Shim error message about "blocked executable in ESP"
Question: does Tumbleweed by chance uses "boot-repair" by default? I ask this because of: https://github-wiki-see.page/m/fwupd/fwupd/wiki/Blocked-executable-in-the-ES... I have here a machine the continues to complain about: Blocked executable in the ESP, ensure grub and shim are up to date: /boot/efi/ EFI/grub/shim.efi Authenticode checksum [be435df7cd28aa2a7c8db4fc8173475b77e5abf392f76b7c76fa3f698cb71a9a] is present in dbx As there is no dual boot, it could be a similar issue. If anybody knows I am taker, thanks.
Hello, In the Message; Subject : Shim error message about "blocked executable in ESP" Message-ID : <4032842.keHCODLSVB@silversurfer> Date & Time: Thu, 06 Jun 2024 19:00:29 +0200 [S] == Stakanov via openSUSE Users <users@lists.opensuse.org> has written: S> Question: does Tumbleweed by chance uses "boot-repair" by default? S> I ask this because of: S> https://github-wiki-see.page/m/fwupd/fwupd/wiki/Blocked-executable-in-the-ES... S> I have here a machine the continues to complain about: S> Blocked executable in the ESP, ensure grub and shim are up to date: /boot/efi/ S> EFI/grub/shim.efi Authenticode checksum S> [be435df7cd28aa2a7c8db4fc8173475b77e5abf392f76b7c76fa3f698cb71a9a] is present S> in dbx [...] It says that it could not update the UEFI dbx. How about this? $ sudo fwupdmgr update --force -y Best Regards. --- ┏━━┓彡 Masaru Nomiya mail-to: m.nomiya+suse @ gmail.com ┃\/彡 ┗━━┛ "Distinguish between what is meaningful to me and what is meaningless, and forget what is meaningless to me. This is where individuality comes into play. This is a function that computer cannot perform." -- Shigehiko Toyama (in Japanes) --
On 07.06.2024 03:27, Masaru Nomiya wrote:
Hello,
In the Message;
Subject : Shim error message about "blocked executable in ESP" Message-ID : <4032842.keHCODLSVB@silversurfer> Date & Time: Thu, 06 Jun 2024 19:00:29 +0200
[S] == Stakanov via openSUSE Users <users@lists.opensuse.org> has written:
S> Question: does Tumbleweed by chance uses "boot-repair" by default?
S> I ask this because of: S> https://github-wiki-see.page/m/fwupd/fwupd/wiki/Blocked-executable-in-the-ES...
S> I have here a machine the continues to complain about: S> Blocked executable in the ESP, ensure grub and shim are up to date: /boot/efi/ S> EFI/grub/shim.efi Authenticode checksum S> [be435df7cd28aa2a7c8db4fc8173475b77e5abf392f76b7c76fa3f698cb71a9a] is present S> in dbx [...]
It says that it could not update the UEFI dbx.
No. What it says - if dbx is updated the system may become unbootable because there is EFI binary that will be blocked from execution. And it shows the exact name of this binary. Now it is up to the system administrator to decide whether this binary is needed and should be updated or is not needed and can be removed.
How about this?
$ sudo fwupdmgr update --force -y
bor@bor-Latitude-E5450:~$ LANG=C rm -r / rm: it is dangerous to operate recursively on '/' rm: use --no-preserve-root to override this failsafe bor@bor-Latitude-E5450:~$ So your advice would be to force the operation?
Hello, In the Message; Subject : Re: Shim error message about "blocked executable in ESP" Message-ID : <0a8b0630-a849-4038-81df-921658d04074@gmail.com> Date & Time: Fri, 7 Jun 2024 07:05:15 +0300 [AB] == Andrei Borzenkov <arvidjaar@gmail.com> has written: AB> On 07.06.2024 03:27, Masaru Nomiya wrote: [...] N> > It says that it could not update the UEFI dbx. AB> No. What it says - if dbx is updated the system may become AB> unbootable because there is EFI binary that will be blocked from AB> execution. And it shows the exact name of this binary. Now it is AB> up to the system administrator to decide wheth this binary is AB> needed and should be updated or is not needed and can be removed. Is it? In https://github-wiki-see.page/m/fwupd/fwupd/wiki/Blocked-executable-in-the-ES... he also says; This means that the bootloader placed in the UEFI removable path has not been updated. Are we wrong? MN>> How about this? MN> > $ sudo fwupdmgr update --force -y AB> bor@bor-Latitude-E5450:~$ LANG=C rm -r / AB> rm: it is dangerous to operate recursively on '/' AB> rm: use --no-preserve-root to override this failsafe AB> bor@bor-Latitude-E5450:~$ AB> So your advice would be to force the operation? I know exactly what you mean. He should certainly check /boot/efi/EFI/boot once to see if there are any old ones there. --- ┏━━┓彡 Masaru Nomiya mail-to: m.nomiya+suse @ gmail.com ┃\/彡 ┗━━┛ "Distinguish between what is meaningful to me and what is meaningless, and forget what is meaningless to me. This is where individuality comes into play. This is a function that computer cannot perform." -- Shigehiko Toyama (in Japanes) --
Hello, Sorry, forgot to add. In the Message; Subject : Re: Shim error message about "blocked executable in ESP" Message-ID : <87tti5pdup.wl-nomiya@lake.dti.ne.jp> Date & Time: Fri, 07 Jun 2024 13:37:50 +0900 [MN] == Masaru Nomiya <nomiya@lake.dti.ne.jp> has written: MN> Hello, MN> In the Message; MN> Subject : Re: Shim error message about "blocked executable in ESP" MN> Message-ID : <0a8b0630-a849-4038-81df-921658d04074@gmail.com> MN> Date & Time: Fri, 7 Jun 2024 07:05:15 +0300 MN> [AB] == Andrei Borzenkov <arvidjaar@gmail.com> has written: AB> On 07.06.2024 03:27, Masaru Nomiya wrote: MN> [...] N> > It says that it could not update the UEFI dbx. AB> No. What it says - if dbx is updated the system may become AB> unbootable because there is EFI binary that will be blocked from AB> execution. And it shows the exact name of this binary. Now it is AB> up to the system administrator to decide wheth this binary is AB> needed and should be updated or is not needed and can be removed. MN> Is it? MN> In MN> https://github-wiki-see.page/m/fwupd/fwupd/wiki/Blocked-executable-in-the-ES... MN> he also says; MN> This means that the bootloader placed in the UEFI removable path MN> has not been updated. MN> Are we wrong? MN>> How about this? MN> > $ sudo fwupdmgr update --force -y AB> bor@bor-Latitude-E5450:~$ LANG=C rm -r / AB> rm: it is dangerous to operate recursively on '/' AB> rm: use --no-preserve-root to override this failsafe AB> bor@bor-Latitude-E5450:~$ AB> So your advice would be to force the operation? MN> I know exactly what you mean. MN> He should certainly check /boot/efi/EFI/boot once to see if there are MN> any old ones there. What is your solution, Andrei? --- ┏━━┓彡 Masaru Nomiya ┃\/彡 ┗━━┛ "Maddox hopes that empowering users to pick their own algorithms will get them to think more about what’s involved in making them. " -- Bluesky's Custom Algorithms Could Be the Future of Social Media --
In data venerdì 7 giugno 2024 07:00:49 CEST, Masaru Nomiya ha scritto:
Hello,
Sorry, forgot to add.
