The ISO image may fail to boot when you attempt to install Harvester on a host with the following characteristics:
- An operating system was previously installed, particularly openSUSE Leap 15.5 or later and Harvester v1.3.1 or later. Other Linux distributions and recent versions of Windows may also be affected.
- UEFI secure boot is enabled.
This issue occurs when the Harvester ISO uses a shim bootloader that is older than the bootloader previously installed on the host. For example, the Harvester v1.3.1 ISO uses shim 15.4 but the system uses shim 15.8 after installation, which sets SBAT revocations for older shims. Subsequent attempts to boot the older shim on the ISO fail with the following error:
Verifying shim SBAT data failed: Security Policy Violation
Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation
To mitigate the issue, perform the following workaround:
- Disable Secure Boot.
- Boot the ISO image and proceed with the installation.
- Enable Secure Boot and boot into the installed system.
References
- Harvester: Issue 7343
- openSUSE: Reset SBAT string for booting to old shim in old Leap image