Discussion:
Help! secure boot is preventing boot of debian
(too old to reply)
Richmond
2024-06-01 19:10:01 UTC
Permalink
I have a PC with two operating systems installed, Debian, and Opensuse.
Both are installed with Secure Boot. Each has its own grub installation.
Normally I boot debian, and if I want to boot opensuse I select UEFI
settings from the main menu and select opensuse from there which
launches the opensuse grub. Today I booted opensuse, and did an update
which included an update to grub. Now I cannot boot debian as it says
bad shim or bad signature.

Each grub menu has the alternate O.S. on it, but booting debian from the
opensuse grub menu did not work either.

Should I disable secure boot temporarily? will that allow booting?
Marco Moock
2024-06-01 19:40:01 UTC
Permalink
Post by Richmond
Should I disable secure boot temporarily? will that allow booting?
That should allow booting it.

Have you changed anything at the keys in the EFI (maybe UEFI
firmware update)?
--
Gruß
Marco

Send unsolicited bulk mail to ***@cartoonies.org
Richmond
2024-06-01 20:20:01 UTC
Permalink
Post by Marco Moock
Post by Richmond
Should I disable secure boot temporarily? will that allow booting?
That should allow booting it.
Have you changed anything at the keys in the EFI (maybe UEFI
firmware update)?
OK I got it booted and re-installed grub from debian. But I don't know
why it happened, I haven't changed any keys or done anything except an
opensuse update. I will ask the opensuse list....
Thomas Schmitt
2024-06-02 08:20:02 UTC
Permalink
Hi,
Post by Richmond
OK I got it booted and re-installed grub from debian. But I don't know
why it happened, I haven't changed any keys or done anything except an
opensuse update. I will ask the opensuse list....
I remember to have seen discussions about newly installed shim adding
names of older shims or bootloaders to something called SBAT.
I find in my mailbox a mail with a link to
https://bugzilla.opensuse.org/show_bug.cgi?id=1209985

About SBAT i found in the web:
https://www.gnu.org/software/grub/manual/grub/html_node/Secure-Boot-Advanced-Targeting.html
https://github.com/rhboot/shim/blob/main/SBAT.md


Have a nice day :)

Thomas
Richmond
2024-06-02 12:10:01 UTC
Permalink
Post by Thomas Schmitt
Hi,
Post by Richmond
OK I got it booted and re-installed grub from debian. But I don't
know why it happened, I haven't changed any keys or done anything
except an opensuse update. I will ask the opensuse list....
I remember to have seen discussions about newly installed shim adding
names of older shims or bootloaders to something called SBAT. I find
in my mailbox a mail with a link to
https://bugzilla.opensuse.org/show_bug.cgi?id=1209985
https://www.gnu.org/software/grub/manual/grub/html_node/Secure-Boot-Advanced-Targeting.html
https://github.com/rhboot/shim/blob/main/SBAT.md
Have a nice day :)
Thomas
Thanks. They have a wiki on how to fix this:

https://en.opensuse.org/openSUSE:UEFI#Reset_SBAT_string_for_booting_to_old_shim_in_old_Leap_image

I found re-installing debian's grub easier, until next time perhaps...
Loading...