[oS-en] Can't boot freshly installed 15.3 system.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I can't boot freshly installed 15.3 system (with current updates as of today). I get (hand copied): error: bad shim signature. error: you need to load the kernel first. Press any key to continue. Details: It is a new external hard disk, via USB3 (tried also USB2) on a laptop that has internally Leap 15.2 and Windows, both booting normally. On this external hard disk I installed 15.3 (UEFI mode). The UEFI boot menu does not display this disk at all. The efibootmgr man page doesn't say how to add a new entry: CREATING A NEW BOOT OPTION An OS installer would call efibootmgr -c. This assumes that /boot/efi is your EFI System Partition, and is mounted at /dev/sda1. This creates a new boot option, called "Linux", and puts it at the top of the boot order list. Options may be passed to modify the default behavior. The default OS Loader is elilo.efi. 3. What are those options to modify the behaviour??? It is an example section with no examples!!! So, instead I boot 15.2 (with current updates as of yesterday), start yast boot manager, and tell it to probe the disk for other systems. It does find 15.3, and the error I posted above is precissely what happens when using that probed entry. No matter if I select failsafe. Legolas:~ # lsblk --output NAME,KNAME,RA,RM,RO,PARTFLAGS,SIZE,TYPE,FSTYPE,LABEL,PARTLABEL,PTTYPE,MOUNTPOINT,UUID,PARTUUID,WWN,MODEL,ALIGNMENT /dev/sdbNAME KNAME RA RM RO PARTFLAGS SIZE TYPE FSTYPE LABEL PARTLABEL PTTYPE MOUNTPOINT UUID PARTUUID WWN MODEL ALIGNMENT sdb sdb 512 0 0 1.8T disk gpt 0x3e41425341383144 Basic 0 ├─sdb1 sdb1 512 0 0 512M part vfat gpt 513E-8E77 564d9061-ccb2-4f48-8810-6c5aae67e99f 0x3e41425341383144 0 ├─sdb2 sdb2 512 0 0 10G part swap Erebor3_swap gpt 575a03c8-5afa-4c38-91f4-9f5ad8fb60d5 a1aa1b82-1229-459c-9bbd-f67b868fa24f 0x3e41425341383144 0 ├─sdb3 sdb3 512 0 0 20G part ext4 Erebor3_main gpt 932d5cf7-031c-45a4-bc62-86ab4a160680 aa63ecdd-fc48-4aa9-9dee-370b0c3d563a 0x3e41425341383144 0 └─sdb4 sdb4 512 0 0 1.8T part crypto_LUKS gpt 3804e2da-f4a4-4c26-9121-d763dd8f736e 76d6cf0f-beb2-4d80-b6e2-90ab018a7e50 0x3e41425341383144 0 Legolas:~ # Legolas:/data/Erebor # tree boot/efi/ boot/efi/ └── EFI ├── boot │ ├── MokManager.efi │ ├── bootx64.efi │ └── fallback.efi └── opensuse ├── MokManager.efi ├── boot.csv ├── grub.cfg ├── grub.efi ├── grubx64.efi └── shim.efi 3 directories, 9 files Legolas:/data/Erebor # Isengard:~ # efibootmgr BootCurrent: 0001 Timeout: 6 seconds BootOrder: 0001,0004,0005,0002,0003,0000,0006,0007,0008 Boot0000 Windows Boot Manager Boot0001* main-os-secureboot Boot0002* UEFI: IP4 Realtek PCIe GBE Family Controller Boot0003* UEFI: IP6 Realtek PCIe GBE Family Controller Boot0004* UEFI: KINGSTON SMS200S3120G, Partition 1 Boot0005* UEFI OS Boot0006* UEFI:CD/DVD Drive Boot0007* UEFI:Removable Device Boot0008* UEFI:Network Device Isengard:~ # What next? - -- Cheers Carlos E. R. (from 15.2 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCYZ+p+Bwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfVSu8An1eUXSo9hzVbT1CAQbcG 01Zo2RCBAJ94uDwYfbYvAUusxN795dF2IiNPng== =ykb9 -----END PGP SIGNATURE-----
* Carlos E. R. <robin.listas@telefonica.net> [11-25-21 10:22]:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I can't boot freshly installed 15.3 system (with current updates as of today).
I get (hand copied):
error: bad shim signature. error: you need to load the kernel first. Press any key to continue.
disable "secure boot" in the bios and try again. -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet freenode What sort of day was it? A day like all days, filled with those events that alter and illuminate our times... all things are as they were then, but were you there?
On 25/11/2021 16.48, Patrick Shanahan wrote:
* Carlos E. R. <> [11-25-21 10:22]:
I can't boot freshly installed 15.3 system (with current updates as of today).
I get (hand copied):
error: bad shim signature. error: you need to load the kernel first. Press any key to continue.
disable "secure boot" in the bios and try again.
And then Windows will fail. I might as well ditch 15.3 and install 15.2... -- Cheers / Saludos, Carlos E. R. (from 15.2 x86_64 at Telcontar)
* Carlos E. R. <robin.listas@telefonica.net> [11-25-21 14:11]:
On 25/11/2021 16.48, Patrick Shanahan wrote:
* Carlos E. R. <> [11-25-21 10:22]:
I can't boot freshly installed 15.3 system (with current updates as of today).
I get (hand copied):
error: bad shim signature. error: you need to load the kernel first. Press any key to continue.
disable "secure boot" in the bios and try again.
And then Windows will fail.
I might as well ditch 15.3 and install 15.2...
you said that you could not boot, not that you wanted dual booting windows. be more specific and you will obtain better answers. -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet freenode What sort of day was it? A day like all days, filled with those events that alter and illuminate our times... all things are as they were then, but were you there?
On 25/11/2021 21.54, Patrick Shanahan wrote:
* Carlos E. R. <> [11-25-21 14:11]:
On 25/11/2021 16.48, Patrick Shanahan wrote:
* Carlos E. R. <> [11-25-21 10:22]:
I can't boot freshly installed 15.3 system (with current updates as of today).
I get (hand copied):
error: bad shim signature. error: you need to load the kernel first. Press any key to continue.
disable "secure boot" in the bios and try again.
And then Windows will fail.
I might as well ditch 15.3 and install 15.2...
you said that you could not boot, not that you wanted dual booting windows. be more specific and you will obtain better answers.
Man, I want to boot everything, that is obvious. I said I could not boot 15.3. -- Cheers / Saludos, Carlos E. R. (from 15.2 x86_64 at Telcontar)
On 25/11/2021 20.10, Carlos E. R. wrote:
On 25/11/2021 16.48, Patrick Shanahan wrote:
* Carlos E. R. <> [11-25-21 10:22]:
I can't boot freshly installed 15.3 system (with current updates as of today).
I get (hand copied):
error: bad shim signature. error: you need to load the kernel first. Press any key to continue.
disable "secure boot" in the bios and try again.