In the Message;
Subject : Re: Shim error message about "blocked executable in ESP" Message-ID : <87tti5pdup.wl-nomiya@lake.dti.ne.jp> Date & Time: Fri, 07 Jun 2024 13:37:50 +0900
[MN] == Masaru Nomiya <nomiya@lake.dti.ne.jp> has written:
MN> Hello,
MN> In the Message;
MN> Subject : Re: Shim error message about "blocked executable in ESP" MN> Message-ID : <0a8b0630-a849-4038-81df-921658d04074@gmail.com> MN> Date & Time: Fri, 7 Jun 2024 07:05:15 +0300
MN> [AB] == Andrei Borzenkov <arvidjaar@gmail.com> has written:
AB> On 07.06.2024 03:27, Masaru Nomiya wrote: MN> [...] N> > It says that it could not update the UEFI dbx.
AB> No. What it says - if dbx is updated the system may become AB> unbootable because there is EFI binary that will be blocked from AB> execution. And it shows the exact name of this binary. Now it is AB> up to the system administrator to decide wheth this binary is AB> needed and should be updated or is not needed and can be removed.
MN> Is it?
MN> In MN> https://github-wiki-see.page/m/fwupd/fwupd/wiki/Blocked-executable-in-the-E SP%2C-ensure-grub-and-shim-are-up-to-date
MN> he also says;
MN> This means that the bootloader placed in the UEFI removable path MN> has not been updated.
MN> Are we wrong?
MN>> How about this?
MN> > $ sudo fwupdmgr update --force -y
AB> bor@bor-Latitude-E5450:~$ LANG=C rm -r / AB> rm: it is dangerous to operate recursively on '/' AB> rm: use --no-preserve-root to override this failsafe AB> bor@bor-Latitude-E5450:~$
AB> So your advice would be to force the operation?
MN> I know exactly what you mean. MN> He should certainly check /boot/efi/EFI/boot once to see if there are MN> any old ones there.
What is your solution, Andrei?
--- ┏━━┓彡 Masaru Nomiya ┃\/彡 ┗━━┛ "Maddox hopes that empowering users to pick their own algorithms will get them to think more about what’s involved in making them. "
-- Bluesky's Custom Algorithms Could Be the Future of Social Media
Hello and thank you for your very appreciated help. I actually did suspect that there is something left behind in /boot (and as I will be again in Italy this year, I will take care of it once I have my hands on the machine). What is puzzling me is why this did happen to /boot as no dual boot or other OS was installed on the machine. Maybe I will be able to have me send the content of the disc as list by the user. If I well understood, the fwupd should not attempt by itself to do the update and the rest of the system should update normally? Or should I tell the user to stop doing updates until the issue is resolved? Thank you.
Hello, In the Message; Subject : Re: Shim error message about "blocked executable in ESP" Message-ID : <2009245.7nSxpqYiop@silversurfer> Date & Time: Fri, 07 Jun 2024 16:56:40 +0200 Stakanov via openSUSE Users <users@lists.opensuse.org> has written:
In data venerdì 7 giugno 2024 07:00:49 CEST, Masaru Nomiya ha scritto:
[...]
Hello and thank you for your very appreciated help. I actually did suspect that there is something left behind in /boot (and as I will be again in Italy this year, I will take care of it once I have my hands on the machine).
Italy.... When I saw Torre di Pisa, I was impressed that this is where Galileo is said to have conducted his famous experiment.
What is puzzling me is why this did happen to /boot as no dual boot or other OS was installed on the machine.
It is said that this phenomenon can be caused by firmware updates.
Maybe I will be able to have me send the content of the disc as list by the user.
It would be good to know the contents of /boot/efi/EFI/boot.
If I well understood, the fwupd should not attempt by itself to do the update and the rest of the system should update normally? Or should I tell the user to stop doing updates until the issue is resolved?
I see what you mean!! In such case, you need to know if the model the user is using supports the fwupd tool (You can find out on the manufacturer's website.). It is better not to let the user do this, since it would require deleting old efi files left in /boot/efi/EFI/boot, as well as the question of whether fwupd is supported. Sorry, but I don't know what to do if the user's usage model does not support the fwupd tool. Best Regards. --- ┏━━┓彡 Masaru Nomiya mail-to: m.nomiya+suse @ gmail.com ┃\/彡 ┗━━┛ "It would probably take decades more to answer with the usual scientific precision the questions we face today about the dangers of chemicals." -- J. V. Rodricks --
Hello,
In the Message;
Subject : Re: Shim error message about "blocked executable in ESP" Message-ID : <2009245.7nSxpqYiop@silversurfer> Date & Time: Fri, 07 Jun 2024 16:56:40 +0200
Stakanov via openSUSE Users <users@lists.opensuse.org> has written:
In data venerdì 7 giugno 2024 07:00:49 CEST, Masaru Nomiya ha scritto:
[...]
Hello and thank you for your very appreciated help. I actually did suspect that there is something left behind in /boot (and as I will be again in Italy this year, I will take care of it once I have my hands on the machine). ;-) I give you now a task, when you are in Italy you have to stop by at a few very important places. One is Bologna (underrated) and you visit the Cathedral to see the pendulum of Foucault, a Merdian (if you come at the solstice of summer you will appreciate. Oldest university of the world (albeit not always
In data sabato 8 giugno 2024 03:36:56 CEST, Masaru Nomiya ha scritto: the most efficient) and an interesting surrounding, it is also close to the (IMO) overrated Florence. For the other place to visit you will tell me when you leave writing me a PM and will give you all I have seen in decades living there.
Italy....
When I saw Torre di Pisa, I was impressed that this is where Galileo is said to have conducted his famous experiment.
What is puzzling me is why this did happen to /boot as no dual boot or other OS was installed on the machine.
It is said that this phenomenon can be caused by firmware updates.
Maybe I will be able to have me send the content of the disc as list by the user.
It would be good to know the contents of /boot/efi/EFI/boot.
If I well understood, the fwupd should not
attempt by itself to do the update and the rest of the system should update normally? Or should I tell the user to stop doing updates until the issue is resolved?
I see what you mean!!
In such case, you need to know if the model the user is using supports the fwupd tool (You can find out on the manufacturer's website.).
It is better not to let the user do this, since it would require deleting old efi files left in /boot/efi/EFI/boot, as well as the question of whether fwupd is supported.
The problem did actually arise since the introduction of discovery, as the zypper does not call fwupd. I will get today a listing of /boot I guess
Sorry, but I don't know what to do if the user's usage model does not support the fwupd tool.
I really appreciate your kindness and I do not expect you to be almighty ;-) Seriously, ありがとうございました!
Hello, In the Message; Subject : Re: Shim error message about "blocked executable in ESP" Message-ID : <12374715.4pYQYQHQl3@silversurfer> Date & Time: Sat, 08 Jun 2024 11:41:25 +0200 Stakanov via openSUSE Users <users@lists.opensuse.org> has written:
In data sabato 8 giugno 2024 03:36:56 CEST, Masaru Nomiya ha scritto: [...] will be again in Italy this year, I will take care of it once I> ;-)
I give you now a task, when you are in Italy you have to stop by at a few very important places. One is Bologna (underrated) and you visit the Cathedral to see the pendulum of Foucault, a Merdian (if you come at the solstice of summer you will appreciate. Oldest university of the world (albeit not always the most efficient) and an interesting surrounding, it is also close to the (IMO) overrated Florence. For the other place to visit you will tell me when you leave writing me a PM and will give you all I have seen in decades living there.
Thanks. Unfortunately, I will never go to Italy again. Spain, Greece, Switzerland, Germany, and Great Britain, they were all wonderful...... I am old enough to understand how Faust felt when he sold his soul to Mephistopheles. (^^;; BTW. [...]
