commit 5d913ea80c688c838282914d1014dac576875990
parent 758b451fcc3e4c25bc33567df3057e7a9a06586a
Author: KΓ©vin Le Gouguec <kevin.legouguec@gmail.com>
Date: Sat, 8 Feb 2025 12:22:44 +0100
Do the thing
Current regret level: mild.
Diffstat:
1 file changed, 52 insertions(+), 0 deletions(-)
diff --git a/guides/sysadmin/machines/amdahl30/maintenance.org b/guides/sysadmin/machines/amdahl30/maintenance.org
@@ -19,6 +19,7 @@ So the thing is loud, it always spins at full speed, and if one day it
decides to become even louder than usual, you're SOL.
* Motherboard
** Firmware updates
+*** Prologue
Quoth ~fwupdmgr get-devices~:
#+begin_example
@@ -93,6 +94,57 @@ my desktop station⦠not bricked?
Pity, because otherwise I've had smooth and incident-free firmware
updates on other stations with ~fwupdmgr~ π€·
+*** But then
+{{{narrator(waves vaguely toward [[file:killing-time.org][that whole debacle]])}}}
+*** Our protagonist sets forth
+Put the =.2G1= file on the USB stick, rebooted into UEFI, rebooted
+into "M-Flash", did the thing, rebooted.
+
+Predictably:
+#+begin_example
+Entering rescue mode...
+grub rescue> help
+Unknown command `help'.
+grub rescue>
+#+end_example
+
+=ls='d and =set='d around, browsed a couple of online posts from
+similarly marooned comrades. QWERTY wore me down before I could
+damage things further; disabled Secure Boot on a whim and lo! It
+BooteΓΎ Again!
+*** But doΓΎ it fwupdate ΓΎough?
+#+begin_example
+$ fwupdmgr update
+WARNING: UEFI capsule updates not available or enabled in firmware setup
+See https://github.com/fwupd/fwupd/wiki/PluginFlag:capsules-unsupported for more information.
+#+end_example
+πΎ
+
+{{{ad(But wait\, there's more!)}}}
+
+#+begin_example
+ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
+β Upgrade UEFI dbx from 20230501 to 20241101? β
+β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ£
+β This updates the list of forbidden signatures (the "dbx") to the latest β
+β release from Microsoft. β
+β β
+β An insecure version of Howyar's SysReturn software was added, due to a β
+β security vulnerability that allowed an attacker to bypass UEFI Secure Boot. β
+β β
+ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
+Perform operation? [Y|n]: n
+Devices with no available firmware updates:
+ β’ SA400S37480G
+ β’ SSD 980 500GB
+#+end_example
+
+Getting mixed signals here.
+*** Can I have Secure Boot back though?
+Off the top of my head:
+- that dbx update?
+- ~sudo blarney-grub2 --pretty -pls --with-sugar=top --with-sugar=top~?
+- dracut?
* SSD
LDLC's off-brand SSD died, fortunately within the warranty period.
Replaced it, and⦠I guess I should shoehorn a joke about "a descent
