Print Page | Close Window

Beebox N3000 KEK Certificate update issue Printed From: ASRock.com Category: Technical Support Forum Name: HTPC & Gaming Barebones & Others Forum Description: Question about HTPC & Gaming Barebones & Others URL: https://forum.asrock.com/forum_posts.asp?TID=113539 Printed Date: 24 Jun 2026 at 3:26am Software Version: Web Wiz Forums 12.04 - http://www.webwizforums.com Topic: Beebox N3000 KEK Certificate update issue Posted By: raichea Subject: Beebox N3000 KEK Certificate update issue Date Posted: 23 Jun 2026 at 10:01pm With the impending expiry of Microsoft's Secure Boot certificates, I have been trying to update them with fwupdmgr on my Barebones Beebox N3000 running Lubuntu 24.04 (which has worked perfectly since I bought it). Both the UEFI db and dbx certificates have been updated successfully but the KEK certificate consistently fails. I have tried resetting the certificates in the BIOS (which meant I had to reinstall the db and dbx certificates) but the KEK one still fails. As you'll see below, I do get a message "UEFI capsule updates not available or enabled in firmware setup". The link given and other information I've found suggests ensuring CSM is disabled (which it is) to correct this. It also mentions a setting for UEFI capsule updates, which doesn't appear to exist in my BIOS (v1.90). The truncated progress bar and other info I've found suggests that the efivars storage space is insufficient. Here's the relevant output from df -h: Filesystem      Size Used Avail Use% Mounted on efivarfs        128K   89K   35K 73% /sys/firmware/efi/efivars Here's the console output when trying to update the KEK certs: steve@beebox:~$ fwupdmgr update WARNING: UEFI capsule updates not available or enabled in firmware setup See https://github.com/fwupd/fwupd/wiki/PluginFlag:capsules-unsupported" rel="nofollow - https://github.com/fwupd/fwupd/wiki/PluginFlag:capsules-unsupported for more information. ?��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��? ??Upgrade KEK CA from 2011 to 2023?                                           ?? ?��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??�╣ ??This updates the UEFI Signature Database (the "KEK") to the latest release   ?? ??from Microsoft, signed by Root Agency.                                       ?? ??                                                                             ?? ?��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��??��? Perform operation? [Y|n]: Authenticating??        [***************************************]==== AUTHENTICATING FOR org.freedesktop.fwupd.update-internal-trusted ==== Authentication is required to update the firmware on this machine Authenticating as: Steve Russell (steve) Password: ==== AUTHENTICATION COMPLETE ==== Writing??               [******************************        ] failed to write-firmware: failed to write (null): failed to write data to efivarsfs: Error writing to file descriptor: Invalid argument Replies: Posted By: Xaltar Date Posted: 23 Jun 2026 at 11:55pm I loved the Beebox when it launched, neat little machine. Really great for low power tasks. Unfortunately I can't offer you any suggestions regarding your issue, I am only a forum moderator and as such do not speak for ASRock nor have access to their testing labs etc. That said, it may be worth opening a support ticket with them and inquiring about the "UEFI Capsule Update" setting. It may be a dead end with the Beebox N3000 being "End of Life" and thus no longer supported but it's worth a shot. Failing that, you might have some luck checking out BIOS modding forums for tools/hacks that can enable or disable hidden UEFI settings and switches. I haven't played with this myself for a long time now, pre UEFI, but I believe there are tools out there that let you customize a BIOS from a BIOS dump. You can open a support ticket with ASRock here: https://tw.asrock.com/events/tsd.asp?kind=MB" rel="nofollow - https://tw.asrock.com/events/tsd.asp?kind=MB ------------- Posted By: raichea Date Posted: 24 Jun 2026 at 1:21am Thanks for your thoughts... I tried to raise a ticket but the Beebox N3000 is so old that its SNID/serial number isn't recognised. I think I bought it in 2015 and it's been absolutely rock solid as a backup and media server. I've certainly had my money's worth from it but I'm loathe to scrap it when it's still doing all I need. I'll explore some of the options you've suggested but, if all else fails, I'll just disable Secure Boot - it's in a fairly secure environment anyway. Posted By: Xaltar Date Posted: 24 Jun 2026 at 2:41am That's pretty much what I have done with all my older systems. I can't bring myself to throw out perfectly good hardware that still does everything I ask of it. -------------

Print Page | Close Window Forum Software by Web Wiz Forums® version 12.04 - http://www.webwizforums.com Copyright ©2001-2021 Web Wiz Ltd. - https://www.webwiz.net