The problem did actually arise since the introduction of discovery, as the zypper does not call fwupd. I will get today a listing of /boot I guess
Please do this; $ fwupdtool esp-list --verbose This doesn't harm the system. In my case, it's this; Selected volume: /org/freedesktop/UDisks2/block_devices/sda1 /boot/efi/EFI/boot/bootx64.efi /boot/efi/EFI/boot/fallback.efi /boot/efi/EFI/boot/MokManager.efi /boot/efi/EFI/opensuse/MokManager.efi /boot/efi/EFI/opensuse/grub.efi /boot/efi/EFI/opensuse/shim.efi /boot/efi/EFI/opensuse/boot.csv /boot/efi/EFI/opensuse/grubx64.efi /boot/efi/EFI/opensuse/grub.cfg /boot/efi/EFI/HP/DEVFW/Firmware.BIN /boot/efi/EFI/HP/DEVFW/CCG5.bin MN>> Sorry, but I don't know what to do if the user's usage model does not MN>> support the fwupd tool.
I really appreciate your kindness and I do not expect you to be almighty ;-) Seriously, ありがとうございました!
Are you an anime fan too? Anyway, you are welcome. Best Regards & Good Night. --- ┏━━┓彡 Masaru Nomiya mail-to: m.nomiya+suse @ gmail.com ┃\/彡 ┗━━┛ "Distinguish between what is meaningful to me and what is meaningless, and forget what is meaningless to me. This is where individuality comes into play. This is a function that computer cannot perform." -- Shigehiko Toyama (in Japanes) --
In data sabato 8 giugno 2024 13:10:05 CEST, Masaru Nomiya ha scritto:
Please do this;
$ fwupdtool esp-list --verbose
Selected volume: /org/freedesktop/UDisks2/block_devices/sda1 /boot/efi/EFI/boot/bootx64.efi /boot/efi/EFI/boot/fallback.efi /boot/efi/EFI/boot/MokManager.efi /boot/efi/EFI/opensuse/shim.efi /boot/efi/EFI/opensuse/MokManager.efi /boot/efi/EFI/opensuse/grub.efi /boot/efi/EFI/opensuse/boot.csv /boot/efi/EFI/opensuse/grub.cfg /boot/efi/EFI/opensuse/grubx64.efi /boot/efi/EFI/grub/shim.efi /boot/efi/EFI/grub/MokManager.efi /boot/efi/EFI/grub/grub.efi /boot/efi/EFI/grub/boot.csv /boot/efi/EFI/grub/grub.cfg That is quite a lot, I think she has multiple entries on her machine. How would one decide which one is the right one or better the broken one?
Hello, In the Message; Subject : Re: Shim error message about "blocked executable in ESP" Message-ID : <10630762.UFQm8mNVDG@silversurfer> Date & Time: Sat, 08 Jun 2024 23:25:36 +0200 Stakanov via openSUSE Users <users@lists.opensuse.org> has written:
In data sabato 8 giugno 2024 13:10:05 CEST, Masaru Nomiya ha scritto:
Please do this;
$ fwupdtool esp-list --verbose
Selected volume: /org/freedesktop/UDisks2/block_devices/sda1 /boot/efi/EFI/boot/bootx64.efi /boot/efi/EFI/boot/fallback.efi /boot/efi/EFI/boot/MokManager.efi /boot/efi/EFI/opensuse/shim.efi /boot/efi/EFI/opensuse/MokManager.efi /boot/efi/EFI/opensuse/grub.efi /boot/efi/EFI/opensuse/boot.csv /boot/efi/EFI/opensuse/grub.cfg /boot/efi/EFI/opensuse/grubx64.efi /boot/efi/EFI/grub/shim.efi /boot/efi/EFI/grub/MokManager.efi /boot/efi/EFI/grub/grub.efi /boot/efi/EFI/grub/boot.csv /boot/efi/EFI/grub/grub.cfg
That is quite a lot, I think she has multiple entries on her machine.
Now I know what dual boot means.
How would one decide which one is the right one or better the broken one?
Is Tumbleweed the only one that shows up in the boot menu? Best Regards. --- ┏━━┓彡 Masaru Nomiya mail-to: m.nomiya+suse @ gmail.com ┃\/彡 ┗━━┛ "Microsoft is overhauling its cybersecurity strategy, called the Secure Future Initiative, to incorporate key security features into its core set of technology platforms and cloud services. " -- Microsoft overhauls cyber strategy to finally embrace security by default --
In data domenica 9 giugno 2024 01:11:15 CEST, Masaru Nomiya ha scritto:
Is Tumbleweed the only one that shows up in the boot menu?
Well, there is: opensuse Tumbleweed Advanced options for opensuse Tumbleweed Opensuse Tumbleweed memtest Uefi Firmware settings Start bootloader from read only snapshot Humm, either memtest could be the issue or "uefi firmware settings" (never looked into it to tell the truth.
On 2024-06-10 21:07, Stakanov via openSUSE Users wrote:
In data domenica 9 giugno 2024 01:11:15 CEST, Masaru Nomiya ha scritto:
Is Tumbleweed the only one that shows up in the boot menu?
Well, there is:
opensuse Tumbleweed Advanced options for opensuse Tumbleweed Opensuse Tumbleweed memtest Uefi Firmware settings Start bootloader from read only snapshot
That's the Grub menu. There is a previous menu that usually doesn't display, unless you press certain button during boot (can be a hidden button that needs a paperclip). That menu offers what operating system to boot. That menu is presented by the computer firmware, and reads data from /boot/efi partition and some internal flash memory in the motherboard. -- Cheers / Saludos, Carlos E. R. (from openSUSE 15.5 (Laicolasse))
In data lunedì 10 giugno 2024 21:56:08 CEST, Carlos E. R. ha scritto:
On 2024-06-10 21:07, Stakanov via openSUSE Users wrote:
In data domenica 9 giugno 2024 01:11:15 CEST, Masaru Nomiya ha scritto:
Is Tumbleweed the only one that shows up in the boot menu?
Well, there is:
opensuse Tumbleweed Advanced options for opensuse Tumbleweed Opensuse Tumbleweed memtest Uefi Firmware settings Start bootloader from read only snapshot
That's the Grub menu.
There is a previous menu that usually doesn't display, unless you press certain button during boot (can be a hidden button that needs a paperclip). That menu offers what operating system to boot.
That menu is presented by the computer firmware, and reads data from /boot/efi partition and some internal flash memory in the motherboard.
-- Cheers / Saludos,
Carlos E. R.
(from openSUSE 15.5 (Laicolasse))
Ah, I get it, the F12 (to see the alternative boot options (boot override). That is in the BIOS indeed, I will have a look, but I really doubt there is other than the usual options: uefi system Tumbleweed uefi There are always these two even on my PC, not knowing exactly why the BIOS does force the presence of the "uefi system" entry, I think this is a kind of obligatory fall back, but good, will do it. And Carlos....muchas gracias!
On 2024-06-11 08:50, Stakanov via openSUSE Users wrote:
In data lunedì 10 giugno 2024 21:56:08 CEST, Carlos E. R. ha scritto:
On 2024-06-10 21:07, Stakanov via openSUSE Users wrote:
In data domenica 9 giugno 2024 01:11:15 CEST, Masaru Nomiya ha scritto:
Is Tumbleweed the only one that shows up in the boot menu?
Well, there is:
opensuse Tumbleweed Advanced options for opensuse Tumbleweed Opensuse Tumbleweed memtest Uefi Firmware settings Start bootloader from read only snapshot
That's the Grub menu.
There is a previous menu that usually doesn't display, unless you press certain button during boot (can be a hidden button that needs a paperclip). That menu offers what operating system to boot.
