How can I dismiss "Software Updates Installed" notification - the saga continues

Question

The problem described in this article

How can I dismiss "Software Updates Installed" notification

continues to plague me and the fixes in that article do not work in my case. I hope someone here can help!

I too receive the notification:

Software Update Installed
An important OS update has been installed.

In my case, this relates to a component called

UEFI dbx

whose window title in the Ubuntu Store is 371. If I click on the item shown in the Ubuntu store, a new message appears:

Downloading change information...

which after many minutes does not appear to deliver results nor exit.

The remedy suggested in the linked article, check in /var/lib/PackageKit and remove offline-update-completed, does not work for me since there is only one file there, called transactions.db which is an SQLite database. I haven't tried to explore that, maybe I should?

Nor do I have gnome-software installed.

I do notice in my syslog:

integrity: Revoking X.509 certificate: UEFI:dbx
blacklist: Revoked X.509 cert 'Canonical Ltd. Secure Boot Signing: 61482aa2830d0ab2ad5af10b7250da9033ddcef0'
integrity: Revoking X.509 certificate: UEFI:dbx
blacklist: Revoked X.509 cert 'Debian Secure Boot Signer: 00a7468def'

which puzzles me... perhaps related?

In case this is useful, I am running Ubuntu Mantic / 23.10, to which I recently upgraded from Lunar / 23.04. Perhaps some of these revoked UEFI certificates, especially UEFI:dbx, are the cause of my problem and should be dealt with, somehow?

Thanks in advance for any and all help.

Answer 1

Permanently dismiss the UEFI dbx update notification:

sudo fwupdmgr get-results 362301da643102b9f38477387e2193e57abaa590
sudo fwupdmgr clear-results 362301da643102b9f38477387e2193e57abaa590

Please note that if the update failed, "clearing" is only a temporary workaround. See below for details.

---

UEFI "dbx" is the UEFI Revocation List File, a list of revoked UEFI secure boot signatures, maintained by Unified Extensible Firmware Interface Forum. The computer motherboard's UEFI firmware uses it to block insecure boot loaders and drivers from compromising the system. When new security issues are found, the list needs to be updated.

The UEFI dbx update comes from the Linux Vendor Firmware Service (LVFS) tool fwupdmgr, which downloads and installs firmware updates for your hardware. The tool also keeps track of the result of updates (both failures and successes), which is why you see a notification. You can manually "clear" the UEFI dbx update result, and thus clear the notification.

---

On my computer, the first reason the notification kept popping up was that the UEFI dbx firmware update repeatedly failed. The second reason was that when it finally succeeded, Ubuntu didn't clear the result from fwupdmgr. I recommend making sure the update is actually successful first, otherwise the notification will keep coming back.

Manually executing fwupdmgr displays additional information in case there are issues.

sudo fwupdmgr update

For UEFI dbx I first got the failure message Blocked executable in the ESP ...; for fixes, see Impossible to update UEFI dbx and Secure Boot dbx Configuration Update 77 - 371 Ubuntu 23.10.

Reboot after update(s) succeed. Now you will get the notification an important operating system update has been installed after each login, until the update result is cleared.

---

First "get" the update result, for UEFI dbx and other firmware updates. (Masked other hardware devices and firmware below.)

sudo fwupdmgr get-results

0.  Cancel
1.  ........................................ (...)
2.  ........................................ (...)
3.  ........................................ (...)
4.  ........................................ (...)
5.  ........................................ (...)
6.  ........................................ (...)
7.  ........................................ (...)
8.  ........................................ (...)
9.  ........................................ (...)
10. ........................................ (...)
11. 362301da643102b9f38477387e2193e57abaa590 (UEFI dbx)
12. ........................................ (...)
Choose device [0-12]:  11

You can also display results for UEFI dbx directly. Am happy to see that the update was successful.

sudo fwupdmgr get-results 362301da643102b9f38477387e2193e57abaa590

UEFI dbx:
  Device ID:            362301da643102b9f38477387e2193e57abaa590
  Previous version:     190
  Update State:         Success
  Last modified:        2023-12-27 07:34
  GUID:                 fda6234b-adcb-5105-8515-9af647d29775
  Device Flags:         • Internal device
                        • Updatable
                        • Supported on remote server
                        • Needs a reboot after installation
                        • Device is usable for the duration of the update
                        • Only version upgrades are allowed
                        • Signed Payload

Now that you have inspected the successful result, you can clear it. (Clearing a result shows no output.)

sudo fwupdmgr clear-results 362301da643102b9f38477387e2193e57abaa590

When clearing, fwupdmgr registers that the notification has already been displayed to the user. Looking at the result again confirms this.

sudo fwupdmgr get-results 362301da643102b9f38477387e2193e57abaa590  

User has already been notified about UEFI dbx [362301da643102b9f38477387e2193e57abaa590]

Now the notification an important operating system update has been installed is gone. Reboot (or re-login) to confirm.

Answer 2

Update 2023-11-26

After a lot of attempting once again to make the message go gracefully away, I decided that maybe I just needed to uninstall snapd and start over again.

So I

sudo apt purge snapd

which failed because some firefox hunspell dictionaries were mounted read-only; I unmounted them and re-ran the uninstall, which informed me that snapd was not installed... that seemed suspicious, since the uninstall failed. So I installed it, uninstalled it, and installed it again:

sudo apt install snapd
sudo apt purge snapd
sudo apt install snapd

and those all worked without complaints. When I issued

snap list

I saw that nothing was installed; so I decided to install bare and then firefox.

sudo snap install bare
sudo snap install firefox

Those ran to completion and

1. I have a working firefox
2. I don't have the "important software update" message any more
3. oddly, all snaps that bare and firefox caused to be installed, including themselves, are using the latest/stable channel

I'll see how this works going forward and for sure I'll be back if problems arise again.

The below "worked" for awhile but the message came back 2023-11-26

Good news on this; this morning I stumbled on this conversation which suggested:

$ killall snap-store
$ sudo snap refresh snap-store --channel=latest/stable/ubuntu-23.10

My case (related to what the snap store was tracking) was the same, and changing the channel has at least made the recurring informational message go away.

I note there is a subsequent post which suggests having both app stores installed works fine; I haven't tried that yet as I use synaptic and apt for managing the apt store.

Also I note that the fix suggested references bug report #2036765 which is at least interesting.

Answer 3

killall snap-store && sudo snap switch snap-store --channel=latest/stable/ubuntu-23.10 && sudo snap refresh

Worked for me.

Answer 4

On Ubuntu 23.10, I managed to resolve the issue by emptying the /var/log/unattended-upgrades folder.