Hello,
Sorry, forgot to add.
In the Message;
Subject : Re: Shim error message about "blocked executable in ESP"
Message-ID : <87tti5pdup.wl-nomiya@lake.dti.ne.jp>
Date & Time: Fri, 07 Jun 2024 13:37:50 +0900
[MN] == Masaru Nomiya has written:
MN> Hello,
MN> In the Message;
MN> Subject : Re: Shim error message about "blocked executable in ESP"
MN> Message-ID : <0a8b0630-a849-4038-81df-921658d04074@gmail.com>
MN> Date & Time: Fri, 7 Jun 2024 07:05:15 +0300
MN> [AB] == Andrei Borzenkov has written:
AB> On 07.06.2024 03:27, Masaru Nomiya wrote:
MN> [...]
N> > It says that it could not update the UEFI dbx.
AB> No. What it says - if dbx is updated the system may become
AB> unbootable because there is EFI binary that will be blocked from
AB> execution. And it shows the exact name of this binary. Now it is
AB> up to the system administrator to decide wheth this binary is
AB> needed and should be updated or is not needed and can be removed.
MN> Is it?
MN> In
MN> https://github-wiki-see.page/m/fwupd/fwupd/wiki/Blocked-executable-in-the-ES...
MN> he also says;
MN> This means that the bootloader placed in the UEFI removable path
MN> has not been updated.
MN> Are we wrong?
MN>> How about this?
MN> > $ sudo fwupdmgr update --force -y
AB> bor@bor-Latitude-E5450:~$ LANG=C rm -r /
AB> rm: it is dangerous to operate recursively on '/'
AB> rm: use --no-preserve-root to override this failsafe
AB> bor@bor-Latitude-E5450:~$
AB> So your advice would be to force the operation?
MN> I know exactly what you mean.
MN> He should certainly check /boot/efi/EFI/boot once to see if there are
MN> any old ones there.
What is your solution, Andrei?
---
┏━━┓彡 Masaru Nomiya
┃\/彡
┗━━┛ "Maddox hopes that empowering users to pick their own algorithms will
get them to think more about what’s involved in making them. "
-- Bluesky's Custom Algorithms Could Be the Future of Social Media --