Triple Booting - Problems after Installing Ubuntu - Secure Boot

Earlier I was having LinuxMint along with Windows 8.1 and openSUSE 13.2. Now I’ve replaced it with Ubuntu. Rest others are intact and can boot into them.

Problem with openSUSE

  1. I want to use openSUSE as default bootloader. In yast > bootloader, while installing bootloader, it quits at 66% and still Ubuntu is default bootloader.
    Is there any command line equivalnet. Currently I’ve enabled secureboot.

  2. While booting openSUSE at the plymouth boot screen a message is displayed - loading .swap 2s/1m30s (I don’t remember the full text). And it waits till 1m30s. Before installing Ubuntu this problem was not there. This is too slow. I can’t wait that much

cat /etc/fstab                                                                                                                                                                        
LABEL=swap              swap                            swap       defaults                                 0 0                                                                             
LABEL=opensuse          /                               ext4       acl,user_xattr                           1 1                                                                             
LABEL=ESP               /boot/efi                       vfat       umask=0002,utf8=true                   0 0                                                                             
LABEL=DATA              /run/media/akash/DATA           ntfs       defaults, utf8=true, nls=utf8        0 0 

So this problem is not related to swap.

Full text

A start job is running for dev-disk-by\x2dlabel-swap.device (1min 25s / 1min 30s)

No I think so Ubuntu did something with swap

akash:~ # blkid
/dev/sda1: LABEL="Recovery" UUID="B44CB6DA4CB69718" TYPE="ntfs" PARTLABEL="Basic data partition" PARTUUID="c1215862-1fd7-4f32-8093-1e33a995f39b" 
/dev/sda2: LABEL="ESP" UUID="04B9-55B9" TYPE="vfat" PARTLABEL="EFI system partition" PARTUUID="580a97ae-421d-46e0-b74d-2d959c130884" 
/dev/sda4: LABEL="Acer" UUID="B6449E36449DF8F7" TYPE="ntfs" PARTLABEL="Basic data partition" PARTUUID="011d46ab-ffe5-4a5b-b184-c8edeb86218b" 
/dev/sda5: UUID="30C830EFC830B4C6" TYPE="ntfs" PARTUUID="9e6cd6e2-6b2f-4224-abae-d2342fca2eba" 
/dev/sda6: LABEL="DATA" UUID="6AB6F3DAB6F3A4AB" TYPE="ntfs" PARTLABEL="Basic data partition" PARTUUID="6fd03383-c03e-42b4-bf33-801a58309ff6" 
/dev/sda7: LABEL="Push Button Reset" UUID="FE50BF9150BF4EE1" TYPE="ntfs" PARTLABEL="Basic data partition" PARTUUID="e400a3c2-73cb-4a98-9e8a-1c6f15125426"                                       
/dev/sda8: UUID="0c159219-6a81-422b-bbbb-7ed89e2a2071" TYPE="swap" PARTUUID="0538eb2d-accb-4781-b10e-3dbe0015d028"                                                                              
/dev/sda10: UUID="d320e7e0-3dd8-42f0-b529-38017a456a4b" TYPE="ext4" PARTUUID="567a710c-db51-4d70-8cb9-eb9b1ce4b4b3"                                                                             
/dev/sda11: LABEL="opensuse" UUID="a651e047-17eb-4340-b814-3e07be571f4d" TYPE="ext4" PARTLABEL="primary" PARTUUID="4c1b78af-f62d-4094-8ef7-c966181f4c8d"                                        
/dev/sda3: PARTLABEL="Microsoft reserved partition" PARTUUID="26cbe2d0-dc56-4805-aade-cbf6d7688f9b"                                                                                             
/dev/sda9: PARTLABEL="primary" PARTUUID="9e47ce43-5690-4734-b5b3-c1ee502184b6"

So, I think so I need to change fstab and would have to mount swap by UUID

Problem 2 solved,

akash:~ # swapon -v
/dev/sda8 partition 7.6G   0B   -1

Problem 1 remaining. How to install bootloader as yast doesn’t seem to work

EFI boot???

With EFI boot the BIOS determines the default boot OS

MBR put the generic MBR install grub code to the boot partition and set the boot flag

yes it’s EFI boot with secureboot enabled

Before installing ubuntu I could select openSUSE in the BIOS settings. Now Ubuntu has replaced openSUSE in the BIOS boot order and option for openSUSE is not their. That is why I’m trying to reinstall the bootloader. And yast bootloader doesn’t seem to work properly.

Didn’t get you. How can I do that?

Yours is NOT MBR so forget all thing MBR

So in one of the Linux look at /boot/efi see if there are directories for all 3 OS

Each OS should have a directory with several files in it

Note that things can get complicated if you did mix in a MBR boot with the EFI boots

It always best to use the same boot mode for all OS.

Also in Yast boot you should see that the installed grub is grub2-efi if not then you may have used a MBR install instead of an EFI install and strengthening that out full is complicated

ls /boot/efi/EFI/
Boot  Microsoft  OEM  opensuse  ubuntu

All the os were installed in efi mode. You confused me by talking about MBR. See I’ve spent less time on linux as you might have. So, if you or anyone else helps me out, I won’t judge, I would readily believe.

Ok in Yast - Bootloader: Bootloader - Grub2-EFI, Secure Boot Enable, Protective MBR Flag - Unchanged
I clicked ok. After 66% the window suddenly closed

Now I want to install openSUSE bootloader by command

Again, I repeat I didn’t do anything with MBR

Ok fine no MBR but there are plenty that come here that have messed things up mixing boot modes or maybe just deciding to do a full MBR install and not telling us.

You look ok

To reinstall from command line

sudo grub2-mkconfig -o /boot/grub2/grub.cfgsudo grub2-install /dev/sdX # Example: sudo grub-install /dev/sda

Will it also take care of secure-boot

Don’t know don’t use or want secure boot. It has marginal at best help to secure the computer.

Know you can set it in Yast but don’t know the command line

man grub2-install

might tell you

That’s probably wrong for EFI.

You probably only need to use “efibootmgr” for this. Everything else is likely in place. You will need the “-c” option to “efibootmgr”. The man pages are fairly good, and google will turn up some examples of using it this way.

As I recall, you need to specify the partition (for your “/boot/efi”) and the disk drive. And you need to give the path to the command (probably ‘\EFI\opensuse\shim.efi’) and the boot name (usually “opensuse-secureboot”.

This adds the NVRAM entry that the firmware uses during booting.

I would think you would need the option -o for efibootmgr.
Here’s the portion of the man page.

      -o | --bootorder XXXX,YYYY,ZZZZ
              Explicitly set BootOrder (hex)

Here is thre result from efibootmgr for my system. I can set up my system to select any of the drives as the default boot drive by using the -o option.

Note that they do not necessarily show the drive or partition number directly although mine are mapped as number → sdX. In other words, Bootorder 0000 corresponds to sda1, 00001 is sdb and so on. If there are more than one bootable systems on a single drive, the partitions will be shown in the string. You’ll need to know where on each drive you installed a system unless, like mine, the system is labeled as such.

bart@UNIVAC:~> su -
UNIVAC:~ # efibootmgr
BootCurrent: 0001
Timeout: 0 seconds
BootOrder: 0001,0002,0005,0000,0006,0003,0004
Boot0000* Windows Boot Manager
Boot0001* opensuse
Boot0002* Fedora
Boot0003* CD/DVD Drive 
Boot0004* Hard Drive 
Boot0005* UEFI OS
Boot0006* UEFI OS

Yes, he might be able to use that. But you can only put the opensuse entry first if it already exists. I got the impression that it doesn’t even exist. The files for it seem to be there in the EFI partition, but the NVRAM entry looks as if it is missing.

Anyone remember this thread.
You might as I did a blunder then.
Then also I wanted to install bootloader with secureboot enabled. And I was told to do

It’s shim-install not install-shim actually. And it gave error then.
Out of curiosity this time I wanted to used the same command. Given man shim-install didn’t give any result. I gave a try.

I did

su -

And success. openSUSE bootloader is now the default bootloader.

And now a question. Why did the same command fail in previously mentioned thread? What does shim-install actually do?

There seemed to be limitations on your BIOS, for the previous thread.

Note that you can get a small amount of help with:

shim-install --help

As for what it does: It copies “shim.efi”, “MokManager.efi”, “grub.efi” to “/boot/efi/EFI/opensuse”. It also generates a suitable “grub.cfg” (and possibly “boot.csv”) in that same directory. Then it use “efibootmgr” to create an NVRAM entry for your firmware to use. I think it also makes changes to “/etc/default/grub”. At some point, it calls “grub2-mkconfig” to generate “/boot/grub2/grub.cfg” which is your main boot menu.

I had one more major breakthrough.
Currently I’m quadrabooting with Windows, openSUSE, Ubuntu and Fedora.

I’ve also enabled secure-boot. And only windows and openSUSE can boot with openSUSE bootloader (with secure boot on)
(That, is what I like about openSUSE bootloader. If the secure boot is on, no other bootloader (I’ve tested Ubuntu and Fedora) can load windows by default.)

So, I had to add Ubuntu and Fedora Keys to mokmanager.
I downloaded the certificates from for ubuntu and for fedora

And added it to mokmanager by mokutil

mokutil --import /path/to/key

Now secureboot is not a problem :wink:

No I’m using the same machine now.