I upgraded an up-to-date 15.5 to Tumbleweed. Upon reboot I was presented with a SBAT violation message and the system shut down. I went into the BIOS and turned secure boot off. I have been poking at this based upon the UEFI article, but I’m not able to get secure boot turned back on as before. After the initial first boot of Tumbleweed I was presented with a blue mokutil screen, but I have no clue how I can force that to come forward again.
Restore to setup mode does not do much other than “mokutil --sb” reporting that secure boot is disable and in setup mode.
I installed the bootloader anew, as per what I read shim 15.4 is different than shim 15.7 which would be used in Leap 15.5. However that does not resolve the issue.
The openSUSE key is listed when I verify that with “mokutil --list-enrolled”.
After re-installing the bootloader I entered the BIOS again and selected “Restore Factory Keys” with the assumption it would take the SUSE key and it will be fine. However that turns me back to the SBAT violation message.
What can I try to resolve this to get secure boot to work again?
Wow! That suggested fix… Ph.D level CLI band-aid! Not in my league for sure. You would think that, after 6 months of this problem, someone would think it might be a good idea to fix it. You would think that, anyway.
I only have a 15.5 live available. The 15.5 install is overwritten with Tumbleweed. Going through the live 15.5 CD when executing “mokutil --set–bat-policy delete” that fails with “Failed to set SbatPolicy”. Is a live CD sufficient to resolve or should I install Tumbleweed freshly?