And then Windows will fail.
Oh, and the UEFI menu only has the secure entries for 15.2, and an unsecure old one for 15.0. Isengard:~ # efibootmgr BootCurrent: 0001 Timeout: 6 seconds BootOrder: 0001,0004,0005,0002,0003,0000,0006,0007,0008 Boot0000 Windows Boot Manager Boot0001* main-os-secureboot <============== Boot0002* UEFI: IP4 Realtek PCIe GBE Family Controller Boot0003* UEFI: IP6 Realtek PCIe GBE Family Controller Boot0004* UEFI: KINGSTON SMS200S3120G, Partition 1 Boot0005* UEFI OS Boot0006* UEFI:CD/DVD Drive Boot0007* UEFI:Removable Device Boot0008* UEFI:Network Device Isengard:~ # -- Cheers / Saludos, Carlos E. R. (from 15.2 x86_64 at Telcontar)
* Carlos E. R. <robin.listas@telefonica.net> [11-25-21 15:59]:
On 25/11/2021 20.10, Carlos E. R. wrote:
On 25/11/2021 16.48, Patrick Shanahan wrote:
* Carlos E. R. <> [11-25-21 10:22]:
I can't boot freshly installed 15.3 system (with current updates as of today).
I get (hand copied):
error: bad shim signature. error: you need to load the kernel first. Press any key to continue.
disable "secure boot" in the bios and try again.
And then Windows will fail.
Oh, and the UEFI menu only has the secure entries for 15.2, and an unsecure old one for 15.0.
Isengard:~ # efibootmgr BootCurrent: 0001 Timeout: 6 seconds BootOrder: 0001,0004,0005,0002,0003,0000,0006,0007,0008 Boot0000 Windows Boot Manager Boot0001* main-os-secureboot <============== Boot0002* UEFI: IP4 Realtek PCIe GBE Family Controller Boot0003* UEFI: IP6 Realtek PCIe GBE Family Controller Boot0004* UEFI: KINGSTON SMS200S3120G, Partition 1 Boot0005* UEFI OS Boot0006* UEFI:CD/DVD Drive Boot0007* UEFI:Removable Device Boot0008* UEFI:Network Device Isengard:~ #
as I said previous, if you explain your problem, all the problem, better answers will ensue. windows was not in the question. -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet freenode What sort of day was it? A day like all days, filled with those events that alter and illuminate our times... all things are as they were then, but were you there?
On 25/11/2021 22.01, Patrick Shanahan wrote:
* Carlos E. R. <> [11-25-21 15:59]:
On 25/11/2021 20.10, Carlos E. R. wrote:
On 25/11/2021 16.48, Patrick Shanahan wrote:
* Carlos E. R. <> [11-25-21 10:22]:
I can't boot freshly installed 15.3 system (with current updates as of today).
I get (hand copied):
error: bad shim signature. error: you need to load the kernel first. Press any key to continue.
disable "secure boot" in the bios and try again.
And then Windows will fail.
Oh, and the UEFI menu only has the secure entries for 15.2, and an unsecure old one for 15.0.
Isengard:~ # efibootmgr BootCurrent: 0001 Timeout: 6 seconds BootOrder: 0001,0004,0005,0002,0003,0000,0006,0007,0008 Boot0000 Windows Boot Manager Boot0001* main-os-secureboot <============== Boot0002* UEFI: IP4 Realtek PCIe GBE Family Controller Boot0003* UEFI: IP6 Realtek PCIe GBE Family Controller Boot0004* UEFI: KINGSTON SMS200S3120G, Partition 1 Boot0005* UEFI OS Boot0006* UEFI:CD/DVD Drive Boot0007* UEFI:Removable Device Boot0008* UEFI:Network Device Isengard:~ #
as I said previous, if you explain your problem, all the problem, better answers will ensue. windows was not in the question.
Of course it wasn't, there was no problem with it. -- Cheers / Saludos, Carlos E. R. (from 15.2 x86_64 at Telcontar)
On 25.11.2021 18:21, Carlos E. R. wrote:
I can't boot freshly installed 15.3 system (with current updates as of today).
I get (hand copied):
error: bad shim signature. error: you need to load the kernel first. Press any key to continue.
Details:
It is a new external hard disk, via USB3 (tried also USB2) on a laptop that has internally Leap 15.2 and Windows, both booting normally. On this external hard disk I installed 15.3 (UEFI mode).
The UEFI boot menu does not display this disk at all.
How do you boot it then? ...
So, instead I boot 15.2 (with current updates as of yesterday), start yast boot manager, and tell it to probe the disk for other systems. It does find 15.3, and the error I posted above is precissely what happens when using that probed entry.
Do you intentionally start backwards so that nobody can understand where error message comes from? shim from 15.2 embeds openSUSE certificate and kernel from 15.3 is signed by SUSE key. You need to enroll SUSE key if you are using openSUSE shim. You should have seen MokManager request after installing 15.3.
On 25/11/2021 19.11, Andrei Borzenkov wrote:
On 25.11.2021 18:21, Carlos E. R. wrote:
I can't boot freshly installed 15.3 system (with current updates as of today).
I get (hand copied):
error: bad shim signature. error: you need to load the kernel first. Press any key to continue.
Details:
It is a new external hard disk, via USB3 (tried also USB2) on a laptop that has internally Leap 15.2 and Windows, both booting normally. On this external hard disk I installed 15.3 (UEFI mode).
The UEFI boot menu does not display this disk at all.
How do you boot it then?
The new system on the external disk doesn't boot at all, that is the problem. The normal system in the internal system boots fine.
...
So, instead I boot 15.2 (with current updates as of yesterday), start yast boot manager, and tell it to probe the disk for other systems. It does find 15.3, and the error I posted above is precissely what happens when using that probed entry.
Do you intentionally start backwards so that nobody can understand where error message comes from?
Sorry? I am describing the problem to the best of my abilities.
shim from 15.2 embeds openSUSE certificate and kernel from 15.3 is signed by SUSE key. You need to enroll SUSE key if you are using openSUSE shim. You should have seen MokManager request after installing 15.3.
