Can't boot anymore: Verfication failed

English Install/Boot/Login
#1

Hello forum,
suddenly I am no longer able to boot OpenSuse. Some month ago I have installed OpenSuse 13.2 parallel to Windows 8.1 on an Acer Aspire Laptop and everything worked fine: on booting a menu appeared on the screen that let me choose between Linux and Windows. Yet today, when I turned on the Laptop I got the following message:
Verfication failed: (15) Access Denied

Confirming with OK brings up an Shim UEFI Management. I can also access a Boot Manager via Perform MOK Management with the options

  1. opensuse-secureboot (which Fails)
  2. Windows Boot Manager (which starts Windows)

It would be great if someone could tell me how to make the booting process work properly again.

#2

Disable secure-boot in your firmware.

This is a bug in patch openSUSE-2015-535. I have reported it as bug 940657.

See also the thread: https://forums.opensuse.org/showthread.php/508984-OpenSUSE-13-2-Avoid-patch-quot-openSUSE-2015-535-quot-if-you-use-secure-boot

You can either wait for a fix, or reinstall the previous version of grub2-efi (that would be “grub2-x86_64-efi 2.02~beta2-20.5.1”

#3

Many thanks for your response. I will try that out

#4

FYI, the update has been revoked it seems.

So just select the grub2 packages in YaST (they should show up in red) and choose “Update Unconditionally” to fix the problem.

#5

Disabling secure boot worked, so that I can boot again linux - so many thanks for your help! I think it would be best if I would turn on secure boot again when the issue is resolved.

#6

As mentioned already, just downgrade your grub2 packages, i.e. revert the update, and secure boot should work again.

A fixed update will hopefully be released soon.

#7

Many thanks for your excellent advice, everything works fine again. Here’s a brief summary of the steps I took.

  1. I turned off secure boot in the BIOS; this was unexpectedly complicated on my computer
  2. This allowed me boot OpenSuse again and thus to downgrade grub2
  3. In the BIOS I turned on secure boot again
  4. I am as pleased as Punch (optional)
#8

FYI, it was not really a bug in the update itself, but it contained a wrong certificate.

Apparently just a rebuild was necessary to fix it.

A new update without that problem (hopefully :wink: ) is running already, will probably be released in the next days.