Bugzilla – Bug 807790
Machine fails to boot with secure boot enabled
Last modified: 2013-03-07 10:40:35 UTC
Installed from the "full" install media (openSUSE-12.3-DVD-Build0094-x86_64.iso) onto a Lenovo X1 Carbon with secure boot enabled. I dumped the ISO to a USB stick and the machine boots with no problem from the stick. All packages get installed. After the install of packages the installation procedure reboots the machine, at this point the computer does not boot and produces the following message: Image failed to verify with *ACCESS DENIED* Disabling secure boot allows the machine to boot and continue with the installation procedure.
efibootmgr -v produces the following output: BootCurrent: 0019 Timeout: 0 seconds BootOrder: 0019,0018,0000,0001,0002,0003,0007,0008,0009,000A,000B,000C,000D,000E,000F,0011,0010,0012 Boot0000 Setup Boot0001 Boot Menu Boot0002 Diagnostic Splash Screen Boot0003 Lenovo Diagnostics Boot0004 Startup Interrupt Menu Boot0005 ME Configuration Menu Boot0006 Rescue and Recovery Boot0007* USB CD 030a2400d23878bc820f604d8316c068ee79d25b86701296aa5a7848b66cd49dd3ba6a55 Boot0008* USB FDD 030a2400d23878bc820f604d8316c068ee79d25b6ff015a28830b543a8b8641009461e49 Boot0009* ATAPI CD0 030a2500d23878bc820f604d8316c068ee79d25baea2090adfde214e8b3a5e471856a35401 Boot000A* ATA HDD0 030a2500d23878bc820f604d8316c068ee79d25b91af625956449f41a7b91f4f892ab0f600 Boot000B* ATA HDD1 030a2500d23878bc820f604d8316c068ee79d25b91af625956449f41a7b91f4f892ab0f601 Boot000C* ATA HDD2 030a2500d23878bc820f604d8316c068ee79d25b91af625956449f41a7b91f4f892ab0f602 Boot000D* USB HDD 030a2400d23878bc820f604d8316c068ee79d25b33e821aaaf33bc4789bd419f88c50803 Boot000E* PCI LAN 030a2400d23878bc820f604d8316c068ee79d25b78a84aaf2b2afc4ea79cf5cc8f3d3803 Boot000F* ATAPI CD1 030a2500d23878bc820f604d8316c068ee79d25baea2090adfde214e8b3a5e471856a35404 Boot0010 Other CD 030a2500d23878bc820f604d8316c068ee79d25baea2090adfde214e8b3a5e471856a35406 Boot0011* ATA HDD3 030a2500d23878bc820f604d8316c068ee79d25b91af625956449f41a7b91f4f892ab0f604 Boot0012 Other HDD 030a2500d23878bc820f604d8316c068ee79d25b91af625956449f41a7b91f4f892ab0f606 Boot0013* IDER BOOT CDROM ACPI(a0341d0,0)PCI(16,2)ATAPI(0,1,0) Boot0014* IDER BOOT Floppy ACPI(a0341d0,0)PCI(16,2)ATAPI(0,0,0) Boot0015* ATA HDD 030a2400d23878bc820f604d8316c068ee79d25b91af625956449f41a7b91f4f892ab0f6 Boot0016* ATAPI CD: 030a2400d23878bc820f604d8316c068ee79d25baea2090adfde214e8b3a5e471856a354 Boot0017* PCI LAN 030a2400d23878bc820f604d8316c068ee79d25b78a84aaf2b2afc4ea79cf5cc8f3d3803 Boot0018* Windows Boot Manager HD(2,1f4800,82000,5f069c84-8668-4113-b1e5-478655ed6ab4)File(\EFI\Microsoft\Boot\bootmgfw.efi)WINDOWS.........x...B.C.D.O.B.J.E.C.T.=.{.9.d.e.a.8.6.2.c.-.5.c.d.d.-.4.e.7.0.-.a.c.c.1.-.f.3.2.b.3.4.4.d.4.7.9.5.}.................... Boot0019* opensuse HD(1,10fd800,4e800,686b4089-75a1-445c-96ba-3cef7f840ac9)File(\EFI\opensuse\grubx64.efi)
If I'm reading properly, the menu points directly to GRUB, while I'd expect it to point to shim. Steffen, can you have a look? Robert, could you, please, attach the YaST logs?
Created attachment 528475 [details] All YaST logs
Robert, From the log, the secure boot is not enabled in installation. Please help to reinstall and recheck in your bootloader summary, it should display your secure boot settings as false (default). You can turn it on in bootloader settings ( a checkbox below the loader type selection). Thanks.
... which is tracked in #807839
Confirmed, things work when I go to YaST2->Bootloader and enable "Secure Boot"
Duplicate of #807839 *** This bug has been marked as a duplicate of bug 807839 ***