grub-install installs wrong bootloader when --removable and --uefi-secure-boot are used.

Bug #1453980 reported by Ubfan on 2015-05-11
This bug affects 1 person
Affects Status Importance Assigned to Milestone
grub-installer (Ubuntu)

Bug Description

Ubuntu 15.04
With the --removable switch, grub-install will now correctly install grubx64.efi as the default bootloader
in the EFI partition's /EFI/Boot/bootx64.efi file, but with the addition of --uefi-secure-boot, it still
uses grubx64.efi as bootx64.efi instead of shimx64.efi. The use of both --removable and --uefi-secure-boot
should result in shimx64.efi copied to the /EFI/Boot/bootx64.efi file, and grubx64.efi just copied to the
/EFI/Boot directory.
  Since the shimx64 as bootx64.efi will work with secure boot enabled or disabled, the easiest solution would be to just use it every time the --removable is used.
  grubx64.efi will not successfully boot a UEFI machine with secure boot enabled.

Ubfan (ubfan1) on 2015-05-13
tags: added: 15.04 grub-installer
Ubfan (ubfan1) wrote :

On Ubuntu 16.04, uefi secure boot enabled, grub-efi package 2.02~beta2-36ubuntu3.15, the original problem has been fixed, like the suggestion in the original posting (just use shim) , but now the --no-uefi-secure-boot switch on grub-install does not cause grubx64.efi to be used as .../EFI/Boot/bootx64.efi, instead the legacy core.img is used. There is apparently no way to install grub to a removable disk for use on a non-secure boot UEFI system from a 16.04 secure boot system.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers