From: Masaru Nomiya Date: Thu, 09 May 2024 12:23:02 +0900 Hello, BR> I learned that the solution is turning off secure boot, but now I BR> can't even get into the BIOS; is the only message I see after booting, BR> even if I press DEL at the same time as the power button, with or BR> without CTL and ALT. I used to use ENVY too, but I thought the ESC key --> F10 key, not the DEL key, was used to enter the BIOS. Excellent; thank you! I don't know if I ever knew that, or just forgot in a panic, but that was the clue I needed. (You can tell that I am not the original owner of this laptop, and don't have the original literature. Really, I should hunt down a PDF some day.) Thanks again, -- Bob

From: Andrei Borzenkov Date: Thu, 9 May 2024 07:21:34 +0300 On 09.05.2024 05:47, Bob Rogers wrote:

I have an old HP Envy (not sure how old but it has a Windows 8 sticker on the bottom) with 15.5 beta (because I've been lazy about doing a "zypper dup") on which I just did an update, the first since 26-Apr, so I got a new kernel. When I attempted to reboot, I got "Verifying shim SBAT data failed: Security Policy Violation" and the system shut down immediately.

https://en.opensuse.org/openSUSE:UEFI#Reset_SBAT_string_for_booting_to_old_s... This doesn't seem to apply; I wasn't booting an old release. -- Bob

From: Marcus Meissner Date: Fri, 10 May 2024 11:33:11 +0200 On Wed, May 08, 2024 at 10:59:55PM -0700, Bob Rogers wrote:

From: Andrei Borzenkov Date: Thu, 9 May 2024 07:21:34 +0300

On 09.05.2024 05:47, Bob Rogers wrote:

...

I have an old HP Envy . . .

This doesn't seem to apply; I wasn't booting an old release.

15.5 beta is an old release from early 2023. Yes, which shows you how frequently I use this laptop (wrong keyboard, screen too small, and I hate mouse pads -- and am not fond of mice in general). But I need it rather urgently for a business trip I am taking in two days. If you mean 15.6 beta this should work. After "zypper dup" and extensive subsequent updates, I tried it anyway (thanks, Andrei, Marcus), and it seemed to work temporarily, but then failed again. (I would be happy keeping "secure boot" permanently off in the BIOS, but part of the immediate problem is that the battery is thoroughly dead, so the BIOS keeps forgetting. I am getting a new battery today, but it would be nice to kill this useless pseudo-security rigmarole once and for all.) So I am in the process of installing the openSUSE Leap 15.6 release candidate, and I notice on the main installer options page a "Secure boot" choice, which defaults to "enabled". I am wondering what happens if I disable that, or does that send me down another less-than-well- tested path of pain in the booty? -- Bob

From: "Carlos E. R." Date: Sun, 19 May 2024 00:18:10 +0200 On 2024-05-18 19:58, Bob Rogers wrote:

After "zypper dup" and extensive subsequent updates, I tried it anyway (thanks, Andrei, Marcus), and it seemed to work temporarily, but then failed again. (I would be happy keeping "secure boot" permanently off in the BIOS, but part of the immediate problem is that the battery is thoroughly dead, so the BIOS keeps forgetting. I am getting a new battery today, but it would be nice to kill this useless pseudo-security rigmarole once and for all.)

I have not read the entire thread, but I noticed this part. If the battery is dead, and the BIOS clock dies, a computer hits security problems as soon as it hits things dated today. Specifically, security certificates fail. Web browsing and downloading things become a pain. The clock kept resetting to 8-Jan-24, which was annoying, but nothing failed quite so catastrophically as the problems you mention. (When the power went off because the cord jiggled, emacs refused to recover something from its autosave file because it thought the autosave was too old, but that was easily worked around.) And the new battery has arrived, so this will soon cease to be an issue, but thanks for the warning. -- Bob