Leap 16 slow to open Full Disk Encryption TPM 2.0

English Install/Boot/Login
15

@karlggest I switched to systemd-boot :wink:

https://en.opensuse.org/Systemd-boot

zypper in systemd-boot

cat /etc/sysconfig/bootloader | grep LOADER_TYPE
LOADER_TYPE="grub2-efi"

update-bootloader --loader systemd-boot
update-bootloader 

bootctl --make-machine-id-directory=yes install

Created "/boot/efi/EFI/systemd".
Created "/boot/efi/loader".
Created "/boot/efi/loader/keys".
Created "/boot/efi/loader/entries".
Created "/boot/efi/EFI/Linux".
Copied "/usr/lib/systemd/boot/efi/systemd-bootx64.efi" to "/boot/efi/EFI/systemd/systemd-bootx64.efi".
Copied "/usr/lib/systemd/boot/efi/systemd-bootx64.efi" to "/boot/efi/EFI/BOOT/BOOTX64.EFI".
Created "/boot/efi/4970dd0ab4444d54af87cdc19c53ba11".
⚠️ Mount point '/boot/efi' which backs the random seed file is world accessible, which is a security hole! ⚠️
⚠️ Random seed file '/boot/efi/loader/.#bootctlrandom-seed65007f85732c04cd' is world accessible, which is a security hole! ⚠️
Random seed file /boot/efi/loader/random-seed successfully written (32 bytes).
Created EFI boot entry "Linux Boot Manager".

tree /boot/efi/
/boot/efi/
├── 4970dd0ab4444d54af87cdc19c53ba11
├── EFI
│   ├── Dell
│   │   └── logs
│   │       ├── diags_current.xml
│   │       └── diags_previous.xml
│   ├── Linux
│   ├── boot
│   │   ├── MokManager.efi
│   │   ├── bootx64.efi
│   │   └── fallback.efi
│   ├── opensuse
│   │   ├── MokManager.efi
│   │   ├── boot.csv
│   │   ├── grub.cfg
│   │   ├── grub.efi
│   │   ├── grubx64.efi
│   │   └── shim.efi
│   └── systemd
│       └── systemd-bootx64.efi
└── loader
    ├── entries
    ├── entries.srel
    ├── keys
    ├── loader.conf
    └── random-seed

12 directories, 15 files

efibootmgr
BootCurrent: 0000
Timeout: 1 seconds
BootOrder: 0001,0000,0002
Boot0000* opensuse-secureboot	HD(1,GPT,d8bcabbe-e3a0-4eef-aae4-e9ebf2dc9caf,0x800,0x800000)/File(\EFI\opensuse\shim.efi)
Boot0001* Linux Boot Manager	HD(1,GPT,d8bcabbe-e3a0-4eef-aae4-e9ebf2dc9caf,0x800,0x800000)/File(\EFI\systemd\systemd-bootx64.efi)
Boot0002* UEFI: SCSI Hard Drive	HD(1,GPT,d8bcabbe-e3a0-4eef-aae4-e9ebf2dc9caf,0x800,0x800000)/File(EFI\boot\bootx64.efi)0000424f

mv /boot/efi/EFI/systemd/systemd-bootx64.efi /boot/efi/EFI/systemd/grub.efi
cp /usr/share/efi/x86_64/shim.efi /boot/efi/EFI/systemd/shim.efi
cp /usr/share/efi/x86_64/MokManager.efi /boot/efi/EFI/systemd/MokManager.efi

vi /etc/sysconfig/bootloader
update-bootloader
cat /etc/sysconfig/bootloader | grep LOADER_TYPE
LOADER_TYPE=""

efibootmgr --delete --label opensuse-secureboot
BootCurrent: 0000
Timeout: 1 seconds
BootOrder: 0001,0002
Boot0001* Linux Boot Manager	HD(1,GPT,d8bcabbe-e3a0-4eef-aae4-e9ebf2dc9caf,0x800,0x800000)/File(\EFI\systemd\systemd-bootx64.efi)
Boot0002* UEFI: SCSI Hard Drive	HD(1,GPT,d8bcabbe-e3a0-4eef-aae4-e9ebf2dc9caf,0x800,0x800000)/File(EFI\boot\bootx64.efi)0000424f

efibootmgr --delete --label "Linux Boot Manager"
BootCurrent: 0000
Timeout: 1 seconds
BootOrder: 0002
Boot0002* UEFI: SCSI Hard Drive	HD(1,GPT,d8bcabbe-e3a0-4eef-aae4-e9ebf2dc9caf,0x800,0x800000)/File(EFI\boot\bootx64.efi)0000424f

rm -r /boot/efi/EFI/opensuse

sdbootutil install
sdbootutil -v add-all-kernels
Installing all kernels
Found kernel 6.12.0-160000.5-default = 922982caac3cdd86efcdbea652fc602ffa0de26b
Installing kernel 6.12.0-160000.5-default
Generating new initrd
Required free space in ESP: 82030 KB
Installed /boot/efi/4970dd0ab4444d54af87cdc19c53ba11/6.12.0-160000.5-default/linux-922982caac3cdd86efcdbea652fc602ffa0de26b
Installed /boot/efi/4970dd0ab4444d54af87cdc19c53ba11/6.12.0-160000.5-default/initrd-0e736204a41de9ffe6ac9d56a60493b592d18594
Installed /boot/efi/loader/entries/4970dd0ab4444d54af87cdc19c53ba11-6.12.0-160000.5-default-1.conf

