Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: Fresh install.on ASUS X99-PRO/USB3.1 Motherboard

  1. #1

    Default Fresh install.on ASUS X99-PRO/USB3.1 Motherboard

    Hi all,

    First of all:
    I'm not new to Linux at all, but i'm a noob when it comes to Suse.

    That said, heres a little background:
    • I used debian and Kubuntu in the past (and RedHat back in the time they just started with RPM), and because of some error with grub-efi in my Kubuntu install plus my discovery of BTRFS I decided to switch distros, so here i am...
    • I used Systemd-boot as my main bootloader making use of my script to automate the boot entries of it.
    • I have currently backed-up my precious data in a separate HD with a single full-disk BTRFS using subvolumes inside it.
    • I use a ASUS X99-PRO/USB3.1 Motherboard with BIOS 3902, which i seem to need to update to latest yet.
    • I have a ZOTAC GeForce® GTX 1080 Ti (Amp Extreme Core Edition).
    • I try to install my fresh system as follows:
      1. /dev/sda = 4TB (~3.65 TiB), Single BTRFS for the various OS/distro installs.
      2. /dev/sdb = 2TB (~1.84 TiB), Single BTRFS for my precious data.
      3. /dev/sdc = 150GB (~149.5 GiB), UEFI SecureBoot.
        1. p1 = 1GiB (ESP), because booting with Systemd-boot will need the kernels and ramdisks in the ESP, plus EFI-Shell, plus efi-tools, etc.
        2. p2 = 64GiB (swap), motherboard has 32GB RAM(DIMMS) installed and i want to be able to use hybernation etc...
        3. p3 = rest ~84GiB as BTRFS (/home) to ease reinstalls in /dev/sda when needed...





    Soo...Now comes my problems i face at moment.
    1. My Wifi does not seem to be working.
      Code:
      [  +0.001525] b43-phy0: Broadcom 4352 WLAN found (core revision 42)
      [  +0.001165] b43-phy0 ERROR: FOUND UNSUPPORTED PHY (Analog 12, Type 11 (AC), Revision 1)
      [  +0.000037] b43: probe of bcma0:1 failed with error -95
      [  +0.000021] Broadcom 43xx driver loaded [ Features: PNLS ]
    2. My BlueTooth does not seem to be working. (Which i can most probably fix using a firmware file i have inside /dev/sdb, that worked in my previous distro)
      Code:
      Bluetooth: hci0: BCM: Patch brcm/BCM20702A1-0b05-17cf.hcd not found
    3. My videocard does not work with the nVidia drivers in Leap.
    4. My videocard does work with the nVidia drivers in TW but is not signed...
      Code:
      [  +0.017493] nvidia: loading out-of-tree module taints kernel.
      [  +0.000018] nvidia: module license 'NVIDIA' taints kernel.
      [  +0.000001] Disabling lock debugging due to kernel taint
      [  +0.057343] nvidia: module verification failed: signature and/or required key missing - tainting kernel
    5. I don't get the MokManager screens in Suse (and neither did in *ubuntu, where i had to manually add the cert in the MokList using efitools.)
      Where is the cert that is used in suse, so i can manually add it to the MokList using efitools?


    This post is still a WIP and will be updated as needed....

  2. #2

    Default Re: Fresh install.on ASUS X99-PRO/USB3.1 Motherboard

    Oops forgot to say im going to use KDE with plasma in suse also...

  3. #3
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    14,421
    Blog Entries
    3

    Default Re: Fresh install.on ASUS X99-PRO/USB3.1 Motherboard

    The general advice for broadcom wifi is:
    1: Add the packman repo if you have not already done that:
    Code:
    zypper ar -f -n packman --priority 90 http://packman.inode.at/suse/openSUSE_Tumbleweed/ packman
    2: Install broadcom-wl from packman. It's easiest to use Yast Software Management for that.

    Then reboot, and see if WiFi starts working.

    You might also need to disable secure-boot for this to work (assuming that you use UEFI). That's because the signature on the broadcom module is being checked, but the module is probably not signed by an openSUSE signing key.
    openSUSE Leap 15.2; KDE Plasma 5.18.5;

  4. #4
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    14,421
    Blog Entries
    3

    Default Re: Fresh install.on ASUS X99-PRO/USB3.1 Motherboard

    Disabling secure-boot may also allow the nvidia driver to load.
    openSUSE Leap 15.2; KDE Plasma 5.18.5;

  5. #5

    Default Re: Fresh install.on ASUS X99-PRO/USB3.1 Motherboard

    Thanks for the info provided and the Wifi and Nvidia drivers seem to work when SecureBoot is disabled while booting Leap.
    And works in Tumbleweed regardless of SB-state but logs a warning about it, must be because the kernel does not enforce module signatures...
    But that is ofcourse not the right-thing to have in both versions, why are these modules not signed for SB at install?

    I noticed that the dkms package is not even installed by default, which is meant for automatic kernel-module signing IIRC.
    At least that's what happens in *ubuntu distros.

