openSUSE Tumbleweed needs to fix Secure Boot

After my recent rant about Enterprise Linux, the company where I work became a SUSE Linux partner. Therefore, I’m giving Enterprise Linux another go. After initially looking at SUSE Linux Enterprise Desktop (SLED), I decided to go with SUSE’s rolling offering, Tumbleweed.

A state-of-the-art desktop

The openSUSE Tumbleweed sales pitch sounds exactly like what I value in a Linux distribution:

With Tumbleweed you don’t have to take difficult decisions about things you value, either freedom or safety, either control or security, technology or stability – Tumbleweed lets you have your cake and eat it too!

OpenSUSE Tumbleweed with Gnome 46

OpenSUSE Tumbleweed with Gnome 46 running on a Lenovo ThinkPad X13 Gen 2i.

Specifically, company requirements include Secure Boot support and a Mandatory Access Control (MAC) system for any GNU/Linux-based system that is to be installed on company equipment or interact with company resources.

Anyhow, there are a lot of upsides to running Tumbleweed, but this post is about a glaring deficiency that I am honestly dumbfounded is still unresolved.

Disable Secure Boot to install firmware updates

Unfortunately, openSUSE Tumbleweed users currently need to disable Secure Boot to be able to install firmware updates provided by fwupd. The issue revolves around a seemingly stuck process with getting a new UEFI shim loader reviewed and signed. And to make it worse, the signing request was raised 8 months ago and it’s still pending. I understand that this is an important and complicated process, but regardless, it does make for some interesting reading. Request for review: Shim 15.7 for openSUSE Tumbleweed.

I’m not saying unpaid volunteers need to work harder, but SUSE Linux, the company, should be able to throw some money and resources at this problem. In my opinion, it does reflect rather poorly on the company and its product.

fwupdmgr update on OpenSUSE Tumbleweed

fwupdmgr update. Updates won’t load during reboot while Secure Boot is enabled.

I’m eagerly awaiting a fix :)

Roger Comply avatar
Roger Comply
Thank you for reading!
Feel free to waste more time by subscribing to my RSS feed.