pacman -Suy did not help. Google finds little info, only one unsolved similar case with Tuxedo OS.
I could chose to ignore this, but a paragraph in the description is a bit unsettling (emph. mine):
“Before installing the update, fwupd will check for any affected executables in the ESP and will refuse to update if it finds any boot binaries signed with any of the forbidden signatures. If the installation fails, you will need to update shim and grub packages before the update can be deployed.”
OTOH, secure boot is not enabled anyway. But then, why does the update appear? Also, jump from 83 to 217?
_
In case I botched something that need fixing: The system was installed about a fortnight ago, and I have never touched the ESP.
KDE Plasma Version: 5.26.5
KDE Frameworks Version: 5.103.0
Qt Version: 5.15.8
Kernel Version: 6.1.12-1-MANJARO (64-bit)
Graphics Platform: X11
The reason this only shows up in Discover and not any package manager is because it is a firmware update, not a package. Pacman and Pamac are not built to handle firmware updates, but Discover is.
For firmware, Discover is just a layer on top of fwupd, so try installing it directly through the CLI instead:
sudo fwupdmgr refresh
sudo fwupdmgr update
As for the concerning paragraph you found in the description, according to the reddit thread you linked UEFI dbx is responsible for adding extra keys to Secure Boot. Secure Boot only allows firmware signed by a key your manufacturer trusts, and most manufacturers don’t really like 3rd party firmware (e.g. not Windows), so this would be useful to enable Secure Boot using keys you trust but your manufacturer doesn’t. So, I would assume this paragraph just refers to that, and nothing to worry about.
Note: I am not 100% sure about that last part, just my understanding.
