10

When I update my system, Kubuntu 23.10 x86_64, I get the error message:

Blocked executable in the ESP, ensure grub and shim are up to date: /media/root/3841-B9E0/EFI/debian/shimx64.efi Authenticode checksum [af79b14064601bc0987d4747af1e914a228c05d622ceda03b7a4f67014fee767] is present in dbx

Called up a list of bootups:

efibootmgr -v

I did not see the errored path in the list of available bootups, so I did:

sudo rm /media/root/3841-B9E0/EFI/debian/shimx64.efi

..and I got the following error:

rm: cannot remove '/media/root/3841-B9E0/EFI/debian/shimx64.efi': No such file or directory

What might be the problem with my attempted fix to the 'Blocked executable' error?

Doug Brunelle
  • 351
  • 3
    I have no idea why this was not answered and was even down-voted! – cipricus Apr 22 '24 at 11:45
  • I find odd the path /media/root/3841-B9E0/EFI/, it should normally be /boot/efi/EFI/. Anyway, in my case not just that file but all those in my folder were old, so I removed the whole directory /boot/efi/EFI/custom. But I followed this procedure, which is meant for purging EFI of old unused OS entries (each bullet is a separate line): • sudo sucd /boot/efi/EFIls, and then selecting my folder : • rm -rf custom. After that, the update of that UEFI dbx package worked in Discover. – cipricus Apr 22 '24 at 13:07
  • It's not an issue if secure boot are disabled, just ignores this message – bcag2 Jun 20 '25 at 06:52

2 Answers2

6

I resolved the problem by executing fwupdmgr refresh --force and fwupdmgr update --force.

resolved commands

Previously I encountered this issue:

problem

FliegendeWurst
  • 626
  • 1
  • 7
  • 23
onehao 万昊
  • 61
  • Thanks for sharing your solution! It would be helpful to transcribe the commands you used into text, as well as adding a brief explanation of what they do (and also maybe why you used the --force modifier).

    It's easier for people to copy/paste the commands if they're written out here in text form, and also it's good to have them in case the screenshot ever expires or gets taken down.

     – Hee Jin Mar 10 '25 at 21:07
  • under Ubuntu LTS 22.04, I ran the tow fwupdmgr suggested command (and reboot) with success but still have the Secure Boot dbx issue – bcag2 Jun 20 '25 at 06:19
-1

Similar error running kubuntu 24.04.3 LTS (Noble Numbat).

Running fwupdmgr update --force did not fix the issue.

Exact error message: "Blocked executable in the ESP, ensure grub and shim are up to date: failed to load /media/root/ESP/EFI/Microsoft/Boot/bootmgfw.efi: Error opening file /media/root/ESP/EFI/Microsoft/Boot/bootmgfw.efi: Permission denied"

Issue 1: the path "/media/root" does not exist. Running efibootmgr -v showed that the only occurrence of bootmgfw.efi was on "Windows Boot Manager HD(1,GPT ...". Running "lsblk", I guestimated this was /sda/sda1, which is not mounted. So, switch to root, create a mounting point and mount it: sudo su -, mkdir /mnt/sda1; mount /dev/sda1 /mnt/sda1

Re-run fwupdmgr update, new error: "Blocked executable in the ESP, ensure grub and shim are up to date: failed to load **/mnt/sda1/**EFI/Microsoft/Boot/bootmgfw.efi: Error opening file /mnt/sda1/EFI/Microsoft/Boot/bootmgfw.efi: Permission denied".

As the path is now correct, investigate the permissions... Tried running as root, tried to change the file permissions (no error but no permission change), tried changing the mount options... all with no success.

Finally, moved the files and tried again: Switch to root sudo su - Make a temp dir, keep boot stuff together mkdir /boot/tmp Move the Win EFI directory: mv /mnt/sda1/EFI /boot/tmp/

Run the update: fwupdmgr update --force ==> success!!!!

Move the Win EFI back: mv /boot/tmp/EFI /mnt/sda1/ Cleanup: rm -rf /boot/tmp

It looks like the issue is caused by the dual-boot configuration.

Update: the Windows boot worked fine.

David Robson
  • 159