UEFI update prompt from System 76

Psimon · March 8, 2025, 5:59am

Hello all,

I have been using a Lenovo Ideapad 3 (Lick) with Coreboot and PopOS installed for a couple of years without issue (it runs much better than my more powerful Windows PC I use for work).

I recently received a prompt to update system firmware UEFI dbx, however I wonder if I should proceed as I originally flashed the firmware from MrChromebox guide and I would not wish to damage my system,

Would greatly appreciate any advice on whether to proceed or not, and if not, how would I disable the constant reminders?

Lenovo Ideapad 3 (Lick), Intel (R) Celeron (R) N4020 CPU @ 1.10GHZ 4096MB RAM

Thank you,
Simon

tony1x1 · March 9, 2025, 5:23pm

Can’t really advise you on this, but you may find the update won’t actually install, a few of us have had issues with it. See this thread here… https://forum.chrultrabook.com/t/ultramarine-linux-error-updating-secureboot-dbx/3651

MrChromebox · March 9, 2025, 5:38pm

the UEFI secureboot revocation database (DBX) is an updatable component of the UEFI firmware that tells secureboot what signed EFI executables not to trust anymore. It’s designed to be updated independently of the main firmware, but MrChromebox firmware does not support this feature at the current time. You can ignore for now and the next MrChromebox update will include an updated DBX.

Psimon · March 10, 2025, 1:57am

Understood, and thank you. Do you know of any way to disable the notification to apply the DBX update?

MrChromebox · March 10, 2025, 2:02am

not offhand unfortunately. How often are you seeing it?

Psimon · March 10, 2025, 2:06am

All the time ha ha. Not a big deal, a minor annoyance I can live with. But I will ask on a related PopOS forum, thanks.
Simon

bilditup1 · January 30, 2026, 11:10pm

Hi! Thank you for all the work you’ve done on this!

I have just received this update notification on Ultramarine 43 (Plasma variant). Presumably the move is still to ignore this update? Apparently the one that is installed right now dates to 2023. Am I right in assuming that it’s not a huge deal/an attacker would need to have local root access in order to take advantage of any whitelisted keys that they’ve gotten hold of?

Thanks again!

Regardless, not sure how much longer I will stay on this distribution–KDE Plasma might have been too ambitious an attempt for Cave (Skylake m3, 4GB)

MrChromebox · January 31, 2026, 7:47pm

The issue with the update failing to apply was fixed several revisions ago, you can apply the update and it will persist across OS changes

bilditup1 · February 1, 2026, 1:09am

Brilliant! Thanks for the quick/straightforward affirmation and for fixing this already