That menu is presented by the computer firmware, and reads data from /boot/efi partition and some internal flash memory in the motherboard.
Ah, I get it, the F12 (to see the alternative boot options (boot override). That is in the BIOS indeed, I will have a look, but I really doubt there is other than the usual options: uefi system Tumbleweed uefi
There are always these two even on my PC, not knowing exactly why the BIOS does force the presence of the "uefi system" entry, I think this is a kind of obligatory fall back, but good, will do it.
And Carlos....muchas gracias!
The thing is, your problem is related to that primary boot system and menu. -- Cheers / Saludos, Carlos E. R. (from 15.5 x86_64 at Telcontar)
In data martedì 11 giugno 2024 13:14:41 CEST, Carlos E. R. ha scritto:
On 2024-06-11 08:50, Stakanov via openSUSE Users wrote:
In data lunedì 10 giugno 2024 21:56:08 CEST, Carlos E. R. ha scritto:
On 2024-06-10 21:07, Stakanov via openSUSE Users wrote:
In data domenica 9 giugno 2024 01:11:15 CEST, Masaru Nomiya ha scritto:
Is Tumbleweed the only one that shows up in the boot menu?
Well, there is:
opensuse Tumbleweed Advanced options for opensuse Tumbleweed Opensuse Tumbleweed memtest Uefi Firmware settings Start bootloader from read only snapshot
That's the Grub menu.
There is a previous menu that usually doesn't display, unless you press certain button during boot (can be a hidden button that needs a paperclip). That menu offers what operating system to boot.
That menu is presented by the computer firmware, and reads data from /boot/efi partition and some internal flash memory in the motherboard.
Ah, I get it, the F12 (to see the alternative boot options (boot override).
That is in the BIOS indeed, I will have a look, but I really
doubt there is other than the usual options: uefi system Tumbleweed uefi
There are always these two even on my PC, not knowing exactly why the BIOS does force the presence of the "uefi system" entry, I think this is a kind of obligatory fall back, but good, will do it.
And Carlos....muchas gracias!
The thing is, your problem is related to that primary boot system and menu.
-- Cheers / Saludos,
Carlos E. R. (from 15.5 x86_64 at Telcontar)
I doubt I can do this while I am far away. Hope to be able to get my hands on the machine, then I am more confident to handle problems like things going really South on that machine while repairing. There is nothing holy in the setup, a fresh install after a repair went wrong is not a big deal given that the /home is separate....for me. Albeit not for the user.
On 09.06.2024 00:25, Stakanov via openSUSE Users wrote:
In data sabato 8 giugno 2024 13:10:05 CEST, Masaru Nomiya ha scritto:
Please do this;
$ fwupdtool esp-list --verbose
Selected volume: /org/freedesktop/UDisks2/block_devices/sda1 /boot/efi/EFI/boot/bootx64.efi /boot/efi/EFI/boot/fallback.efi /boot/efi/EFI/boot/MokManager.efi /boot/efi/EFI/opensuse/shim.efi /boot/efi/EFI/opensuse/MokManager.efi /boot/efi/EFI/opensuse/grub.efi /boot/efi/EFI/opensuse/boot.csv /boot/efi/EFI/opensuse/grub.cfg /boot/efi/EFI/opensuse/grubx64.efi /boot/efi/EFI/grub/shim.efi /boot/efi/EFI/grub/MokManager.efi /boot/efi/EFI/grub/grub.efi /boot/efi/EFI/grub/boot.csv /boot/efi/EFI/grub/grub.cfg
That is quite a lot, I think she has multiple entries on her machine. How would one decide which one is the right one or better the broken one?
The path to the broken one was in your very first post.
In data domenica 9 giugno 2024 06:41:54 CEST, Andrei Borzenkov ha scritto:
On 09.06.2024 00:25, Stakanov via openSUSE Users wrote:
In data sabato 8 giugno 2024 13:10:05 CEST, Masaru Nomiya ha scritto:
Please do this;
$ fwupdtool esp-list --verbose
Selected volume: /org/freedesktop/UDisks2/block_devices/sda1 /boot/efi/EFI/boot/bootx64.efi /boot/efi/EFI/boot/fallback.efi /boot/efi/EFI/boot/MokManager.efi /boot/efi/EFI/opensuse/shim.efi /boot/efi/EFI/opensuse/MokManager.efi /boot/efi/EFI/opensuse/grub.efi /boot/efi/EFI/opensuse/boot.csv /boot/efi/EFI/opensuse/grub.cfg /boot/efi/EFI/opensuse/grubx64.efi /boot/efi/EFI/grub/shim.efi /boot/efi/EFI/grub/MokManager.efi /boot/efi/EFI/grub/grub.efi /boot/efi/EFI/grub/boot.csv /boot/efi/EFI/grub/grub.cfg
That is quite a lot, I think she has multiple entries on her machine. How would one decide which one is the right one or better the broken one?
The path to the broken one was in your very first post. Thank you for pointing to this. Remains the second obvious question: can I check with ease which one of the entries she is using when booting and which is the back up of the one she is using. So if she is not using the culprit, it should be save to eliminate it? Or should I simply force the update of it and the error will be gone? I wonder why the machine has so many entries, I installed it years ago and since then only normal zypper dup operations. Nothing fancy, no experiments. Maybe at one point we went from legacy to uefi, but I do not recall to be honest. That could have doubled the entries..... Years ago, I really do not recall.
On 2024-06-09 13:25, Stakanov via openSUSE Users wrote:
In data domenica 9 giugno 2024 06:41:54 CEST, Andrei Borzenkov ha scritto:
On 09.06.2024 00:25, Stakanov via openSUSE Users wrote:
In data sabato 8 giugno 2024 13:10:05 CEST, Masaru Nomiya ha scritto:
Please do this;
$ fwupdtool esp-list --verbose
Selected volume: /org/freedesktop/UDisks2/block_devices/sda1 /boot/efi/EFI/boot/bootx64.efi /boot/efi/EFI/boot/fallback.efi /boot/efi/EFI/boot/MokManager.efi /boot/efi/EFI/opensuse/shim.efi /boot/efi/EFI/opensuse/MokManager.efi /boot/efi/EFI/opensuse/grub.efi /boot/efi/EFI/opensuse/boot.csv /boot/efi/EFI/opensuse/grub.cfg /boot/efi/EFI/opensuse/grubx64.efi /boot/efi/EFI/grub/shim.efi /boot/efi/EFI/grub/MokManager.efi /boot/efi/EFI/grub/grub.efi /boot/efi/EFI/grub/boot.csv /boot/efi/EFI/grub/grub.cfg
That is quite a lot, I think she has multiple entries on her machine. How would one decide which one is the right one or better the broken one?
