sbctl + fwupdtool do not recognize secure boot / UEFI boot on Framework laptop 12

[juliadin]

Hi,

i am using NixOS unstable and lanzaboote on several devices for a while now with great success, thank you, and a very similar configuration on all of the devices (different makes and models).

Lately i have switched to a framework laptop 12 - secureboot enabled, custom keys enrolled, vendor keys removed, everything works well.

Some days ago, I can't exactly pinpoint when, the framework started to report in the OS that secureboot was switched off. I tried having a look if there was a firmware update with fwupdtool get-updates and noticed that it did not report the UEFI dbx stuff.

I tried fwupdtool security and the output reported:

`
Runtime Suffix -!
✔ fwupd plugins: Untainted
✔ Linux kernel lockdown: Enabled
✔ Linux swap: Encrypted
✔ Linux kernel: Untainted
✘ CET OS Support: Not supported
✘ UEFI secure boot: Disabled

This system has HSI runtime issues.
» https://fwupd.github.io/hsi.html#hsi-runtime-suffix

Host Security Events
2025-11-15 21:12:12: ✘ CET OS Support changed: Supported → Not supported
2025-11-15 19:41:29: ✔ CET OS Support changed: Not supported → Supported
2025-11-13 14:02:15: ✘ CET OS Support changed: Supported → Not supported
2025-11-13 12:26:32: ✔ CET OS Support changed: Not supported → Supported
2025-11-13 12:21:48: ✔ Pre-boot DMA protection changed: Invalid → Enabled
2025-11-10 20:20:56: ✘ CET OS Support changed: Supported → Not supported
2025-11-10 20:20:56: ✘ Secure Boot disabled
2025-11-10 20:20:56: ✘ Pre-boot DMA protection changed: Enabled → Invalid
2025-11-10 18:37:03: ✔ CET OS Support changed: Not supported → Supported
2025-11-10 15:33:05: ✘ CET OS Support changed: Supported → Not supported
2025-11-10 15:33:05: ✔ Secure Boot enabled
`

so ... it DID report secureboot being enabled at some point (and in the UEFI setup it is definitely reported as enabled and booting an unsigned or MS signed OS will fail) but it changed.

sbctl status reports:

❯ sudo sbctl status system is not booted with UEFI

yet the kernel log tends to disagree on both counts:

[    0.000000] Linux version 6.17.7 (nixbld@localhost) (gcc (GCC) 14.3.0, GNU ld (GNU Binutils) 2.44) #1-NixOS SMP PREEMPT_DYNAMIC Sun Nov  2 13:18:05 UTC 2025
[    0.000000] Command line: init=/nix/store/nq2gas0s1grj67n7v9rwxb3sp5kylp5l-nixos-system-transporta-25.11pre895122.c5ae371f1a6a/init lockdown=confidentiality tsx=auto quiet splash boot.shell_on_fail udev.log_priority=3 rd.systemd.show_status=auto root=fstab splash loglevel=3 lsm=lockdown,landlock,capability,yama,apparmor audit=1 audit_backlog_limit=1024 apparmor=1
[    0.000000] x86/split lock detection: #AC: crashing the kernel on kernel split_locks and warning on user-space split_locks
[    0.000000] BIOS-provided physical RAM map:
[    0.000000] BIOS-e820: [mem 0x0000000000000000-0x000000000009efff] usable
[    0.000000] BIOS-e820: [mem 0x000000000009f000-0x00000000000fffff] reserved
[    0.000000] BIOS-e820: [mem 0x0000000000100000-0x000000003d228fff] usable
[    0.000000] BIOS-e820: [mem 0x000000003d229000-0x000000003db28fff] reserved
[    0.000000] BIOS-e820: [mem 0x000000003db29000-0x000000003f93efff] usable
[    0.000000] BIOS-e820: [mem 0x000000003f93f000-0x00000000419defff] reserved
[    0.000000] BIOS-e820: [mem 0x00000000419df000-0x000000004498efff] ACPI NVS
[    0.000000] BIOS-e820: [mem 0x000000004498f000-0x0000000044afefff] ACPI data
[    0.000000] BIOS-e820: [mem 0x0000000044aff000-0x0000000044afffff] usable
[    0.000000] BIOS-e820: [mem 0x0000000044b00000-0x00000000493fffff] reserved
[    0.000000] BIOS-e820: [mem 0x000000004a000000-0x00000000503fffff] reserved
[    0.000000] BIOS-e820: [mem 0x00000000c0000000-0x00000000cfffffff] reserved
[    0.000000] BIOS-e820: [mem 0x00000000fed20000-0x00000000fed7ffff] reserved
[    0.000000] BIOS-e820: [mem 0x00000000ff000000-0x00000000ffffffff] reserved
[    0.000000] BIOS-e820: [mem 0x0000000100000000-0x00000008afbfffff] usable
[    0.000000] Kernel is locked down from command line; see man kernel_lockdown.7
[    0.000000] NX (Execute Disable) protection: active
[    0.000000] APIC: Static calls initialized
[    0.000000] efi: EFI v2.8 by INSYDE Corp.
[    0.000000] efi: ACPI=0x44afe000 ACPI 2.0=0x44afe014 TPMFinalLog=0x44906000 SMBIOS=0x3ffda000 MEMATTR=0x39084098 ESRT=0x39ee7698 RNG=0x44a0df18 INITRD=0x39065f98 TPMEventLog=0x44a0a018 
[    0.000000] random: crng init done
[    0.000000] efi: Remove mem96: MMIO range=[0xc0000000-0xcfffffff] (256MB) from e820 map
[    0.000000] e820: remove [mem 0xc0000000-0xcfffffff] reserved
[    0.000000] efi: Remove mem98: MMIO range=[0xff000000-0xffffffff] (16MB) from e820 map
[    0.000000] e820: remove [mem 0xff000000-0xffffffff] reserved
[    0.000000] SMBIOS 3.4 present.
...
[    0.005198] Secure boot enabled
...
[    0.146880] LSM: initializing lsm=capability,lockdown,landlock,yama,apparmor
[    0.146880] landlock: Up and running.
[    0.146880] Yama: becoming mindful.
[    0.146880] AppArmor: AppArmor initialized
...
[    0.840319] efivars: Registered efivars operations
...
[   13.377472] Bluetooth: hci0: Secure boot is enabled
...

