14-0400] [ALPM] upgraded avahi (1:0.8+r22+gfd482a7-1 -> 1:0.8+r127+g55d783d-1)
[2023-09-07T19:09:14-0400] [ALPM] upgraded boost-libs (1.83.0-1 -> 1.83.0-2)
[2023-09-07T19:09:15-0400] [ALPM] upgraded boost (1.83.0-1 -> 1.83.0-2)
[2023-09-07T19:09:16-0400] [ALPM] upgraded btrfs-progs (6.3.3-1 -> 6.5-1)
[2023-09-07T19:09:16-0400] [ALPM] upgraded cbindgen (0.24.6-1 -> 0.25.0-1)
[2023-09-07T19:09:16-0400] [ALPM] upgraded libedit (20221030_3.1-1 -> 20230828_3.1-1)
[2023-09-07T19:09:16-0400] [ALPM] upgraded qt5-base (5.15.10+kde+r152-1 -> 5.15.10+kde+r155-1)
[2023-09-07T19:09:16-0400] [ALPM] upgraded copyq (7.0.0-1 -> 7.1.0-1)
[2023-09-07T19:09:16-0400] [ALPM] upgraded libpipewire (1:0.3.79-1 -> 1:0.3.79-2)
[2023-09-07T19:09:16-0400] [ALPM] upgraded pipewire (1:0.3.79-1 -> 1:0.3.79-2)
[2023-09-07T19:09:16-0400] [ALPM] upgraded pipewire-audio (1:0.3.79-1 -> 1:0.3.79-2)
[2023-09-07T19:09:16-0400] [ALPM] upgraded pipewire-jack (1:0.3.79-1 -> 1:0.3.79-2)
[2023-09-07T19:09:16-0400] [ALPM] upgraded srt (1.5.2-1 -> 1.5.3-1)
[2023-09-07T19:09:16-0400] [ALPM] installed jbigkit (2.1-7)
[2023-09-07T19:09:16-0400] [ALPM] upgraded libtiff (4.5.1-1 -> 4.6.0rc1-1)
[2023-09-07T19:09:16-0400] [ALPM] upgraded ffmpeg (2:6.0-8 -> 2:6.0-9)
[2023-09-07T19:09:17-0400] [ALPM] upgraded foomatic-db (3:20230709-1 -> 3:20230903-1)
[2023-09-07T19:09:17-0400] [ALPM] upgraded foomatic-db-nonfree (3:20230709-1 -> 3:20230903-1)
[2023-09-07T19:09:17-0400] [ALPM] upgraded foomatic-db-nonfree-ppds (3:20230709-1 -> 3:20230903-1)
[2023-09-07T19:09:17-0400] [ALPM] upgraded foomatic-db-ppds (3:20230709-1 -> 3:20230903-1)
[2023-09-07T19:09:17-0400] [ALPM] installed passim (0.1.1-1)
[2023-09-07T19:09:17-0400] [ALPM] upgraded gnupg (2.2.41-1 -> 2.2.41-2)
[2023-09-07T19:09:18-0400] [ALPM] upgraded fwupd (1.9.4-1 -> 1.9.5-1)
[2023-09-07T19:09:18-0400] [ALPM] upgraded libcloudproviders (0.3.2-1 -> 0.3.4-1)
[2023-09-07T19:09:18-0400] [ALPM] upgraded libvirt (1:9.6.0-1 -> 1:9.7.0-1)
[2023-09-07T19:09:18-0400] [ALPM] upgraded nss (3.92-1 -> 3.93-1)
[2023-09-07T19:09:18-0400] [ALPM] upgraded libcacard (2.7.0-2 -> 2.7.0-3)
[2023-09-07T19:09:18-0400] [ALPM] upgraded virtiofsd (1.7.2-1 -> 1.8.0-1)
[2023-09-07T19:09:18-0400] [ALPM] upgraded procps-ng (4.0.3-1 -> 4.0.4-1)
[2023-09-07T19:09:18-0400] [ALPM] upgraded gnome-boxes (44.2-1 -> 44.3-1)
[2023-09-07T19:09:18-0400] [ALPM] upgraded gperf (3.1-4 -> 3.1-5)
[2023-09-07T19:09:18-0400] [ALPM] upgraded groff (1.23.0-3 -> 1.23.0-4)
[2023-09-07T19:09:18-0400] [ALPM] upgraded gst-plugin-pipewire (1:0.3.79-1 -> 1:0.3.79-2)
[2023-09-07T19:09:18-0400] [ALPM] upgraded gzip (1.12-3 -> 1.13-2)
[2023-09-07T19:09:18-0400] [ALPM] upgraded highlight (4.7-1 -> 4.8-1)
