update killed bootloader

I just ran a zypper up and rebooted. I didn’t really pay much attention to what the updates were, but I did note there was a kernel update in there. In any case, now my laptop will not boot at all.
I get the following error:

Failed to open \EFI\BOOT\MokManager.efi - Not Found
Failed to load image \EFI\BOOT\MokManager.efi: Not Found
Failed to start MokManager: Not Found
Something has gone seriously wrong: import_mok_state() failed : Not found


Open bug report, refer to this forum thread and also this factory mail: https://lists.opensuse.org/opensuse-factory/2020-08/msg00169.html

You probably will need to keep current state to allow diagnostic.

Bug report submitted. I can leave it in the current state for a short period, but I need it to work, so that’s a bit of a problem :slight_smile:
I’m assuming I can probably rescue it from the installation disk image.

The installion image normally has a menu option “Boot from hard drive”. You could check whether that boots into your system.

For the sake of archives: https://bugzilla.opensuse.org/show_bug.cgi?id=1175626

The bug you submitted has probably been listed as a duplicate of 1175575. The solution is to revert to legacy boot, install the new kernel and reboot. Unfortunately, the shim was issued before the kernel when they should have been issued together.

I’m running the latest kernel now: 5.3.18-lp152.36-default. It did not solve the problem. In fact, updating to that kernel is what caused it, or possibly the shim, I don’t recall if that was in the list of updates or not. But, my system is completely up to date. Won’t (EFI) boot.

I went ahead and downgraded the kernel and shim packages. I’m now running kernel-default-5.3.18-lp152.33.1 and shim-14-lp152.3.1. System boots fine. Packages are locked until this bug is resolved.

I just updated here, all good enrolled new key at boot maybe that was missed?

It should be safe to upgrade the kernel, but keep the old shim for now.

I have tested. The old shim can boot the new kernel. However, the new shim cannot boot the old kernel (it needs the new kernel).

There are actually two problems that lead to this situation.

  1. System does not use normal boot options and decides to load \EFI\Boot\bootx64.efi (which is equivalent to “Boot from UEFI disk” in many firmware implementations). openSUSE installs shim as bootx64.efi (at least if secure boot was enabled on installation).

  2. shim aborts if it cannot find MokManager. It looks for MokManager in the same directory where shim binary is located. There is no MokManager in \EFI\Boot by default.

During update new MOK request was submitted, shim tried to invoke MokManager and failed.

Now 2 is topic of mentioned bug report. As for 1, this could be issue specific to your firmware implementation. Post “efibootmgr -v” output.

Assuming you cannot fix your firmware, workaround is to copy MokManager.efi from \EFI\openssue\ to \EFI\Boot.

I resolved this issue by updating the bios on my laptop. My system is a dell precision 7530. Bios version 1.5.2 will not boot the new shim and kernel, but version 1.13.1 boots successfully.

I’m glad you have it fixed. And thanks for that information.

There are probably other people who still have the problem. I will continue to follow the bug report.