[Bug 921221] New: Unable to install with UEFI Secure Boot if Windows is present
http://bugzilla.opensuse.org/show_bug.cgi?id=921221 Bug ID: 921221 Summary: Unable to install with UEFI Secure Boot if Windows is present Classification: openSUSE Product: openSUSE Factory Version: 201502* Hardware: x86-64 OS: Other Status: NEW Severity: Major Priority: P5 - None Component: Bootloader Assignee: jsrain@suse.com Reporter: rbrown@suse.com QA Contact: jsrain@suse.com Found By: --- Blocker: --- Hardware: ASUS UX303LA with Windows 8.1, i7 5500U, 12GB RAM Steps to Reproduce: 1. Factory/Plain installation of Windows 8.1 2. Burn a Tumbleweed (or 13.2) USB stick - Tried with a NET, DVD, or Live ISO 3. Boot to it - Blue ncurses screen asking if you trust the SUSE Keys pops up 4. Click Yes 5. End up at a Grub2 command prompt, system refuses to boot into YaST - lots of different attempts to get it booted by setting linuxefi and initrdefi don't work 6. Clearing KEK, etc, in the Bios doesn't help 7. Trying different USB sticks doesn't help 8. The 'do you want to trust SUSEs Keys' ncurses window never appears again 9. Switching the BIOS to boot into Legacy mode, booting to a liveUSB in Legacy, wiping the hard drive and starting the process fresh works..but obviously, you have no opportunity to dual boot with Windows 8 Looks to me like there is something wrong with how we're currently trying to insert keys/shim/whatever into the EFI configuration present on a fresh Windows 8.1 install. This is a pretty serious problem if people want to easily install openSUSE on freshly purchased hardware. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=921221 Neil Rickert <nrickert@ameritech.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |nrickert@ameritech.net --- Comment #1 from Neil Rickert <nrickert@ameritech.net> --- This seems strange. I have mostly heard good reports about ASUS implementation of UEFI. My UEFI experience (with Dell and Lenovo) there was no ncurses screen. The computer already had a Windows key, and shim has a signature from that key. Shim was accepted without problems. Not asking about trust a second time probably means that the key was saved in NVRAM the first time. I'm not sure why you wiped in legacy mode, instead of just turning off secure-boot but keeping UEFI mode. That should have avoided all key problems. (just a comment from someone with no official standing). -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=921221 --- Comment #2 from Neil Rickert <nrickert@ameritech.net> --- Here's a question that occurs to me: Did you actually run Windows 8.1 before trying to install opensuse? It is entirely possible that the UEFI setup is finalized during the first run of Windows, and that the Microsoft key is installed at that time. If you tried to install before that, it might explain some of what happened. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=921221 --- Comment #3 from Richard Brown <rbrown@suse.com> --- Yes. I ran Windows 8.1, ran through the 'first time setup' routine, and played around before rebooting and trying to install openSUSE My impression is the Asus 'UEFI' implimentation seems robust, it's 'Bios' settings for configuring the PEK/keys/etc all seem like they know what I'm doing Given the problems went away only when I wiped the whole SSD, I suspect the problem is something to do with the UEFI partition on the hard disk they're shipping. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=921221 Jiri Srain <jsrain@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |rbrown@suse.com Flags| |needinfo?(rbrown@suse.com) --- Comment #4 from Jiri Srain <jsrain@suse.com> --- Richard, can then be anything done with this bug except closing? I assume that we have now no machine to reproduce it, or? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=921221 --- Comment #5 from Richard Brown <rbrown@suse.com> --- I'm trying to negotiate some windows installation media out of Asus so I can reproduce this -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=921221 Stefan Quandt <squan@web.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |squan@web.de -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=921221 http://bugzilla.opensuse.org/show_bug.cgi?id=921221#c6 Vlada Kozousek <vlada.kozousek@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |vlada.kozousek@gmail.com --- Comment #6 from Vlada Kozousek <vlada.kozousek@gmail.com> --- Hi, I have Asus X205TA eeeBook with Windows 10 running. I was not able to install from USB openSUSE 13.2 KDE Live. Having made a number of attempts with different BIOS settings machine always skips to booting Windows 10. I know that the USB stick is OK as I used it to install the software on another laptop, however as this is an older machine it does not have secure boot or Windows 10 installed, the machine dual boots with Windows 7. I was, however, able to install Linux Mint from USB on Asus machine without any problem. In my view there is something wrong with the UEFI in openSUSE installation directory. It would be great if somebody with in depth knowledge about secure boot protocol could investigate. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=921221 http://bugzilla.opensuse.org/show_bug.cgi?id=921221#c7 --- Comment #7 from Neil Rickert <nwr10cst-oslnx@yahoo.com> --- Replying to comment #6 I looked up "Asus X205TA" on google. There were some hints that it uses an Intel atom processor. As far as I know, machines with atom processors often use 32-bit UEFI, while most linux distros only do 64-bit UEFI. But I'm not sure if that is the problem. Were you able to boot the live KDE usb? Or did it just boot to Windows when you tried? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=921221 http://bugzilla.opensuse.org/show_bug.cgi?id=921221#c8 --- Comment #8 from Vlada Kozousek <vlada.kozousek@gmail.com> --- Hi, can confirm Asus X205TA uses Intel Atom processor. The 32-bit UEFI is in fact part of the Linux Mint installation, even thought the rest is 64bit. I was never able to boot into openSUSE KDE Live it always skipped into booting Windows 10. It does seem that 32-bit UEFI is required but my search did not find one for openSUSE. You are suggesting that there may not be one available ? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=921221 http://bugzilla.opensuse.org/show_bug.cgi?id=921221#c9 --- Comment #9 from Neil Rickert <nwr10cst-oslnx@yahoo.com> --- Opensuse does have "grub2-i386-efi" in its repos. That can probably boot opensuse on your system. However, it is not part of a standard install, and is not on the install media. I don't have an atom based system for experimenting. There is probably a way of using the mint grub2-efi to boot the live opensuse USB, and install from there. And then use the mint grub2-efi to boot opensuse, until you can get opensuse's grub2-i386-efi installed and configured. It might be easier to stick with mint for the present. There is a openFATE request asking opensuse to add better support for 32-bit UEFI, but it has not yet been done. Maybe you can add your vote for that request. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=921221 http://bugzilla.opensuse.org/show_bug.cgi?id=921221#c10 Jiri Srain <jsrain@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FEATURE --- Comment #10 from Jiri Srain <jsrain@suse.com> --- For the reference: https://features.opensuse.org/318252 I think that it makes sense to move the discussion to openFate... -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=921221 http://bugzilla.opensuse.org/show_bug.cgi?id=921221#c11 Richard Brown <rbrown@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(rbrown@suse.com) | --- Comment #11 from Richard Brown <rbrown@suse.com> --- (In reply to Jiri Srain from comment #4)
Richard, can then be anything done with this bug except closing? I assume that we have now no machine to reproduce it, or?
Nothing I can do, this bug is best tracked a feature, yup -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com