Continuing the discussion from Efivars is getting full - what to clean up?:
Which BIOS version are you using?
3.09
Which Framework Laptop 13 model are you using? AMD Ryzen™ 7040 Series
Same as the OP of the previous post, my efivars are nearly full (96%). This is preventing LVFS from installing critical UEFI certificates. Why is the efivars size so small (148K) on this device and why so many variables? On a different home pc the efivars size is large (256K) and has much less variables (76K)
I haven’t needed to try this move, but I’ve logged it for later reference, for saving-clearing-reloading EFIVARS which I assume to be portable across the UEFI ecosystem. My assumption might be wrong – and you may lose all custom configuration including pre-existing UEFI/Secure Boot certificates – so I hope someone more familiar with the Framework firmware and it EC roots can confirm or warn off.
K3n.
As a follow-up, I took the UEFI Shell from the UEFI-mode installer and ran this triple of commands to free some space in the efivars on my Framework 13 AMD, and sys/firmware/efivars is still showing 96% use.
K3n.
I’m having this issue as well (also on a Framework 13 AMD 7040 series): the efivarfs mounted on /sys/firmware/efi/efivars is 94% full and doesn’t have enough free space for a Secure Boot signature database update.
I don’t know if it helps or not.
My FW16is:
df -h
efivarfs 148K 68K 76K 48% /sys/firmware/efi/efivars
ls -l (so you can compare sizes to see what is taking all the room. I don't use secure boot).
-rw-r--r-- 1 root root 12 Aug 11 11:34 AcpiGlobalVariable-c020489e-6db2-4ef2-9aa5-ca06fc11d36a
-rw-r--r-- 1 root root 32 Aug 11 11:34 ActiveVgaDev-59d1c24f-50f1-401a-b101-f33e0daed443
-rw-r--r-- 1 root root 14 Aug 11 11:34 AmdAcpiVar-79941ecd-ed36-49d0-8124-e4c31ac75cd4
-rw-r--r-- 1 root root 1284 Aug 11 11:34 AMD_PBS_SETUP-a339d746-f678-49b3-9fc7-54ce0f9df226
-rw-r--r-- 1 root root 12 Aug 11 11:34 AMD_RAID-fe26a894-d199-47d4-8afa-070e3d54ba86
-rw-r--r-- 1 root root 1667 Aug 11 11:34 AmdSetupPHX-3a997502-647a-4c82-998e-52ef9486a247
-rw-r--r-- 1 root root 5 Aug 11 11:34 AmdVariableProtection-408f573d-65ee-49ed-8bc5-5a32bbeae745
-rw-r--r-- 1 root root 404 Aug 11 11:34 AodCoreInfo-5ed15dc0-edef-4161-9151-6014c4cc630c
-rw-r--r-- 1 root root 404 Aug 11 11:34 AodCoreInfoTemp-5ed15dc0-edef-4161-9151-6014c4cc630c
-rw-r--r-- 1 root root 810 Aug 11 11:34 AodSetupPhx-5ed15dc0-edef-4161-9151-6014c4cc630c
-rw-r--r-- 1 root root 8 Aug 11 11:34 ApSyncFlagNv-ad3f6761-f0a3-46c8-a4cb-19b70ffdb305
-rw-r--r-- 1 root root 122 Aug 11 11:34 Boot0000-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 134 Aug 11 11:34 Boot0001-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 122 Aug 11 11:34 Boot0002-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 46 Aug 11 11:34 Boot2001-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 44 Aug 11 11:34 Boot2002-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 40 Aug 11 11:34 Boot2003-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 6 Aug 11 11:34 BootCurrent-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 8 Aug 11 11:34 BootOptionSupport-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 16 Aug 11 11:34 BootOrder-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 52 Aug 11 11:34 Capsule0000-39b68c46-f7fb-441b-b6ec-16b0f69821f3
-rw-r--r-- 1 root root 26 Aug 11 11:34 CapsuleLast-39b68c46-f7fb-441b-b6ec-16b0f69821f3
-rw-r--r-- 1 root root 96 Aug 11 11:34 certdb-59d1c24f-50f1-401a-b101-f33e0daed443
-rw-r--r-- 1 root root 112 Aug 11 11:34 certdbv-59d1c24f-50f1-401a-b101-f33e0daed443
-rw-r--r-- 1 root root 36 Aug 11 11:34 COMPAL-b697de83-1ab6-42c4-9dee-a806c637818b
-rw-r--r-- 1 root root 53 Aug 11 11:34 ConIn-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 53 Aug 11 11:34 ConInCandidateDev-59d1c24f-50f1-401a-b101-f33e0daed443
