Bricked my laptop after BIOS update

vishy · October 14, 2014, 9:53pm

Clarifications- why I installed in boot-secure off mode and why I had set BIOS password
My system didn’t allow other boot-loaders to load except windows. May be my system was hard coded for booting with windows.
I knew that Boot-Repair of Ubuntu could solve such kind of problems and Boot-Repair asks secure-boot turned off in order to work properly. And to turn off secure boot I had to set BIOS password. (ps- I could only turn off secureboot after setting BIOS password)
But as ppa is blocked by university internet proxy settings, so I could not use secure-boot. So I ultimately used

bcdedit /set {bootmgr} path \EFI\opensuse\grubx64.efibcdedit /set {bootmgr} path \EFI\opensuse\grubx64.efi

vishy · October 14, 2014, 10:04pm

nrickert:

If you are running opensuse, then it should be at

/boot/efi/EFI/opensuse/shim.efi

I’m assuming that you went through the Yast Boot Loader step to check the box for secure boot.

Can you post (with code tags), the output from:
# efibootmgr -v

efibootmgr -v
BootCurrent: 0002
Timeout: 0 seconds
BootOrder: 0002,0000,0004,0003,0001
Boot0000* Windows Boot Manager  HD(2,c8800,96000,580a97ae-421d-46e0-b74d-2d959c130884)File(\EFI\Microsoft\Boot\bootmgfw.efi)RC
Boot0001* HDD:  HD(2,c8800,96000,580a97ae-421d-46e0-b74d-2d959c130884)File(\EFI\ubuntu\grubx64.efi)RC
Boot0002* Windows Boot Manager  HD(2,c8800,96000,580a97ae-421d-46e0-b74d-2d959c130884)File(\EFI\opensuse\grubx64.efi)WINDOWS.........x...B.C.D.O.B.J.E.C.T.=.{.9.d.e.a.8.6.2.c.-.5.c.d.d.-.4.e.7.0.-.a.c.c.1.-.f.3.2.b.3.4.4.d.4.7.9.5.}...a................
Boot0003* Fedora        ACPI(a0341d0,0)PCI(1f,2)03120a00000000000000HD(2,c8800,96000,580a97ae-421d-46e0-b74d-2d959c130884)File(\EFI\fedora\shim.efi)..
Boot0004* Fedora        ACPI(a0341d0,0)PCI(1f,2)03120a00000000000000HD(2,c8800,96000,580a97ae-421d-46e0-b74d-2d959c130884)File(\EFI\fedora\shim.efi)..
Boot0005* BRCM MBA Slot 0200 v15.0.11   BIOS(80,500,00)................a........ ..E............ .............................
Boot0006* WDC WD7500BPVT-22HXZT3                BIOS(2,500,00)................-.h.......h.A.h........................................
Boot0007* HL-DT-ST DVDRAM GT70N                 BIOS(3,500,00)................-.v.......v.A.v....#...................................

nrickert · October 14, 2014, 10:06pm

That image is confusing. It says “UEFI” disabled, but lists secure-boot entries which depend on UEFI. I guess the BIOS has some strange terminology.

Questions:

1: Did you go through the Yast boot loader page, as suggested, to turn on secure boot?

2: When running opensuse, what’s the output from


# efibootmgr -v

3: When running opensuse, what’s the output from


ls /boot/efi/EFI/opensuse

nrickert · October 14, 2014, 10:09pm

Okay, you finally have provided the “efibootmgr” output. It does not look as if secure-boot is enabled in opensuse. Either that, or your system won’t list it because it is neither Windows nor fedora.

Again, check the content of “/boot/efi/EFI/opensuse”.

vishy · October 14, 2014, 11:04pm

It doesn’t says ‘UEFI’ disabled. It says secure-boot disabled. P.S. I disabled secure-boot just now in order to let my system boot.
Disable is option for secure-boot. (See to the left of disabled)
Again, secure-boot is option for Boot mode. Boot mode can either be UEFI or Legacy (BIOS) (see to the left of UEFI)

ls /boot/efi/EFI/opensuse
grubx64.efi

nrickert · October 14, 2014, 11:26pm

Did you turn on the “secure boot” option in Yast boot loader?

