Hello, In the Message; Subject : Re: Shim error message about "blocked executable in ESP" Message-ID : <0a8b0630-a849-4038-81df-921658d04074@gmail.com> Date & Time: Fri, 7 Jun 2024 07:05:15 +0300 [AB] == Andrei Borzenkov has written: AB> On 07.06.2024 03:27, Masaru Nomiya wrote: [...] N> > It says that it could not update the UEFI dbx. AB> No. What it says - if dbx is updated the system may become AB> unbootable because there is EFI binary that will be blocked from AB> execution. And it shows the exact name of this binary. Now it is AB> up to the system administrator to decide wheth this binary is AB> needed and should be updated or is not needed and can be removed. Is it? In https://github-wiki-see.page/m/fwupd/fwupd/wiki/Blocked-executable-in-the-ES... he also says; This means that the bootloader placed in the UEFI removable path has not been updated. Are we wrong? MN>> How about this? MN> > $ sudo fwupdmgr update --force -y AB> bor@bor-Latitude-E5450:~$ LANG=C rm -r / AB> rm: it is dangerous to operate recursively on '/' AB> rm: use --no-preserve-root to override this failsafe AB> bor@bor-Latitude-E5450:~$ AB> So your advice would be to force the operation? I know exactly what you mean. He should certainly check /boot/efi/EFI/boot once to see if there are any old ones there. --- ┏━━┓彡 Masaru Nomiya mail-to: m.nomiya+suse @ gmail.com ┃＼／彡 ┗━━┛ "Distinguish between what is meaningful to me and what is meaningless, and forget what is meaningless to me. This is where individuality comes into play. This is a function that computer cannot perform." -- Shigehiko Toyama (in Japanes) --

In data venerdì 7 giugno 2024 07:00:49 CEST, Masaru Nomiya ha scritto:

Hello,

Sorry, forgot to add.

In the Message;

Subject : Re: Shim error message about "blocked executable in ESP" Message-ID : <87tti5pdup.wl-nomiya@lake.dti.ne.jp> Date & Time: Fri, 07 Jun 2024 13:37:50 +0900

[MN] == Masaru Nomiya has written:

MN> Hello,

MN> In the Message;

MN> Subject : Re: Shim error message about "blocked executable in ESP" MN> Message-ID : <0a8b0630-a849-4038-81df-921658d04074@gmail.com> MN> Date & Time: Fri, 7 Jun 2024 07:05:15 +0300

MN> [AB] == Andrei Borzenkov has written:

AB> On 07.06.2024 03:27, Masaru Nomiya wrote: MN> [...] N> > It says that it could not update the UEFI dbx.

AB> No. What it says - if dbx is updated the system may become AB> unbootable because there is EFI binary that will be blocked from AB> execution. And it shows the exact name of this binary. Now it is AB> up to the system administrator to decide wheth this binary is AB> needed and should be updated or is not needed and can be removed.

MN> Is it?

MN> In MN> https://github-wiki-see.page/m/fwupd/fwupd/wiki/Blocked-executable-in-the-E SP%2C-ensure-grub-and-shim-are-up-to-date

MN> he also says;

MN> This means that the bootloader placed in the UEFI removable path MN> has not been updated.

MN> Are we wrong?

MN>> How about this?

MN> > $ sudo fwupdmgr update --force -y

AB> bor@bor-Latitude-E5450:~$ LANG=C rm -r / AB> rm: it is dangerous to operate recursively on '/' AB> rm: use --no-preserve-root to override this failsafe AB> bor@bor-Latitude-E5450:~$

AB> So your advice would be to force the operation?

MN> I know exactly what you mean. MN> He should certainly check /boot/efi/EFI/boot once to see if there are MN> any old ones there.

What is your solution, Andrei?

--- ┏━━┓彡 Masaru Nomiya ┃＼／彡 ┗━━┛ "Maddox hopes that empowering users to pick their own algorithms will get them to think more about what’s involved in making them. "

-- Bluesky's Custom Algorithms Could Be the Future of Social Media

Hello and thank you for your very appreciated help. I actually did suspect that there is something left behind in /boot (and as I will be again in Italy this year, I will take care of it once I have my hands on the machine). What is puzzling me is why this did happen to /boot as no dual boot or other OS was installed on the machine. Maybe I will be able to have me send the content of the disc as list by the user. If I well understood, the fwupd should not attempt by itself to do the update and the rest of the system should update normally? Or should I tell the user to stop doing updates until the issue is resolved? Thank you.