so the kernel honors secure boot policies and is aware that it's a EFI boot.

I am a bit lost in debugging where this is coming from and how to even start debugging.

The Thinkpad T460 i have as a secondary devide runs the same nix config (same kernel version, same config of the kernel, same lanzaboote git rev) with slight differences for adjusting to EC interfaces etc. and reports secureboot alright. THe only difference at the low level I can think of is that the framework also loads the framework kernel module that is imported via nixos-hardware.

Can you maybe point me in the right direction?

[juliadin]

Tried removing the reference to the framework module in the config - switched and rebooted... it didn't make a difference so most likely it's not that.

I will test with another Thinkpad X280 later that has a TPM2.0 and newer EFI ROM while the T460 is quite old and still has a TPM 1.2 interface, idk if that makes a difference.

Additional info: the log shows a change on the 10th of november from enabled to disabled. I will go through the git history of my nix config that day and see if I changed something. I did not make any firmware updates though.

[juliadin]

in the error condition, the efivars fs is mounted and available:

# mount | grep efi
efivarfs on /sys/firmware/efi/efivars type efivarfs (rw,nosuid,nodev,noexec,relatime)

~ 
# ls -l /sys/firmware/efi/efivars                       
.rw-r--r-- 7.5k root root 16 Nov 10:36 󰡯 dbDefault-8be4df61-93ca-11d2-aa0d-00e098032b8c
.rw-r--r--  18k root root 16 Nov 10:36 󰡯 dbxDefault-8be4df61-93ca-11d2-aa0d-00e098032b8c
.rw-r--r--  410 root root 16 Nov 10:36 󰡯 FeData-1f2d63e1-febd-4dc7-9cc5-ba2b1cef9c5b
.rw-r--r--    5 root root 16 Nov 10:36 󰡯 H2OFormDialogConfig-98ae8272-ce5a-46be-9f5d-d9f9cbbb99f2
.rw-r--r-- 1.6k root root 16 Nov 10:36 󰡯 IP6_CONFIG_IFR_NVDATA-02eea107-98db-400e-9830-460a1542d799
.rw-r--r-- 4.4k root root 16 Nov 10:36 󰡯 KEKDefault-8be4df61-93ca-11d2-aa0d-00e098032b8c
.rw-r--r--   87 root root 16 Nov 10:36 󰡯 PasswordConfig-f72deef6-13ef-4958-b027-0e45ce7fa45e
.rw-r--r--    5 root root 16 Nov 10:36 󰡯 PciBusSetup-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9
.rw-r--r-- 1.4k root root 16 Nov 10:36 󰡯 PKDefault-8be4df61-93ca-11d2-aa0d-00e098032b8c
.rw-r--r--   92 root root 16 Nov 10:36 󰡯 SecureBootData-aa1305b9-01f3-4afb-920e-c9b979a852fd
.rw-r--r--   14 root root 16 Nov 10:36 󰡯 Tcg2ConfigInfo-07a66697-d400-4903-b3da-67a61d2b7058
.rw-r--r-- 4.7k root root 16 Nov 10:36 󰡯 WIFI_MANAGER_IFR_NVDATA-3441803e-5a88-4941-82f0-858a1085276c

[juliadin]

The X280 reports UEFI boot and sbctl reports secure boot enabled