That should have installed shim.

You could also try


# install-shim

at the command line (as root).

vishy · October 15, 2014, 7:15am

sudo zypper install shim
root's password:
Retrieving repository 'Packman Repository' metadata ............................................................................[done]
Building repository 'Packman Repository' cache .................................................................................[done]
Retrieving repository 'packman' metadata .......................................................................................[done]
Building repository 'packman' cache ............................................................................................[done]
Timeout exceeded when accessing 'http://download.opensuse.org/distribution/13.1/repo/oss/content'.

Abort, retry, ignore? [a/r/i] (r): 
Autoselecting 'r' after 16 seconds. 
Retrieving repository 'openSUSE-13.1-Update' metadata ..........................................................................[done]
Building repository 'openSUSE-13.1-Update' cache ...............................................................................[done]
Loading repository data...
Reading installed packages...
'shim' is already installed.
No update candidate for 'shim-0.2-3.1.x86_64'. The highest available version is already installed.
Resolving package dependencies...

Nothing to do.

Shows shim is already installed. What now.

nrickert · October 15, 2014, 7:43am

Sigh!

Not:


zypper install shim

That was not needed.

Instead,


# install-shim

Or, if you want the full path:


# /usr/sbin/install-shim

vishy · October 15, 2014, 7:56am

That’s what I did first. It showed that it’s a typo. See output.

akashopensuse@linux-ull4:~> install-shim
If 'install-shim' is not a typo you can use command-not-found to lookup the package that contains it, like this:
    cnf install-shim
akashopensuse@linux-ull4:~> cnf install-shim
install-shim: command not found                             
akashopensuse@linux-ull4:~> /usr/sbin/install-shim
bash: /usr/sbin/install-shim: No such file or directory
akashopensuse@linux-ull4:~> cd /usr/sbin/install-shim
bash: cd: /usr/sbin/install-shim: No such file or directory

vishy · October 15, 2014, 8:03am

I’m not able to find install-shim

sudo ls -R / | grep install-shim
ls: cannot open directory /run/user/1000/gvfs: Permission denied
ls: cannot open directory /var/run/user/1000/gvfs: Permission denied

vishy · October 15, 2014, 8:12am

vish_99:

That’s what I did first. It showed that it’s a typo. See output.

akashopensuse@linux-ull4:~> install-shim
If 'install-shim' is not a typo you can use command-not-found to lookup the package that contains it, like this:
    cnf install-shim
akashopensuse@linux-ull4:~> cnf install-shim
install-shim: command not found                             
akashopensuse@linux-ull4:~> /usr/sbin/install-shim
bash: /usr/sbin/install-shim: No such file or directory
akashopensuse@linux-ull4:~> cd /usr/sbin/install-shim
bash: cd: /usr/sbin/install-shim: No such file or directory

Probably it is typo, it’s shim-install not install-shim.

But, again something happened don’t know what.

/usr/sbin/shim-install
which: no grub2-probe in (/usr/lib64/mpi/gcc/openmpi/bin:/home/akashopensuse/bin:/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/X11R6/bin:/usr/games:/opt/cross/bin:/usr/lib/mit/bin:/usr/lib/mit/sbin)

vishy · October 15, 2014, 9:36am

This post is going to take a new turn.

Suppose, I successfully convert my present present openSUSE installation from non-secure-boot to secure-boot and I make it as my default boot-manager.

But, remember I used following code to force microsoft windows boot-loader to not to call itself but call openSUSE instead.

bcdedit /set {bootmgr} path \EFI\opensuse\grubx64.efi

Now I’m thinking if openSUSE boot-loader is made default boot-loader. What will happen if openSUSE will call windows boot-loader. Will windows boot-loader call the openSUSE boot-loader again.

