[Bug 1091464] Re: Unable to chainload Windows 8 with Secure Boot enabled

Martin Haynes martin.haynes at gmail.com
Mon Jul 1 02:55:05 UTC 2013 

Confirmed on Samsung Series 7.

I renamed /EFI/Microsoft/Boot/bootmgfw.efi as /EFI/ubuntu/grubx64.efi to
confirm that no keystore or signature validation issues were at work
during the Secure Boot failures. This worked as expected, booting
win2k12 without issue. **Note that this test obviously makes grub
unavailable on reboot. I wouldn't suggest anyone attempt this with an
in-use install.

I then performed a clean install of 13.04 to backing out the signed grub
efi loaders and boot-repair changes, disabled os-probing and did a sudo
update-grub to clean up the loader menu.

Finally, my work around was also to rely on the EFI NVRAM configuration
but instead of simply relying on shuffling between HDD and "ubuntu", I
created new efibootmgr entries for Windows 8 and my recovery partition.
So effectively, I am now using the UEFI POST menu as a boot loader.

Hopefully, the Samsung nvram bug and the resulting (unwanted) attention
will mean a quick fix.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2 in Ubuntu.
https://bugs.launchpad.net/bugs/1091464

Title:
  Unable to chainload Windows 8 with Secure Boot enabled

Status in “grub2” package in Ubuntu:
  Confirmed

Bug description:
  I've been working with Yannubuntu and he suggested I post a bug here.
  Here's what I did.

  Received a brand new Dell XPS13 laptop with Windows8 pre-installed
  with both UEFI and SecureBoot enabled.    After playing around,
  decided to wipe everything and create a dual boot configuration with
  both Windows 8 and Ubuntu 12.10.  Steps:

  1. Install Windows 8 via Dell supplied recovery media in UEFI mode.  The installer will create the /boot/efi, recovery and main partition.  
  2. Use Windows 8 to resize hard drive down to 50GB.  Use the rest for Ubuntu.
  3. Verify the computer boots successfully to Windows 8 with UEFI and Secure Boot enabled.
  4. Boot with USB Ubuntu install media and select 'do something else' to create partitions and indicate /boot/efi
  5. Let the install complete.  Normally here, I run boot repair because the signed bootloader doesn't seem to install.  In boot repair, I use advance options, indicate where the EFI boot should go, primary OS (ubuntu) and select SecureBoot.
  6. Now, everything is configured as I want it.  Upon boot up, the computer will boot to grub and then I can go to either Ubuntu or Windows UEFI.  
  7. Upon selecting Windows UEFI, I get the error:

   /EndEntire
  file path: /ACPI(a0341d0,0)/PCI(2,1f)/UnknownMessaging(12)/HD(2,96800,32000,7c043777b8608641,87,f6)/File(\EFI\Microsoft\Boot)/File(bootmgfw.efi)/EndEntire
  error: cannot load image

  8.  If I swap the order in the BIOS to boot to Windows first (with UEFI and Secure Boot) it directly boots to Windows so I know the EFI boot files are working.
  9. If I go back to my original configuration (e.g. Ubuntu first) with UEFI, but Secure Boot disabled, then the system is able to successfully chainload the MSFT boot files.

  My gut tells me that grub is unable to chainload to an OS (or maybe
  just windows 8) which is expecting a secure boot to be initiated from
  the UEFI bios.

  As a work around, I have disabled Secure Boot, but I'd like my
  ultimate configuration to support Secure Booting to either Ubuntu or
  Windows 8 via grub.

  Thanks,

  Neeraj

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1091464/+subscriptions

More information about the foundations-bugs mailing list