http://bugzilla.opensuse.org/show_bug.cgi?id=1175980 Bug ID: 1175980 Summary: chainloading is broken with the new shim Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Bootloader Assignee: screening-team-bugs@suse.de Reporter: nwr10cst-oslnx@yahoo.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0 Build Identifier: I have Ubuntu-20 and Tumbleweed 20200829 installed side by side in a KVM virtual machine. I also have Jump 15.2 and Tumbleweed installed side by side in a different VM. Note that Jump 15.2 uses the SUSE shim rather than the openSUSE shim. I will describe what I am seeing for the ubuntu case. I see similar problems in both of those virtual machines. If I allow Ubuntu to control the booting, then it cannot boot Tumbleweed. If I allow Tumbleweed to control the booting, then it cannot boot Ubuntu. I added an entry to the Tumbleweed boot menu to chainload to the Ubuntu shim. The idea was that this would allow booting Ubuntu from the Tumbleweed boot menu. In that past that used to work. Now it does not work, and gives a "bad signature" error. I tried it the other way. That is, I added an entry to the Ubuntu boot menu to chainload the openSUSE shim. That also does not work (gives a bad signature error). I should not that if I disable secure-boot, then these all work. I used that to test the boot menu entry. But with secure-boot enabled, they do not work. Next, I tried importing the Tumbleweed shim certificate ("4659838C-shim.crt") while running Ubuntu. With that change, the Ubuntu direct menu entry for Tumbleweed now works. But the menu entry to chainload to the Tumbleweed shim still does not work. Hmm, I should explain "does not work". When I use the chainload menu entry, that seems to work. It brings up the expected menu. So if I chainload from Tumbleweed to Ubuntu, I do see the Ubuntu boot menu. But when I attempt to boot Ubuntu, I get the "bad signature" error as the kernel is loaded. Similarly, if I chainload from Ubuntu to Tumbleweed (and set the boot order to prefer Ubuntu), then the chainload brings up the Tumbleweed boot menu. But if I attempt to boot Tumbleweed, I get the "bad signature" error as the kernel is loaded. After importing the Tumbleweed shim certificate, that error message changes to "System is compromised. halting" The Ubuntu files (in "\EFI\ubuntu") have dates from last April. I'm guessing it is the openSUSE changes that are causing the problems in both directions. Reproducible: Always -- You are receiving this mail because: You are on the CC list for the bug.