Cannot re-enroll keys after upgrading system

[NomisIV]

I upgraded the CPU in my system, and after booting the computer prompted me to wipe the fTPM. After booting (with secure-boot disabled) I tried enrolling the keys again.

How to reproduce:

• Unknown initial state after clearing the fTPM from upgrading the CPU
• Wipe all keys (or some keys) in UEFI settings
• Enter setup mode in UEFI
• run sbctl enroll-keys --microsoft in a CLI, as root

I get the following error from the command:

Enrolling keys to EFI variables...
With vendor keys from microsoft...✗
sbctl requires root to run: couldn't sync keys: couldn't write efi variable: write /sys/firmware/efi/efivars/dbx-d719b2cb-3d3a-4596-a3bc-dad00e67656f: permission denied

I have previously had secure boot enabled on this computer (with the old CPU), for which I created and enrolled the keys without any issue. I don't understand why it's not working now.

[Foxboron]

Which version of sbctl is this?

[NomisIV]

Version 0.12

[Foxboron]

Please update to 0.13. sbctl shouldn't be acting on the dbx variable anymore.

[NomisIV]

That seems to have solved my problem! I will try rebooting now :)