interpreting one line of my FWUPD output

brent

inspired from poor @MetaNorm 's thread here (fwupd and permission problems) in that I always forget to run this command yearly.
So I did.
$sudo fwupdmgr update --verbose (fwupdmgr:17016): GLib-GIO-DEBUG: 11:56:43.201: _g_io_module_get_default: Found default implementation dconf (DConfSettingsBackend) for ‘gsettings-backend’ (fwupdmgr:17016): dconf-DEBUG: 11:56:43.201: watch_fast: "/system/proxy/" (establishing: 0, active: 0) (fwupdmgr:17016): dconf-DEBUG: 11:56:43.201: watch_fast: "/system/proxy/http/" (establishing: 0, active: 0) (fwupdmgr:17016): dconf-DEBUG: 11:56:43.201: watch_fast: "/system/proxy/https/" (establishing: 0, active: 0) (fwupdmgr:17016): dconf-DEBUG: 11:56:43.201: watch_fast: "/system/proxy/ftp/" (establishing: 0, active: 0) (fwupdmgr:17016): dconf-DEBUG: 11:56:43.201: watch_fast: "/system/proxy/socks/" (establishing: 0, active: 0) (fwupdmgr:17016): GLib-GIO-DEBUG: 11:56:43.202: _g_io_module_get_default: Found default implementation local (GLocalVfs) for ‘gio-vfs’ (fwupdmgr:17016): pxbackend-DEBUG: 11:56:43.203: px_config_sysconfig_set_config_file: Could not read file /etc/sysconfig/proxy (fwupdmgr:17016): pxbackend-DEBUG: 11:56:43.203: Active config plugins: (fwupdmgr:17016): pxbackend-DEBUG: 11:56:43.203: - config-env (fwupdmgr:17016): pxbackend-DEBUG: 11:56:43.203: - config-kde (fwupdmgr:17016): pxbackend-DEBUG: 11:56:43.203: - config-gnome (fwupdmgr:17016): pxbackend-DEBUG: 11:56:43.203: - config-sysconfig (fwupdmgr:17016): GLib-GIO-DEBUG: 11:56:43.204: Failed to initialize portal (GNetworkMonitorPortal) for gio-network-monitor: Not using portals (fwupdmgr:17016): dconf-DEBUG: 11:56:43.206: watch_established: "/system/proxy/" (establishing: 1) (fwupdmgr:17016): dconf-DEBUG: 11:56:43.206: watch_established: "/system/proxy/http/" (establishing: 1) (fwupdmgr:17016): dconf-DEBUG: 11:56:43.206: watch_established: "/system/proxy/https/" (establishing: 1) (fwupdmgr:17016): dconf-DEBUG: 11:56:43.206: watch_established: "/system/proxy/ftp/" (establishing: 1) (fwupdmgr:17016): dconf-DEBUG: 11:56:43.206: watch_established: "/system/proxy/socks/" (establishing: 1) (fwupdmgr:17016): GLib-GIO-DEBUG: 11:56:43.206: _g_io_module_get_default: Found default implementation networkmanager (GNetworkMonitorNM) for ‘gio-network-monitor’ (fwupdmgr:17016): pxbackend-DEBUG: 11:56:43.206: px_manager_constructed: Up and running (fwupdmgr:17016): GLib-GIO-DEBUG: 11:56:43.206: _g_io_module_get_default: Found default implementation libproxy (GLibproxyResolver) for ‘gio-proxy-resolver’ (fwupdmgr:17016): Fwupd-DEBUG: 11:56:43.208: Emitting ::status-changed() [idle] **WARNING: This package has not been validated, it may not work properly.** Devices with no available firmware updates: • MZ7LN128HCHP-000F1 • System Firmware Devices with the latest available firmware version: • UEFI dbx (fwupdmgr:17016): FuMain-DEBUG: 11:56:43.218: current version is 20241101: 20241101=sameI never used the--verbose arg before its cool.

This all looks normal to me; I just have a single question:
What package is invalid? Is it referring to itself, the app? Or what?

thanks!

TraceyC

I don't see anything about an invalid package. I see:

brent WARNING: This package has not been validated, it may not work properly.

This is something that was reported to the fwupd project, as you can see in some of the results of your search link. The most recent one is this, where they say this is expected when the package is built from source, and we build our packages from source.