I did not see anything. The machine was happily installing packages and I was looking elsewhere. Suddenly, it went black. I thought it was a screen saver (in YaST installer?), but no, it was rebooting. There are two boot problems, two possible boot methods: a) The boot menu of the UEFI system of the machine does not display the external disk at all. This can be seen in the efibootmgr output I posted. Can I add it and how? The man page does not say how. b) the grub menu of the internal disk (with 15.2) contains entries to boot the external kernel (on 15.3), added by yast when probing for other dystem, but boot fails with that shim message. I assume this is what you are saying about the openSUSE vs SUSE key. How can I solve this other problem? I see problem b) mentioned here: <https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/message/2CPJCCRFNLKVNKZHQA567I5AP3SKNTKB/> <https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/message/BBFOK7VQSWCZIUBJIUBZ2ZOMJZ3I2ZVL/> Legolas:~ # l /etc/uefi/certs/BDD31A9E-kmp.crt ls: cannot access '/etc/uefi/certs/BDD31A9E-kmp.crt': No such file or directory Legolas:~ # l /data/Erebor/etc/uefi/certs/BDD31A9E-kmp.crt -rw-r--r-- 1 root root 1177 May 3 2021 /data/Erebor/etc/uefi/certs/BDD31A9E-kmp.crt Legolas:~ # Chrooting on 15.2 to 15.3: Legolas:~ # mount --bind /proc /data/Erebor/proc Legolas:~ # mount --bind /sys /data/Erebor/sys Legolas:~ # mount --bind /dev /data/Erebor/dev Legolas:~ # chroot /data/Erebor/ Legolas:/ # cat /etc/os-release NAME="openSUSE Leap" VERSION="15.3" ID="opensuse-leap" ID_LIKE="suse opensuse" VERSION_ID="15.3" PRETTY_NAME="openSUSE Leap 15.3" ANSI_COLOR="0;32" CPE_NAME="cpe:/o:opensuse:leap:15.3" BUG_REPORT_URL="https://bugs.opensuse.org" HOME_URL="https://www.opensuse.org/" Legolas:/ # Legolas:/ # efibootmgr -v BootCurrent: 0000 Timeout: 2 seconds BootOrder: 0000,0001,0003,0002,0004,2001,2002,2003 Boot0000* opensuse_main-secureboot HD(1,GPT,f8cc1b03-845f-495d-afb8-8763d362576a,0x800,0x82000)/File(\EFI\opensuse_main\shim.efi) Boot0001* Windows Boot Manager HD(1,GPT,f8cc1b03-845f-495d-afb8-8763d362576a,0x800,0x82000)/File(\EFI\Microsoft\Boot\bootmgfw.efi)WINDOWS.........x...B.C.D.O.B.J.E.C.T.=.{.9.d.e.a.8.6.2.c.-.5.c.d.d.-.4.e.7.0.-.a.c.c.1.-.f.3.2.b.3.4.4.d.4.7.9.5.}...4................ Boot0002* opensuse-secureboot HD(1,GPT,f8cc1b03-845f-495d-afb8-8763d362576a,0x800,0x82000)/File(\EFI\opensuse\shim.efi) Boot0003* openSUSE HD(1,GPT,f8cc1b03-845f-495d-afb8-8763d362576a,0x800,0x82000)/File(\EFI\opensuse\grubx64.efi)RC Boot0004* opensuse_aux-secureboot HD(1,GPT,f8cc1b03-845f-495d-afb8-8763d362576a,0x800,0x82000)/File(\EFI\opensuse_aux\shim.efi) Boot2001* EFI USB Device RC Boot2002* EFI DVD/CDROM RC Boot2003* EFI Network RC Legolas:/ # Legolas:/ # mokutil --list-enrolled Failed to read MokListRT: Input/output error Legolas:/ # Can't continue procedure you asked on another post on those threads linked above. -- Cheers / Saludos, Carlos E. R. (from 15.2 x86_64 at Telcontar)
On 25.11.2021 22:09, Carlos E. R. wrote:
Legolas:~ # l /etc/uefi/certs/BDD31A9E-kmp.crt
ls: cannot access '/etc/uefi/certs/BDD31A9E-kmp.crt': No such file or
directory
Legolas:~ # l /data/Erebor/etc/uefi/certs/BDD31A9E-kmp.crt
-rw-r--r-- 1 root root 1177 May 3 2021
/data/Erebor/etc/uefi/certs/BDD31A9E-kmp.crt
Legolas:~ #
This is openSUSE certificate, not SUSE certificate. You may need it too if you have some additional KMP, but it will not validate kernel itself.
Chrooting on 15.2 to 15.3:
Legolas:~ # mount --bind /proc /data/Erebor/proc Legolas:~ # mount --bind /sys /data/Erebor/sys Legolas:~ # mount --bind /dev /data/Erebor/dev Legolas:~ # chroot /data/Erebor/
Why do you need chroot to call efibootmgr or mokutil?
Legolas:/ # cat /etc/os-release NAME="openSUSE Leap" VERSION="15.3" ID="opensuse-leap" ID_LIKE="suse opensuse" VERSION_ID="15.3" PRETTY_NAME="openSUSE Leap 15.3" ANSI_COLOR="0;32" CPE_NAME="cpe:/o:opensuse:leap:15.3" BUG_REPORT_URL="https://bugs.opensuse.org" HOME_URL="https://www.opensuse.org/" Legolas:/ #
Legolas:/ # efibootmgr -v BootCurrent: 0000 Timeout: 2 seconds BootOrder: 0000,0001,0003,0002,0004,2001,2002,2003 Boot0000* opensuse_main-secureboot HD(1,GPT,f8cc1b03-845f-495d-afb8-8763d362576a,0x800,0x82000)/File(\EFI\opensuse_main\shim.efi) Boot0001* Windows Boot Manager HD(1,GPT,f8cc1b03-845f-495d-afb8-8763d362576a,0x800,0x82000)/File(\EFI\Microsoft\Boot\bootmgfw.efi)WINDOWS.........x...B.C.D.O.B.J.E.C.T.=.{.9.d.e.a.8.6.2.c.-.5.c.d.d.-.4.e.7.0.-.a.c.c.1.-.f.3.2.b.3.4.4.d.4.7.9.5.}...4................ Boot0002* opensuse-secureboot HD(1,GPT,f8cc1b03-845f-495d-afb8-8763d362576a,0x800,0x82000)/File(\EFI\opensuse\shim.efi) Boot0003* openSUSE HD(1,GPT,f8cc1b03-845f-495d-afb8-8763d362576a,0x800,0x82000)/File(\EFI\opensuse\grubx64.efi)RC Boot0004* opensuse_aux-secureboot HD(1,GPT,f8cc1b03-845f-495d-afb8-8763d362576a,0x800,0x82000)/File(\EFI\opensuse_aux\shim.efi) Boot2001* EFI USB Device RC
What is it? Is it your USB disk?
Boot2002* EFI DVD/CDROM RC Boot2003* EFI Network RC Legolas:/ #
You have three different openSUSE boot entries - opensuse_main, opensuse, opensuse_aux. Which one is which? One of them may well be your 15.3. What device /boot/efi is on in 15.3?
Legolas:/ # mokutil --list-enrolled Failed to read MokListRT: Input/output error Legolas:/ #
You need to mount efivars in chroot: mount --bind /sys/firmware/efi/efivars /data/Erebor/sys/firmware/efi/efivars
Can't continue procedure you asked on another post on those threads linked above.
You do not need chroot for this. You can do all of this from within 15.2. All that you need is mokutil --import /data/Erebor/etc/uefi/certs/4AAA0B54.crt If it is already enrolled, it is noop.
