Any progress on Secure boot bug?

10 months since secure boot quit working on my Dell desktop. Bios is up to date. Any progress towards addressing the shim bat security violation issue?

This one?

1 Like

That’s way beyond my skill level. Thanks anyway. I thought this would be like it is with Debian, Ubuntu, Fedora, Solus, and LinuxMint, to name a few. I boot up and secure boot just works.

OpenSUSE can’t even get to the boot menu before Secure Boot rejects it as a security violation. With Fedora et al, I go to the Gnome privacy>device security tab and is all green (vs OpenSUSE - with Secure Boot turned off of course - where it’s all red and lots of fails in the test report).

I don’t get this approach but OpenSUSE seems to be happy with it. Maybe it’s just my computer that’s balking, but I doubt it. Thus I’ll just move on. It’s not changing and it’s not going to in the future. Thanks again for the effort.

If I am reading it correctly, the openSUSE has done whatever it can. But there is some sort of hold up at Microsoft. Until Microsoft signs the new shim, it can’t be released.

You can reset the SBAT level so that it works. That’s what I have done here. There are comments on how to do that in the bug report and in the openSUSE wiki on secure-boot.

It is also possible to boot Tumbleweed with the “shim” from Leap, provided that you enroll the openSUSE CA certificate with MokManager. But that can be cumbersome, because updates to Tumbleweed boot loader will revert to the Tumbleweed shim.

Note that Solus appears to be using the shim from Fedora and requiring you to enroll the Solus CA certificate so that it will work.

The bug process fix you mention is beyond my skill level.

Your response reminds me that this situation is not likely getting any better any time soon. Questions rattle in my head now - why OpenSUSE? Does Microsoft/Verisign have problems with just OpenSUSE? Because not one of its peers has this issue.

I also wonder about the additional multiple security fails that Gnome device security reports. What’s up with that? Those Gnome privacy>device security reports were ugly when I ran them. Red danger signs abound.

Appearances matter. And as a plain old main street home user for 20+ yrs, it appears like security is not taken very seriously at this point. 10 months is pretty lengthy time.

Thanks again so much.