-rw-r--r-- 1 root root 84 Aug 11 11:34 ConInDev-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 40 Aug 11 11:34 ConOut-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 40 Aug 11 11:34 ConOutCandidateDev-59d1c24f-50f1-401a-b101-f33e0daed443
-rw-r--r-- 1 root root 40 Aug 11 11:34 ConOutDev-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 5 Aug 11 11:34 CurrentPolicy-77fa9abd-0359-4d32-bd60-28f4e78f784b
-rw-r--r-- 1 root root 10 Aug 11 11:34 CustomPlatformLang-59d1c24f-50f1-401a-b101-f33e0daed443
-rw-r--r-- 1 root root 5 Aug 11 11:34 CustomSecurity-59d1c24f-50f1-401a-b101-f33e0daed443
-rw-r--r-- 1 root root 4404 Aug 11 11:34 db-d719b2cb-3d3a-4596-a3bc-dad00e67656f
-rw-r--r-- 1 root root 8897 Aug 11 11:34 dbDefault-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 19808 Aug 11 11:34 dbx-d719b2cb-3d3a-4596-a3bc-dad00e67656f
-rw-r--r-- 1 root root 20768 Aug 11 11:34 dbxDefault-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 40 Aug 11 11:34 ErrOutDev-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 8 Aug 11 11:34 EsrtLastAttemptStatus-6ae76af1-c002-5d64-8e18-658d205acf34
-rw-r--r-- 1 root root 8 Aug 11 11:34 EsrtLastAttemptVersion-6ae76af1-c002-5d64-8e18-658d205acf34
-rw-r--r-- 1 root root 410 Aug 11 11:34 FeData-1f2d63e1-febd-4dc7-9cc5-ba2b1cef9c5b
-rw-r--r-- 1 root root 5 Aug 11 11:34 H2OFormDialogConfig-98ae8272-ce5a-46be-9f5d-d9f9cbbb99f2
-rw-r--r-- 1 root root 12 Aug 11 11:34 IhisiParamBuffer-92e59835-5f42-4e0b-9a84-47c7810ea806
-rw-r--r-- 1 root root 1596 Aug 11 11:34 IP6_CONFIG_IFR_NVDATA-02eea107-98db-400e-9830-460a1542d799
-rw-r--r-- 1 root root 2821 Aug 11 11:34 KEK-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 4327 Aug 11 11:34 KEKDefault-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 8 Aug 11 11:34 Lang-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 17 Aug 11 11:34 LangCodes-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 78 Aug 11 11:34 LoaderDevicePartUUID-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f
-rw-r--r-- 1 root root 46 Aug 11 11:34 LoaderInfo-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f
-rw-r--r-- 1 root root 5 Aug 11 11:34 MemoryOverwriteRequestControl-e20939be-32d4-41be-a150-897f85d49829
-rw-r--r-- 1 root root 5 Aug 11 11:34 MemoryOverwriteRequestControlLock-bb983ccf-151d-40e1-a07b-4a17be168292
-rw-r--r-- 1 root root 1128 Aug 11 11:34 MokListRT-605dab50-e046-4300-abb6-3dd810dd8b23
-rw-r--r-- 1 root root 5 Aug 11 11:34 MokListTrustedRT-605dab50-e046-4300-abb6-3dd810dd8b23
-rw-r--r-- 1 root root 80 Aug 11 11:34 MokListXRT-605dab50-e046-4300-abb6-3dd810dd8b23
-rw-r--r-- 1 root root 5 Aug 11 11:34 MpmMmioS3SaveUefiVariable-8facafae-6d58-4b36-bf09-e60571b157d2
-rw-r--r-- 1 root root 12 Aug 11 11:34 MsdmAddress-fd21bf2b-f5d1-46c5-aee3-c60158339239
-rw-r--r-- 1 root root 8 Aug 11 11:34 MTC-eb704011-1402-11d3-8e77-00a0c969723b
-rw-r--r-- 1 root root 5 Aug 11 11:34 NetworkSetup-a04a27f4-df00-4d42-b552-39511302113d
-rw-r--r-- 1 root root 8 Aug 11 11:34 OfflineUniqueIDEKPubCRC-eaec226f-c9a3-477a-a826-ddc716cdc0e3
-rw-r--r-- 1 root root 260 Aug 11 11:34 OfflineUniqueIDEKPub-eaec226f-c9a3-477a-a826-ddc716cdc0e3
-rw-r--r-- 1 root root 12 Aug 11 11:34 OsIndications-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 12 Aug 11 11:34 OsIndicationsSupported-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 87 Aug 11 11:34 PasswordConfig-f72deef6-13ef-4958-b027-0e45ce7fa45e
-rw-r--r-- 1 root root 10 Aug 11 11:34 PhysicalBootOrder-59d1c24f-50f1-401a-b101-f33e0daed443
-rw-r--r-- 1 root root 1369 Aug 11 11:34 PK-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 1369 Aug 11 11:34 PKDefault-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 10 Aug 11 11:34 PlatformLang-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 34 Aug 11 11:34 PlatformLangCodes-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 20 Aug 11 11:34 PlugInVgaHandles-59d1c24f-50f1-401a-b101-f33e0daed443
-rw-r--r-- 1 root root 5 Aug 11 11:34 RestoreFactoryDefault-59d1c24f-50f1-401a-b101-f33e0daed443