The path to the broken one was in your very first post. Thank you for pointing to this. Remains the second obvious question: can I check with ease which one of the entries she is using when booting and which is the back up of the one she is using. So if she is not using the culprit, it should be save to eliminate it? Or should I simply force the update of it and the error will be gone? I wonder why the machine has so many entries, I installed it years ago and since then only normal zypper dup operations. Nothing fancy, no experiments. Maybe at one point we went from legacy to uefi, but I do not recall to be honest. That could have doubled the entries..... Years ago, I really do not recall.
openSUSE leap creates "opensuse" and "boot", the later as fallback. The name is set in the line "GRUB_DISTRIBUTOR=" in file /etc/default/grub. The command "efibootmgr" lists the entries. Telcontar:~ # efibootmgr --verbose BootCurrent: 0000 Timeout: 1 seconds BootOrder: 0000,0004,0005,0003 Boot0000* main-os-secureboot HD(1,GPT,800b649f-a2e3-4dad-b2bf-b7ecc5ef11d8,0x800,0xfa000)/File(\EFI\MAIN-OS\SHIM.EFI) Boot0003* UEFI OS HD(1,GPT,800b649f-a2e3-4dad-b2bf-b7ecc5ef11d8,0x800,0xfa000)/File(\EFI\BOOT\BOOTX64.EFI)..BO Boot0004* auxiliary-secureboot HD(1,GPT,800b649f-a2e3-4dad-b2bf-b7ecc5ef11d8,0x800,0xfa000)/File(\EFI\AUXILIARY\SHIM.EFI) Boot0005* UEFI OS HD(1,GPT,800b649f-a2e3-4dad-b2bf-b7ecc5ef11d8,0x800,0xfa000)/File(\EFI\BOOT\BOOTX64.EFI)..BO Telcontar:~ # You see the line "BootCurrent"? That's the one currently used for booting. In the list above, you can see no "opensuse" entry because I renamed it. The lines "UEFI OS" are perhaps the BIOS config menu, or perhaps the fallback. -- Cheers / Saludos, Carlos E. R. (from 15.5 x86_64 at Telcontar)
In data domenica 9 giugno 2024 13:43:35 CEST, Carlos E. R. ha scritto:
On 2024-06-09 13:25, Stakanov via openSUSE Users wrote:
In data domenica 9 giugno 2024 06:41:54 CEST, Andrei Borzenkov ha scritto:
On 09.06.2024 00:25, Stakanov via openSUSE Users wrote:
In data sabato 8 giugno 2024 13:10:05 CEST, Masaru Nomiya ha scritto:
Please do this;
$ fwupdtool esp-list --verbose
Selected volume: /org/freedesktop/UDisks2/block_devices/sda1 /boot/efi/EFI/boot/bootx64.efi /boot/efi/EFI/boot/fallback.efi /boot/efi/EFI/boot/MokManager.efi /boot/efi/EFI/opensuse/shim.efi /boot/efi/EFI/opensuse/MokManager.efi /boot/efi/EFI/opensuse/grub.efi /boot/efi/EFI/opensuse/boot.csv /boot/efi/EFI/opensuse/grub.cfg /boot/efi/EFI/opensuse/grubx64.efi /boot/efi/EFI/grub/shim.efi /boot/efi/EFI/grub/MokManager.efi /boot/efi/EFI/grub/grub.efi /boot/efi/EFI/grub/boot.csv /boot/efi/EFI/grub/grub.cfg
That is quite a lot, I think she has multiple entries on her machine. How would one decide which one is the right one or better the broken one?
The path to the broken one was in your very first post.
Thank you for pointing to this. Remains the second obvious question: can I check with ease which one of the entries she is using when booting and which is the back up of the one she is using. So if she is not using the culprit, it should be save to eliminate it? Or should I simply force the update of it and the error will be gone? I wonder why the machine has so many entries, I installed it years ago and since then only normal zypper dup operations. Nothing fancy, no experiments. Maybe at one point we went from legacy to uefi, but I do not recall to be honest. That could have doubled the entries..... Years ago, I really do not recall.
openSUSE leap creates "opensuse" and "boot", the later as fallback. The name is set in the line "GRUB_DISTRIBUTOR=" in file /etc/default/grub.
The command "efibootmgr" lists the entries.
Telcontar:~ # efibootmgr --verbose BootCurrent: 0000 Timeout: 1 seconds BootOrder: 0000,0004,0005,0003 Boot0000* main-os-secureboot HD(1,GPT,800b649f-a2e3-4dad-b2bf- b7ecc5ef11d8,0x800,0xfa 000)/File(\EFI\MAIN-OS\SHIM.EFI) Boot0003* UEFI OS HD(1,GPT,800b649f-a2e3-4dad-b2bf-b7ecc5ef11d8,0x800,0xfa000)/ File(\EFI\B OOT\BOOTX64.EFI)..BO Boot0004* auxiliary-secureboot HD(1,GPT,800b649f-a2e3-4dad-b2bf- b7ecc5ef11d8,0x800,0x fa000)/File(\EFI\AUXILIARY\SHIM.EFI) Boot0005* UEFI OS HD(1,GPT,800b649f-a2e3-4dad-b2bf-b7ecc5ef11d8,0x800,0xfa000)/ File(\EFI\B OOT\BOOTX64.EFI)..BO Telcontar:~ #
You see the line "BootCurrent"? That's the one currently used for booting.
In the list above, you can see no "opensuse" entry because I renamed it. The lines "UEFI OS" are perhaps the BIOS config menu, or perhaps the fallback.
-- Cheers / Saludos,
Carlos E. R. (from 15.5 x86_64 at Telcontar)
tried that on my machine and got a huge quantity of numbers that follow the boot entry. Really a page. Are these signatures? Example from one(!) entry, now immagine I have 1, 3, 4 and 7 as entries, all come like this. What I am seeing and why I am seeing this while yours seem to be quite linear? oot0003* Hard Drive BBS(HD,, 0x0)0000474f00004e4fa300000001000000810049004e00540045004e0053004f0000000501090002000000007fff040002010c00d041030a0000000001010600020101010600000001010600000901010600000003120a000000ffff00007fff040001043e00ef47642dc93ba041ac194d51d01b4ce64100410030003000300030003000300030003000300030003000300030003000330034003200350000007fff04000000424f00004e4fa300000001000000810049004e00540045004e0053004f0000000501090002000000007fff040002010c00d041030a0000000001010600020101010600000001010600000901010600000003120a000100ffff00007fff040001043e00ef47642dc93ba041ac194d51d01b4ce64100410030003000300030003000300030003000300030003000300030003000360034003700330000007fff04000000424f00004e4fbd0000000100000081005700440043002000570044003400300045004600520058002d00360038004e00330032004e00300000000501090002000000007fff040002010c00d041030a0000000001010600020101010600000001010600000901010600000003120a000200ffff00007fff040001043e00ef47642dc93ba041ac194d51d01b4ce62000200020002000570020002d004400430057003700430036004b0053004b00530033004b004c0000007fff04000000424f00004e4fab00000001000000810049004e00540045004e0053004f00200053005300440000000501090002000000007fff040002010c00d041030a0000000001010600020101010600000001010600000901010600000003120a000300ffff00007fff040001043e00ef47642dc93ba041ac194d51d01b4ce64100410030003000300030003000300030003000300030003000300030003000300031003500340000007fff