Hello,

In the Message;

Subject : Re: Shim error message about "blocked executable in ESP" Message-ID : <2009245.7nSxpqYiop@silversurfer> Date & Time: Fri, 07 Jun 2024 16:56:40 +0200

Stakanov via openSUSE Users has written:

...

In data venerdì 7 giugno 2024 07:00:49 CEST, Masaru Nomiya ha scritto:

[...]

...

Hello and thank you for your very appreciated help. I actually did suspect that there is something left behind in /boot (and as I will be again in Italy this year, I will take care of it once I have my hands on the machine). ;-) I give you now a task, when you are in Italy you have to stop by at a few very important places. One is Bologna (underrated) and you visit the Cathedral to see the pendulum of Foucault, a Merdian (if you come at the solstice of summer you will appreciate. Oldest university of the world (albeit not always

In data sabato 8 giugno 2024 03:36:56 CEST, Masaru Nomiya ha scritto: the most efficient) and an interesting surrounding, it is also close to the (IMO) overrated Florence. For the other place to visit you will tell me when you leave writing me a PM and will give you all I have seen in decades living there.

Italy....

When I saw Torre di Pisa, I was impressed that this is where Galileo is said to have conducted his famous experiment.

...

What is puzzling me is why this did happen to /boot as no dual boot or other OS was installed on the machine.

It is said that this phenomenon can be caused by firmware updates.

...

Maybe I will be able to have me send the content of the disc as list by the user.

It would be good to know the contents of /boot/efi/EFI/boot.

...

If I well understood, the fwupd should not

attempt by itself to do the update and the rest of the system should update normally? Or should I tell the user to stop doing updates until the issue is resolved?

I see what you mean!!

In such case, you need to know if the model the user is using supports the fwupd tool (You can find out on the manufacturer's website.).

It is better not to let the user do this, since it would require deleting old efi files left in /boot/efi/EFI/boot, as well as the question of whether fwupd is supported.

The problem did actually arise since the introduction of discovery, as the zypper does not call fwupd. I will get today a listing of /boot I guess

Sorry, but I don't know what to do if the user's usage model does not support the fwupd tool.

I really appreciate your kindness and I do not expect you to be almighty ;-) Seriously, ありがとうございました!

In data sabato 8 giugno 2024 13:10:05 CEST, Masaru Nomiya ha scritto:

Please do this;

$ fwupdtool esp-list --verbose

Selected volume: /org/freedesktop/UDisks2/block_devices/sda1 /boot/efi/EFI/boot/bootx64.efi /boot/efi/EFI/boot/fallback.efi /boot/efi/EFI/boot/MokManager.efi /boot/efi/EFI/opensuse/shim.efi /boot/efi/EFI/opensuse/MokManager.efi /boot/efi/EFI/opensuse/grub.efi /boot/efi/EFI/opensuse/boot.csv /boot/efi/EFI/opensuse/grub.cfg /boot/efi/EFI/opensuse/grubx64.efi /boot/efi/EFI/grub/shim.efi /boot/efi/EFI/grub/MokManager.efi /boot/efi/EFI/grub/grub.efi /boot/efi/EFI/grub/boot.csv /boot/efi/EFI/grub/grub.cfg That is quite a lot, I think she has multiple entries on her machine. How would one decide which one is the right one or better the broken one?

In data domenica 9 giugno 2024 01:11:15 CEST, Masaru Nomiya ha scritto:

Is Tumbleweed the only one that shows up in the boot menu?

Well, there is: opensuse Tumbleweed Advanced options for opensuse Tumbleweed Opensuse Tumbleweed memtest Uefi Firmware settings Start bootloader from read only snapshot Humm, either memtest could be the issue or "uefi firmware settings" (never looked into it to tell the truth.

In data lunedì 10 giugno 2024 21:56:08 CEST, Carlos E. R. ha scritto:

On 2024-06-10 21:07, Stakanov via openSUSE Users wrote:

...

In data domenica 9 giugno 2024 01:11:15 CEST, Masaru Nomiya ha scritto:

...

Is Tumbleweed the only one that shows up in the boot menu?

Well, there is:

opensuse Tumbleweed Advanced options for opensuse Tumbleweed Opensuse Tumbleweed memtest Uefi Firmware settings Start bootloader from read only snapshot

That's the Grub menu.

