grub-install with --bootloader-id option creates unusable boot configuration with secure boot
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
grub2 (Ubuntu) |
Won't Fix
|
Low
|
Unassigned |
Bug Description
When manually creating an EFI boot entry using `grub-install --bootloader-
The signed grub EFI binary `grubx64.efi` seems to contain a hardcoded path to `/EFI/ubuntu`, from which grub will then read the grub.cfg configuration file specifying the UUID of the root partition. This approach only works if the bootloader id is in fact equal to "ubuntu".
Either calling grub-install with both an alternative bootloader id and UEFI secure boot options should fail and print an error explaining the situation, or the signed boot image should be fixed (i.e. the hardcoded path removed) so that it reads the grub.cfg from the same directory in which the image itself is located, which seems preferable because it allows multi-booting more than one Ubuntu installation on the same system.
This sound like a variant of bug 1242417.
Are you only directly calling grub-install --bootloader- id=myid ? Are you setting GRUB_DISTRIBUTOR elsewhere as well?
GRUB_DISTRIBUTOR would be set in /etc/default/grub at the very least and would likely interfere with how/where things get installed as well.
That said, I also see that /EFI/ubuntu is hardcoded in efi images; I just haven't found exactly how from a quick look at grub2.
Marking is Triaged/Low; this won't be an issue for most people, we appropriately handle "usual" installations. It probably still needs to get fixed so that --bootloader-id works as expected, but bug 1242417 had some reasons for being fixed the way it was and I'll need to talk to Colin and/or Steve.