On 25/11/2021 21.00, Andrei Borzenkov wrote:
On 25.11.2021 22:09, Carlos E. R. wrote:
Legolas:~ # l /etc/uefi/certs/BDD31A9E-kmp.crt
ls: cannot access '/etc/uefi/certs/BDD31A9E-kmp.crt': No such file or
directory
Legolas:~ # l /data/Erebor/etc/uefi/certs/BDD31A9E-kmp.crt
-rw-r--r-- 1 root root 1177 May 3 2021
/data/Erebor/etc/uefi/certs/BDD31A9E-kmp.crt
Legolas:~ #
This is openSUSE certificate, not SUSE certificate. You may need it too if you have some additional KMP, but it will not validate kernel itself.
But that directory is the 15.3 install. It contains: -rw-r--r-- 1 root root 1288 Nov 11 16:16 4AAA0B54.crt -rw-r--r-- 1 root root 1257 Jul 16 10:59 BCA4E38E-shim.crt -rw-r--r-- 1 root root 1177 May 3 2021 BDD31A9E-kmp.crt Legolas:/ # rpm -qf /etc/uefi/* openSUSE-signkey-cert-20210302-lp153.1.1.x86_64 kernel-default-5.3.18-59.34.1.x86_64 shim-15.4-4.7.1.x86_64 Legolas:/ #
Chrooting on 15.2 to 15.3:
Legolas:~ # mount --bind /proc /data/Erebor/proc Legolas:~ # mount --bind /sys /data/Erebor/sys Legolas:~ # mount --bind /dev /data/Erebor/dev Legolas:~ # chroot /data/Erebor/
Why do you need chroot to call efibootmgr or mokutil?
Because I can not boot 15.3, and I don't know if chroot is needed or not.
Legolas:/ # cat /etc/os-release NAME="openSUSE Leap" VERSION="15.3" ID="opensuse-leap" ID_LIKE="suse opensuse" VERSION_ID="15.3" PRETTY_NAME="openSUSE Leap 15.3" ANSI_COLOR="0;32" CPE_NAME="cpe:/o:opensuse:leap:15.3" BUG_REPORT_URL="https://bugs.opensuse.org" HOME_URL="https://www.opensuse.org/" Legolas:/ #
Legolas:/ # efibootmgr -v BootCurrent: 0000 Timeout: 2 seconds BootOrder: 0000,0001,0003,0002,0004,2001,2002,2003 Boot0000* opensuse_main-secureboot HD(1,GPT,f8cc1b03-845f-495d-afb8-8763d362576a,0x800,0x82000)/File(\EFI\opensuse_main\shim.efi) Boot0001* Windows Boot Manager HD(1,GPT,f8cc1b03-845f-495d-afb8-8763d362576a,0x800,0x82000)/File(\EFI\Microsoft\Boot\bootmgfw.efi)WINDOWS.........x...B.C.D.O.B.J.E.C.T.=.{.9.d.e.a.8.6.2.c.-.5.c.d.d.-.4.e.7.0.-.a.c.c.1.-.f.3.2.b.3.4.4.d.4.7.9.5.}...4................ Boot0002* opensuse-secureboot HD(1,GPT,f8cc1b03-845f-495d-afb8-8763d362576a,0x800,0x82000)/File(\EFI\opensuse\shim.efi) Boot0003* openSUSE HD(1,GPT,f8cc1b03-845f-495d-afb8-8763d362576a,0x800,0x82000)/File(\EFI\opensuse\grubx64.efi)RC Boot0004* opensuse_aux-secureboot HD(1,GPT,f8cc1b03-845f-495d-afb8-8763d362576a,0x800,0x82000)/File(\EFI\opensuse_aux\shim.efi) Boot2001* EFI USB Device RC
What is it? Is it your USB disk?
Only the internal disk is listed there, AFAIK. The external disk is not listed at all, that is problem #1.
Boot2002* EFI DVD/CDROM RC Boot2003* EFI Network RC Legolas:/ #
You have three different openSUSE boot entries - opensuse_main, opensuse, opensuse_aux. Which one is which? One of them may well be your 15.3. What device /boot/efi is on in 15.3?
None is 15.3. All are on the internal disk. opensuse_main 15.2 opensuse I don't know (*) opensuse_aux 15.0, another partition, doesn't boot (same shim error message). (*) But it is the same hard disk. My guess, it is an old entry that I forgot to delete long ago, pertaining to the initial 15.0 install, before I changed the name of the installation in /etc/default/grub.cfg
Legolas:/ # mokutil --list-enrolled Failed to read MokListRT: Input/output error Legolas:/ #
You need to mount efivars in chroot:
mount --bind /sys/firmware/efi/efivars /data/Erebor/sys/firmware/efi/efivars
I thought something like that, but no idea which.
Can't continue procedure you asked on another post on those threads linked above.
You do not need chroot for this. You can do all of this from within 15.2.
All that you need is
mokutil --import /data/Erebor/etc/uefi/certs/4AAA0B54.crt
If it is already enrolled, it is noop.
Ok, doing so: Legolas:~ # mokutil --import /data/Erebor/etc/uefi/certs/4AAA0B54.crt input password: input password again: Legolas:~ # I suppose I have to try rebooting? [...] Yes! It booted (using the 15.2 grub menu on internal disk). This time I saw and realized what it was the MokManager request menu. A big blue screen coming from the firmware, a *very strange window*. There should be clear instructions somewhere about this *very strange window* is going to appear at boot, because now I remember that I have seen before that strange blue text mode screen , or a very similar one, without any explanation whatsoever, either before or in it. The only thing I clearly saw was to press some key to boot. I get something similar when booting from USB stick, I thought it was the same one. Sigh. Yiks, it is uglier than old MsDOS 2.0 screens! Thanks. Why do we need to add this key manually, and we, at least I, did not need to do it to install 15.0 when I bought this laptop? I thought we asked M$ to add the key to the firmware back then. Well, I still need help to tell the UEFI to add entries in the menu for the external disk to boot directly on its own... -- Cheers / Saludos, Carlos E. R. (from 15.2 x86_64 at Telcontar)
On 25/11/2021 21.35, Carlos E. R. wrote:
On 25/11/2021 21.00, Andrei Borzenkov wrote:
On 25.11.2021 22:09, Carlos E. R. wrote:
...
Legolas:/ # efibootmgr -v BootCurrent: 0000 Timeout: 2 seconds BootOrder: 0000,0001,0003,0002,0004,2001,2002,2003
Boot0003* openSUSE HD(1,GPT,f8cc1b03-845f-495d-afb8-8763d362576a,0x800,0x82000)/File(\EFI\opensuse\grubx64.efi)RC
Boot0004* opensuse_aux-secureboot HD(1,GPT,f8cc1b03-845f-495d-afb8-8763d362576a,0x800,0x82000)/File(\EFI\opensuse_aux\shim.efi)
Boot2001* EFI USB Device RC
What is it? Is it your USB disk?
Only the internal disk is listed there, AFAIK. The external disk is not listed at all, that is problem #1.
These two entries boot the small 15.0 (internal disk). I just found out. Notice they are missing on the "efibootmgr" output I pasted on the first post, and appeared later. I can not explain this. Boot0003* openSUSE --> produces a blue screen coming from firmware, similar to the mok menu, but not the same. It apparently wants to confirm that I want to boot this (possibly because it is not secure). Then I get the grub menu of 15.0. Boot0004* opensuse_aux-secureboot --> boots 15.0 grub menu instantly. When I tried to boot this one this morning, it would not work, it displayed the same shim error as 15.3 -- Cheers / Saludos, Carlos E. R. (from 15.2 x86_64 at Telcontar)
On 25.11.2021 23:35, Carlos E. R. wrote:
Why do we need to add this key manually
You do not. kernel package runs mokutil --import in its postinstallation script.
Well, I still need help to tell the UEFI to add entries in the menu for the external disk to boot directly on its own...
This is most likely "EFI USB Device".
On 26/11/2021 06.37, Andrei Borzenkov wrote:
On 25.11.2021 23:35, Carlos E. R. wrote:
Why do we need to add this key manually
You do not. kernel package runs mokutil --import in its postinstallation script.
Possibly, but that ugly blue screen text mode coming from the firmware is new, I don't remember seeing it when I installed openSUSE the first time.
Well, I still need help to tell the UEFI to add entries in the menu for the external disk to boot directly on its own...
This is most likely "EFI USB Device".
localhost:~ # efibootmgr -v BootCurrent: 0000 Timeout: 2 seconds BootOrder: 0000,0001,0004,0002,2001,2002,2003 Boot0000* opensuse_main-secureboot HD(1,GPT,f8cc1b03-845f-495d-afb8-8763d362576a,0x800,0x82000)/File(\EFI\opensuse_main\shim.efi) Boot0001* Windows Boot Manager HD(1,GPT,f8cc1b03-845f-495d-afb8-8763d362576a,0x800,0x82000)/File(\EFI\Microsoft\Boot\bootmgfw.efi)WINDOWS.........x...B.C.D.O.B.J.E.C.T.=.{.9.d.e.a.8.6.2.c.-.5.c.d.d.-.4.e.7.0.-.a.c.c.1.-.f.3.2.b.3.4.4.d.4.7.9.5.}...4................ Boot0002* openSUSE HD(1,GPT,f8cc1b03-845f-495d-afb8-8763d362576a,0x800,0x82000)/File(\EFI\opensuse\grubx64.efi)RC Boot0003* openSUSE HD(1,GPT,f8cc1b03-845f-495d-afb8-8763d362576a,0x800,0x82000)/File(\EFI\opensuse\grubx64.efi)RC Boot0004* opensuse_aux-secureboot HD(1,GPT,f8cc1b03-845f-495d-afb8-8763d362576a,0x800,0x82000)/File(\EFI\opensuse_aux\shim.efi) Boot2001* EFI USB Device RC Boot2002* EFI DVD/CDROM RC Boot2003* EFI Network RC localhost:~ # The 2001 entry? Maybe, I'll try. [...] No, when I power off the machine and boot it using the hidden button to reach the boot menu, I get four entries - hand copied: opensuse_main-secureboot (SanDisk SDSSDH31000G) Windows Boot Manager (SanDisk SDSSDH31000G) opensuse_aux-secureboot (SanDisk SDSSDH31000G) opensuse (SanDisk SDSSDH31000G) No, that's SanDisk is the internal disk, the external disk is nowhere. -- Cheers / Saludos, Carlos E. R. (from 15.2 x86_64 at Telcontar)
On Fri, Nov 26, 2021 at 11:18 AM Carlos E. R. <robin.listas@telefonica.net> wrote:
No, when I power off the machine and boot it using the hidden button to reach the boot menu, I get four entries - hand copied:
opensuse_main-secureboot (SanDisk SDSSDH31000G) Windows Boot Manager (SanDisk SDSSDH31000G) opensuse_aux-secureboot (SanDisk SDSSDH31000G) opensuse (SanDisk SDSSDH31000G)
No, that's SanDisk is the internal disk, the external disk is nowhere.
I asked you on which device /boot/efi of 15.3 is located, you did not answer. Show "blkid", "lsblk -f" and "ls -lR /boot/efi" (or tree if you like it more) when booted into 15.3.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday, 2021-11-26 at 11:29 +0300, Andrei Borzenkov wrote:
On Fri, Nov 26, 2021 at 11:18 AM Carlos E. R. <> wrote:
No, when I power off the machine and boot it using the hidden button to reach the boot menu, I get four entries - hand copied:
opensuse_main-secureboot (SanDisk SDSSDH31000G) Windows Boot Manager (SanDisk SDSSDH31000G) opensuse_aux-secureboot (SanDisk SDSSDH31000G) opensuse (SanDisk SDSSDH31000G)
No, that's SanDisk is the internal disk, the external disk is nowhere.
I asked you on which device /boot/efi of 15.3 is located, you did not answer.
Sorry, I missed. sdb, of course, external disk. There is another one on the internal disk. During the install, on the partitioner module I selected guided install, and there unclicked sda and clicked sdb, so everything went to sdb. Then I used the expert partitioner to do my own layout, but I did not touch the efi partitioner.
Show "blkid", "lsblk -f" and "ls -lR /boot/efi" (or tree if you like it more) when booted into 15.3.
