UEFI secureboot: System BootOrder not found. Initializing defaults.

Hej Folks

Following Error on HP Elitebook 8560w with UEFI boot:

System BootOrder not found. Initializing defaults.
Creating boot entry "BootXXXX" with label "opensuse-secureboot" for the file "\EFI\opensuse\shim.efi"
Reset System

What i did:

1. Manually booting via selecting “shim.efi” in HP bootmenu

2. listing boot entries via:

efibootmgr -v
BootNext: 0000
BootCurrent: 0000
BootOrder: 0000

No boot entires are present, this explains Error Message

3. creating boot entries and set boot order and list them afterwards via:

efibootmgr -c -L "opensuse-secureboot" -l '\EFI\opensuse\shim.efi'
efibootmgr -c -L "opensuse" -l '\EFI\opensuse\grubx64.efi'
efibootmgr -o 0000,0001

efibootmgr -v
BootNext: 0000
BootCurrent: 0000
BootOrder: 0000,0001
Boot0000* opensuse-secureboot   HD(1,GPT,9d96a519-6ad4-4cbb-9ce0-b92ed0148b94,0x800,0x100000)/File(\EFI\opensuse\shim.efi)
Boot0001* opensuse      HD(1,GPT,9d96a519-6ad4-4cbb-9ce0-b92ed0148b94,0x800,0x100000)/File(\EFI\opensuse\grubx64.efi)

4. Reboot
   Error Message is still present so booting via manually selecting “shim.efi”
   listing boot entries via:

efibootmgr -v
BootNext: 0000
BootCurrent: 0000
BootOrder: 0000

Conclusion:
Boot order is not written permanently !?!?

How do i save it permanently?

Thx in advance

Links:
https://forum.ubuntuusers.de/topic/uefi-eintrag-wird-nicht-gespeichert/

https://en.opensuse.org/openSUSE:UEFI

That seems to be a problem with your UEFI firmware (or BIOS). Perhaps you have one of those systems that only allows Windows for UEFI booting.

Maybe check BIOS settings to see if there is a way to allow custom settings.

Hi
Is there a /boot/efi/EFI/Boot directory, if so, copy over shim.efi and call it bootx64.efi. Try labelling the efi entry Windows Boot Manager, the other one is to create the MS structure and copy the shim.efi over and call it bootmgr.efi (/boot/efi/EFI/Microsoft/Boot/) and create an entry etc.

If you do that, you also need to copy over “grub.efi” and “grub.cfg”. That means copying from directory “/boot/efi/EFI/opensuse”. And yes, that should allow the system to boot without any named entry.

Try to update BIOS. Choose OS = Windows to get latest updates.
Old HP laptops have UEFI boot marked as “Experimental”.

You may encounter this specific bug:
Microsoft is using FAT32 for ESP. This is standardized by UEFI Forum.
But openSUSE Leap 15.2 is using FAT16 for ESP by default for uncompatibility reasons.
Problem was solved in TW and Leap 15.3.
Check partition for /boot/efi to clear it up.

You may use legacy BIOS boot or use UEFI boot helper such as rEFInd.

Thanks for your solutions

Tried "copy-"solution “shim.efi” to “bootx64.efi” -> Entry boots opensuse but error still consists

/boot/efi/EFI/boot # ls -la
drwxr-xr-x 2 root root    4096 Feb 19 17:18 .
drwxr-xr-x 4 root root    4096 Feb 19 17:12 ..
-rwxr-xr-x 1 root root 1263312 Feb 14 15:21 MokManager.efi
-rwxr-xr-x 1 root root 1336112 Feb 14 15:21 bootx64.efi
-rwxr-xr-x 1 root root 1336112 Feb 14 15:21 bootx64.org.efi
-rwxr-xr-x 1 root root 1209656 Feb 14 15:21 fallback.efi
-rwxr-xr-x 1 root root     120 Feb 14 15:21 grub.cfg
-rwxr-xr-x 1 root root 1197936 Feb 14 15:21 grub.efi
-rwxr-xr-x 1 root root  139264 Feb 14 15:21 grubx64.efi

efibootmgr -c -L "Windows Boot Manager" -l '\EFI\boot\bootx64.efi'
efibootmgr -c -L "opensuse-secureboot" -l '\EFI\opensuse\shim.efi'
efibootmgr -o 0000,0002,0001
efibootmgr -n 0000

efibootmgr -v
BootNext: 0000
BootCurrent: 0000
Timeout: 0 seconds
BootOrder: 0000,0002,0001
Boot0000* Windows Boot Manager  HD(1,GPT,9d96a519-6ad4-4cbb-9ce0-b92ed0148b94,0x800,0x100000)/File(\EFI\boot\bootx64.efi)
Boot0001* opensuse      HD(1,GPT,9d96a519-6ad4-4cbb-9ce0-b92ed0148b94,0x800,0x100000)/File(\EFI\opensuse\grubx64.efi)
Boot0002* opensuse-secureboot   HD(1,GPT,9d96a519-6ad4-4cbb-9ce0-b92ed0148b94,0x800,0x100000)/File(\EFI\opensuse\shim.efi)

Tried “Microsoft”-solution “shim.efi” to “bootmgr.efi” labeled “Windows Boot Manager” → Entry boots opensuse but error still consists

/boot/efi/EFI # ls -la ./Microsoft/Boot/
drwxr-xr-x 2 root root    4096 Feb 19 17:48 .
drwxr-xr-x 3 root root    4096 Feb 19 17:38 ..
-rwxr-xr-x 1 root root 1336112 Feb 14 15:21 bootmgr.efi
-rwxr-xr-x 1 root root     120 Feb 19 17:44 grub.cfg
-rwxr-xr-x 1 root root 1197936 Feb 19 17:44 grub.efi

efibootmgr -c -L "Windows Boot Manager" -l '\EFI\Microsoft\Boot\bootmgr.efi'

Tried coping whole directory opensuse to boot → Entry boots opensuse but error still consists

/boot/efi/EFI # mv ./boot ./boot.org
/boot/efi/EFI # cp -av ./opensuse ./boot

all ended up in the original problem.

FAT32 / FAT16 - solution
Do i need to to reformat ?

lsblk --output NAME,LABEL,MOUNTPOINT,UUID,size,FSTYPE  

NAME   LABEL          MOUNTPOINT           UUID                                   SIZE FSTYPE 
sda                                                                             931.5G  
├─sda1 efi            /boot/efi            1189-08BB                              512M vfat
[FONT=monospace]├─sda2 boot           /boot                ea854f0e-8ff2-42b9-8478-9285c0ddf4bd     1G ext4
[/FONT]

cat /boot/efi/EFI/opensuse/grub.cfg  
search --fs-uuid --set=root ea854f0e-8ff2-42b9-8478-9285c0ddf4bd 
set prefix=(${root})/grub2 
source "${prefix}/grub.cfg"

If there is no need to reformat, then i will test “rEFInd” - solution…

For Information only:

Figured out, if i do not boot the original “shim.efi” (EFI\opensuse\shim.efi), i am not able to write boot entries or boot order with efibootmgr

 efibootmgr - Could not prepare Boot variable: No space left on device 

https://wiki.archlinux.org/index.php/FAT#Detecting_FAT_type
https://wiki.archlinux.org/index.php/EFI_system_partition

Check your hardware with making fresh install on a spare drive.

Reformated the efi partition.

backup of efi content

mkdir ./efisave
cp -av /boot/efi/ ./efisave/

formating efi partition

yast2 -> partitioner
/dev/sda1 -> Edit

Formating Options
--------------------
Filesystem: FAT
Options:
 - FAT Size: 32
 - Number of FATs: auto
 - Root Dir Entries: auto
Partition ID: EFI-System-Partition

Mounting Options:
--------------------
Mount device: /boot/efi
Fstab Options: 
 - Mount by: Volume label
 - Volume Label: efi, Codepage: 437

copy back efi content

cp -av ./efisave/ /boot/efi/

[HR][/HR]
After reboot - via choosing “shim.efi”
following error occurred (serveral times shown on display):
“dracut-initqueue[317]: Warning: dracut-initqueue timeout - starting timeout scripts”

Solution:
boot into recovery mode

• select shim.efi manually and choose Advanced options → Recovery
• usb openSuSE install media (USB or DVD) → Boot rescue System

mount root partition and chroot

mkdir /mnt 

mount /dev/sda3 /mnt
mount -t proc none /mnt/proc
mount --rbind /dev /mnt/dev
mount --rbind /sys /mnt/sys

chroot /mnt /bin/bash
mount -a

here i changed fstab options of efi partition, because i got an mounting error “FAT-fs (sda1): codepage cp437 not found”
(rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-rw)
but you do not need worry, because you do not need it mounted
and i will not work anyway, because rescue and recovery kernel (in may case) do not have the codepage “option”

dracut --regenrate-all
dracut --regenerte-all --force

first command will tell you to use second…
then unmount all and exit chroot

umount -a
exit

[HR][/HR]
but booting into grub is not solved
will try testing further

Links:
https://doc.opensuse.org/documentation/leap/startup/single-html/book-opensuse-startup/#sec-trouble-data-recover-rescue-access

https://forums.centos.org/viewtopic.php?f=47&t=63988&sid=e1c9556486020d10fb848106ccfbe4ad&start=10

You need 2 flags for ESP: boot, esp.

Again,

And try to update BIOS.

I think i found a solution.
I ran into the wrong direction, this system does not need secureboot it even does not support secureboot.

the solution with labeling grubx64.efi was the right track.
copy to bootmgr.efi did not work as descibed above, but

copy over grubx64.efi to bootmgfw.efi did the trick

so create Microsoft Boot directory, execute grub2-mkconfig an put copy grub file to Microsoft

mkdir -p  /boot/efi/EFI/Microsoft/BOOT
grub2-mkconfig -o  /boot/grub2/grub.cfg
cp -v /boot/efi/EFI/opensuse/grubx64.efi  /boot/efi/EFI/Microsoft/BOOT/bootmgfw.efi

now directory looks like this (the shell files are from github)

tree /boot/efi/EFI/
/boot/efi/EFI/
├── Microsoft
│   └── BOOT
│       ├── bootmgfw.efi
│       └── grubx64.efi
├── opensuse
│   └── grubx64.efi
├── shellx32.efi
└── shellx64.efi

3 directories, 5 file

then i created a shutdown file for setting the next boot option with efibootmgr

touch /usr/lib/systemd/system-shutdown/set-efi-bootnext.shutdown
kate /usr/lib/systemd/system-shutdown/set-efi-bootnext.shutdown

[Unit]
Description=set efi boot order on shutdown
Requires=network.target
DefaultDependencies=no
Before=shutdown.target reboot.target

[Service]
Type=oneshot
RemainAfterExit=true
ExecStart=/bin/true
ExecStop=efibootmgr -n 0001
[Install]
WantedBy=multi-user.target

I do not know, if this file is needed, because when i want to change boot order by hand always get the following message:

changing boot order is not allowed 
efibootmgr -o 0001,0000
Could not set BootOrder: No space left on device

efibootmgr lists following verbose output

efibootmgr -v
BootCurrent: 0000
Timeout: 0 seconds
BootOrder: 0000
Boot0000* Notebook Hard Drive   BBS(HD,�,0x0).......................................................................
Boot0001* opensuse      HD(1,GPT,9d96a519-6ad4-4cbb-9ce0-b92ed0148b94,0x800,0x100000)/File(\EFI\opensuse\grubx64.efi 

Boot does now work probably after shutdown.

Reboot via openSUSE does not work. This option runs into not finding any boot partition…
But if so Press Power Button untill the notebook is off. Then Powering on and it boots …

P.S. i updated the bios before start experimenting bootup.

Source:
https://forums.linuxmint.com/viewtopic.php?t=242756

https://github.com/tianocore/edk2/tree/UDK2018/ShellBinPkg/UefiShell/Ia32
https://github.com/tianocore/edk2/tree/UDK2018/ShellBinPkg/UefiShell/X64