this post was submitted on 26 Nov 2025
6 points (100.0% liked)

openSUSE

1001 readers
1 users here now

openSUSE is an open, free and secure operating system for PC, laptops, servers and ARM devices. Managing your emails, browsing the web, watching online streams, playing games, serving websites or doing office work never felt this empowering. And best part? It's not only backed by one of the leaders in open source industry, but also driven by lively community.

founded 2 years ago
MODERATORS
stimmer@lemmy.world
6
Grub-bls or Grub-efi for a home user (lemmy.world)
submitted 1 week ago by Maragato@lemmy.world to c/opensuse@lemmy.world
2 comments fedilink hide all child comments
 

Hello. I just received my new mini PC and I want to delete the Windows that comes installed and install Tumbleweed. I have seen in the Yast installer that the default grub is Grub-bls instead of grub-efi, which was the default until now. Which one should I choose, and what benefits does grub-bls offer to make it the new default boot manager in Tumbleweed? Thank you for Tumbleweed.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] Balinares@pawb.social 4 points 1 week ago (1 children)

From a quick bit of research (https://news.opensuse.org/2024/10/08/grub2-bls/), it seems like Grub BLS (Boot Loader Specification) is a revision of Grub EFI that supports automatically creating boot menu entries for kernels that have such a BLS entry in the EFI partition. Those BLS entries are neat because they should work independently from your bootloader -- you could switch to systemd-boot and not have to reconfigure anything. I don't know about Tumbleweed, but in other distros, those entries are created automatically when you install or update a kernel.

I see no reason not to use it.

[โ€“] BCsven@lemmy.ca 5 points 1 week ago

It seems it may be part of OpenSUSEs move to full disk encryption using TPM/secure boot. There was secureboot before, but now everything but a small FAT partition is encrypted.

They tweaked things so that that an encrypted binary is created and unlocked only by TPM/secure boot, prior to actually running the boot / main kernel stuff. The system regenerates the binary after each load to stay current with the rolling TPM registers.

https://microos.opensuse.org/blog/2023-12-20-sdboot-fde/