Issue with UEFI Firmware Update on Linux VMs in Proxmox

[Gabro88]

Hi everyone,
I’m new to the Proxmox community and have encountered an issue that I can’t seem to resolve, despite trying several steps and getting help from ChatGPT. I hope someone here can assist me.

I have a server running Proxmox, and all Linux virtual machines (Debian 12 and Ubuntu 22.04 and 24.04) hosted on this hypervisor fail to update the UEFI firmware using fwupd. When I run the command:

fwupdmgr upgrade

I get the following error:

WARNING: UEFI capsule updates not available or enabled in firmware setup
See https://github.com/fwupd/fwupd/wiki/PluginFlag:capsules-unsupported for more information.
...
failed to write data to efivarfs: Error writing to file descriptor: Invalid argument

From the output of dmesg | grep -i efi, I can confirm that the virtual machine is booted in EFI mode, but this line also appears:

Kernel is locked down from EFI Secure Boot mode; see man kernel_lockdown.7

Initially, I suspected that Secure Boot was the issue, so I disabled it on the Proxmox host. However, the problem persists, and the error remains unchanged.

Steps I’ve Tried​

1. EFI Support Confirmed:
   The virtual machines are running with UEFI firmware (OVMF), and the efivars file system is mounted correctly.
2. Secure Boot Disabled:
   I disabled Secure Boot on the Proxmox host, but it didn’t resolve the issue.
3. Updated Proxmox and OVMF:
   I updated the Proxmox system and packages to the latest version:
4. Checked Permissions on efivars:
   I verified the permissions on the efivars file system and enabled write access:
5. Debugging with fwupd:
   I analyzed the logs of fwupd using: Unfortunately, there are no additional messages explaining why the UEFI capsule support is unavailable.

Thanks in advance for any advice or guidance!

 

[_gabriel]

I have a server running Proxmox, and all Linux virtual machines (Debian 12 and Ubuntu 22.04 and 24.04) hosted on this hypervisor fail to update the UEFI firmware using fwupd.

fwupdmgr must be run on host not in VM.
FYI, VM use a virtual Bios/EFI provided by PVE, not updatable by guest, managed by PVE itself.

 

[Gabro88]

Oh wow!
Now I understand the reason!
I'll try it!

Thanks a lot for now!

 

[Gabro88]

fwupdmgr must be run on host not in VM.
FYI, VM use a virtual Bios/EFI provided by PVE, not updatable by guest, managed by PVE itself.

I've tried running fwupdmgr on the host, but I get this result.
It' seems the UEFI partition isn't mounted... but it is mounted and the system is working in UEFI mode.

WARNING: UEFI ESP partition not detected or configured
See https://github.com/fwupd/fwupd/wiki/PluginFlag:esp-not-found for more information.
WARNING: Will measure elements of system integrity around an update
See https://github.com/fwupd/fwupd/wiki/PluginFlag:measure-system-integrity for more information.
Devices with no available firmware updates:
• UEFI Device Firmware
• INTEL SSDPEKNW512G8L

Devices with the latest available firmware version:
 • System Firmware

• UEFI Device Firmware
• UEFI dbx
• Micron 2300 NVMe 512GB

And this is the log (journalctl -u fwupd) :

Dec 28 11:08:39 HomeProxmox systemd[1]: Starting fwupd.service - Firmware update daemon...
Dec 28 11:08:40 HomeProxmox fwupd[3136]: 10:08:40.510 FuPluginUefiCapsule cannot find default ESP: No ESP or BDP found
Dec 28 11:08:42 HomeProxmox systemd[1]: Started fwupd.service - Firmware update daemon.
Dec 28 11:08:42 HomeProxmox fwupd[3136]: 10:08:42.137 FuPluginLinuxSwap could not parse /proc/swaps: failed to call org.freedesktop.UDisks2.Manager.GetBlockDevices(): The name org.freedesktop.UDisks2 was not provided by any .service files

Thanks in advance for any advice or guidance!

 

[_gabriel]

What's your goal ?
For motherboard BIOS, update it from within BIOS, with dowloaded updated BIOS from vendor.
it's not PVE related.