Am 30.04.23 um 08:48 schrieb Andrei Borzenkov:
On 30.04.2023 09:29, Wolfgang Rosenauer wrote:
Am 29.04.23 um 23:41 schrieb Andrei Borzenkov:
On 30.04.2023 00:07, Wolfgang Rosenauer wrote:
just got a new laptop with Windows 11 installed and I'm not supposed to remove Win 11 completely ;-) but want to install Tumbleweed in dual boot. Since apparently I'm installing only every few years it's always again "interesting".
I downloaded a recent Tumbleweed snapshot and wrote it to a USB stick but I cannot boot from it as the system tells me that the secure boot signature is invalid. When trying to search for the issue I cannot find much. I found that Tumbleweed should be supporting secure boot completely and therefore I have no idea what might be wrong as apparently is meant to just work.
if I understand it right this bug is only? about systems with multiple Linuxes installed which use shim?
No. This bug is about using SBAT to block previous loader versions. It does not matter from which operating system this restriction comes from.
Mine is "just" Windows 11 at the moment and even booting from the USB ISO is already failing. Not sure if those are connected.
I could not find any reference to SBAT on Microsoft site, but shim readme describes it as co-developed with Microsoft and I will not be surprised if recent updates to Windows 11 set SbatLevel that blocks Tumbleweed.
Somewhere in this bug report there was link to image with updated shim. Can you boot this image?
No, I cannot boot any of those: openSUSE-Leap-15.4-CR-DVD-x86_64-Build31.329-Media.iso (from the bugreport) openSUSE-Leap-15.4-NET-x86_64-Build243.2-Media.iso openSUSE-Tumbleweed-DVD-x86_64-Snapshot20230425-Media.iso openSUSE-Tumbleweed-NET-x86_64-Snapshot20230428-Media.iso I'm still a bit confused. When I try to boot from the USB ISO this is the first EFI in the chain. The on-disk EFI is not used. Or is the SBAT minimal version set somewhere in some internal flash memory? Wolfgang