04000000424f00004e4fc300000001000000810057004400430020002000570044005300320035003000470032004200300041002d003000300053004d003500300000000501090002000000007fff040002010c00d041030a0000000001010600020101010600000001010600000a01010600000003120a000000ffff00007fff040001043e00ef47642dc93ba041ac194d51d01b4ce63900310036003200360038003000380034003200310030002000200020002000200020002000200000007fff04000000424f00004e4fbd00000001000000810057004400430020005700440038003000450046005a005a002d00360038004200540058004e00300000000501090002000000007fff040002010c00d041030a0000000001010600020101010600000001010600000a01010600000003120a000100ffff00007fff040001043e00ef47642dc93ba041ac194d51d01b4ce620002000200020002000200020002000570020002d004400410043005a0030004c0047004b00370000007fff04000000424f00004e4fbd00000001000000810057004400430020005700440038003000450046005a005a002d00360038004200540058004e00300000000501090002000000007fff040002010c00d041030a0000000001010600020101010600000001010600000a01010600000003120a000400ffff00007fff040001043e00ef47642dc93ba041ac194d51d01b4ce620002000200020002000200020002000570020002d004400410043003300310057005a004b00540000007fff04000000424f00004e4fbd0000000100000081005700440043002000570044003400300045004600520058002d00360038004e00330032004e00300000000501090002000000007fff040002010c00d041030a0000000001010600020101010600000001010600000a01010600000003120a000500ffff00007fff040001043e00ef47642dc93ba041ac194d51d01b4ce62000200020002000570020002d004400430057003700430030004b004b004500580038003200320000007fff04000000424f dp: 05 01 09 00 02 00 00 00 00 / 7f ff 04 00 data: 00 00 47 4f 00 00 4e 4f a3 00 00 00 01 00 00 00 81 00 49 00 4e 00 54 00 45 00 4e 00 53 00 4f 00 00 00 05 01 09 00 02 00 00 00 00 7f ff 04 00 02 01 0c 00 d0 41 03 0a 00 00 00 00 01 01 06 00 02 01 01 01 06 00 00 00 01 01 06 00 00 09 01 01 06 00 00 00 03 12 0a 00 00 00 ff ff 00 00 7f ff 04 00 01 04 3e 00 ef 47 64 2d c9 3b a0 41 ac 19 4d 51 d0 1b 4c e6 41 00 41 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 33 00 34 00 32 00 35 00 00 00 7f ff 04 00 00 00 42 4f 00 00 4e 4f a3 00 00 00 01 00 00 00 81 00 49 00 4e 00 54 00 45 00 4e 00 53 00 4f 00 00 00 05 01 09 00 02 00 00 00 00 7f ff 04 00 02 01 0c 00 d0 41 03 0a 00 00 00 00 01 01 06 00 02 01 01 01 06 00 00 00 01 01 06 00 00 09 01 01 06 00 00 00 03 12 0a 00 01 00 ff ff 00 00 7f ff 04 00 01 04 3e 00 ef 47 64 2d c9 3b a0 41 ac 19 4d 51 d0 1b 4c e6 41 00 41 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 36 00 34 00 37 00 33 00 00 00 7f ff 04 00 00 00 42 4f 00 00 4e 4f bd 00 00 00 01 00 00 00 81 00 57 00 44 00 43 00 20 00 57 00 44 00 34 00 30 00 45 00 46 00 52 00 58 00 2d 00 36 00 38 00 4e 00 33 00 32 00 4e 00 30 00 00 00 05 01 09 00 02 00 00 00 00 7f ff 04 00 02 01 0c 00 d0 41 03 0a 00 00 00 00 01 01 06 00 02 01 01 01 06 00 00 00 01 01 06 00 00 09 01 01 06 00 00 00 03 12 0a 00 02 00 ff ff 00 00 7f ff 04 00 01 04 3e 00 ef 47 64 2d c9 3b a0 41 ac 19 4d 51 d0 1b 4c e6 20 00 20 00 20 00 20 00 57 00 20 00 2d 00 44 00 43 00 57 00 37 00 43 00 36 00 4b 00 53 00 4b 00 53 00 33 00 4b 00 4c 00 00 00 7f ff 04 00 00 00 42 4f 00 00 4e 4f ab 00 00 00 01 00 00 00 81 00 49 00 4e 00 54 00 45 00 4e 00 53 00 4f 00 20 00 53 00 53 00 44 00 00 00 05 01 09 00 02 00 00 00 00 7f ff 04 00 02 01 0c 00 d0 41 03 0a 00 00 00 00 01 01 06 00 02 01 01 01 06 00 00 00 01 01 06 00 00 09 01 01 06 00 00 00 03 12 0a 00 03 00 ff ff 00 00 7f ff 04 00 01 04 3e 00 ef 47 64 2d c9 3b a0 41 ac 19 4d 51 d0 1b 4c e6 41 00 41 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 31 00 35 00 34 00 00 00 7f ff 04 00 00 00 42 4f 00 00 4e 4f c3 00 00 00 01 00 00 00 81 00 57 00 44 00 43 00 20 00 20 00 57 00 44 00 53 00 32 00 35 00 30 00 47 00 32 00 42 00 30 00 41 00 2d 00 30 00 30 00 53 00 4d 00 35 00 30 00 00 00 05 01 09 00 02 00 00 00 00 7f ff 04 00 02 01 0c 00 d0 41 03 0a 00 00 00 00 01 01 06 00 02 01 01 01 06 00 00 00 01 01 06 00 00 0a 01 01 06 00 00 00 03 12 0a 00 00 00 ff ff 00 00 7f ff 04 00 01 04 3e 00 ef 47 64 2d c9 3b a0 41 ac 19 4d 51 d0 1b 4c e6 39 00 31 00 36 00 32 00 36 00 38 00 30 00 38 00 34 00 32 00 31 00 30 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 00 00 7f ff 04 00 00 00 42 4f 00 00 4e 4f bd 00 00 00 01 00 00 00 81 00 57 00 44 00 43 00 20 00 57 00 44 00 38 00 30 00 45 00 46 00 5a 00 5a 00 2d 00 36 00 38 00 42 00 54 00 58 00 4e 00 30 00 00 00 05 01 09 00 02 00 00 00 00 7f ff 04 00 02 01 0c 00 d0 41 03 0a 00 00 00 00 01 01 06 00 02 01 01 01 06 00 00 00 01 01 06 00 00 0a 01 01 06 00 00 00 03 12 0a 00 01 00 ff ff 00 00 7f ff 04 00 01 04 3e 00 ef 47 64 2d c9 3b a0 41 ac 19 4d 51 d0 1b 4c e6 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 57 00 20 00 2d 00 44 00 41 00 43 00 5a 00 30 00 4c 00 47 00 4b 00 37 00 00 00 7f ff 04 00 00 00 42 4f 00 00 4e 4f bd 00 00 00 01 00 00 00 81 00 57 00 44 00 43 00 20 00 57 00 44 00 38 00 30 00 45 00 46 00 5a 00 5a 00 2d 00 36 00 38 00 42 00 54 00 58 00 4e 00 30 00 00 00 05 01 09 00 02 00 00 00 00 7f ff 04 00 02 01 0c 00 d0 41 03 0a 00 00 00 00 01 01 06 00 02 01 01 01 06 00 00 00 01 01 06 00 00 0a 01 01 06 00 00 00 03 12 0a 00 04 00 ff ff 00 00 7f ff 04 00 01 04 3e 00 ef 47 64 2d c9 3b a0 41 ac 19 4d 51 d0 1b 4c e6 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 57 00 20 00 2d 00 44 00 41 00 43 00 33 00 31 00 57 00 5a 00 4b 00 54 00 00 00 7f ff 04 00 00 00 42 4f 00 00 4e 4f bd 00 00 00 01 00 00 00 81 00 57 00 44 00 43 00 20 00 57 00 44 00 34 00 30 00 45 00 46 00 52 00 58 00 2d 00 36 00 38 00 4e 00 33 00 32 00 4e 00 30 00 00 00 05 01 09 00 02 00 00 00 00 7f ff 04 00 02 01 0c 00 d0 41 03 0a 00 00 00 00 01 01 06 00 02 01 01 01 06 00 00 00 01 01 06 00 00 0a 01 01 06 00 00 00 03 12 0a 00 05 00 ff ff 00 00 7f ff 04 00 01 04 3e 00 ef 47 64 2d c9 3b a0 41 ac 19 4d 51 d0 1b 4c e6 20 00 20 00 20 00 20 00 57 00 20 00 2d 00 44 00 43 00 57 00 37 00 43 00 30 00 4b 00 4b 00 45 00 58 00 38 00 32 00 32 00 00 00 7f ff 04 00 00 00 42 4f
On Mon, Jun 10, 2024 at 10:15 AM Stakanov via openSUSE Users <users@lists.opensuse.org> wrote:
tried that on my machine and got a huge quantity of numbers that follow the boot entry. Really a page. Are these signatures? Example from one(!) entry, now immagine I have 1, 3, 4 and 7 as entries, all come like this. What I am seeing and why I am seeing this while yours seem to be quite linear?