-rw-r--r-- 1 root root 22 Aug 11 11:34 SbatLevelRT-605dab50-e046-4300-abb6-3dd810dd8b23
-rw-r--r-- 1 root root 5 Aug 11 11:34 SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 92 Aug 11 11:34 SecureBootData-aa1305b9-01f3-4afb-920e-c9b979a852fd
-rw-r--r-- 1 root root 5 Aug 11 11:34 SecureBootEnforce-59d1c24f-50f1-401a-b101-f33e0daed443
-rw-r--r-- 1 root root 18 Aug 11 11:34 SecureFlashInfo-382af2bb-ffff-abcd-aaee-cce099338877
-rw-r--r-- 1 root root 5 Aug 11 11:34 SetPcrBanks-8376bdca-5e03-4735-951a-4a74141e5886
-rw-r--r-- 1 root root 754 Aug 11 11:34 Setup-a04a27f4-df00-4d42-b552-39511302113d
-rw-r--r-- 1 root root 5 Aug 11 11:34 SetupMode-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 36 Aug 11 11:34 SignatureSupport-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 16 Aug 11 11:34 StatusCodeLog-59d1c24f-50f1-401a-b101-f33e0daed443
-rw-r--r-- 1 root root 14 Aug 11 11:34 Tcg2ConfigInfo-07a66697-d400-4903-b3da-67a61d2b7058
-rw-r--r-- 1 root root 20 Aug 11 11:34 Tcg2PhysicalPresence-aeb9c5c1-94f1-4d02-bfd9-4602db2d3c54
-rw-r--r-- 1 root root 8 Aug 11 11:34 Tcg2PhysicalPresenceFlags-aeb9c5c1-94f1-4d02-bfd9-4602db2d3c54
-rw-r--r-- 1 root root 6 Aug 11 11:34 Timeout-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 12 Aug 11 11:34 TrEEPhysicalPresence-f24643c2-c622-494e-8a0d-4632579c2d5b
-rw-r--r-- 1 root root 5 Aug 11 11:34 TrEEPhysicalPresenceFlags-f24643c2-c622-494e-8a0d-4632579c2d5b
-rw-r--r-- 1 root root 5 Aug 11 11:34 UmaCarveOutDefault-0e5ce58d-e59b-4f93-904a-6ef2b97a41d7
-rw-r--r-- 1 root root 36 Aug 11 11:34 UnlockIDCopy-eaec226f-c9a3-477a-a826-ddc716cdc0e3
-rw-r--r-- 1 root root 76 Aug 11 11:34 UserVgaSelection-59d1c24f-50f1-401a-b101-f33e0daed443
-rw-r--r-- 1 root root 5 Aug 11 11:34 VarErrorFlag-04b37fe8-f6ae-480b-bdd5-37d98c5e89aa
-rw-r--r-- 1 root root 5 Aug 11 11:34 VendorKeys-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 4659 Aug 11 11:34 WIFI_MANAGER_IFR_NVDATA-9f94d327-0b18-4245-8ff2-832e300d2cef
Something interesting I’ve noticed is that df -h reports that the space used in /sys/firmware/efi/efivars is 135kB (out of 148kB total), but this is significantly more than what you get by adding up the file sizes: running stat -c '%s' /sys/firmware/efi/efivars/* | paste -sd+ | bc gives about 73kB as the sum of the file sizes.
This is because for any file there is unused space in the allocated file allocation units.
For a 512 byte sector (as typically used on old PCs) consider what happens if you create an empty file. The file will show as being 0 bytes, but the space used by the file will be 512 bytes. With larger allocation units as used on SSDs this effect gets worse.
That doesn’t explain the numbers I’m seeing. If I round up every file size to the next multiple of 512 bytes and sum those, I get around 114 kB, still smaller than the reported usage. If I round up to multiples of 1024 bytes instead, I get around 157 kB, which isn’t possible since that’s more than the reported total space. Also, SSD behavior shouldn’t be relevant here since, if I understand correctly, EFI variables are stored in NVRAM, not on the SSD.
Have you checked through how many directory entries fit in an allocation unit? If there are directorys with only a handful of entries the same applies there as well.
I have the same issue. When I lauch ls -lh /sys/firmware/efi/efivars/ I notice that variables dbx and dbxDefault occupy much more space than the others (21Kb and 18kb respectively whereas the other variables don’t exceed 6Kb each).
Therefore the problem is that the dbx database continue increasing at each EFI update since it contains revoked signatures, and it is just a matter of time until efivarfs get filled up.
Reported this issue on GitHub: efivarfs out of space when attempting firmware update · Issue #90 · FrameworkComputer/SoftwareFirmwareIssueTracker · GitHub
Hopefully someone at Framework will be able to figure out what’s causing this and how to fix it.