Configuration update. Secure Boot dbx

Hello, dear Fedora Community! I do not know how to solve this problem:
Blocked executable in the ESP, ensure grub and shim are up to date: /boot/efi/EFI/Microsoft/Boot/bootmgfw.efi Authenticode checksum [84d75f7a8913d66db946eaf1480eaddec3063d27a6f625f040b406718abcac44] is present in dbx

I use Fedora Workstation with GNOME. I just want to update Built-in firmware and get this error.

Should I use any other Spin instead of Workstation with GNOME? Because I did not know about this problem when I used Sway Spin, for example.

And If I leave it, will I get dangerous vulnerabilities of Secure Boot or other sides of Fedora OS?

My PC config:
Fedora Linux 40 (Workstation Edition)
Lenovo Lenovo ideapad 320-15ABR
RAM: 6,0 GB
Hard drive: 500,1 GB

P.S. I use double boot: Fedora Workstation and WIndows 8.1.

This looks like your WIndows boot loader needs updating.

Before updating the dbx, the system checks the ESP if there are any efi programs that would be blocked by the new dbx entries. Microsoft/Boot/bootmgfw.efi appears to be one of them so it needs to be replaced by an up-to-date version.

1 Like

If I do not change anything, will this be dangerous for my Laptop and OS?

I would start updating windows since windows 8 support ended January 2023 that windows side is more risk than fedora side and that might cause the issues

Also windows 10 is getting end of life soon

1 Like

But I almost all the time use Fedora OS. I use Windows very very rarely. Is it still dangerous? Also I have antivirus on Windows 8.1.

I really don’t know. It depends on how you use your system, and the best security defense is still between the chair and the keyboard.


Just guessing, but since windows 8.1 has not been supported for some time and the dbx is maintained by microsoft , it probably will be unable to update that dbx for you at all. You may be able to update windows (it was free to update to windows 10) then update that dbx.

The older system you are on may not be able to run windows 11 due to hardware requirements (TPM module) but I think it is still possible to get windows 10 install media.

Another option would be to completely forego windows and use linux 100%. I have done that and been happy for many years.

1 Like

You can run 100% Fedora for the host and use Widows in a VM if it is rarely, that to me makes the most sense. Especially with Win7/8.1 as they run fine for me in VM, including using USB and Serial communication, etc… So does Win 10 for that matter.

1 Like

And for now are you still using only LInux?

My laptop was delivered with windows 10 several years ago. I boot to windows to keep it updated but do nothing else in that OS.
Linux (Specifically Fedora) has been my OS of choice for about 20 years.

1 Like