i have noticed for the last week or so that the obs teams of developers are having massive problems getting the newest stable kernel released as part of the release cycle. can i ask, what the problem could be??
also in this forum,is there a way you can include a group for reaching the developers??
Don’t look around much, do ya. https://forums.opensuse.org/forumdisplay.php/797-Development
They seem to be one week out of schedule, same for Focal Fossa or KDE 5.17.4. The’re not going to tell if they face problems. To help them, you still can get it manually (stable or mainline).
# zypper ar -f http://download.opensuse.org/repositories/Kernel:/stable/standard/ kernel-repo
# zypper dist-upgrade -r kernel-repo
Massive problems?
ls /lib/modules
5.5.0-rc1-1.g6af0b1c-default 5.5.0-rc1-2.gb783fd1-default
Apart the temporary crash issue, TW has been always stable here, not to say rock solid.
They made modifications in MoK over the last month, the menu is not the same anymore. Delete MOK is showning now and it was never the case before. Continue boot or wait the 10 seconds delay works now, but it was no the case back in November. The Kernel would not compile with secure boot enabled. This is gone now.
This is what we have in our records for MoK rides again in November. Normal behaviors:
Secure boot Keys
Before or stock 20191123-24>5.3.11-x + 5.3.12-x
file:///etc/uefi/certs/188EA6FA.crt
file:///etc/uefi/certs/4659838C.crt
During installation
SKIP: /etc/uefi/certs/1AA60533.crt is already enrolled
After or mainline 20191126>5.4.0-2
file:///etc/uefi/certs/1AA60533.crt
file:///etc/uefi/certs/4659838C.crt
More explanations on secure boot issues during the 5.4 cycle.
It is not rare that we do a fresh install of TW and keep validation disabled by distraction (Booting in insecure mode). With sudo mokutil --disable-validation (Ubuntu way), TW should not boot in MoK, but it does. Debian and SUSE don’t have the same pattern. The bug was fixed on the arrival of the last seventh release candidate: 5.4-rc7.2-x.
If enroll key or continue boot works, then we re-enable validation. It was not case many times during the Kernel 5.4 cycle. We -–reset MoK a few times in the Mint installer because of changes that were made in the MoK menu. The biggest one is that <<enroll key>> (answer Yes) was replaced by <<delete MOK>> in the blue menu. We did not try this option yet, but who deletes MoK? Which key gets deleted, the stock one or the new one?
Here’s the original command lines from above:
Secure boot Keys
Before or stock 20191123-24>5.3.11-x + 5.3.12-x
file:///etc/uefi/certs/188EA6FA.crt
file:///etc/uefi/certs/4659838C.crt
During installation
SKIP: /etc/uefi/certs/1AA60533.crt is already enrolled
After or mainline 20191126>5.4.0-2
file:///etc/uefi/certs/1AA60533.crt
file:///etc/uefi/certs/4659838C.crt
**Booting in insecure mode**
mokutil --sb-state
SecureBoot enabled
SecureBoot validation is disabled in shim
1=enabled># od -An -t u1 /sys/firmware/efi/vars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c/data
20191211 ISO: KDE 5.17.4
Delete MOK option in the MoK menu appears to be the solution. Our laptop does not boot in Mok anymore. A+
Stock Kernel 20191211 5.3.12.x
188EA6FA.crt
4659838C.crt
Stable Kernel 20191212:5.4.2-4.ge830a48-default
SKIP: /etc/uefi/certs/1AA60533.crt is already enrolled
1AA60533.crt
4659838C.crt
*The Kernel booted in MoK: Delete MOK was selected*
Mainline Kernel 20191211: 5.5.0-rc1-2.gb783fd1-default
SKIP: /etc/uefi/certs/1AA60533.crt is already enrolled
1AA60533.crt
4659838C.crt
*Did not boot in MoK*
We just made 3 fresh installs back to back. The first one fixes the secure boot issue. The last, reveals the System Settings crash issue.
Delete MOK does not affect the new Kernel and seems to make some cleanup. View key gives a long list of keys that will be removed. The machine boots normally after.
Furthermore, on the second and third fresh install, the machine did not boot in MoK at all. The bug appears to be from Ubuntu’s:
**Booting in insecure mode versus EFI Stub: UEFI secure boot enabled. **
We did have the crash issue on the third one (twice), because we kept System Settings in default view. The bug is not present in sidebar view (Kubuntu default) and comes from Icon view.
The way we like it (20200202):
ls /lib/modules
5.5.0-rc1-2.gb783fd1-default
Yesterday there was a MS UEFI firmware update for secure boot: 20191212.
All the best and thanks to the Kernel team for their efforts.