You are on Tumbleweed, the old --verbose flag of efibootmgr is not the default and --verbose now adds even more debug output that was not present earlier.
On Mon, Jun 10, 2024 at 10:45 AM Andrei Borzenkov <arvidjaar@gmail.com> wrote:
On Mon, Jun 10, 2024 at 10:15 AM Stakanov via openSUSE Users <users@lists.opensuse.org> wrote:
tried that on my machine and got a huge quantity of numbers that follow the boot entry. Really a page. Are these signatures? Example from one(!) entry, now immagine I have 1, 3, 4 and 7 as entries, all come like this. What I am seeing and why I am seeing this while yours seem to be quite linear?
You are on Tumbleweed, the old --verbose flag of efibootmgr is not the
s/not/now/ Do not use --verbose on Tumbleweed. That said, boot entry can be anything and can include arbitrary data, so it is entirely up to your firmware what it puts there.
default and --verbose now adds even more debug output that was not present earlier.
In data lunedì 10 giugno 2024 11:21:43 CEST, Andrei Borzenkov ha scritto:
On Mon, Jun 10, 2024 at 10:45 AM Andrei Borzenkov <arvidjaar@gmail.com> wrote:
On Mon, Jun 10, 2024 at 10:15 AM Stakanov via openSUSE Users
<users@lists.opensuse.org> wrote:
tried that on my machine and got a huge quantity of numbers that follow the boot entry. Really a page. Are these signatures? Example from one(!) entry, now immagine I have 1, 3, 4 and 7 as entries, all come like this. What I am seeing and why I am seeing this while yours seem to be quite linear?
You are on Tumbleweed, the old --verbose flag of efibootmgr is not the
s/not/now/
Do not use --verbose on Tumbleweed.
That said, boot entry can be anything and can include arbitrary data, so it is entirely up to your firmware what it puts there.
default and --verbose now adds even more debug output that was not present earlier.
Thank you that was very informative. Appreciated.
In data domenica 9 giugno 2024 13:43:35 CEST, Carlos E. R. ha scritto:
On 2024-06-09 13:25, Stakanov via openSUSE Users wrote:
In data domenica 9 giugno 2024 06:41:54 CEST, Andrei Borzenkov ha scritto:
On 09.06.2024 00:25, Stakanov via openSUSE Users wrote:
In data sabato 8 giugno 2024 13:10:05 CEST, Masaru Nomiya ha scritto:
Please do this;
$ fwupdtool esp-list --verbose
Selected volume: /org/freedesktop/UDisks2/block_devices/sda1 /boot/efi/EFI/boot/bootx64.efi /boot/efi/EFI/boot/fallback.efi /boot/efi/EFI/boot/MokManager.efi /boot/efi/EFI/opensuse/shim.efi /boot/efi/EFI/opensuse/MokManager.efi /boot/efi/EFI/opensuse/grub.efi /boot/efi/EFI/opensuse/boot.csv /boot/efi/EFI/opensuse/grub.cfg /boot/efi/EFI/opensuse/grubx64.efi /boot/efi/EFI/grub/shim.efi /boot/efi/EFI/grub/MokManager.efi /boot/efi/EFI/grub/grub.efi /boot/efi/EFI/grub/boot.csv /boot/efi/EFI/grub/grub.cfg
That is quite a lot, I think she has multiple entries on her machine. How would one decide which one is the right one or better the broken one?
The path to the broken one was in your very first post.
Thank you for pointing to this. Remains the second obvious question: can I check with ease which one of the entries she is using when booting and which is the back up of the one she is using. So if she is not using the culprit, it should be save to eliminate it? Or should I simply force the update of it and the error will be gone? I wonder why the machine has so many entries, I installed it years ago and since then only normal zypper dup operations. Nothing fancy, no experiments. Maybe at one point we went from legacy to uefi, but I do not recall to be honest. That could have doubled the entries..... Years ago, I really do not recall.
openSUSE leap creates "opensuse" and "boot", the later as fallback. The name is set in the line "GRUB_DISTRIBUTOR=" in file /etc/default/grub.
The command "efibootmgr" lists the entries.
Telcontar:~ # efibootmgr --verbose BootCurrent: 0000 Timeout: 1 seconds BootOrder: 0000,0004,0005,0003 Boot0000* main-os-secureboot HD(1,GPT,800b649f-a2e3-4dad-b2bf- b7ecc5ef11d8,0x800,0xfa 000)/File(\EFI\MAIN-OS\SHIM.EFI) Boot0003* UEFI OS HD(1,GPT,800b649f-a2e3-4dad-b2bf-b7ecc5ef11d8,0x800,0xfa000)/ File(\EFI\B OOT\BOOTX64.EFI)..BO Boot0004* auxiliary-secureboot HD(1,GPT,800b649f-a2e3-4dad-b2bf- b7ecc5ef11d8,0x800,0x fa000)/File(\EFI\AUXILIARY\SHIM.EFI) Boot0005* UEFI OS HD(1,GPT,800b649f-a2e3-4dad-b2bf-b7ecc5ef11d8,0x800,0xfa000)/ File(\EFI\B OOT\BOOTX64.EFI)..BO Telcontar:~ #
You see the line "BootCurrent"? That's the one currently used for booting.
In the list above, you can see no "opensuse" entry because I renamed it. The lines "UEFI OS" are perhaps the BIOS config menu, or perhaps the fallback.
-- Cheers / Saludos,
Carlos E. R. (from 15.5 x86_64 at Telcontar)
Thank you, have tried it and got some insight.
Hello, I couldn't send an email and finally figured out that yesterday's update of Emacs was the cause. In the Message; Subject : Re: Shim error message about "blocked executable in ESP" Message-ID : <2986485.JigTtRx2U3@silversurfer> Date & Time: Sun, 09 Jun 2024 13:25:25 +0200 Stakanov via openSUSE Users <users@lists.opensuse.org> has written:
In data domenica 9 giugno 2024 06:41:54 CEST, Andrei Borzenkov ha scritto:
On 09.06.2024 00:25, Stakanov via openSUSE Users wrote:
In data sabato 8 giugno 2024 13:10:05 CEST, Masaru Nomiya ha scritto:
Please do this;
$ fwupdtool esp-list --verbose
Selected volume: /org/freedesktop/UDisks2/block_devices/sda1 /boot/efi/EFI/boot/bootx64.efi /boot/efi/EFI/boot/fallback.efi /boot/efi/EFI/boot/MokManager.efi /boot/efi/EFI/opensuse/shim.efi /boot/efi/EFI/opensuse/MokManager.efi /boot/efi/EFI/opensuse/grub.efi /boot/efi/EFI/opensuse/boot.csv /boot/efi/EFI/opensuse/grub.cfg /boot/efi/EFI/opensuse/grubx64.efi /boot/efi/EFI/grub/shim.efi /boot/efi/EFI/grub/MokManager.efi /boot/efi/EFI/grub/grub.efi /boot/efi/EFI/grub/boot.csv /boot/efi/EFI/grub/grub.cfg
That is quite a lot, I think she has multiple entries on her machine. How would one decide which one is the right one or better the broken one?