How do I reverse

bcdedit /set {bootmgr} path \EFI\opensuse\grubx64.efi

. Also I’m thinking of removing Fedora. So, how do I restore EFI to factory conditions. I would later upgrade to 13.3. I won’t format the partition of openSUSE.

In the MBR days fixmbr from bootrec.exe could be used used to reset MBR to factory conditions. Is there any utility to reset EFI to factory conditions.

nrickert · October 15, 2014, 4:13pm

vish_99:

Probably it is typo, it’s shim-install not install-shim.

But, again something happened don’t know what.
/usr/sbin/shim-install
which: no grub2-probe in (/usr/lib64/mpi/gcc/openmpi/bin:/home/akashopensuse/bin:/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/X11R6/bin:/usr/games:/opt/cross/bin:/usr/lib/mit/bin:/usr/lib/mit/sbin)

Oops! You are right, that I got the name wrong.

I’m seeing “/usr/sbin/grub2-probe”.

You probably need to do:


su -

to become root. With that “-” argument, the root shell should have “/usr/sbin” on its path. And then it should work (assuming that “/usr/sbin/grub2-probe” exists).

nrickert · October 15, 2014, 4:37pm

vish_99:

This post is going to take a new turn.

Suppose, I successfully convert my present present openSUSE installation from non-secure-boot to secure-boot and I make it as my default boot-manager.

But, remember I used following code to force microsoft windows boot-loader to not to call itself but call openSUSE instead.
bcdedit /set {bootmgr} path \EFI\opensuse\grubx64.efi

That will still work if secure-boot is disabled in the BIOS. It will fail if secure-boot is enabled.

You will instead need:

bcdedit /set {bootmgr} path \EFI\opensuse\shim.efi

Or, if your firmware can allow you to boot opensuse directly, then you won’t need that at all.

Now I’m thinking if openSUSE boot-loader is made default boot-loader. What will happen if openSUSE will call windows boot-loader. Will windows boot-loader call the openSUSE boot-loader again.

It doesn’t actually work that way. When you make that change to Windows, it (windows) tells your UEFI firmware to call opensuse directly from the firmware. When you use the Windows entry in the grub2-efi boot menu, that starts up Windows the way it would otherwise have started.

However, it is best not to have that “bcdedit” setting if you don’t need it. Windows updates can sometimes be confused by it.

How do I reverse

bcdedit /set {bootmgr} path \EFI\opensuse\grubx64.efi

.

Use:


bcdedit /set {bootmgr} path \EFI\Microsoft\Boot\bootmgfw.efi

That restores it to the Windows default setting.

Also I’m thinking of removing Fedora. So, how do I restore EFI to factory conditions.

The “shim-install” should add the UEFI boot entry for opensuse-secureboot, and that will work even when secure-boot is disabled in BIOS.

You can remove the “Fedora” boot entry, with the command (as root)


# efibootmgr -b 3 -B
# efibootmgr -b 4 -B

This assumes that entries 3 and 4 are for Fedora. First run


# efibootmgr -v

to check those numbers.

In the MBR days fixmbr from bootrec.exe could be used used to reset MBR to factory conditions. Is there any utility to reset EFI to factory conditions.

There’s no equivalent, and no need for an equivalent with EFI.

What “fixmbr” did, was to replace the boot code in the MBR. For UEFI, the bootcode is in the firmware and in the operating system directories in the EFI partition.

robin_listas · October 15, 2014, 4:38pm

On 2014-10-15 08:06, vish 99 wrote:

> I’m not able to find install-shim
>
> Code:
> --------------------
> sudo ls -R / | grep install-shim
> ls: cannot open directory /run/user/1000/gvfs: Permission denied
> ls: cannot open directory /var/run/user/1000/gvfs: Permission denied
> --------------------

Don’t use sudo, forget it.
Instead, in the terminal, type “su -” (the dash is crucial) and enter
the root password when requested. Then you run all those maintenance
tasks that need being root.

