On 30.04.2023 09:29, Wolfgang Rosenauer wrote:
Hi,
Am 29.04.23 um 23:41 schrieb Andrei Borzenkov:
On 30.04.2023 00:07, Wolfgang Rosenauer wrote:
Hi,
just got a new laptop with Windows 11 installed and I'm not supposed to remove Win 11 completely ;-) but want to install Tumbleweed in dual boot. Since apparently I'm installing only every few years it's always again "interesting".
I downloaded a recent Tumbleweed snapshot and wrote it to a USB stick but I cannot boot from it as the system tells me that the secure boot signature is invalid. When trying to search for the issue I cannot find much. I found that Tumbleweed should be supporting secure boot completely and therefore I have no idea what might be wrong as apparently is meant to just work.
Any pointers?
if I understand it right this bug is only? about systems with multiple Linuxes installed which use shim?
No. This bug is about using SBAT to block previous loader versions. It does not matter from which operating system this restriction comes from.
Mine is "just" Windows 11 at the moment and even booting from the USB ISO is already failing. Not sure if those are connected.
I could not find any reference to SBAT on Microsoft site, but shim readme describes it as co-developed with Microsoft and I will not be surprised if recent updates to Windows 11 set SbatLevel that blocks Tumbleweed. Somewhere in this bug report there was link to image with updated shim. Can you boot this image? Unfortunately SbatLevel is boot-time only variable, so unless Windows shadows it to OS like shim does the only way to check it is running EfiShell. If you have possibility to boot it, it would be interesting to check SbatLevel. I am downloading Windows 11 22H2, but I have heard that it may not work in QEMU, we'll see.