Bug 1216524

Summary: slowroll Tumbleweed -- boot failure after update - security violation
Product: [openSUSE] openSUSE Tumbleweed Reporter: Neil Rickert <nwr10cst-oslnx>
Component: BootloaderAssignee: Bernhard Wiedemann <bwiedemann>
Status: NEW --- QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: glin
Version: Current   
Target Milestone: ---   
Hardware: Other   
OS: openSUSE Tumbleweed   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Neil Rickert 2023-10-24 04:13:49 UTC 
User-Agent:       Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0
Build Identifier: 

I updated my slowroll system today.  This was mainly grub updates.

On reboot, I got an immediate security violation and no boot menu.  It looks as if the update "grub.efi" does not have a suitable signature.

Searching around, I found a file "/usr/share/grub2/x86_64-efi/grub.der"

I tried enrolling that, and that fixed the problem.  However the update did not automatically enroll that cert and did not advise that it be enrolled.

Reproducible: Always
Comment 1 Gary Ching-Pang Lin 2023-11-14 08:47:40 UTC 
The grub2 package was built under oepnSUSE:ALP and signed by the project key instead of the official openSUSE signkey. It has to be configured by the build service team.