Hello, the situation is like this: my laptop came with windows 8.1 preloaded, and I managed to install debian wheezy and dual boot with this tutorial https://youtu.be/DLlOd-a2wG0 after that I installed opensuse 13.2 with grub2-efi as bootloader and secure boot deactivated, the installation was successful and in grub menu I’m able to boot on windows and opensuse, however when I try to boot debian i get the next message:
error: kernel too old.
error: you need to load the kernel first.
press any key to continue...
and well I don’t really know what I could do to boot on debian again, any suggestion would be helpful.
this is my fdisk -l where sda7 is the partition for debian and sda9 for opensuse, both ext4
Device Start End Sectors Size Type
/dev/sda1 2048 2099199 2097152 1G Windows recovery environment
/dev/sda2 2099200 2303999 204800 100M EFI System
/dev/sda3 2304000 2566143 262144 128M Microsoft reserved
/dev/sda4 2566144 820193416 817627273 389.9G Microsoft basic data
/dev/sda5 959821824 976773119 16951296 8.1G Windows recovery environment
/dev/sda6 862138368 862140415 2048 1M BIOS boot
/dev/sda7 862140416 955764735 93624320 44.7G Microsoft basic data
/dev/sda8 955764736 959821823 4057088 2G Linux swap
/dev/sda9 820195328 862138367 41943040 20G Microsoft basic data
You will need to turn off secure-boot in order to boot Debian. Or perhaps generate your own signing key, add that to MokManager and sign the Debian kernel yourself.
Possibly, your kernel lacks an efi-stub. in which case turning off secure-boot is the only thing that will work.
yes secure boot is deactivated in BIOS and also on yast, I research a little and it seems like signing it myself is the only solution, however my experience with Linux is like 5% so I don’t really know how to do that, could you give me a link to some videos or webpages where I can see the process to follow??
There’s a section “Booting a custom kernel” which describes how to sign your kernel. However I wonder about that message “kernel too old”. It might mean that the kernel was built without options needed for signing.
Note that I have not tried to sign a kernel myself. When I have run into the same problem, I have just turned off secure-boot in the BIOS.
Did you install Debian while secure boot was on?? if so maybe it expects secure boot thus fails though it should not mater but I don’t know how Debian handles secure boot???.
Also how are you selecting the OS vi the grub menu or the EFI BIOS boot menu?
I’ll take a look to that site, thanks!
yes it’s kind of weird, might be a problem that when I installed opensuse I didn’t turned off secure boot from yast (it was already inactive on BIOS) until I booted suse by the first time??
it was off, also Debian installation was done with BIOS in legacy/CSM mode.
without opensuse installed the selection between Debian and windows was with grub2, when I installed opensuse I installed grub2-efi on the EFI partition and that is the menu I get when I turn on the PC, if I change from grub2-efi to grub2 on yast could it be helpful?? I had some problems using grub with Debian since os-prob didn’t recognize windows and every time I updated grub I have to manually type the windows entry on grub
it is 64 but wow! thanks man! you saved my life, I’m writing this from Debian right now I just changed that exactly and it booted without problems :good:
seriously thanks a lot! that saved me a lot of troubles
That change to “grub.cfg” will disappear at some time in the future. I put my changes in “/etc/grub.d/40_custom” so that they will persist when “grub.cfg” is regenerated. What I actually use is a “configfile” command that runs the “grub.cfg” generated by Mint.
If you intend leaving secure-boot disabled in the BIOS, then there’s another alternative. Edit “/etc/default/grub” and look for the line:
GRUB_USE_LINUXEFI=true
Change that “true” to “false”. Then your grub.cfg should be generated with “linux” rather than “linuxefi” commands in future.
yeah when I had to manually change that in grub.cfg I was expecting the change was not gonna be perpetual, like the problem I had before with Debian, but since I don’t have experience with scripts I suppose the 2nd option is my best choice, however changing that parameter to “false” wouldn’t create some conflicts when booting opensuse or windows??, since, I suppose, they boot in full uefi, so to speak, not like Debian
No, it won’t be a problem for booting Windows. It will only be a problem for booting opensuse if you turn “secure-boot” on again in the BIOS. Otherwise, it will all be fine. You will still be booting with UEFI rather than CSM.
Technically, grub2-efi will load the kernel and call it at its standard entry point instead of at its efi entry point, and signature checking will be turned off. But that still works. The kernel itself does not depend on either CSM or UEFI. The preliminary part of booting that does depend on CSM or UEFI is all handled by grub. Standard grub2 uses CSM, while grub2-efi uses UEFI calls to the firmware.
well since I installed Debian I didn’t turn on secure boot again so I think it will remain like that, so thank you really much I have learned a lot from this experience and it has been pretty informative for me
A final note: I have not had any problem booting with “linuxefi” and “initrdefi”, even for kernels where I cannot check the signature – as long as I leave secure-boot turned off. So I think your experience shows that Debian compiled its kernels without whatever is needed for EFI booting. You probably would not have been able to sign their kernel with your own key.