Bug 1228228

Summary: kernel lockdown
Product: [openSUSE] openSUSE Distribution Reporter: George Braff <gfbraff>
Component: KernelAssignee: openSUSE Kernel Bugs <kernel-bugs>
Status: RESOLVED INVALID QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: gfbraff, tiwai
Version: Leap 15.6   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description George Braff 2024-07-23 06:23:05 UTC 
2024/07/22 After system update with kernel update I get kernel lockdown. I assume this a safe boot issue.  It has happen several times with Tumbleweed after kernel update, so I installed Leap 15.6 thinking it would improve stability.  Is this a problem with my computer?  Is there a way to recover?  I can use a previous snapshot, but then it is impossible to update:

<html>Package failed to install:<br/><br/>Subprocess failed. Error: RPM failed: Command exited with status 1.
History:
 - error: can&apos;t create transaction lock on /usr/lib/sysimage/rpm/.rpm.lock (Read-only file system)
</html>

Is there any way to disable the secure boot (or is it even safe)?

I have lost count of the times I have reinstalled the OS during the past year and would like some stability.  Would I have the same problems with Kubuntu (although I hate it)?

Thank you for your patience.

George
Comment 1 Takashi Iwai 2024-07-23 06:28:22 UTC 
Sounds like you're using btrfs and transaction update or booting with a read-only snapshot?  How did you boot the system at all?  Did it boot properly?
Comment 2 George Braff 2024-07-24 00:03:32 UTC 
It booted without a problem from the  snapshot.
Comment 3 Takashi Iwai 2024-07-24 12:22:57 UTC 
When you boot from a snapshot, the system directory would be root-only:
  https://doc.opensuse.org/documentation/leap/archive/15.0/reference/html/book.opensuse.reference/cha.snapper.html#sec.snapper.snapshot-boot

So it's the designed behavior.
You need to do a proper roll-back procedure via "snapper rollback".