There is a previous menu that usually doesn't display, unless you press certain button during boot (can be a hidden button that needs a paperclip). That menu offers what operating system to boot.

That menu is presented by the computer firmware, and reads data from /boot/efi partition and some internal flash memory in the motherboard.

-- Cheers / Saludos,

Carlos E. R.

(from openSUSE 15.5 (Laicolasse))

Ah, I get it, the F12 (to see the alternative boot options (boot override). That is in the BIOS indeed, I will have a look, but I really doubt there is other than the usual options: uefi system Tumbleweed uefi There are always these two even on my PC, not knowing exactly why the BIOS does force the presence of the "uefi system" entry, I think this is a kind of obligatory fall back, but good, will do it. And Carlos....muchas gracias!

In data martedì 11 giugno 2024 13:14:41 CEST, Carlos E. R. ha scritto:

On 2024-06-11 08:50, Stakanov via openSUSE Users wrote:

...

In data lunedì 10 giugno 2024 21:56:08 CEST, Carlos E. R. ha scritto:

...

On 2024-06-10 21:07, Stakanov via openSUSE Users wrote:

...

In data domenica 9 giugno 2024 01:11:15 CEST, Masaru Nomiya ha scritto:

...

Is Tumbleweed the only one that shows up in the boot menu?

Well, there is:

opensuse Tumbleweed Advanced options for opensuse Tumbleweed Opensuse Tumbleweed memtest Uefi Firmware settings Start bootloader from read only snapshot

That's the Grub menu.

There is a previous menu that usually doesn't display, unless you press certain button during boot (can be a hidden button that needs a paperclip). That menu offers what operating system to boot.

That menu is presented by the computer firmware, and reads data from /boot/efi partition and some internal flash memory in the motherboard.

...

Ah, I get it, the F12 (to see the alternative boot options (boot override).

That is in the BIOS indeed, I will have a look, but I really

...

doubt there is other than the usual options: uefi system Tumbleweed uefi

There are always these two even on my PC, not knowing exactly why the BIOS does force the presence of the "uefi system" entry, I think this is a kind of obligatory fall back, but good, will do it.

And Carlos....muchas gracias!

The thing is, your problem is related to that primary boot system and menu.

-- Cheers / Saludos,

Carlos E. R. (from 15.5 x86_64 at Telcontar)

I doubt I can do this while I am far away. Hope to be able to get my hands on the machine, then I am more confident to handle problems like things going really South on that machine while repairing. There is nothing holy in the setup, a fresh install after a repair went wrong is not a big deal given that the /home is separate....for me. Albeit not for the user.

In data domenica 9 giugno 2024 06:41:54 CEST, Andrei Borzenkov ha scritto:

On 09.06.2024 00:25, Stakanov via openSUSE Users wrote:

...

In data sabato 8 giugno 2024 13:10:05 CEST, Masaru Nomiya ha scritto:

...

Please do this;

$ fwupdtool esp-list --verbose

Selected volume: /org/freedesktop/UDisks2/block_devices/sda1 /boot/efi/EFI/boot/bootx64.efi /boot/efi/EFI/boot/fallback.efi /boot/efi/EFI/boot/MokManager.efi /boot/efi/EFI/opensuse/shim.efi /boot/efi/EFI/opensuse/MokManager.efi /boot/efi/EFI/opensuse/grub.efi /boot/efi/EFI/opensuse/boot.csv /boot/efi/EFI/opensuse/grub.cfg /boot/efi/EFI/opensuse/grubx64.efi /boot/efi/EFI/grub/shim.efi /boot/efi/EFI/grub/MokManager.efi /boot/efi/EFI/grub/grub.efi /boot/efi/EFI/grub/boot.csv /boot/efi/EFI/grub/grub.cfg

That is quite a lot, I think she has multiple entries on her machine. How would one decide which one is the right one or better the broken one?

The path to the broken one was in your very first post. Thank you for pointing to this. Remains the second obvious question: can I check with ease which one of the entries she is using when booting and which is the back up of the one she is using. So if she is not using the culprit, it should be save to eliminate it? Or should I simply force the update of it and the error will be gone? I wonder why the machine has so many entries, I installed it years ago and since then only normal zypper dup operations. Nothing fancy, no experiments. Maybe at one point we went from legacy to uefi, but I do not recall to be honest. That could have doubled the entries..... Years ago, I really do not recall.

