Comment # 21 on bug 1183884 from Michael Chang

(In reply to Projeto Linux Kamarada from comment #20)
> (In reply to Michael Chang from comment #15)
> 
> I remembered that there is a specific setting on my BIOS. I needed to enable
> Secure Boot, then an option became available: "Select an UEFI file as
> trusted for executing". I navigated through a kind of file manager and
> selected EFI/opensuse/grubx64.efi as trusted. I did this and disabled Secure
> Boot again. Then I was able to boot from "opensuseleap".

Frankly this design sounds a bit silly, the file you can select doesn't link to
anything you can trust, merely you want it to do the work for you. If that can
work then why there are phishing email and website in the first place. To
prevent running malicious software the integrity and authenticity has to be
verified by a trusted authority (CA) and is by no means your own decision.

I have no idea why they provide this function. IMHO it should respect all
usable boot entries and the boot order you made, and use secure boot to verify
the image for you. It is not you to "Select an UEFI file as trusted for
executing" ...

> 
> According to efibootmgr -v, I booted from "opensuseleap".
> 
> So, this seems to have worked:
> 
> > Would you please try the manual step to create the boot variable for booting
> > the opensuse grub ? 
> > 
> > > efibootmgr -c -L 'opensuseleap' -l '\EFI\opensuse\grubx64.efi' -d /dev/sda -p 1
> > > efibootmgr -v

As long as \EFI\opensuse\grubx64.efi is used, you should not run into "symbol
'grub_verify_string' not found" in future updates. Did you agree to close this
ticket because the problem is due to firmware which ignores opensuse boot entry
and also now we have a workaround ? 

Thanks.