    Still want to know where the certificate is that is meant to be used to sign the kernel modules, anyone any idea?
    Because i want to boot with SecureBoot mode enabled...

  6. #6

    Default Re: Fresh install.on ASUS X99-PRO/USB3.1 Motherboard

    Oh PS:
    Why do i get a GRUB command-line without any errors after installing these kernel modules?
    I have to type "exit" to continue, which is very weird and frustrating...

    (Not to mention that i want to switch to Systemd-boot as soon as possible and drop grub)

  7. #7

    Default Re: Fresh install.on ASUS X99-PRO/USB3.1 Motherboard

    Just FYI and note for myself,

    I currently use this layout to be able to boot both Leap and Tumbleweed:
    Code:
    suse:/boot/efi #  tree EFI/opensuse/
    EFI/opensuse/
    ├── Leap
    │   ├── MokManager.efi
    │   ├── boot.txt
    │   ├── grub.cfg
    │   ├── grub.efi
    │   ├── grubx64.efi
    │   └── shim.efi
    ├── TumbleWeed
    │   ├── MokManager.efi
    │   ├── boot.txt
    │   ├── fw
    │   ├── fwupdx64.efi
    │   ├── grub.cfg
    │   ├── grub.efi
    │   ├── grubx64.efi
    │   └── shim.efi
    └── boot.csv
    
    3 directories, 14 files
    The boot.txt files are used to create a combined boot.csv file by a script i created for this purpose...
    My script automatically adds the UEFI boot entries accordingly.
    Code:
    Boot0000* UEFI: openSUSE Leap   HD(1,GPT,b67f466a-bbf0-4323-a4d9-97b832ffdce3,0x800,0x200000)/File(\EFI\OPENSUSE\LEAP\SHIM.EFI)
    Boot0001* UEFI: openSUSE Tumbleweed     HD(1,GPT,b67f466a-bbf0-4323-a4d9-97b832ffdce3,0x800,0x200000)/File(\EFI\OPENSUSE\TUMBLEWEED\SHIM.EFI)
    But i still need to manually move the respective files into their subdirectory after an update of grub-efi...

  8. #8
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    14,421
    Blog Entries
    3

    Default Re: Fresh install.on ASUS X99-PRO/USB3.1 Motherboard

    Quote Originally Posted by TriMoon View Post
    Thanks for the info provided and the Wifi and Nvidia drivers seem to work when SecureBoot is disabled while booting Leap.
    And works in Tumbleweed regardless of SB-state but logs a warning about it, must be because the kernel does not enforce module signatures...
    But that is ofcourse not the right-thing to have in both versions, why are these modules not signed for SB at install?
    I can't check on that because I am not using either nvidia or broadcom drivers.

    It is my understanding, that the nvidia drivers are signed. But I think they are signed with a different key. At some time during boot, you probably got a blue screen asking you to add a key. And if you selected "continue" then the key was not added. That could be the problef for nvidia drivers.

    For the broadcom drivers -- those come from packman. As far as I know, the packman maintainers do not have access to the openSUSE signing key. So you would need to create your own key and sign the modules yourself with that.
    I noticed that the dkms package is not even installed by default, which is meant for automatic kernel-module signing IIRC.
    At least that's what happens in *ubuntu distros.
    I think you only need "dkms" if you are building the modules yourself. If you are installing prebuilt modules, you should not need it.
    Still want to know where the certificate is that is meant to be used to sign the kernel modules, anyone any idea?
    Because i want to boot with SecureBoot mode enabled...
    The key for checking signatures should be in "/etc/uefi/certs". The signing key is, I hope, carefully protected by openSUSE administrative people. If you want to sign modules yourself, you will need to create your own signing key.
    openSUSE Leap 15.2; KDE Plasma 5.18.5;

  9. #9
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    14,421
    Blog Entries
    3

    Default Re: Fresh install.on ASUS X99-PRO/USB3.1 Motherboard

    Quote Originally Posted by TriMoon View Post
    Oh PS:
    (Not to mention that i want to switch to Systemd-boot as soon as possible and drop grub)
    As far as I know, systemd-boot does not support secure-boot at all.
    openSUSE Leap 15.2; KDE Plasma 5.18.5;

  10. #10
    Join Date
    Sep 2012
    Posts
    5,914

    Default Re: Fresh install.on ASUS X99-PRO/USB3.1 Motherboard

    Quote Originally Posted by nrickert View Post
    As far as I know, systemd-boot does not support secure-boot at all.
    It is probably too blanket statement. sd-boot does not actively use shim interface to verify signature, that's correct. In secure boot environment it expects unified image which combines loader, kernel, initrd and command line in single EFI executable. This executable can be signed and itself loaded e.g. by shim. Unfortunately, it cannot be shipped by distribution for obvious reasons and can only be generated and signed on end-user system (or user must enroll hash of resulting binary). dracut supports it.

Page 1 of 2 12 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •