Secureboot doesn't work after BIOS/UEFI update

I installed the newest UEFI on my MSI B350 PC MATE, after which the system boots into grub rescue (instead of into Tumbleweed on my NVME ssd) unless I disable secureboot.

I have tried resetting the secureboot to defaults but it didn’t help.

Could someone help me re-enable secureboot?

Thanks in advance.

Have you tried to reinstall the packages with name grub-efi-signed or similar?

With zypper? It doesn’t find such package.

Show

grep LOADER_TYPE /etc/sysconfig/bootloader
grep -Ev '^$|^#' /etc/default/grub
efibootmgr
user@localhost:/sys/firmware/efi/efivars> grep LOADER_TYPE /etc/sysconfig/bootloader
LOADER_TYPE="grub2-efi"
user@localhost:/sys/firmware/efi/efivars> grep -Ev '^$|^#' /etc/default/grub
GRUB_DISTRIBUTOR=
GRUB_DEFAULT=saved
GRUB_HIDDEN_TIMEOUT=0
GRUB_HIDDEN_TIMEOUT_QUIET=true
GRUB_TIMEOUT=2
GRUB_CMDLINE_LINUX_DEFAULT="splash=silent quiet security=apparmor mitigations=auto"
GRUB_CMDLINE_LINUX=""
GRUB_TERMINAL="gfxterm"
GRUB_GFXMODE="auto"
GRUB_BACKGROUND=
GRUB_THEME=/boot/grub2/themes/openSUSE/theme.txt
SUSE_BTRFS_SNAPSHOT_BOOTING="true"
GRUB_USE_LINUXEFI="true"
GRUB_DISABLE_OS_PROBER="false"
GRUB_ENABLE_CRYPTODISK="n"
GRUB_CMDLINE_XEN_DEFAULT="vga=gfx-1024x768x16"
user@localhost:/sys/firmware/efi/efivars> sudo efibootmgr
BootCurrent: 0001
Timeout: 1 seconds
BootOrder: 0001
Boot0001* opensuse	HD(2,GPT,44c493f7-69b6-4a7d-8563-be3e17a1bd5b,0x40800,0x100000)/File(\EFI\OPENSUSE\GRUBX64.EFI)0000424f

Use preformatted text when posting computer output to make it readable. Show

grep SECURE_BOOT /etc/sysconfig/bootloader

SECURE_BOOT=“yes”

I’m sorry, i’m new to this. I’'ll try to figure the formatting out.

Run

update-bootloader --reinit

and post

efibootmgr

again.

Press </> button in editor.

BootCurrent: 0001
Timeout: 1 seconds
BootOrder: 0000,0001
Boot0000* opensuse-secureboot	HD(2,GPT,44c493f7-69b6-4a7d-8563-be3e17a1bd5b,0x40800,0x100000)/File(\EFI\opensuse\shim.efi)
Boot0001* opensuse	HD(2,GPT,44c493f7-69b6-4a7d-8563-be3e17a1bd5b,0x40800,0x100000)/File(\EFI\OPENSUSE\GRUBX64.EFI)0000424f

What happens if you reboot now?

I’ll check. BRB.

EDIT: Should I enable secureboot you mean?

If secureboot is on, still GRUB. If not, normal boot as previously.

And what shows

efibootmgr

after reboot?

BootCurrent: 0001
Timeout: 1 seconds
BootOrder: 0001,0000
Boot0000* opensuse-secureboot	HD(2,GPT,44c493f7-69b6-4a7d-8563-be3e17a1bd5b,0x40800,0x100000)/File(\EFI\OPENSUSE\SHIM.EFI)
Boot0001* opensuse	HD(2,GPT,44c493f7-69b6-4a7d-8563-be3e17a1bd5b,0x40800,0x100000)/File(\EFI\OPENSUSE\GRUBX64.EFI)0000424f

I have signed some MOKs previously, like Nvidia drivers if that information is of any help.

Is it really GRUB rescue mode or just GRUB CLI? Post photo of this screen after reboot.

I managed to boot into securebooted opensuse now, it showed up in my bootable devices in bios.

It asked me for some mok stuff and now it seems I’ve lost my nvidia driver as the resolution is something like 480p and only one screen is working.

Thanks for the help thus far. I’ll check if I can manage from here :smiley:

EDIT: I’ll ask right away, is there a way to “reset all mok” or some such?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.