efibootmgr 
BootCurrent: 0000
Timeout: 1 seconds
BootOrder: 0000,0002
Boot0000* openSUSE Boot Manager (systemd-boot)	HD(1,GPT,d8bcabbe-e3a0-4eef-aae4-e9ebf2dc9caf,0x800,0x800000)/File(\EFI\systemd\shim.efi)
Boot0002* UEFI: SCSI Hard Drive	HD(1,GPT,d8bcabbe-e3a0-4eef-aae4-e9ebf2dc9caf,0x800,0x800000)/File(EFI\boot\bootx64.efi)0000424f

bootctl 
System:
      Firmware: UEFI 2.70 (American Megatrends 5.15)
 Firmware Arch: x64
   Secure Boot: enabled (user)
  TPM2 Support: yes
  Measured UKI: no
  Boot into FW: supported

Current Boot Loader:
      Product: systemd-boot 257.7+suse.19.ga0dfd5de4c
     Features: ✓ Boot counting
               ✓ Menu timeout control
               ✓ One-shot menu timeout control
               ✓ Default entry control
               ✓ One-shot entry control
               ✓ Support for XBOOTLDR partition
               ✓ Support for passing random seed to OS
               ✓ Load drop-in drivers
               ✓ Support Type #1 sort-key field
               ✓ Support @saved pseudo-entry
               ✓ Support Type #1 devicetree field
               ✓ Enroll SecureBoot keys
               ✓ Retain SHIM protocols
               ✓ Menu can be disabled
               ✓ Multi-Profile UKIs are supported
               ✓ Boot loader set partition information
    Partition: /dev/disk/by-partuuid/d8bcabbe-e3a0-4eef-aae4-e9ebf2dc9caf
       Loader: └─/EFI/systemd/grub.efi
Current Entry: 4970dd0ab4444d54af87cdc19c53ba11-6.12.0-160000.5-default-1.conf
Default Entry: opensuse-tumbleweed-6.16.8-1-default-1.conf <<=maybe a leftover from the previous install?

Random Seed:
 System Token: set
       Exists: yes

Available Boot Loaders on ESP:
          ESP: /boot/efi (/dev/disk/by-partuuid/d8bcabbe-e3a0-4eef-aae4-e9ebf2dc9caf)
         File: ├─/EFI/systemd/grub.efi (systemd-boot 257.7+suse.19.ga0dfd5de4c)
               ├─/EFI/systemd/shim.efi
               ├─/EFI/systemd/MokManager.efi
               ├─/EFI/BOOT/BOOTX64.EFI
               ├─/EFI/BOOT/fallback.efi
               └─/EFI/BOOT/MokManager.efi

Boot Loaders Listed in EFI Variables:
        Title: openSUSE Boot Manager (systemd-boot)
           ID: 0x0000
       Status: active, boot-order
    Partition: /dev/disk/by-partuuid/d8bcabbe-e3a0-4eef-aae4-e9ebf2dc9caf
         File: └─/EFI/systemd/shim.efi

        Title: UEFI: SCSI Hard Drive
           ID: 0x0002
       Status: active, boot-order
    Partition: /dev/disk/by-partuuid/d8bcabbe-e3a0-4eef-aae4-e9ebf2dc9caf
         File: └─EFI/boot/bootx64.efi

Boot Loader Entries:
        $BOOT: /boot/efi (/dev/disk/by-partuuid/d8bcabbe-e3a0-4eef-aae4-e9ebf2dc9caf)
        token: 4970dd0ab4444d54af87cdc19c53ba11

Default Boot Loader Entry:
         type: Boot Loader Specification Type #1 (.conf)
        title: openSUSE Leap 16.0
           id: 4970dd0ab4444d54af87cdc19c53ba11-6.12.0-160000.5-default-1.conf
       source: /boot/efi//loader/entries/4970dd0ab4444d54af87cdc19c53ba11-6.12.0-160000.5-default-1.conf (on the EFI System Partition)
     sort-key: opensuse-leap
      version: 1@6.12.0-160000.5-default
   machine-id: 4970dd0ab4444d54af87cdc19c53ba11
        linux: /boot/efi//4970dd0ab4444d54af87cdc19c53ba11/6.12.0-160000.5-default/linux-922982caac3cdd86efcdbea652fc602ffa0de26b
       initrd: /boot/efi//4970dd0ab4444d54af87cdc19c53ba11/6.12.0-160000.5-default/initrd-0e736204a41de9ffe6ac9d56a60493b592d18594
      options: root=UUID=1c245532-54ec-4e68-9474-f1056924c174 nomodeset mitigations=auto quiet security=selinux selinux=1 intel_iommu=on rd.driver.blacklist=nouveau roo>
4 Likes