Description of problem: When installing Fedora 38 into a KVM virtual image using `virt-install --boot uefi`, it defaults to using the OVMF 2M files. Fedora 38 currently ships with dbx Configuration Update 190, so one of the updates a user will first encounter is the "Secure Boot dbx Configuration Update 190 -> 217". Attempting to apply this update through Software silently fails, and through fwdupdmgr results in: > failed to write data to efivarfs: Error writing to file descriptor: Invalid argument What really happened is the UEFI variable store in the 2M OVMF files is too small to be able to apply this update. Switching to using the ovmf-4m files shipped with Fedora 38 removes this issue and the update can then be applied correctly. What I'd like to see is the `virt-install --boot uefi` option default to using the OVMF 4M files instead of using the current OVMF 2M files, and that Fedora 38 ship with "Secure Boot dbx Configuration Update 217". Otherwise, the user of the VM will have this update for the entire lifetime of F38 and never be able to apply it. I believe the dbx update is a security update, so this adds to the concern. Version-Release number of selected component (if applicable): virt-install 4.1.0 How reproducible: Every time when using `--boot uefi`. Steps to Reproduce: 1. `virt-install --boot uefi --osinfo detect=off,name=fedora38 --arch x86_64 --machine q35 ...` 2. Go to Software and try to apply the "Secure Boot dbx Configuration Update 190 -> 217" 3. OR `fwupdmgr update` Actual results: Software silently fails, and fwupdmgr reports: > failed to write data to efivarfs: Error writing to file descriptor: Invalid argument Expected results: The update succeeds and the dbx is updated to 217. Additional info: See the discussion here for more details: https://discussion.fedoraproject.org/t/f38-secure-boot-dbx-configuration-update-190-217-fails-w-invalid-argument/79822
This message is a reminder that Fedora Linux 38 is nearing its end of life. Fedora will stop maintaining and issuing updates for Fedora Linux 38 on 2024-05-21. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a 'version' of '38'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, change the 'version' to a later Fedora Linux version. Note that the version field may be hidden. Click the "Show advanced fields" button if you do not see it. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora Linux 38 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora Linux, you are encouraged to change the 'version' to a later version prior to this bug being closed.
Fedora Linux 38 entered end-of-life (EOL) status on 2024-05-21. Fedora Linux 38 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora Linux please feel free to reopen this bug against that version. Note that the version field may be hidden. Click the "Show advanced fields" button if you do not see the version field. If you are unable to reopen this bug, please file a new report against an active release. Thank you for reporting this bug and we are sorry it could not be fixed.