suddenly I am no longer able to boot OpenSuse. Some month ago I have installed OpenSuse 13.2 parallel to Windows 8.1 on an Acer Aspire Laptop and everything worked fine: on booting a menu appeared on the screen that let me choose between Linux and Windows. Yet today, when I turned on the Laptop I got the following message:
Verfication failed: (15) Access Denied
Confirming with OK brings up an Shim UEFI Management. I can also access a Boot Manager via Perform MOK Management with the options
- opensuse-secureboot (which Fails)
- Windows Boot Manager (which starts Windows)
It would be great if someone could tell me how to make the booting process work properly again.
Disable secure-boot in your firmware.
This is a bug in patch openSUSE-2015-535. I have reported it as bug 940657.
See also the thread: https://forums.opensuse.org/showthread.php/508984-OpenSUSE-13-2-Avoid-patch-quot-openSUSE-2015-535-quot-if-you-use-secure-boot
You can either wait for a fix, or reinstall the previous version of grub2-efi (that would be “grub2-x86_64-efi 2.02~beta2-20.5.1”
Many thanks for your response. I will try that out
FYI, the update has been revoked it seems.
So just select the grub2 packages in YaST (they should show up in red) and choose “Update Unconditionally” to fix the problem.
Disabling secure boot worked, so that I can boot again linux - so many thanks for your help! I think it would be best if I would turn on secure boot again when the issue is resolved.
As mentioned already, just downgrade your grub2 packages, i.e. revert the update, and secure boot should work again.
A fixed update will hopefully be released soon.
Many thanks for your excellent advice, everything works fine again. Here’s a brief summary of the steps I took.
- I turned off secure boot in the BIOS; this was unexpectedly complicated on my computer
- This allowed me boot OpenSuse again and thus to downgrade grub2
- In the BIOS I turned on secure boot again
- I am as pleased as Punch (optional)
FYI, it was not really a bug in the update itself, but it contained a wrong certificate.
Apparently just a rebuild was necessary to fix it.
A new update without that problem (hopefully ) is running already, will probably be released in the next days.