Open megascrapper opened 8 months ago
If the only change you did was upgrading your BIOS, then most likely it also updated the SecureBoot database files. In that update they must have blacklisted the hashes/signatures that worked prior to your BIOS upgrade...
I suspect that this firmware update enabled NX at boot time. There are a couple of pieces of work underway to fully enable NX at boot time for Linux distros.
I don't know what, if any, fallback compatibility the firmware may implement, if it does, its behavior may change from boot to boot.
This was originally posted at https://github.com/linux-surface/linux-surface/issues/1162 with reports that after upgrading the UEFI firmware to 394.651.768.0 it no longer able to boot any Linux system.
I recently upgraded to a (maybe) slightly newer firmware 394.779.368.0 and the issue still somewhat present. I used rEFInd + shim with locally generated keys (via rEFInd's
--localkeys
option).My
efibootmgr -v
output:What works
Boot0004
orBoot0005
of above output) with Secure Boot disabledBoot0008
) to replace shimWhat doesn't work
Boot0006
) with or without Secure Boot. Stuck at Microsoft logoI should also mention that Ventoy worked perfectly even with shim + Secure Boot, so could be something with combination of refind + shim + firmware 394.779.368.0 wreaking havoc on things. Since booting directly to refind works, I don't have any reason to believe the issue is with refind.
Environment