In data domenica 9 giugno 2024 13:43:35 CEST, Carlos E. R. ha scritto:

On 2024-06-09 13:25, Stakanov via openSUSE Users wrote:

...

In data domenica 9 giugno 2024 06:41:54 CEST, Andrei Borzenkov ha scritto:

...

On 09.06.2024 00:25, Stakanov via openSUSE Users wrote:

...

In data sabato 8 giugno 2024 13:10:05 CEST, Masaru Nomiya ha scritto:

...

Please do this;

$ fwupdtool esp-list --verbose

Selected volume: /org/freedesktop/UDisks2/block_devices/sda1 /boot/efi/EFI/boot/bootx64.efi /boot/efi/EFI/boot/fallback.efi /boot/efi/EFI/boot/MokManager.efi /boot/efi/EFI/opensuse/shim.efi /boot/efi/EFI/opensuse/MokManager.efi /boot/efi/EFI/opensuse/grub.efi /boot/efi/EFI/opensuse/boot.csv /boot/efi/EFI/opensuse/grub.cfg /boot/efi/EFI/opensuse/grubx64.efi /boot/efi/EFI/grub/shim.efi /boot/efi/EFI/grub/MokManager.efi /boot/efi/EFI/grub/grub.efi /boot/efi/EFI/grub/boot.csv /boot/efi/EFI/grub/grub.cfg

That is quite a lot, I think she has multiple entries on her machine. How would one decide which one is the right one or better the broken one?

The path to the broken one was in your very first post.

Thank you for pointing to this. Remains the second obvious question: can I check with ease which one of the entries she is using when booting and which is the back up of the one she is using. So if she is not using the culprit, it should be save to eliminate it? Or should I simply force the update of it and the error will be gone? I wonder why the machine has so many entries, I installed it years ago and since then only normal zypper dup operations. Nothing fancy, no experiments. Maybe at one point we went from legacy to uefi, but I do not recall to be honest. That could have doubled the entries..... Years ago, I really do not recall.

openSUSE leap creates "opensuse" and "boot", the later as fallback. The name is set in the line "GRUB_DISTRIBUTOR=" in file /etc/default/grub.

The command "efibootmgr" lists the entries.

Telcontar:~ # efibootmgr --verbose BootCurrent: 0000 Timeout: 1 seconds BootOrder: 0000,0004,0005,0003 Boot0000* main-os-secureboot HD(1,GPT,800b649f-a2e3-4dad-b2bf- b7ecc5ef11d8,0x800,0xfa 000)/File(\EFI\MAIN-OS\SHIM.EFI) Boot0003* UEFI OS HD(1,GPT,800b649f-a2e3-4dad-b2bf-b7ecc5ef11d8,0x800,0xfa000)/ File(\EFI\B OOT\BOOTX64.EFI)..BO Boot0004* auxiliary-secureboot HD(1,GPT,800b649f-a2e3-4dad-b2bf- b7ecc5ef11d8,0x800,0x fa000)/File(\EFI\AUXILIARY\SHIM.EFI) Boot0005* UEFI OS HD(1,GPT,800b649f-a2e3-4dad-b2bf-b7ecc5ef11d8,0x800,0xfa000)/ File(\EFI\B OOT\BOOTX64.EFI)..BO Telcontar:~ #

You see the line "BootCurrent"? That's the one currently used for booting.

In the list above, you can see no "opensuse" entry because I renamed it. The lines "UEFI OS" are perhaps the BIOS config menu, or perhaps the fallback.

-- Cheers / Saludos,

Carlos E. R. (from 15.5 x86_64 at Telcontar)

