http://bugzilla.opensuse.org/show_bug.cgi?id=917427 Bug ID: 917427 Summary: LUKS encrypted LVM without separate "/boot" fails using UEFI secure boot Classification: openSUSE Product: openSUSE Factory Version: 201501* Hardware: x86-64 OS: SUSE Other Status: NEW Severity: Normal Priority: P5 - None Component: Bootloader Assignee: jsrain@suse.com Reporter: nrickert@ameritech.net QA Contact: jsrain@suse.com Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.21 (KHTML, like Gecko) konqueror/4.14.4 Safari/537.21 Build Identifier: This is based on a test install (minimal X) using 20150201. I installed into an existing encrypted LVM. I did not use a separate unencrypted "/boot". Yast did not see a problem with this install. On reboot, I see only a grub shell. Note that I set grub distributor to "betasuse" to avoid conflict with my main install on that box. When I disable secure-boot, and select "betasuse" (rather than "betasuse-secureboot") from the UEFI boot menu, I am able to boot. If I select "betasuse-secureboot" from the menu, I am unable to boot. It looks to me as if "grubx64.efi" has the needed grub code for decryption, but {"shim.efi",grub.efi,grub.cfg} between them do not have what is needed. This is unfortunate. Avoiding an unencrypted "/boot" mainly makes sense when secure-boot is used. And that is just what doesn't work. Reproducible: Always -- You are receiving this mail because: You are on the CC list for the bug.