I use rEFInd boot loader. When I boot openSUSE from it I have to use the 32-bit grub.efi as the grubx64.efi returns a shim validation error. So obviously I have Secure Boot enabled, and openSuSE 15.6 TW was installed with SB enabled. The problem only starts when I want to boot an earlier BTRFS snapshot. In this case, the snapshot loads, but after restart I notice the rEFInd boot loader is missing, even though it appears in efibootmgr -v listing. The default bootloader has been changed in the firmware to 0000 (which I assume was the “point in time” bootloader entry for the snapshot).
This is a Dell Latitude 9410 convertible. BIOS and UEFI all current. I am just wondering if this is expected behavior, or buggy firmware.
Such a beast does not exist. Thre is openSUSE Tumbleweed (and you choose that as tag at the header above) and there is openSUSE Leap 15.6. Better confirm that this is indeed about Tumbleweed.
You tell long story containing your (sometimes, incorrect) interpretation of what you observed. Instead, you should show the actual commands and their complete output so that we can decide for ourselves.
It is not 32 bit.
Of course it does. Why did you expect anything different? Did you enroll your own certificate and sign grubx64.efi with the corresponding private key?
What exactly does it mean, especially when next you say
Happy to do it. I love Tumbleweed and openSuSE but my most recent experience is debian-based distros, so it’s a bit of a “new world” to me. Anyway, essentially, here is the scenario:
Right now sudo efibootmgr shows BootOrder: 0006,0004,0002,000F,0000 where rEFind is 6 and openSuSE is 0
After boot from RO Snapshot sudo efibootmgr shows BootOrder: 0000,0004,0002 where rEFind is removed from boot order (although still appears as a boot ‘candidate’ in the text that follows) and openSuSE is still 0 (or more accurately, 0000).
Thank you for any diagnosis of this issue, I imagine it could easily be buggy EFI Firmware; most are somewhat buggy when it comes to Secure Boot.
Also, a follow-on question: is the module shim-susesigned still available for download? I believe I got a 404 trying to obtain it. Recommended update for shim-susesigned | SUSE Support | SUSE makes it appear this module was pulled down or is unmaintained.
Please, we do not like selected parts of output, we like to see complete command-output as you see it. A standard explanation:
Please, to make the pieces of computer code in your posts better consumable by technical oriented people:
And post as complete as possible. That is starting with the line with the prompt and the command, then all output, and ending with the new prompt line.
When you really feel you need to change anything in such a copy, then add that in a comment, else we take all characters literally.
When the text is very long, then you can upload to https://paste.opensuse.org/ .
Or you can use the tool susepaste by piping the output to it ind posting the URL you get.