Recent grub2 update breaks grub menu

Hello,

Running Opensuse Leap 42.3-64bit on a HP Pavilion laptop (model 15-aw004ng) dual boot with Windows 10, I ran into the following strange behavior and problems.

Yesterday I noticed an update of grub2 (according to Yast software management, Technical data: Version 2.02-4.1; Created Wed Dec 27 12:23:48 2017) which I installed. After shutting down later that day and booting today I did not have a GRUB boot menu where I would be able to select the system to boot into. Rather, Win10 booted direktly.

Inspired by https://forums.opensuse.org/showthread.php/494677 and https://forums.opensuse.org/showthread.php/490254 , I did the following:

  • Get the latest SuperGrub2 disk.
  • Boot from the disk (I had to enable legacy BIOS mode and change the boot order)
  • Make the system boot from harddrive into Opensuse (sorry, don’t recall the details)
  • As root, run " zypper install --force grub2 grub2-x86_64-efi " (One of the above pages also includes the grub2-efi package here, but that does not seem to be available in standard repositories.)

Result: At the next reboot the GRUB boot menu was back and I was able to choose the system to boot into. (Therefore, I disabled legacy BIOS mode and changed the boot order back.)

→ Question 1: Why did the GRUB menu break at the update? What can I do to prevent this from happening next time grub2 is updated? Is there some short, concise information on that issue?

An additional layer of complication: Because the purchasing date of the laptop was very close to the release date of Leap 42.3, I decided to install more recent kernel versions from http://download.opensuse.org/repositories/Kernel:/stable/standard/ in order to address certain driver issues. Lukily, the standard distro kernel version (kernel-default 4.4.103) stayed an option in the GRUB boot menu. It turns out that the latest version (kernel-default 4.14.10) from the Kernel repo aborts booting with the message

...] 
error: /boot/vmlinuz-4.14.10-1.ga9b9f85-default has invalid signature. 
error: you need to load the kernel first. 
...]

before it falls back to the main GRUB boot menu. This remains true even after the above described re-install of the grub2 packages and experimentally uninstalling/ re-installing the latest kernel version.

→ Question 2: Why is that so? How can it be changed so that the latest kernel versions boot correctly?

Thanks in advance for your help.

Something is weird here.

I have both grub2 and grub2-efi on all of my 42.3 systems. That includes both UEFI boxes and legacy boxes. As far as I know, grub2-efi is always installed unless you blacklisted it. And yes, it is in the standard repos.

–> Question 1: Why did the GRUB menu break at the update? What can I do to prevent this from happening next time grub2 is updated? Is there some short, concise information on that issue?

I don’t know the answer to that. It is known that HP system can be finicky about UEFI booting to anything other than Windows.

An additional layer of complication: Because the purchasing date of the laptop was very close to the release date of Leap 42.3, I decided to install more recent kernel versions from http://download.opensuse.org/repositories/Kernel:/stable/standard/ in order to address certain driver issues.

If you do that, you need to either:

  • Disable secure-boot in your firmware;
  • Find the signing key used for kernels in the stable repo, and add that to MokManager (or with “mokutil”)
  • Create your own signing key, add your key to MokManager, and sign the kernel yourself.

That’s because the kernels in the stable repo are signed with a different key.