All keys have been deleted

[solsticedhiver]

I just discovered that my lenovo laptop X270 is not in Secure Boot but in Setup Mode and that all the keys (PK, KEK, db, dbx) have been deleted.

I just performed an update of the BIOS to 0.1.46 using fwupgmgr update

I don't know if that situation was there before or if it happened because of the upgrade.

ALL EFI entries to boot have been deleted too.

I saw a Reset system during the upgrade. May be that's the thing.

I don't think the keys should have been deleted. May be we need to check for an update from windows

I am running archlinux

# fwupdmgr --version
runtime   org.freedesktop.fwupd         1.8.3
runtime   org.freedesktop.fwupd-efi     1.3
compile   org.freedesktop.gusb          0.3.10
runtime   com.dell.libsmbios            2.4
runtime   org.kernel                    5.18.16-zen1-1-zen
runtime   com.hughsie.libjcat           0.1.11
compile   com.hughsie.libjcat           0.1.11
compile   org.freedesktop.fwupd         1.8.3
runtime   org.freedesktop.gusb          0.3.10

[superm1]

fwupd doesn't directly delete any keys like this. However the capsule update process may have done it. Transferring over to Lenovo to investigate.

[solsticedhiver]

I was able to get back those OEM keys by using an option in the BIOS. So no harm done. I use shim for Secure Boot.

[mrhpearson]

Thanks @joseghasto - I've added notes to the internal ticket looking at this issue (LO-2077). The FW team are investigating