The path to the broken one was in your very first post. Thank you for pointing to this. Remains the second obvious question: can I check with ease which one of the entries she is using when booting and which is the back up of the one she is using. So if she is not using the culprit, it should be save to eliminate it? Or should I simply force the update of it and the error will be gone? I wonder why the machine has so many entries, I installed it years ago and since then only normal zypper dup operations. Nothing fancy, no experiments. Maybe at one point we went from legacy to uefi, but I do not recall to be honest. That could have doubled the entries..... Years ago, I really do not recall.
Have a look; https://www.suse.com/ja-jp/support/kb/doc/?id=000019909 That is, If there was a bootloader update error during patching or otherwise, it should be logged in /var/log/pbl.log. Solution is 'reinstall of GRUB bootloader. I strongly recommend reinstalling with YasT2 to be on the safe side. YaST2 --> System --> Boot Loader --> Boot Code Options --> Protective MBR flag rmove -- (then) --> set Best Regards & Good Night. --- ┏━━┓彡 野宮 賢 mail-to: nomiya @ lake.dti.ne.jp ┃\/彡 ┗━━┛ "Maddox hopes that empowering users to pick their own algorithms will get them to think more about what’s involved in making them. " -- Bluesky's Custom Algorithms Could Be the Future of Social Media --
Hello, Sorry for idiot nmistake. In the Message; Subject : Re: Shim error message about "blocked executable in ESP" Message-ID : <875xuiq6o0.wl-nomiya@lake.dti.ne.jp> Date & Time: Mon, 10 Jun 2024 04:04:31 +0900 [MN] == Masaru Nomiya <nomiya@lake.dti.ne.jp> has written: MN> Hello, MN> I couldn't send an email and finally figured out that yesterday's MN> update of Emacs was the cause. MN> In the Message; MN> Subject : Re: Shim error message about "blocked executable in ESP" MN> Message-ID : <2986485.JigTtRx2U3@silversurfer> MN> Date & Time: Sun, 09 Jun 2024 13:25:25 +0200 MN> Stakanov via openSUSE Users <users@lists.opensuse.org> has written: [..]. MN> Have a look; MN> https://www.suse.com/ja-jp/support/kb/doc/?id=000019909 MN> That is, MN> If there was a bootloader update error during patching or MN> otherwise, it should be logged in /var/log/pbl.log. MN> Solution is 'reinstall of GRUB bootloader. MN> I strongly recommend reinstalling with YasT2 to be on the safe side. MN> YaST2 --> System --> Boot Loader --> Boot Code Options MN> --> Protective MBR flag MN> rmove -- (then) --> set Since it is UEFI, MBR is irrelevant, simply, this is OK. YaST2 --> System --> Boot Loader --> Boot Code Options This will finish reintalling grub. Best Regards. --- ┏━━┓彡 Masaru Nomiya mail-to: m.nomiya+suse @ gmail.com ┃\/彡 ┗━━┛ "To hire for skills, firms will need to implement robust and intentional changes in their hiring practices ― and change is hard." -- Employers don’t practice what they preach on skills-based hiring --
On 2024-06-10 04:52, Masaru Nomiya wrote:
MN> Solution is 'reinstall of GRUB bootloader.
MN> I strongly recommend reinstalling with YasT2 to be on the safe side.
MN> YaST2 --> System --> Boot Loader --> Boot Code Options MN> --> Protective MBR flag
MN> rmove -- (then) --> set
Since it is UEFI, MBR is irrelevant, simply, this is OK.
YaST2 --> System --> Boot Loader --> Boot Code Options
This will finish reintalling grub.
Trick. To make YaST write everything (of the boot files), just change the timeout value one second up or down. -- Cheers / Saludos, Carlos E. R. (from 15.5 x86_64 at Telcontar)
Hello, In the Message; Subject : Re: Shim error message about "blocked executable in ESP" Message-ID : <cf9978c2-6213-4c4b-9669-a5a5a4576bd0@telefonica.net> Date & Time: Mon, 10 Jun 2024 13:44:12 +0200 [CER] == "Carlos E. R." <robin.listas@telefonica.net> has written: CER> On 2024-06-10 04:52, Masaru Nomiya wrote: CER> > MN> Solution is 'reinstall of GRUB bootloader. [...] MN> > Since it is UEFI, MBR is irrelevant, simply, this is OK. MN> > YaST2 --> System --> Boot Loader --> Boot Code Options MN> > This will finish reintalling grub. CER> Trick. CER> To make YaST write everything (of the boot files), just change CER> the timeout value one second up or down. On https://www.suse.com/ja-jp/support/kb/doc/?id=000019909 it is written; YaST bootloader module calls 'grub2-install' in the background, more precisely: grub2-install --target=<grub_cpu>-<grub_platform> --force --skip-fs-probe <root_disk> Using the `yast2 bootloader' module can help resolve grub issues by running the command list above and by allowing other selections. In fact, to send the mail, I operated with the unwanted file into boot partition, as did Stakabov's customer, and I saw that the unwanted file had been deleted and the efi files updated. Best Regards & Good Night. --- ┏━━┓彡 Masaru Nomiya mail-to: m.nomiya+suse @ gmail.com ┃\/彡 ┗━━┛ "It should never be said that it is OK to ignore the theoretical as long as it becomes a tool." -- T. Mori (The original is in Japanese) --
Hello, In the Message; Subject : Re: Shim error message about "blocked executable in ESP" Message-ID : <87sexplhqb.wl-nomiya@lake.dti.ne.jp> Date & Time: Fri, 07 Jun 2024 09:27:40 +0900 [MN] == Masaru Nomiya <nomiya@lake.dti.ne.jp> has written: [...] MN> How about this? MN> $ sudo fwupdmgr update --force -y Check /boot/efi/EFI/boot for old files and make a backup of /boot, then execute this. The /boot directory can also be backed up and restored using rsync, so there is no need to worry. Best Regards & Good Night. --- ┏━━┓彡 Masaru Nomiya mail-to: m.nomiya+suse @ gmail.com ┃\/彡 ┗━━┛ "The Pidahan, a minority tribe living deep in the Amazon, have no words for the past or future, and live in the 'now' in every moment." -- Toyoki Sakai (in Japanese)--
Hum. I forgot to hit send on this one. On 2024-06-06 19:00, Stakanov via openSUSE Users wrote:
Question: does Tumbleweed by chance uses "boot-repair" by default?
I ask this because of: https://github-wiki-see.page/m/fwupd/fwupd/wiki/Blocked-executable-in-the-ES...
I have here a machine the continues to complain about: Blocked executable in the ESP, ensure grub and shim are up to date: /boot/efi/ EFI/grub/shim.efi Authenticode checksum [be435df7cd28aa2a7c8db4fc8173475b77e5abf392f76b7c76fa3f698cb71a9a] is present in dbx
As there is no dual boot, it could be a similar issue. If anybody knows I am taker, thanks.
Maybe related to this one: Subject: Help! secure boot is preventing boot of debian, after opensuse update Archived-At: <https://lists.opensuse.org/archives/list/users@lists.opensuse.org/message/3B65QKMLUODAJSRM3FEPFUZRBEVCUPGL/> Archived-At: <https://lists.opensuse.org/archives/list/users@lists.opensuse.org/message/NBGIB47VSZJLQU4N55ZZAWIPHGEEKGOX/> -- Cheers / Saludos, Carlos E. R. (from 15.5 x86_64 at Telcontar)
Tumbleweed does not use boot-repair by default. The error you're encountering is due to the `shim.efi` file being blacklisted in the UEFI Secure Boot Forbidden Signature Database (DBX). To resolve this, ensure that both GRUB and Shim are updated to the latest versions available. https://retrobowl.college
participants (5)
-
Andrei Borzenkov -
Carlos E. R. -
Gilbert -
Masaru Nomiya -
Stakanov