Hello, In the Message; Subject : Re: Shim error message about "blocked executable in ESP" Message-ID : <0a8b0630-a849-4038-81df-921658d04074@gmail.com> Date & Time: Fri, 7 Jun 2024 07:05:15 +0300 [AB] == Andrei Borzenkov <arvidjaar@gmail.com> has written: AB> On 07.06.2024 03:27, Masaru Nomiya wrote: [...] N> > It says that it could not update the UEFI dbx. AB> No. What it says - if dbx is updated the system may become AB> unbootable because there is EFI binary that will be blocked from AB> execution. And it shows the exact name of this binary. Now it is AB> up to the system administrator to decide wheth this binary is AB> needed and should be updated or is not needed and can be removed. Is it? In https://github-wiki-see.page/m/fwupd/fwupd/wiki/Blocked-executable-in-the-ES... he also says; This means that the bootloader placed in the UEFI removable path has not been updated. Are we wrong? MN>> How about this? MN> > $ sudo fwupdmgr update --force -y AB> bor@bor-Latitude-E5450:~$ LANG=C rm -r / AB> rm: it is dangerous to operate recursively on '/' AB> rm: use --no-preserve-root to override this failsafe AB> bor@bor-Latitude-E5450:~$ AB> So your advice would be to force the operation? I know exactly what you mean. He should certainly check /boot/efi/EFI/boot once to see if there are any old ones there. --- ┏━━┓彡 Masaru Nomiya mail-to: m.nomiya+suse @ gmail.com ┃\/彡 ┗━━┛ "Distinguish between what is meaningful to me and what is meaningless, and forget what is meaningless to me. This is where individuality comes into play. This is a function that computer cannot perform." -- Shigehiko Toyama (in Japanes) --