[2023-09-07T19:09:18-0400] [ALPM] upgraded openssh (9.4p1-2 -> 9.4p1-3)
[2023-09-07T19:09:19-0400] [ALPM] upgraded openmpi (4.1.5-3 -> 4.1.5-5)
[2023-09-07T19:09:19-0400] [ALPM] upgraded imagemagick (7.1.1.15-3 -> 7.1.1.15-4)
[2023-09-07T19:09:19-0400] [ALPM] upgraded ldb (2:2.7.2-2 -> 2:2.8.0-1)
[2023-09-07T19:09:19-0400] [ALPM] upgraded lib32-alsa-lib (1.2.9-1 -> 1.2.10-1)
[2023-09-07T19:09:19-0400] [ALPM] upgraded lib32-dbus (1.14.8-1 -> 1.14.10-1)
[2023-09-07T19:09:19-0400] [ALPM] upgraded lib32-libnghttp2 (1.55.1-1 -> 1.56.0-1)
[2023-09-07T19:09:19-0400] [ALPM] upgraded lib32-libtiff (4.5.1-1 -> 4.6.0rc1-1)
[2023-09-07T19:09:19-0400] [ALPM] upgraded lib32-llvm-libs (16.0.6-1 -> 16.0.6-2)
[2023-09-07T19:09:19-0400] [ALPM] upgraded lib32-nss (3.92-1 -> 3.93-1)
[2023-09-07T19:09:19-0400] [ALPM] upgraded libadwaita (1:1.3.4-1 -> 1:1.3.5-1)
[2023-09-07T19:09:19-0400] [ALPM] upgraded libgphoto2 (2.5.30-2 -> 2.5.31-1)
[2023-09-07T19:09:19-0400] [ALPM] upgraded libteam (1.31-8 -> 1.32-1)
[2023-09-07T19:09:19-0400] [ALPM] upgraded libwbclient (4.18.6-1 -> 4.19.0-1)
[2023-09-07T19:09:19-0400] [ALPM] upgraded licenses (20230729-1 -> 20230903-1)
[2023-09-07T19:09:19-0400] [ALPM] upgraded luajit (2.1.1692616192-1 -> 2.1.1693350652-1)
[2023-09-07T19:09:19-0400] [ALPM] upgraded lzlib (1.13-2 -> 1.13-3)
[2023-09-07T19:09:19-0400] [ALPM] upgraded netpbm (10.73.43-1 -> 10.73.43-2)
[2023-09-07T19:09:19-0400] [ALPM] upgraded nodejs (20.5.1-1 -> 20.6.0-1)
[2023-09-07T19:09:19-0400] [ALPM] upgraded ostree (2023.6-1 -> 2023.6-3)
[2023-09-07T19:09:23-0400] [ALPM] upgraded papirus-icon-theme (20230801-1 -> 20230901-1)
[2023-09-07T19:09:23-0400] [ALPM] upgraded pipewire-alsa (1:0.3.79-1 -> 1:0.3.79-2)
[2023-09-07T19:09:23-0400] [ALPM] upgraded pipewire-pulse (1:0.3.79-1 -> 1:0.3.79-2)
[2023-09-07T19:09:23-0400] [ALPM] upgraded pnpm (8.7.1-1 -> 8.7.4-1)
[2023-09-07T19:09:23-0400] [ALPM] upgraded python-appdirs (1.4.4-8 -> 1.4.4-9)
[2023-09-07T19:09:23-0400] [ALPM] upgraded python-jaraco.functools (3.8.1-1 -> 3.9.0-1)
[2023-09-07T19:09:23-0400] [ALPM] upgraded python-mutagen (1.46.0-2 -> 1.47.0-1)
[2023-09-07T19:09:23-0400] [ALPM] upgraded python-pluggy (1.2.0-1 -> 1.3.0-1)
[2023-09-07T19:09:23-0400] [ALPM] upgraded python-soupsieve (2.4.1-1 -> 2.5-1)
[2023-09-07T19:09:23-0400] [ALPM] upgraded python-tqdm (4.66.1-1 -> 4.66.1-2)
[2023-09-07T19:09:23-0400] [ALPM] upgraded qpdf (11.5.0-1 -> 11.6.1-1)
[2023-09-07T19:09:23-0400] [ALPM] upgraded smbclient (4.18.6-1 -> 4.19.0-1)
[2023-09-07T19:09:23-0400] [ALPM] upgraded samba (4.18.6-1 -> 4.19.0-1)
[2023-09-07T19:09:23-0400] [ALPM] upgraded splix (2.0.0-19 -> 2.0.0-20)
[2023-09-07T19:09:23-0400] [ALPM] upgraded upscayl-bin (2.5.5-1 -> 2.7.5-1)
