Hi all,
I’ve read all matches for searching “UEFI secureboot”. Some of them stone age old 
All of them similar to my issue “but” …
Old barebone, Leap 15.6 (upgraded from 42.x in a row, even the SSD was cloned from smaller ones. in history…). From beginning always booting via UEFI.
Got a new barebone, AMI BIOS.
Put my existing SSD into it.
Detected correctly, boot option found by BIOS is opensuse-secureboot....
1st try:
- BIOS set to “secureboot=Y”, didn’t boot, popup error from BIOS:
Invalid signature detected. Check Secure Boot Policy in Setup.....
2nd try:
BIOS set to “secureboot=N”, didn’t boot, absolutely NO ERROR, no grub-rescue or whatever, nothing.
Flashed Leap 15.6 LIVE on an USB strick.
Booted with it, “rescue system” style.
Added via efibootmgr an additional NON-secure boot option:
sudo efibootmgr --create \
--disk /dev/sda --part 1 \
--label "opensuse-nonsecure" \
--loader '\EFI\opensuse\grubx64.efi'
Which sudo efibootmgr -v lists correctly.
From then on the new AMI Bios started to “fight” against me
Took me a while, but summarized:
- As long, as
\EFI\opensuse\shim.efiEXISTS on SSD, BIOS doesn’t give a damn on ANY efibootmanager created BootOptions! - If deleted, BIOS recreates the
opensuse-securebootentry, refering to
shim.efi! - NO chance to even select the manually added
opensuse-nonsecureoption, not even shown in BIOS! - Means, as described above, no boot possible.
Then, now knowing about the “summarized” findings, I’ve “brutally” moved shim.efi to shim.SAV, reapplied the create "opensuse-nonsecure" described above, set BIOS to “secureboot=N”, et voila, I can boot, unsecure.
As said searching here in forum, also asking “Aunt chatGPT”, AFAI understood in general it SHOULD work, as OpenSuse contains correctly signed kernel etc., so NO IDEA how to enable secureboot (again). Which Invalid signatures could be ment, how do I check them?
Any hints are highly appreciated!
Thanks, Michael
)