–
Cheers / Saludos,

Carlos E. R.
(from 13.1 x86_64 “Bottle” at Telcontar)

gogalthorp · October 15, 2014, 5:59pm

If you come from Ubuntu you need to understand sudo works different in openSUSE. sudo does not by default give you a complete root environment. So you should use su - (note the dash) to become root. Then you will have the full root environment and paths. You can also use the full path to files to run root commands using sudo. What is different is the paths

arvidjaar · October 16, 2014, 6:56am

Huh? Now please explain how sudo differs from su in this case.

robin_listas · October 16, 2014, 12:03pm

On 2014-10-16 07:06, arvidjaar wrote:
>
> robin_listas;2669579 Wrote:
>>
>>> sudo ls -R / | grep install-shim
>>> ls: cannot open directory /run/user/1000/gvfs: Permission denied
>> Don’t use sudo, forget it.
>>
>
> Huh? Now please explain how sudo differs from su in this case.

Not in the ls -R case in particular. The OP was using sudo for
everything, and some failed as expected.

Of course that not su nor sudo will make any difference regarding the
gvfs directories. We all know that.

–
Cheers / Saludos,

Carlos E. R.
(from 13.1 x86_64 “Bottle” at Telcontar)

vishy · October 17, 2014, 7:31am

Great to know. And yes I used to use ‘sudo’ everywhere. Half of the the time if worked, half the time the time it didn’t. And I was always perplexed why?

vishy · October 17, 2014, 10:13am

root@akashubuntu-Aspire-V3-571G:/home/akashubuntu# efibootmgr -v
BootCurrent: 0002
Timeout: 0 seconds
BootOrder: 0002,0000,0004,0003,0001
Boot0000* Windows Boot Manager  HD(2,c8800,96000,580a97ae-421d-46e0-b74d-2d959c130884)File(\EFI\Microsoft\Boot\bootmgfw.efi)RC
Boot0001* HDD:  HD(2,c8800,96000,580a97ae-421d-46e0-b74d-2d959c130884)File(\EFI\ubuntu\grubx64.efi)RC
Boot0002* Windows Boot Manager  HD(2,c8800,96000,580a97ae-421d-46e0-b74d-2d959c130884)File(\EFI\opensuse\grubx64.efi)WINDOWS.........x...B.C.D.O.B.J.E.C.T.=.{.9.d.e.a.8.6.2.c.-.5.c.d.d.-.4.e.7.0.-.a.c.c.1.-.f.3.2.b.3.4.4.d.4.7.9.5.}...a................                                                                                    
Boot0003* Fedora        ACPI(a0341d0,0)PCI(1f,2)03120a00000000000000HD(2,c8800,96000,580a97ae-421d-46e0-b74d-2d959c130884)File(\EFI\fedora\shim.efi)..
Boot0004* Fedora        ACPI(a0341d0,0)PCI(1f,2)03120a00000000000000HD(2,c8800,96000,580a97ae-421d-46e0-b74d-2d959c130884)File(\EFI\fedora\shim.efi)..
Boot0005* BRCM MBA Slot 0200 v15.0.11   BIOS(80,500,00)................a........ ..E............ .............................
Boot0006* WDC WD7500BPVT-22HXZT3                BIOS(2,500,00)................-.h.......h.A.h........................................
Boot0007* HL-DT-ST DVDRAM GT70N                 BIOS(3,500,00)................-.v.......v.A.v....#...................................

Just realized. Why isn’t ubuntu shown in these results - in fact I’m posting here by using ubuntu only. Also I installed and removed kubuntu very long ago. I’m sure kubuntu is also present in EFI as I didn’t remove it.

Is it possible that while updating ubuntu/opensuse might have detected root of kubuntu is not present so delete the entry of kubunu from EFI.