Yast’s bootloader has three checkboxes on the boot code options tab:
Secureboot support,
Trusted boot support, and
Update NVRAM entry
I currently have the three checked in a dual boot Leap 16/Windows 10 box (trusted boot was not checked by default).
As I’ll eventually have to migrate from W10 to the very privacy-conscious W11 (not!), I’m wondering if these settings have any effect on Windows, like preventing it to run, possibly because of the NVRAM change. I think not, but…
Of course, secureboot and TPM 2.0 are enabled and active in the UEFI BIOS.
Thanks!
No, those settings do not affect Windows.
Hmm, perhaps a small effect. When running Windows 8.1 on my previous desktop, I did uncheck the box for “Update NVRAM entry”.
Some Windows updates fail if Windows is not the first in boot order. And some openSUSE updates reinstall grub and change the boot order. Unchecking that entry prevents the boot order from changing with grub2 updates.
Thanks, nrickert.
I’ve two desktops here, both with different Gigabyte MoBos. One will always set windows bootloader as first boot option after an update, sometimes just starting the update app may do it, even if I don’t update. The other desktop never changes the boot order. Both are set to Update NVRAM in Leap, with I think is irrelevant in this case, as to boot Leap I have first to change the boot order in UEFI BIOS to get the grub menu. I suppose it’s a BIOS firmware behavior that I can’t change.
Yes, it is the firmware.
I have a Lenovo box where the boot order does not change. Or, to be more precise, it does change (as shown by the command “efibootmgr”) but the firmware resets it during boot.