Hello,
In the Message;
Subject : Re: Shim error message about "blocked executable in ESP"
Message-ID : <0a8b0630-a849-4038-81df-921658d04074@gmail.com>
Date & Time: Fri, 7 Jun 2024 07:05:15 +0300
[AB] == Andrei Borzenkov has written:
AB> On 07.06.2024 03:27, Masaru Nomiya wrote:
[...]
N> > It says that it could not update the UEFI dbx.
AB> No. What it says - if dbx is updated the system may become
AB> unbootable because there is EFI binary that will be blocked from
AB> execution. And it shows the exact name of this binary. Now it is
AB> up to the system administrator to decide wheth this binary is
AB> needed and should be updated or is not needed and can be removed.
Is it?
In
https://github-wiki-see.page/m/fwupd/fwupd/wiki/Blocked-executable-in-the-ES...
he also says;
This means that the bootloader placed in the UEFI removable path
has not been updated.
Are we wrong?
MN>> How about this?
MN> > $ sudo fwupdmgr update --force -y
AB> bor@bor-Latitude-E5450:~$ LANG=C rm -r /
AB> rm: it is dangerous to operate recursively on '/'
AB> rm: use --no-preserve-root to override this failsafe
AB> bor@bor-Latitude-E5450:~$
AB> So your advice would be to force the operation?
I know exactly what you mean.
He should certainly check /boot/efi/EFI/boot once to see if there are
any old ones there.
---
┏━━┓彡 Masaru Nomiya mail-to: m.nomiya+suse @ gmail.com
┃\/彡
┗━━┛ "Distinguish between what is meaningful to me and what is meaningless,
and forget what is meaningless to me. This is where individuality comes
into play. This is a function that computer cannot perform."
-- Shigehiko Toyama (in Japanes) --