WORKAROUND with 'Secure Boot' DISABLED
--------------------------------------
The 'grub.cfg' menuentry below, which may conceivably be generated by 'os-prober', works only with 'Secure Boot' disabled :
menuentry "Windows booted from its NTFS partition" {
insmod part_msdos # and/or part_gpt, depending on the partition table(s)
insmod ntfs
set WindowsEFI=/EFI/Microsoft/Boot/bootmgfw.efi
if [ x$feature_platform_search_hint = xy ]; then
search -n -s --hint-bios=hd0,msdos2 --hint-efi=hd0,msdos2 --hint-baremetal=ahci0,msdos2 -f $WindowsEFI
else
search -n -s -f $WindowsEFI
fi
chainloader $WindowsEFI
}
But with 'Secure Boot' enabled, the above menuentry systematically fails with following error message :
Secure boot forbids loading module from (hd0,msdos2)/boot/grub/x86_64-efi/ntfs.mod
WORKAROUND with 'Secure Boot' ENABLED
-------------------------------------
In order to boot Windows on UEFI with 'Secure Boot' enabled, I have successfully installed following workaround :
- Think : On installation of the Linux distribution (Ubuntu or another one) with UEFI, the installer normally creates an 'EFI boot' partition formatted as 'vfat'.
- Think : This 'EFI boot' partition is read by 'grub' WITHOUT the need of the insecure 'ntfs.mod', and is precisely dedicated to booting. So, let's use it :
- Under Linux, mount the Windows partition, and copy the content of its '/EFI' folder under '/boot/efi/EFI'. For example :
sudo cp -p -r /media/user/Windows-Label/EFI/* /boot/efi/EFI/
(you can safely ignore 'cp: failed to preserve ownership' error messages)
- Then, replacing 'msdos2' by the partition number of the Windows partition on your system, write following lines at the END of '/etc/grub.d/40_custom' :
menuentry "Windows booted from EFI boot partition" {
insmod part_msdos # and/or part_gpt, depending on the partition table(s)
set WindowsEFI=/EFI/Microsoft/Boot/bootmgfw.efi
if [ x$feature_platform_search_hint = xy ]; then
search -n -s --hint-bios=hd0,msdos2 --hint-efi=hd0,msdos2 --hint-baremetal=ahci0,msdos2 -f $WindowsEFI
else
search -n -s -f $WindowsEFI
fi
chainloader $WindowsEFI
}
FIXING THE BUG FOR ALL CASES
----------------------------
I suggest that 'os-prober' automatically performs the workaround just above, which involves copying boot files from the Windows partition to the 'EFI boot' partition.
In order to boot Windows on UEFI systems :
WORKAROUND with 'Secure Boot' DISABLED ------- ------- ------- ------- ---
-------
The 'grub.cfg' menuentry below, which may conceivably be generated by 'os-prober', works only with 'Secure Boot' disabled :
menuentry "Windows booted from its NTFS partition" { /EFI/Microsoft/ Boot/bootmgfw. efi platform_ search_ hint = xy ]; then bios=hd0, msdos2 --hint- efi=hd0, msdos2 --hint- baremetal= ahci0,msdos2 -f $WindowsEFI
insmod part_msdos # and/or part_gpt, depending on the partition table(s)
insmod ntfs
set WindowsEFI=
if [ x$feature_
search -n -s --hint-
else
search -n -s -f $WindowsEFI
fi
chainloader $WindowsEFI
}
But with 'Secure Boot' enabled, the above menuentry systematically fails with following error message : /boot/grub/ x86_64- efi/ntfs. mod
Secure boot forbids loading module from (hd0,msdos2)
WORKAROUND with 'Secure Boot' ENABLED ------- ------- ------- ------- --
-------
In order to boot Windows on UEFI with 'Secure Boot' enabled, I have successfully installed following workaround :
- Think : On installation of the Linux distribution (Ubuntu or another one) with UEFI, the installer normally creates an 'EFI boot' partition formatted as 'vfat'.
- Think : This 'EFI boot' partition is read by 'grub' WITHOUT the need of the insecure 'ntfs.mod', and is precisely dedicated to booting. So, let's use it :
- Under Linux, mount the Windows partition, and copy the content of its '/EFI' folder under '/boot/efi/EFI'. For example : user/Windows- Label/EFI/ * /boot/efi/EFI/
sudo cp -p -r /media/
(you can safely ignore 'cp: failed to preserve ownership' error messages)
- Then, replacing 'msdos2' by the partition number of the Windows partition on your system, write following lines at the END of '/etc/grub. d/40_custom' :
menuentry "Windows booted from EFI boot partition" { /EFI/Microsoft/ Boot/bootmgfw. efi platform_ search_ hint = xy ]; then bios=hd0, msdos2 --hint- efi=hd0, msdos2 --hint- baremetal= ahci0,msdos2 -f $WindowsEFI
insmod part_msdos # and/or part_gpt, depending on the partition table(s)
set WindowsEFI=
if [ x$feature_
search -n -s --hint-
else
search -n -s -f $WindowsEFI
fi
chainloader $WindowsEFI
}
FIXING THE BUG FOR ALL CASES ------- ------- -------
-------
I suggest that 'os-prober' automatically performs the workaround just above, which involves copying boot files from the Windows partition to the 'EFI boot' partition.