Want to Re Install openSUSE grub menu

I am dual booting openSUSE with Ubuntu, with openSUSE as my preferred system and Ubuntu as my backup.

I just upgraded Ubuntu to the latest version (24.04 LTS) and I accidentally overwote the openSUSE default with the Ubuntu default. I have resolved the problem with the UEFI certs but I would like to have the openSUSE screen show with it as the default.

Is there a way to do this?
Thank you for your time.

Did you already check your UEFI OS boot order?

What does efibootmgr report? Ubuntu first? If yes, use efibootmgr -o to make openSUSE first.

I just tried using efibootmgr to change the order using efibootmgr. The result looked like I needed. When I tried to actually boot, it gave me a security error message and used the original order.
How doI fix that?

localhost:/home/jc # efibootmgr
BootCurrent: 0003
Timeout: 1 seconds
BootOrder: 0004,0003,0000,0001,0002
Boot0000* opensuse-secureboot   HD(2,GPT,434be06a-6729-4f0a-9a44-715d71d72afb,0x7800800,0x219800)/File(\EFI\OPENSUSE\SHIM.EFI)
Boot0001* Hard Drive    BBS(HD,,0x0)0000474f00004e4fb700000001000000750057004400430020002000570044005300310030003000540032004200300042002d0030003000590053003700300000000501090002000000007fff040002010c00d041030a0000000001010600010801010600020003120a000300ffff00007fff040001043e00ef47642dc93ba041ac194d51d01b4ce63900310035003000330038003000380036003000320039002000200020002000200020002000200000007fff04000000424f00004e4fb700000001000000750057004400430020002000570044005300310030003000540032004200300041002d003000300053004d003500300000000501090002000000007fff040002010c00d041030a0000000001010600030101010600010003120a000400ffff00007fff040001043e00ef47642dc93ba041ac194d51d01b4ce63000320036003300360039003000380036003200370031002000200020002000200020002000200000007fff04000000424f
Boot0002* CD/DVD Drive  BBS(CDROM,,0x0)0000474f00004e4fb5000000010000007500410053005500530020002000200020004400520057002d003200340042003100530054002000200020006a0000000501090003000000007fff040002010c00d041030a0000000001010600030101010600010003120a000500ffff00007fff040001043e00ef47642dc93ba041ac194d51d01b4ce638004a00300044004c0043003100300039003800370039002000200020002000200020002000200000007fff04000000424f
Boot0003* Ubuntu        HD(2,GPT,434be06a-6729-4f0a-9a44-715d71d72afb,0x7800800,0x219800)/File(\EFI\UBUNTU\SHIMX64.EFI)
Boot0004* opensuse      HD(2,GPT,434be06a-6729-4f0a-9a44-715d71d72afb,0x7800800,0x219800)/File(\EFI\OPENSUSE\GRUBX64.EFI)0000424f
Boot0005* UEFI:CD/DVD Drive     BBS(129,,0x0)
localhost:/home/jc # 

The error message is:

Secure Boot Violation
Invalid signature detected. Check Secure Boot Policy in Setup.

@featherfoot that’s because you have secure boot enabled and using the non-secure efi boot file…

Try:

efibootmgr -o 0,3,1,2,5

That was a disaster.

I got an error message about a security problem and it shut the computer off!

Thank got for multiple boot options!

@featherfoot so is secure boot enabled in the BIOS?

https://en.opensuse.org/openSUSE:UEFI#Reset_SBAT_string_for_booting_to_old_shim_in_old_Leap_image

You will need to either permanently disable Secure Boot in the BIOS or downgrade the SbatLevelRT following this procedure. Tumbleweed shim is still the ancient version that is behind security fixes.

I would boot into opensuse and then
sudo grub2-install

You should learn how this command differs in a UEFI environment from its use in a legacy BIOS environment.

I have 4 systems on UEFI and I’ve done this several times successfully. If one system’s changes affects grub, I log back into leap and reset grub this way.

This only works if Secure Boot is disabled.

This only works if Secure Boot is disabled.

Thanks. I realised that after giving my answer and re-reading the op.

Using grub2-install for OP’s need is using a hammer to do what only requires a gentle mallet tap. Unintended consequence may follow.

I did this and as advertised, I got the security error. Seems like it is time to diable secure boot.

Well, if secure boot is enabled, then you need to call signed shim-install which is wrapped around grub2-install that handles secure boot.

update-bootloader handles all of this as long as bootloader is correctly defined in /etc/sysconfig/bootloader.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.