tried that on my machine and got a huge quantity of numbers that follow the boot entry. Really a page. Are these signatures? Example from one(!) entry, now immagine I have 1, 3, 4 and 7 as entries, all come like this. What I am seeing and why I am seeing this while yours seem to be quite linear? oot0003* Hard Drive BBS(HD,, 0x0)0000474f00004e4fa300000001000000810049004e00540045004e0053004f0000000501090002000000007fff040002010c00d041030a0000000001010600020101010600000001010600000901010600000003120a000000ffff00007fff040001043e00ef47642dc93ba041ac194d51d01b4ce64100410030003000300030003000300030003000300030003000300030003000330034003200350000007fff04000000424f00004e4fa300000001000000810049004e00540045004e0053004f0000000501090002000000007fff040002010c00d041030a0000000001010600020101010600000001010600000901010600000003120a000100ffff00007fff040001043e00ef47642dc93ba041ac194d51d01b4ce64100410030003000300030003000300030003000300030003000300030003000360034003700330000007fff04000000424f00004e4fbd0000000100000081005700440043002000570044003400300045004600520058002d00360038004e00330032004e00300000000501090002000000007fff040002010c00d041030a0000000001010600020101010600000001010600000901010600000003120a000200ffff00007fff040001043e00ef47642dc93ba041ac194d51d01b4ce62000200020002000570020002d004400430057003700430036004b0053004b00530033004b004c0000007fff04000000424f00004e4fab00000001000000810049004e00540045004e0053004f00200053005300440000000501090002000000007fff040002010c00d041030a0000000001010600020101010600000001010600000901010600000003120a000300ffff00007fff040001043e00ef47642dc93ba041ac194d51d01b4ce64100410030003000300030003000300030003000300030003000300030003000300031003500340000007fff04000000424f00004e4fc300000001000000810057004400430020002000570044005300320035003000470032004200300041002d003000300053004d003500300000000501090002000000007fff040002010c00d041030a0000000001010600020101010600000001010600000a01010600000003120a000000ffff00007fff040001043e00ef47642dc93ba041ac194d51d01b4ce63900310036003200360038003000380034003200310030002000200020002000200020002000200000007fff04000000424f00004e4fbd00000001000000810057004400430020005700440038003000450046005a005a002d00360038004200540058004e00300000000501090002000000007fff040002010c00d041030a0000000001010600020101010600000001010600000a01010600000003120a000100ffff00007fff040001043e00ef47642dc93ba041ac194d51d01b4ce620002000200020002000200020002000570020002d004400410043005a0030004c0047004b00370000007fff04000000424f00004e4fbd00000001000000810057004400430020005700440038003000450046005a005a002d00360038004200540058004e00300000000501090002000000007fff040002010c00d041030a0000000001010600020101010600000001010600000a01010600000003120a000400ffff00007fff040001043e00ef47642dc93ba041ac194d51d01b4ce620002000200020002000200020002000570020002d004400410043003300310057005a004b00540000007fff04000000424f00004e4fbd0000000100000081005700440043002000570044003400300045004600520058002d00360038004e00330032004e00300000000501090002000000007fff040002010c00d041030a0000000001010600020101010600000001010600000a01010600000003120a000500ffff00007fff040001043e00ef47642dc93ba041ac194d51d01b4ce62000200020002000570020002d004400430057003700430030004b004b004500580038003200320000007fff04000000424f dp: 05 01 09 00 02 00 00 00 00 / 7f ff 04 00 data: 00 00 47 4f 00 00 4e 4f a3 00 00 00 01 00 00 00 81 00 49 00 4e 00 54 00 45 00 4e 00 53 00 4f 00 00 00 05 01 09 00 02 00 00 00 00 7f ff 04 00 02 01 0c 00 d0 41 03 0a 00 00 00 00 01 01 06 00 02 01 01 01 06 00 00 00 01 01 06 00 00 09 01 01 06 00 00 00 03 12 0a 00 00 00 ff ff 00 00 7f ff 04 00 01 04 3e 00 ef 47 64 2d c9 3b a0 41 ac 19 4d 51 d0 1b 4c e6 41 00 41 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 33 00 34 00 32 00 35 00 00 00 7f ff 04 00 00 00 42 4f 00 00 4e 4f a3 00 00 