Hello, Sorry, forgot to add. In the Message; Subject : Re: Shim error message about "blocked executable in ESP" Message-ID : <87tti5pdup.wl-nomiya@lake.dti.ne.jp> Date & Time: Fri, 07 Jun 2024 13:37:50 +0900 [MN] == Masaru Nomiya <nomiya@lake.dti.ne.jp> has written: MN> Hello, MN> In the Message; MN> Subject : Re: Shim error message about "blocked executable in ESP" MN> Message-ID : <0a8b0630-a849-4038-81df-921658d04074@gmail.com> MN> Date & Time: Fri, 7 Jun 2024 07:05:15 +0300 MN> [AB] == Andrei Borzenkov <arvidjaar@gmail.com> has written: AB> On 07.06.2024 03:27, Masaru Nomiya wrote: MN> [...] N> > It says that it could not update the UEFI dbx. AB> No. What it says - if dbx is updated the system may become AB> unbootable because there is EFI binary that will be blocked from AB> execution. And it shows the exact name of this binary. Now it is AB> up to the system administrator to decide wheth this binary is AB> needed and should be updated or is not needed and can be removed. MN> Is it? MN> In MN> https://github-wiki-see.page/m/fwupd/fwupd/wiki/Blocked-executable-in-the-ES... MN> he also says; MN> This means that the bootloader placed in the UEFI removable path MN> has not been updated. MN> Are we wrong? MN>> How about this? MN> > $ sudo fwupdmgr update --force -y AB> bor@bor-Latitude-E5450:~$ LANG=C rm -r / AB> rm: it is dangerous to operate recursively on '/' AB> rm: use --no-preserve-root to override this failsafe AB> bor@bor-Latitude-E5450:~$ AB> So your advice would be to force the operation? MN> I know exactly what you mean. MN> He should certainly check /boot/efi/EFI/boot once to see if there are MN> any old ones there. What is your solution, Andrei? --- ┏━━┓彡 Masaru Nomiya ┃\/彡 ┗━━┛ "Maddox hopes that empowering users to pick their own algorithms will get them to think more about what’s involved in making them. " -- Bluesky's Custom Algorithms Could Be the Future of Social Media --