lsblk in full detail is in the first post of this thread (those command outputs are at the end of this post). Meanwhile, possibly happy developments. In that Leap 15.3 install, booted via a probed grub entry in the other install (15.2), I run yast, then the boot module, changed the swap entry on kernel line, and a new entry appeared - number 5: Erebor3:~ # efibootmgr -v BootCurrent: 0000 Timeout: 2 seconds BootOrder: 0005,0000,0001,0004,0002,2001,2002,2003 Boot0000* opensuse_main-secureboot HD(1,GPT,f8cc1b03-845f-495d-afb8-8763d362576a,0x800,0x82000)/File(\EFI\opensuse_main\shim.efi) Boot0001* Windows Boot Manager HD(1,GPT,f8cc1b03-845f-495d-afb8-8763d362576a,0x800,0x82000)/File(\EFI\Microsoft\Boot\bootmgfw.efi)WINDOWS.........x...B.C.D.O.B.J.E.C.T.=.{.9.d.e.a.8.6.2.c.-.5.c.d.d.-.4.e.7.0.-.a.c.c.1.-.f.3.2.b.3.4.4.d.4.7.9.5.}...4................ Boot0002* openSUSE HD(1,GPT,f8cc1b03-845f-495d-afb8-8763d362576a,0x800,0x82000)/File(\EFI\opensuse\grubx64.efi)RC Boot0003* openSUSE HD(1,GPT,f8cc1b03-845f-495d-afb8-8763d362576a,0x800,0x82000)/File(\EFI\opensuse\grubx64.efi)RC Boot0004* opensuse_aux-secureboot HD(1,GPT,f8cc1b03-845f-495d-afb8-8763d362576a,0x800,0x82000)/File(\EFI\opensuse_aux\shim.efi) Boot0005* opensuse-secureboot HD(1,GPT,564d9061-ccb2-4f48-8810-6c5aae67e99f,0x800,0x100000)/File(\EFI\opensuse\shim.efi) Boot2001* EFI USB Device RC Boot2002* EFI DVD/CDROM RC Boot2003* EFI Network RC Erebor3:~ # Thus I edit in /etc/default/grub: GRUB_DISTRIBUTOR=EreborLeap Run the YaST boot module again, change the timeout to 9 seconds, save (yast runs the package manager fast and appears to download something but doesn't give time to read what - and has done this twice, when switching to the "bootloader options" tab. It is not listed in /var/log/zypp/history). Erebor3:~ # tree /boot/efi/EFI/ /boot/efi/EFI/ ├── boot │ ├── MokManager.efi │ ├── bootx64.efi │ └── fallback.efi ├── ereborleap <========== new │ ├── MokManager.efi │ ├── boot.csv │ ├── grub.cfg │ ├── grub.efi │ ├── grubx64.efi │ └── shim.efi └── opensuse ├── MokManager.efi ├── boot.csv ├── grub.cfg ├── grub.efi ├── grubx64.efi └── shim.efi 3 directories, 15 files Erebor3:~ # Erebor3:~ # efibootmgr -v BootCurrent: 0000 Timeout: 2 seconds BootOrder: 0006,0005,0000,0001,0004,0002,2001,2002,2003 Boot0000* opensuse_main-secureboot HD(1,GPT,f8cc1b03-845f-495d-afb8-8763d362576a,0x800,0x82000)/File(\EFI\opensuse_main\shim.efi) Boot0001* Windows Boot Manager HD(1,GPT,f8cc1b03-845f-495d-afb8-8763d362576a,0x800,0x82000)/File(\EFI\Microsoft\Boot\bootmgfw.efi)WINDOWS.........x...B.C.D.O.B.J.E.C.T.=.{.9.d.e.a.8.6.2.c.-.5.c.d.d.-.4.e.7.0.-.a.c.c.1.-.f.3.2.b.3.4.4.d.4.7.9.5.}...4................ Boot0002* openSUSE HD(1,GPT,f8cc1b03-845f-495d-afb8-8763d362576a,0x800,0x82000)/File(\EFI\opensuse\grubx64.efi)RC Boot0003* openSUSE HD(1,GPT,f8cc1b03-845f-495d-afb8-8763d362576a,0x800,0x82000)/File(\EFI\opensuse\grubx64.efi)RC Boot0004* opensuse_aux-secureboot HD(1,GPT,f8cc1b03-845f-495d-afb8-8763d362576a,0x800,0x82000)/File(\EFI\opensuse_aux\shim.efi) Boot0005* opensuse-secureboot HD(1,GPT,564d9061-ccb2-4f48-8810-6c5aae67e99f,0x800,0x100000)/File(\EFI\opensuse\shim.efi) Boot0006* ereborleap-secureboot HD(1,GPT,564d9061-ccb2-4f48-8810-6c5aae67e99f,0x800,0x100000)/File(\EFI\ereborleap\shim.efi) Boot2001* EFI USB Device RC Boot2002* EFI DVD/CDROM RC Boot2003* EFI Network RC Erebor3:~ # I delete entry number 5. Then change order: Erebor3:~ # efibootmgr --bootorder 0000,0001,0004,0006,0002,2001,2002,2003 BootCurrent: 0000 Timeout: 2 seconds BootOrder: 0000,0001,0004,0006,0002,2001,2002,2003 Boot0000* opensuse_main-secureboot Boot0001* Windows Boot Manager Boot0002* openSUSE Boot0003* openSUSE Boot0004* opensuse_aux-secureboot Boot0006* ereborleap-secureboot <======= external disk Boot2001* EFI USB Device Boot2002* EFI DVD/CDROM Boot2003* EFI Network Erebor3:~ # Delete dup entry #3. Erebor3:~ # efibootmgr --delete-bootnum -b 0003 BootCurrent: 0000 Timeout: 2 seconds BootOrder: 0000,0001,0004,0006,0002,2001,2002,2003 Boot0000* opensuse_main-secureboot Boot0001* Windows Boot Manager Boot0002* openSUSE Boot0004* opensuse_aux-secureboot Boot0006* ereborleap-secureboot Boot2001* EFI USB Device Boot2002* EFI DVD/CDROM Boot2003* EFI Network Erebor3:~ # And now, try booting. Ah, before, the information you asked for:
Show "blkid", "lsblk -f" and "ls -lR /boot/efi" (or tree if you like it more) when booted into 15.3.