00 01 00 00 00 81 00 49 00 4e 00 54 00 45 00 4e 00 53 00 4f 00 00 00 05 01 09 00 02 00 00 00 00 7f ff 04 00 02 01 0c 00 d0 41 03 0a 00 00 00 00 01 01 06 00 02 01 01 01 06 00 00 00 01 01 06 00 00 09 01 01 06 00 00 00 03 12 0a 00 01 00 ff ff 00 00 7f ff 04 00 01 04 3e 00 ef 47 64 2d c9 3b a0 41 ac 19 4d 51 d0 1b 4c e6 41 00 41 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 36 00 34 00 37 00 33 00 00 00 7f ff 04 00 00 00 42 4f 00 00 4e 4f bd 00 00 00 01 00 00 00 81 00 57 00 44 00 43 00 20 00 57 00 44 00 34 00 30 00 45 00 46 00 52 00 58 00 2d 00 36 00 38 00 4e 00 33 00 32 00 4e 00 30 00 00 00 05 01 09 00 02 00 00 00 00 7f ff 04 00 02 01 0c 00 d0 41 03 0a 00 00 00 00 01 01 06 00 02 01 01 01 06 00 00 00 01 01 06 00 00 09 01 01 06 00 00 00 03 12 0a 00 02 00 ff ff 00 00 7f ff 04 00 01 04 3e 00 ef 47 64 2d c9 3b a0 41 ac 19 4d 51 d0 1b 4c e6 20 00 20 00 20 00 20 00 57 00 20 00 2d 00 44 00 43 00 57 00 37 00 43 00 36 00 4b 00 53 00 4b 00 53 00 33 00 4b 00 4c 00 00 00 7f ff 04 00 00 00 42 4f 00 00 4e 4f ab 00 00 00 01 00 00 00 81 00 49 00 4e 00 54 00 45 00 4e 00 53 00 4f 00 20 00 53 00 53 00 44 00 00 00 05 01 09 00 02 00 00 00 00 7f ff 04 00 02 01 0c 00 d0 41 03 0a 00 00 00 00 01 01 06 00 02 01 01 01 06 00 00 00 01 01 06 00 00 09 01 01 06 00 00 00 03 12 0a 00 03 00 ff ff 00 00 7f ff 04 00 01 04 3e 00 ef 47 64 2d c9 3b a0 41 ac 19 4d 51 d0 1b 4c e6 41 00 41 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 31 00 35 00 34 00 00 00 7f ff 04 00 00 00 42 4f 00 00 4e 4f c3 00 00 00 01 00 00 00 81 00 57 00 44 00 43 00 20 00 20 00 57 00 44 00 53 00 32 00 35 00 30 00 47 00 32 00 42 00 30 00 41 00 2d 00 30 00 30 00 53 00 4d 00 35 00 30 00 00 00 05 01 09 00 02 00 00 00 00 7f ff 04 00 02 01 0c 00 d0 41 03 0a 00 00 00 00 01 01 06 00 02 01 01 01 06 00 00 00 01 01 06 00 00 0a 01 01 06 00 00 00 03 12 0a 00 00 00 ff ff 00 00 7f ff 04 00 01 04 3e 00 ef 47 64 2d c9 3b a0 41 ac 19 4d 51 d0 1b 4c e6 39 00 31 00 36 00 32 00 36 00 38 00 30 00 38 00 34 00 32 00 31 00 30 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 00 00 7f ff 04 00 00 00 42 4f 00 00 4e 4f bd 00 00 00 01 00 00 00 81 00 57 00 44 00 43 00 20 00 57 00 44 00 38 00 30 00 45 00 46 00 5a 00 5a 00 2d 00 36 00 38 00 42 00 54 00 58 00 4e 00 30 00 00 00 05 01 09 00 02 00 00 00 00 7f ff 04 00 02 01 0c 00 d0 41 03 0a 00 00 00 00 01 01 06 00 02 01 01 01 06 00 00 00 01 01 06 00 00 0a 01 01 06 00 00 00 03 12 0a 00 01 00 ff ff 00 00 7f ff 04 00 01 04 3e 00 ef 47 64 2d c9 3b a0 41 ac 19 4d 51 d0 1b 4c e6 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 57 00 20 00 2d 00 44 00 41 00 43 00 5a 00 30 00 4c 00 47 00 4b 00 37 00 00 00 7f ff 04 00 00 00 42 4f 00 00 4e 4f bd 00 00 00 01 00 00 00 81 00 57 00 44 00 43 00 20 00 57 00 44 00 38 00 30 00 45 00 46 00 5a 00 5a 00 2d 00 36 00 38 00 42 00 54 00 58 00 4e 00 30 00 00 00 05 01 09 00 02 00 00 00 00 7f ff 04 00 02 01 0c 00 d0 41 03 0a 00 00 00 00 01 01 06 00 02 01 01 01 06 00 00 00 01 01 06 00 00 0a 01 01 06 00 00 00 03 12 0a 00 04 00 ff ff 00 00 7f ff 04 00 01 04 3e 00 ef 47 64 2d c9 3b a0 41 ac 19 4d 51 d0 1b 4c e6 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 57 00 20 00 2d 00 44 00 41 00 43 00 33 00 31 00 57 00 5a 00 4b 00 54 00 00 00 7f ff 04 00 00 00 42 4f 00 00 4e 4f bd 00 00 00 01 00 00 00 81 00 57 00 44 00 43 00 20 00 57 00 44 00 34 00 30 00 45 00 46 00 52 00 58 00 2d 00 36 00 38 00 4e 00 33 00 32 00 4e 00 30 00 00 00 05 01 09 00 02 00 00 00 00 7f ff 04 00 02 01 0c 00 d0 41 03 0a 00 00 00 00 01 01 06 00 02 01 01 01 06 00 00 00 01 01 06 00 00 0a 01 01 06 00 00 00 03 12 0a 00 05 00 ff ff 00 00 7f ff 04 00 01 04 3e 00 ef 47 64 2d c9 3b a0 41 ac 19 4d 51 d0 1b 4c e6 20 00 20 00 20 00 20 00 57 00 20 00 2d 00 44 00 43 00 57 00 37 00 43 00 30 00 4b 00 4b 00 45 00 58 00 38 00 32 00 32 00 00 00 7f ff 04 00 00 00 42 4f

