In data venerdì 7 giugno 2024 07:00:49 CEST, Masaru Nomiya ha scritto:
Hello,
Sorry, forgot to add.
In the Message;
Subject : Re: Shim error message about "blocked executable in ESP" Message-ID : <87tti5pdup.wl-nomiya@lake.dti.ne.jp> Date & Time: Fri, 07 Jun 2024 13:37:50 +0900
[MN] == Masaru Nomiya <nomiya@lake.dti.ne.jp> has written:
MN> Hello,
MN> In the Message;
MN> Subject : Re: Shim error message about "blocked executable in ESP" MN> Message-ID : <0a8b0630-a849-4038-81df-921658d04074@gmail.com> MN> Date & Time: Fri, 7 Jun 2024 07:05:15 +0300
MN> [AB] == Andrei Borzenkov <arvidjaar@gmail.com> has written:
AB> On 07.06.2024 03:27, Masaru Nomiya wrote: MN> [...] N> > It says that it could not update the UEFI dbx.
AB> No. What it says - if dbx is updated the system may become AB> unbootable because there is EFI binary that will be blocked from AB> execution. And it shows the exact name of this binary. Now it is AB> up to the system administrator to decide wheth this binary is AB> needed and should be updated or is not needed and can be removed.
MN> Is it?
MN> In MN> https://github-wiki-see.page/m/fwupd/fwupd/wiki/Blocked-executable-in-the-E SP%2C-ensure-grub-and-shim-are-up-to-date
MN> he also says;
MN> This means that the bootloader placed in the UEFI removable path MN> has not been updated.
MN> Are we wrong?
MN>> How about this?
MN> > $ sudo fwupdmgr update --force -y
AB> bor@bor-Latitude-E5450:~$ LANG=C rm -r / AB> rm: it is dangerous to operate recursively on '/' AB> rm: use --no-preserve-root to override this failsafe AB> bor@bor-Latitude-E5450:~$
AB> So your advice would be to force the operation?
MN> I know exactly what you mean. MN> He should certainly check /boot/efi/EFI/boot once to see if there are MN> any old ones there.
What is your solution, Andrei?
--- ┏━━┓彡 Masaru Nomiya ┃\/彡 ┗━━┛ "Maddox hopes that empowering users to pick their own algorithms will get them to think more about what’s involved in making them. "
-- Bluesky's Custom Algorithms Could Be the Future of Social Media
Hello and thank you for your very appreciated help. I actually did suspect that there is something left behind in /boot (and as I will be again in Italy this year, I will take care of it once I have my hands on the machine). What is puzzling me is why this did happen to /boot as no dual boot or other OS was installed on the machine. Maybe I will be able to have me send the content of the disc as list by the user. If I well understood, the fwupd should not attempt by itself to do the update and the rest of the system should update normally? Or should I tell the user to stop doing updates until the issue is resolved? Thank you.