It's an error with confusing wording, that doesn't mean anything and can be ignored since the package works.

brent

https://html.duckduckgo.com/html?q=fwupd%20WARNING%3A%20This%20package%20has%20not%20been%20validated%2C%20it%20may%20not%20work%20properly.

I read every single article on this page.
none of them has to do with permissions...
...par for the Linux course, most have wildly different explanations..
...if I have seen any similarities it's 2-3 posts where "invalid" directly referred to an un-named plugin or a snap/flatpak package
etc. still reading.

brent

$ sudo systemctl status fwupd.service
[sudo] password for brent:
● fwupd.service - Firmware update daemon
     Loaded: loaded (/usr/lib/systemd/system/fwupd.service; static)
    Drop-In: /usr/lib64/systemd/system/service.d
             └─10-timeout-abort.conf
     Active: active (running) since Fri 2025-05-09 11:55:43 MST; 1h 34min ago
       Docs: https://fwupd.org/
   Main PID: 16962 (fwupd)
      Tasks: 6 (limit: 18767)
     Memory: 24.3M
        CPU: 1.464s
     CGroup: /system.slice/fwupd.service
             └─16962 /usr/lib64/fwupd/fwupd/fwupd

May 09 11:55:41 budgie systemd[1]: Starting fwupd.service - Firmware update daemon...
May 09 11:55:41 budgie fwupd[16962]: 18:55:41.670 FuEngine             no GUIDs for device TPM [dfb1a4db3787a1799167fb68010ef732c71041f9]
May 09 11:55:42 budgie fwupd[16962]: ERROR:tcti:src/tss2-tcti/tcti-device.c:455:Tss2_Tcti_Device_Init() Failed to open specified TCTI device file /d>
May 09 11:55:42 budgie fwupd[16962]: ERROR:tcti:src/tss2-tcti/tctildr-dl.c:149:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-device.>
May 09 11:55:43 budgie fwupd[16962]: ERROR:tcti:src/tss2-tcti/tcti-device.c:506:Tss2_Tcti_Device_Init() timeout waiting for response from fd 14
May 09 11:55:43 budgie fwupd[16962]: 18:55:43.818 FuMain               Daemon ready for requests (locale en_US.utf8)
May 09 11:55:43 budgie systemd[1]: Started fwupd.service - Firmware update daemon.
May 09 11:55:44 budgie fwupd[16962]: 18:55:44.083 FuEngine             HSI attribute org.fwupd.hsi.Kernel.Lockdown (from linux_lockdown) had unknown>

fwupd error log in systemctl?
start researching these errors and give yourself a good scare. The TCTI stuff is supposed to be related to TPM tools but I don't have that installed. Most of the TCTI stuff in filesystem is .so files so linked.
Cut 'n paste any line from the error log it's
one
long
rabbit
hole
🙂

brent

HSI runtime issues:
$ sudo fwupdmgr security
[sudo] password for brent:
WARNING: This package has not been validated, it may not work properly.
Host Security ID: HSI:0! (v1.9.29)

HSI-1
✔ BIOS firmware updates: Enabled
✔ Platform debugging: Disabled
✔ SPI write: Disabled
✔ SPI lock: Enabled
✔ SPI BIOS region: Locked
✔ Supported CPU: Valid
✔ TPM empty PCRs: Valid
✔ UEFI bootservice variables: Locked
✔ UEFI platform key: Valid
✘ TPM v2.0: Disabled

HSI-2
✔ Platform debugging: Locked
✔ TPM PCR0 reconstruction: Valid
✘ Intel BootGuard: Not supported
✘ IOMMU: Not found

HSI-3
✘ CET Platform: Not supported
✘ Pre-boot DMA protection: Invalid
✘ Suspend-to-idle: Disabled
✘ Suspend-to-ram: Enabled

HSI-4
✘ Encrypted RAM: Not supported
✘ SMAP: Not supported

Runtime Suffix -!
✔ fwupd plugins: Untainted
✔ Linux kernel: Untainted
✘ Linux kernel lockdown: Unknown
✘ Linux swap: Unencrypted
✘ UEFI secure boot: Disabled

This system has a low HSI security level.
» https://fwupd.github.io/hsi.html#low-security-level

This system has HSI runtime issues.
» https://fwupd.github.io/hsi.html#hsi-runtime-suffix

Upload these anonymous results to the Linux Vendor Firmware Service to help other users? [y|N]: y

------I don't have the stomach for this!!! 🙂!! Miller time. Lighting the grill instead!
🍻