Erebor3:~ # blkid /dev/sda1: LABEL="SYSTEM_DRV" UUID="CE88-C933" BLOCK_SIZE="512" TYPE="vfat" PARTLABEL="EFI system partition" PARTUUID="f8cc1b03-845f-495d-afb8-8763d362576a" /dev/sda3: LABEL="Windows" BLOCK_SIZE="512" UUID="EE688AB5688A7C59" TYPE="ntfs" PARTLABEL="Basic data partition" PARTUUID="7448c205-37a2-4258-870e-52feebabcd15" /dev/sda4: LABEL="LENOVO" BLOCK_SIZE="512" UUID="9C6E39116E38E5A4" TYPE="ntfs" PARTLABEL="Basic data partition" PARTUUID="c31e105b-60af-4f4c-869a-2eaf69a562a3" /dev/sda5: LABEL="WINRE_DRV" BLOCK_SIZE="512" UUID="5EF039DCF039BB5B" TYPE="ntfs" PARTLABEL="Basic data partition" PARTUUID="9a6c9c26-7de4-4715-b71c-0d3ee9abac5c" /dev/sda6: LABEL="LENOVO_PART" BLOCK_SIZE="512" UUID="08F43CF0F43CE21C" TYPE="ntfs" PARTLABEL="Basic data partition" PARTUUID="1be4dcd8-b6e9-4f4a-8c22-c5b0d4b0d764" /dev/sda7: LABEL="LRS_ESP" UUID="64A5-5D54" BLOCK_SIZE="512" TYPE="vfat" PARTLABEL="Basic data partition" PARTUUID="c879d40e-fb2e-4a36-8cd9-1e38edfd32c9" /dev/sda8: UUID="1edf494d-d697-40b2-ba00-c7da0a1d5fbe" TYPE="crypto_LUKS" PARTLABEL="relleno" PARTUUID="91355328-363b-4b1a-8b0b-ee9ce69b2629" /dev/sda9: LABEL="Swap" UUID="c9b62fd6-7d36-402a-a2cc-72d1d94f1a6f" TYPE="swap" PARTUUID="31fd3fe0-c82a-4756-bb3f-03fe018ab43b" /dev/sda10: LABEL="Aux" UUID="bf9f1135-1915-4d66-816c-a6dbfcaff6ff" BLOCK_SIZE="4096" TYPE="ext4" PARTUUID="fc0782a9-65c1-4f09-800d-902090eb6ae4" /dev/sda11: LABEL="Main" UUID="8c1f1030-8aa5-4bd4-924d-8f89e400c605" BLOCK_SIZE="4096" TYPE="ext4" PARTUUID="53d1b3af-9d16-491e-8ca4-535d8b9e23ea" /dev/sdb1: UUID="513E-8E77" BLOCK_SIZE="512" TYPE="vfat" PARTUUID="564d9061-ccb2-4f48-8810-6c5aae67e99f" /dev/sdb2: LABEL="Erebor3_swap" UUID="575a03c8-5afa-4c38-91f4-9f5ad8fb60d5" TYPE="swap" PARTUUID="a1aa1b82-1229-459c-9bbd-f67b868fa24f" /dev/sdb3: LABEL="Erebor3_main" UUID="932d5cf7-031c-45a4-bc62-86ab4a160680" BLOCK_SIZE="4096" TYPE="ext4" PARTUUID="aa63ecdd-fc48-4aa9-9dee-370b0c3d563a" /dev/sdb4: UUID="3804e2da-f4a4-4c26-9121-d763dd8f736e" TYPE="crypto_LUKS" PARTUUID="76d6cf0f-beb2-4d80-b6e2-90ab018a7e50" /dev/mapper/cr_backup: LABEL="Erebor3_bck" UUID="f1a0cc18-cd47-4620-8148-b94cb92b6dd2" UUID_SUB="35d53efc-a108-4737-b998-f78d582bf03b" BLOCK_SIZE="4096" TYPE="btrfs" /dev/sda2: PARTLABEL="Microsoft reserved partition" PARTUUID="b580048b-b412-4280-8628-4f5a642bf3f3" Erebor3:~ # Erebor3:~ # lsblk -f NAME FSTYPE FSVER LABEL UUID FSAVAIL FSUSE% MOUNTPOINT sda ├─sda1 vfat FAT32 SYSTEM_DRV CE88-C933 ├─sda2 ├─sda3 ntfs Windows EE688AB5688A7C59 ├─sda4 ntfs LENOVO 9C6E39116E38E5A4 ├─sda5 ntfs WINRE_DRV 5EF039DCF039BB5B ├─sda6 ntfs LENOVO_PART 08F43CF0F43CE21C ├─sda7 vfat FAT32 LRS_ESP 64A5-5D54 ├─sda8 crypto_LUKS 1 1edf494d-d697-40b2-ba00-c7da0a1d5fbe ├─sda9 swap 1 Swap c9b62fd6-7d36-402a-a2cc-72d1d94f1a6f [SWAP] ├─sda10 ext4 1.0 Aux bf9f1135-1915-4d66-816c-a6dbfcaff6ff └─sda11 ext4 1.0 Main 8c1f1030-8aa5-4bd4-924d-8f89e400c605 sdb ├─sdb1 vfat FAT32 513E-8E77 503.1M 2% /boot/efi ├─sdb2 swap 1 Erebor3_swap 575a03c8-5afa-4c38-91f4-9f5ad8fb60d5 [SWAP] ├─sdb3 ext4 1.0 Erebor3_main 932d5cf7-031c-45a4-bc62-86ab4a160680 13.3G 27% / └─sdb4 crypto_LUKS 1 3804e2da-f4a4-4c26-9121-d763dd8f736e └─cr_backup btrfs Erebor3_bck f1a0cc18-cd47-4620-8148-b94cb92b6dd2 1.8T 0% /backup Erebor3:~ # Erebor3:~ # ls -lR /boot/efi /boot/efi: total 4 drwxr-xr-x 5 root root 4096 Nov 26 09:52 EFI /boot/efi/EFI: total 12 drwxr-xr-x 2 root root 4096 Nov 25 10:51 boot drwxr-xr-x 2 root root 4096 Nov 26 09:52 ereborleap drwxr-xr-x 2 root root 4096 Nov 25 10:51 opensuse /boot/efi/EFI/boot: total 1832 - -rwxr-xr-x 1 root root 846240 Nov 25 10:51 MokManager.efi - -rwxr-xr-x 1 root root 934680 Nov 25 10:51 bootx64.efi - -rwxr-xr-x 1 root root 86352 Nov 25 10:51 fallback.efi /boot/efi/EFI/ereborleap: total 3088 - -rwxr-xr-x 1 root root 846240 Nov 26 09:52 MokManager.efi - -rwxr-xr-x 1 root root 62 Nov 26 09:52 boot.csv - -rwxr-xr-x 1 root root 125 Nov 26 09:52 grub.cfg - -rwxr-xr-x 1 root root 1222656 Nov 26 09:52 grub.efi - -rwxr-xr-x 1 root root 143360 Nov 26 09:52 grubx64.efi - -rwxr-xr-x 1 root root 934680 Nov 26 09:52 shim.efi /boot/efi/EFI/opensuse: total 3088 - -rwxr-xr-x 1 root root 846240 Nov 26 09:42 MokManager.efi - -rwxr-xr-x 1 root root 58 Nov 26 09:42 boot.csv - -rwxr-xr-x 1 root root 125 Nov 26 09:42 grub.cfg - -rwxr-xr-x 1 root root 1222656 Nov 26 09:42 grub.efi - -rwxr-xr-x 1 root root 143360 Nov 26 09:42 grubx64.efi - -rwxr-xr-x 1 root root 934680 Nov 26 09:42 shim.efi Erebor3:~ # Erebor3:~ # tree /boot/efi /boot/efi └── EFI ├── boot │ ├── MokManager.efi │ ├── bootx64.efi │ └── fallback.efi ├── ereborleap │ ├── MokManager.efi │ ├── boot.csv │ ├── grub.cfg │ ├── grub.efi │ ├── grubx64.efi │ └── shim.efi └── opensuse ├── MokManager.efi ├── boot.csv ├── grub.cfg ├── grub.efi ├── grubx64.efi └── shim.efi 4 directories, 15 files Erebor3:~ # Now, will try rebooting it. [...] Nope, no luck, the firmware boot menu still has only 4 entries: opensuse_main-secureboot (SanDisk SDSSDH31000G) Windows Boot Manager (SanDisk SDSSDH31000G) opensuse_aux-secureboot (SanDisk SDSSDH31000G) opensuse (SanDisk SDSSDH31000G) And the entry is gone: Erebor3:~ # efibootmgr -v BootCurrent: 0000 Timeout: 2 seconds BootOrder: 0000,0001,0004,0002,2001,2002,2003 Boot0000* opensuse_main-secureboot HD(1,GPT,f8cc1b03-845f-495d-afb8-8763d362576a,0x800,0x82000)/File(\EFI\opensuse_main\shim.efi) Boot0001* Windows Boot Manager HD(1,GPT,f8cc1b03-845f-495d-afb8-8763d362576a,0x800,0x82000)/File(\EFI\Microsoft\Boot\bootmgfw.efi)WINDOWS.........x...B.C.D.O.B.J.E.C.T.