[2023-09-07T19:09:24-0400] [ALPM] upgraded visual-studio-code-bin (1.81.1-1 -> 1.82.0-1)
[2023-09-07T19:09:24-0400] [ALPM-SCRIPTLET] e(Be[me[1me[34m==>e(Be[me[1me[33m NOTE:e(Be[me[1m Custom flags should be put directly in: ~/.config/code-flags.confe(Be[m
[2023-09-07T19:09:24-0400] [ALPM] upgraded winetricks (20220411-1 -> 20230212-1)
[2023-09-07T19:09:24-0400] [ALPM] upgraded zsh-completions (0.34.0-4 -> 0.35.0-1)
[2023-09-07T19:09:24-0400] [ALPM] transaction completed
[2023-09-07T19:09:26-0400] [ALPM] running '20-systemd-sysusers.hook'...
[2023-09-07T19:09:27-0400] [ALPM] running '30-systemd-daemon-reload.hook'...
[2023-09-07T19:09:27-0400] [ALPM] running '30-systemd-hwdb.hook'...
[2023-09-07T19:09:27-0400] [ALPM] running '30-systemd-sysctl.hook'...
[2023-09-07T19:09:27-0400] [ALPM] running '30-systemd-tmpfiles.hook'...
[2023-09-07T19:09:27-0400] [ALPM] running '30-systemd-udev-reload.hook'...
[2023-09-07T19:09:27-0400] [ALPM] running '30-systemd-update.hook'...
[2023-09-07T19:09:27-0400] [ALPM] running '30-update-mime-database.hook'...
[2023-09-07T19:09:28-0400] [ALPM] running '40-update-ca-trust.hook'...
[2023-09-07T19:09:28-0400] [ALPM] running '90-qt5-styleplugins.hook'...
[2023-09-07T19:09:28-0400] [ALPM-SCRIPTLET] [WARNING] qt5-base was updated, qt5 applications will break until qt5-styleplugins is rebuilt.
[2023-09-07T19:09:28-0400] [ALPM] running 'dbus-reload.hook'...
[2023-09-07T19:09:28-0400] [ALPM] running 'detect-old-perl-modules.hook'...
[2023-09-07T19:09:28-0400] [ALPM-SCRIPTLET] error: No package owns /usr/lib/perl5/5.36
[2023-09-07T19:09:28-0400] [ALPM-SCRIPTLET] WARNING: 6 file(s) in /usr/lib/perl5/5.36 are not tracked by pacman and need to be rebuilt.
[2023-09-07T19:09:28-0400] [ALPM-SCRIPTLET]  -> These were most likely installed directly by cpan or a similar tool.
[2023-09-07T19:09:28-0400] [ALPM-SCRIPTLET]     Run the following command to get a list of these files:
[2023-09-07T19:09:28-0400] [ALPM-SCRIPTLET]     LC_ALL=C find "/usr/lib/perl5/5.36" -type f -exec pacman -Qqo {} + |& sed -n 's/^error: No package owns \(.*\)$/\1/p'
[2023-09-07T19:09:28-0400] [ALPM] running 'eos-reboot-required.hook'...
[2023-09-07T19:09:28-0400] [ALPM] running 'glib-compile-schemas.hook'...
[2023-09-07T19:09:28-0400] [ALPM] running 'gtk-update-icon-cache.hook'...
[2023-09-07T19:09:33-0400] [ALPM] running 'rebuild-detector.hook'...
[2023-09-07T19:09:37-0400] [ALPM-SCRIPTLET] foreign	jdk8-temurin
[2023-09-07T19:09:37-0400] [ALPM] running 'texinfo-install.hook'...
[2023-09-07T19:09:37-0400] [ALPM] running 'update-desktop-database.hook'...

Yeah, I’m pretty sure it’s that. However I haven’t touched GNOME Software for a month so I doubt it’s that (I use MATE).