Software Updates – Dismiss ‘Software Updates Installed’ Notification

notificationsoftware-centeruefiupdates

The problem described in this article

How can I dismiss "Software Updates Installed" notification

continues to plague me and the fixes in that article do not work in my case. I hope someone here can help!

I too receive the notification:

Software Update Installed
An important OS update has been installed.

In my case, this relates to a component called

UEFI dbx

whose window title in the Ubuntu Store is 371. If I click on the item shown in the Ubuntu store, a new message appears:

Downloading change information...

which after many minutes does not appear to deliver results nor exit.

The remedy suggested in the linked article, check in /var/lib/PackageKit and remove offline-update-completed, does not work for me since there is only one file there, called transactions.db which is an SQLite database. I haven't tried to explore that, maybe I should?

Nor do I have gnome-software installed.

I do notice in my syslog:

integrity: Revoking X.509 certificate: UEFI:dbx
blacklist: Revoked X.509 cert 'Canonical Ltd. Secure Boot Signing: 61482aa2830d0ab2ad5af10b7250da9033ddcef0'
integrity: Revoking X.509 certificate: UEFI:dbx
blacklist: Revoked X.509 cert 'Debian Secure Boot Signer: 00a7468def'

which puzzles me… perhaps related?

In case this is useful, I am running Ubuntu Mantic / 23.10, to which I recently upgraded from Lunar / 23.04. Perhaps some of these revoked UEFI certificates, especially UEFI:dbx, are the cause of my problem and should be dealt with, somehow?

Thanks in advance for any and all help.

Best Answer

Permanently dismiss the UEFI dbx update notification:

sudo fwupdmgr get-results 362301da643102b9f38477387e2193e57abaa590

sudo fwupdmgr clear-results 362301da643102b9f38477387e2193e57abaa590

Please note that if the update failed, "clearing" is only a temporary workaround. See below for details.

UEFI "dbx" is the UEFI Revocation List File, a list of revoked UEFI secure boot signatures, maintained by Unified Extensible Firmware Interface Forum. The computer motherboard's UEFI firmware uses it to block insecure boot loaders and drivers from compromising the system. When new security issues are found, the list needs to be updated.

The UEFI dbx update comes from the Linux Vendor Firmware Service (LVFS) tool fwupdmgr, which downloads and installs firmware updates for your hardware. The tool also keeps track of the result of updates (both failures and successes), which is why you see a notification. You can manually "clear" the UEFI dbx update result, and thus clear the notification.

On my computer, the first reason the notification kept popping up was that the UEFI dbx firmware update repeatedly failed. The second reason was that when it finally succeeded, Ubuntu didn't clear the result from fwupdmgr. I recommend making sure the update is actually successful first, otherwise the notification will keep coming back.

Manually executing fwupdmgr displays additional information in case there are issues.

sudo fwupdmgr update

For UEFI dbx I first got the failure message Blocked executable in the ESP ...; for fixes, see Impossible to update UEFI dbx and Secure Boot dbx Configuration Update 77 - 371 Ubuntu 23.10.

Reboot after update(s) succeed. Now you will get the notification an important operating system update has been installed after each login, until the update result is cleared.

First "get" the update result, for UEFI dbx and other firmware updates. (Masked other hardware devices and firmware below.)

sudo fwupdmgr get-results

0.  Cancel
1.  ........................................ (...)
2.  ........................................ (...)
3.  ........................................ (...)
4.  ........................................ (...)
5.  ........................................ (...)
6.  ........................................ (...)
7.  ........................................ (...)
8.  ........................................ (...)
9.  ........................................ (...)
10. ........................................ (...)
11. 362301da643102b9f38477387e2193e57abaa590 (UEFI dbx)
12. ........................................ (...)
Choose device [0-12]:  11

You can also display results for UEFI dbx directly. Am happy to see that the update was successful.

sudo fwupdmgr get-results 362301da643102b9f38477387e2193e57abaa590

UEFI dbx:
  Device ID:            362301da643102b9f38477387e2193e57abaa590
  Previous version:     190
  Update State:         Success
  Last modified:        2023-12-27 07:34
  GUID:                 fda6234b-adcb-5105-8515-9af647d29775
  Device Flags:         • Internal device
                        • Updatable
                        • Supported on remote server
                        • Needs a reboot after installation
                        • Device is usable for the duration of the update
                        • Only version upgrades are allowed
                        • Signed Payload

Now that you have inspected the successful result, you can clear it. (Clearing a result shows no output.)

sudo fwupdmgr clear-results 362301da643102b9f38477387e2193e57abaa590

When clearing, fwupdmgr registers that the notification has already been displayed to the user. Looking at the result again confirms this.

sudo fwupdmgr get-results 362301da643102b9f38477387e2193e57abaa590  

User has already been notified about UEFI dbx [362301da643102b9f38477387e2193e57abaa590]

Now the notification an important operating system update has been installed is gone. Reboot (or re-login) to confirm.

Related Question