=.{.9.d.e.a.8.6.2.c.-.5.c.d.d.-.4.e.7.0.-.a.c.c.1.-.f.3.2.b.3.4.4.d.4.7.9.5.}...4................ Boot0002* openSUSE HD(1,GPT,f8cc1b03-845f-495d-afb8-8763d362576a,0x800,0x82000)/File(\EFI\opensuse\grubx64.efi)RC Boot0004* opensuse_aux-secureboot HD(1,GPT,f8cc1b03-845f-495d-afb8-8763d362576a,0x800,0x82000)/File(\EFI\opensuse_aux\shim.efi) Boot2001* EFI USB Device RC Boot2002* EFI DVD/CDROM RC Boot2003* EFI Network RC Erebor3:~ # I seem to remember, not sure if this machine, that the "bios" deletes entries it doesn't like the name. Maybe doesn't like "ereborleap-secureboot". Changing to "GRUB_DISTRIBUTOR=erebor". Checking. Erebor3:~ # efibootmgr BootCurrent: 0000 Timeout: 2 seconds BootOrder: 0003,0000,0001,0004,0002,2001,2002,2003 Boot0000* opensuse_main-secureboot Boot0001* Windows Boot Manager Boot0002* openSUSE Boot0003* erebor-secureboot Boot0004* opensuse_aux-secureboot Boot2001* EFI USB Device Boot2002* EFI DVD/CDROM Boot2003* EFI Network Erebor3:~ # efibootmgr --bootorder 0000,0001,0004,0003,2001,2002,2003 BootCurrent: 0000 Timeout: 2 seconds BootOrder: 0000,0001,0004,0003,2001,2002,2003 Boot0000* opensuse_main-secureboot Boot0001* Windows Boot Manager Boot0002* openSUSE Boot0003* erebor-secureboot Boot0004* opensuse_aux-secureboot Boot2001* EFI USB Device Boot2002* EFI DVD/CDROM Boot2003* EFI Network Erebor3:~ # Try reboot. [...] Nah, again, the firmware boot menu still has only 4 entries: opensuse_main-secureboot (SanDisk SDSSDH31000G) Windows Boot Manager (SanDisk SDSSDH31000G) opensuse_aux-secureboot (SanDisk SDSSDH31000G) opensuse (SanDisk SDSSDH31000G) and the entries for this install are gone from efibootmgr: Erebor3:~ # efibootmgr BootCurrent: 0000 Timeout: 2 seconds BootOrder: 0000,0001,0004,0002,2001,2002,2003 Boot0000* opensuse_main-secureboot Boot0001* Windows Boot Manager Boot0002* openSUSE Boot0004* opensuse_aux-secureboot Boot2001* EFI USB Device Boot2002* EFI DVD/CDROM Boot2003* EFI Network Erebor3:~ # Shit :-/// - -- Cheers, Carlos E. R. (from openSUSE 15.2 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCYaCrhhwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfVvtkAn1w5+GWMl+5zwuxtwFx0 LPOFVHC+AKCHxtDms0C0snDGFiu+GC4hrxoT7w== =iw0L -----END PGP SIGNATURE-----
On 26.11.2021 12:40, Carlos E. R. wrote: ...
Try reboot.
[...]
Nah, again, the firmware boot menu still has only 4 entries:
opensuse_main-secureboot (SanDisk SDSSDH31000G) Windows Boot Manager (SanDisk SDSSDH31000G) opensuse_aux-secureboot (SanDisk SDSSDH31000G) opensuse (SanDisk SDSSDH31000G)
and the entries for this install are gone from efibootmgr:
If firmware refuses to keep these entries there is not much we can do from openSUSE side. See if there is possibility to define boot entries in BIOS setup - they may be kept. Otherwise your only option is to is ESP on the main disk for Leap 15.3, so all boot entries are on the same disk partition.
On 27/11/2021 07.52, Andrei Borzenkov wrote:
On 26.11.2021 12:40, Carlos E. R. wrote: ...
Try reboot.
[...]
Nah, again, the firmware boot menu still has only 4 entries:
opensuse_main-secureboot (SanDisk SDSSDH31000G) Windows Boot Manager (SanDisk SDSSDH31000G) opensuse_aux-secureboot (SanDisk SDSSDH31000G) opensuse (SanDisk SDSSDH31000G)
and the entries for this install are gone from efibootmgr:
If firmware refuses to keep these entries there is not much we can do from openSUSE side.
I know. :-(
See if there is possibility to define boot entries in BIOS setup - they may be kept.
I'll check. Not now, it is running a big rsync (the purpose of this external disk is to do backups of the internal disk).
Otherwise your only option is to is ESP on the main disk for Leap 15.3, so all boot entries are on the same disk partition.
Err... sorry, what is ESP? Ah, EFI system partition. How do I tell YaST, running on /dev/sdbX, to write to ESP on /dev/sdaX? Can I just umount /dev/sdb1, mount /dev/sda1 in its place (/boot/efi), and then tell yast to write the ESP thing? Can that work? -- Cheers / Saludos, Carlos E. R. (from 15.2 x86_64 at Telcontar)
On 27.11.2021 14:44, Carlos E. R. wrote:
Otherwise your only option is to is ESP on the main disk for Leap 15.3, so all boot entries are on the same disk partition.
Err... sorry, what is ESP? Ah, EFI system partition.
How do I tell YaST, running on /dev/sdbX, to write to ESP on /dev/sdaX? Can I just umount /dev/sdb1, mount /dev/sda1 in its place (/boot/efi), and then tell yast to write the ESP thing? Can that work?
Yes.
On 27/11/2021 12.47, Andrei Borzenkov wrote:
On 27.11.2021 14:44, Carlos E. R. wrote:
Otherwise your only option is to is ESP on the main disk for Leap 15.3, so all boot entries are on the same disk partition.
Err... sorry, what is ESP? Ah, EFI system partition.
How do I tell YaST, running on /dev/sdbX, to write to ESP on /dev/sdaX? Can I just umount /dev/sdb1, mount /dev/sda1 in its place (/boot/efi), and then tell yast to write the ESP thing? Can that work?
Yes.
Finally had a chance to get back to this. Yes, it worked :-) Thanks. -- Cheers / Saludos, Carlos E. R. (from 15.2 x86_64 at Telcontar)
participants (3)
-
Andrei Borzenkov -
Carlos E. R. -
Patrick Shanahan