Bug ID | 917427 |
---|---|
Summary | LUKS encrypted LVM without separate "/boot" fails using UEFI secure boot |
Classification | openSUSE |
Product | openSUSE Factory |
Version | 201501* |
Hardware | x86-64 |
OS | SUSE Other |
Status | NEW |
Severity | Normal |
Priority | P5 - None |
Component | Bootloader |
Assignee | jsrain@suse.com |
Reporter | nrickert@ameritech.net |
QA Contact | jsrain@suse.com |
Found By | --- |
Blocker | --- |
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.21 (KHTML, like Gecko) konqueror/4.14.4 Safari/537.21 Build Identifier: This is based on a test install (minimal X) using 20150201. I installed into an existing encrypted LVM. I did not use a separate unencrypted "/boot". Yast did not see a problem with this install. On reboot, I see only a grub shell. Note that I set grub distributor to "betasuse" to avoid conflict with my main install on that box. When I disable secure-boot, and select "betasuse" (rather than "betasuse-secureboot") from the UEFI boot menu, I am able to boot. If I select "betasuse-secureboot" from the menu, I am unable to boot. It looks to me as if "grubx64.efi" has the needed grub code for decryption, but {"shim.efi",grub.efi,grub.cfg} between them do not have what is needed. This is unfortunate. Avoiding an unencrypted "/boot" mainly makes sense when secure-boot is used. And that is just what doesn't work. Reproducible: Always