On Mon, Jun 10, 2024 at 10:45 AM Andrei Borzenkov wrote:

On Mon, Jun 10, 2024 at 10:15 AM Stakanov via openSUSE Users wrote:

...

tried that on my machine and got a huge quantity of numbers that follow the boot entry. Really a page. Are these signatures? Example from one(!) entry, now immagine I have 1, 3, 4 and 7 as entries, all come like this. What I am seeing and why I am seeing this while yours seem to be quite linear?

You are on Tumbleweed, the old --verbose flag of efibootmgr is not the

s/not/now/ Do not use --verbose on Tumbleweed. That said, boot entry can be anything and can include arbitrary data, so it is entirely up to your firmware what it puts there.

default and --verbose now adds even more debug output that was not present earlier.

In data domenica 9 giugno 2024 13:43:35 CEST, Carlos E. R. ha scritto:

On 2024-06-09 13:25, Stakanov via openSUSE Users wrote:

...

In data domenica 9 giugno 2024 06:41:54 CEST, Andrei Borzenkov ha scritto:

...

On 09.06.2024 00:25, Stakanov via openSUSE Users wrote:

...

In data sabato 8 giugno 2024 13:10:05 CEST, Masaru Nomiya ha scritto:

...

Please do this;

$ fwupdtool esp-list --verbose

Selected volume: /org/freedesktop/UDisks2/block_devices/sda1 /boot/efi/EFI/boot/bootx64.efi /boot/efi/EFI/boot/fallback.efi /boot/efi/EFI/boot/MokManager.efi /boot/efi/EFI/opensuse/shim.efi /boot/efi/EFI/opensuse/MokManager.efi /boot/efi/EFI/opensuse/grub.efi /boot/efi/EFI/opensuse/boot.csv /boot/efi/EFI/opensuse/grub.cfg /boot/efi/EFI/opensuse/grubx64.efi /boot/efi/EFI/grub/shim.efi /boot/efi/EFI/grub/MokManager.efi /boot/efi/EFI/grub/grub.efi /boot/efi/EFI/grub/boot.csv /boot/efi/EFI/grub/grub.cfg

That is quite a lot, I think she has multiple entries on her machine. How would one decide which one is the right one or better the broken one?

The path to the broken one was in your very first post.

Thank you for pointing to this. Remains the second obvious question: can I check with ease which one of the entries she is using when booting and which is the back up of the one she is using. So if she is not using the culprit, it should be save to eliminate it? Or should I simply force the update of it and the error will be gone? I wonder why the machine has so many entries, I installed it years ago and since then only normal zypper dup operations. Nothing fancy, no experiments. Maybe at one point we went from legacy to uefi, but I do not recall to be honest. That could have doubled the entries..... Years ago, I really do not recall.

openSUSE leap creates "opensuse" and "boot", the later as fallback. The name is set in the line "GRUB_DISTRIBUTOR=" in file /etc/default/grub.

The command "efibootmgr" lists the entries.

Telcontar:~ # efibootmgr --verbose BootCurrent: 0000 Timeout: 1 seconds BootOrder: 0000,0004,0005,0003 Boot0000* main-os-secureboot HD(1,GPT,800b649f-a2e3-4dad-b2bf- b7ecc5ef11d8,0x800,0xfa 000)/File(\EFI\MAIN-OS\SHIM.EFI) Boot0003* UEFI OS HD(1,GPT,800b649f-a2e3-4dad-b2bf-b7ecc5ef11d8,0x800,0xfa000)/ File(\EFI\B OOT\BOOTX64.EFI)..BO Boot0004* auxiliary-secureboot HD(1,GPT,800b649f-a2e3-4dad-b2bf- b7ecc5ef11d8,0x800,0x fa000)/File(\EFI\AUXILIARY\SHIM.EFI) Boot0005* UEFI OS HD(1,GPT,800b649f-a2e3-4dad-b2bf-b7ecc5ef11d8,0x800,0xfa000)/ File(\EFI\B OOT\BOOTX64.EFI)..BO Telcontar:~ #

You see the line "BootCurrent"? That's the one currently used for booting.

In the list above, you can see no "opensuse" entry because I renamed it. The lines "UEFI OS" are perhaps the BIOS config menu, or perhaps the fallback.

-- Cheers / Saludos,

Carlos E. R. (from 15.5 x86_64 at Telcontar)

Thank you, have tried it and got some insight.

Hello, Sorry for idiot nmistake. In the Message; Subject : Re: Shim error message about "blocked executable in ESP" Message-ID : <875xuiq6o0.wl-nomiya@lake.dti.ne.jp> Date & Time: Mon, 10 Jun 2024 04:04:31 +0900 [MN] == Masaru Nomiya has written: MN> Hello, MN> I couldn't send an email and finally figured out that yesterday's MN> update of Emacs was the cause. MN> In the Message; MN> Subject : Re: Shim error message about "blocked executable in ESP" MN> Message-ID : <2986485.JigTtRx2U3@silversurfer> MN> Date & Time: Sun, 09 Jun 2024 13:25:25 +0200 MN> Stakanov via openSUSE Users has written: [..]. MN> Have a look; MN> https://www.suse.com/ja-jp/support/kb/doc/?id=000019909 MN> That is, MN> If there was a bootloader update error during patching or MN> otherwise, it should be logged in /var/log/pbl.log. MN> Solution is 'reinstall of GRUB bootloader. MN> I strongly recommend reinstalling with YasT2 to be on the safe side. MN> YaST2 --> System --> Boot Loader --> Boot Code Options MN> --> Protective MBR flag MN> rmove -- (then) --> set Since it is UEFI, MBR is irrelevant, simply, this is OK. YaST2 --> System --> Boot Loader --> Boot Code Options This will finish reintalling grub. Best Regards. --- ┏━━┓彡 Masaru Nomiya mail-to: m.nomiya+suse @ gmail.com ┃＼／彡 ┗━━┛ "To hire for skills, firms will need to implement robust and intentional changes in their hiring practices ― and change is hard." -- Employers don’t practice what they preach on skills-based hiring --

Hello, In the Message; Subject : Re: Shim error message about "blocked executable in ESP" Message-ID : Date & Time: Mon, 10 Jun 2024 13:44:12 +0200 [CER] == "Carlos E. R." has written: CER> On 2024-06-10 04:52, Masaru Nomiya wrote: CER> > MN> Solution is 'reinstall of GRUB bootloader. [...] MN> > Since it is UEFI, MBR is irrelevant, simply, this is OK. MN> > YaST2 --> System --> Boot Loader --> Boot Code Options MN> > This will finish reintalling grub. CER> Trick. CER> To make YaST write everything (of the boot files), just change CER> the timeout value one second up or down. On https://www.suse.com/ja-jp/support/kb/doc/?id=000019909 it is written; YaST bootloader module calls 'grub2-install' in the background, more precisely: grub2-install --target=- --force --skip-fs-probe Using the `yast2 bootloader' module can help resolve grub issues by running the command list above and by allowing other selections. In fact, to send the mail, I operated with the unwanted file into boot partition, as did Stakabov's customer, and I saw that the unwanted file had been deleted and the efi files updated. Best Regards & Good Night. --- ┏━━┓彡 Masaru Nomiya mail-to: m.nomiya+suse @ gmail.com ┃＼／彡 ┗━━┛ "It should never be said that it is OK to ignore the theoretical as long as it becomes a tool." -- T. Mori (The original is in Japanese) --