[Bug 1097570] Re: grub2-signed can not find the right device when there are two filesystems containing the file '.disk/info'.

Thu Jun 25 21:22:58 UTC 2015

I've done my own testing on my side and unfortunately it seems like
hinting the search command isn't sufficient to make this work -- there's
definitely also the need to patch is some more to not use cache when
hinting the command, so that things appear in the right order.

This said, I've had review on the $bootdrive patch and there's been some
rightful pushback: there's a way to get the same thing via regexp, and
we should otherwise make sure we're not unnecessarily duplicating
variables (since there is already $cmdpath; though there is so logic to
having a $grub_bootdev and $grub_bootpath separation).

Since it was suggested, I've looked into using regexp to retrieve the
boot device name, it looks like it might work to remove the need to
search for the right root device, but given that this is run in a UEFI
context, there could be security implications to using regexp -- I've
asked Colin Watson to weight in on that.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2 in Ubuntu.
https://bugs.launchpad.net/bugs/1097570

Title:
  grub2-signed can not find the right device when there are two
  filesystems containing the file '.disk/info'.

Status in OEM Priority Project:
  Triaged
Status in OEM Priority Project precise series:
  Won't Fix
Status in OEM Priority Project trusty series:
  Confirmed
Status in grub2 package in Ubuntu:
  In Progress
Status in grub2 source package in Precise:
  Triaged
Status in grub2 source package in Raring:
  Invalid
Status in grub2 source package in Trusty:
  Triaged

Bug description:
  SRU justification:

  [Impact] When using UEFI, GRUB doesn't always determine the correct boot device to chain to if multiple Ubuntu bootable media are attached.
  [Test Case] Described below.
  [Regression Potential] When I fixed this in saucy, I made a mistake that broke UEFI Secure Boot (fixed in 2.00-18ubuntu4).  I made sure to cherry-pick that fix as well here, but it's worth testing both paths.

  Original report follows:

  * Ubuntu 12.04.2 LTS "Precise Pangolin" - Release amd64 (20130108)
  precise-desktop-amd64.iso from http://cdimage.ubuntu.com/precise/daily-live/current/ .

  * Package Version
  grub2-signed 1.9~ubuntu12.04.2+1.99-21ubuntu3.7

  * Reproduce Steps
  1. Use `usb-creator-gtk` to create a bootable USB drive by precise-desktop-amd64.iso
  2. Use this USB drive to boot "Try Ubuntu without installing" on an UEFI secure boot enabled laptop.
  3. Create only one 1GB primary fat32 partition on the disk of the laptop with GPT-based disk layout.
  4. Mount fat32 partition on /mnt
      $ sudo mount /dev/sda1 /mnt
  5. Manually copy all contents from the USB stick into the fat32 partition.
      $ sudo cp -av /cdrom/.disk /cdrom/* /mnt
  6. Set up the EFI boot entry.
      $ sudo apt-get install efibootmgr grub-efi-amd64-signed shim-signed
      $ sudo grub-install --removable --uefi-secure-boot --root-directory /mnt /dev/sda1
      $ sudo efibootmgr -c -d /dev/sda -p 1 -l "\\EFI\\BOOT\\BOOTx64.EFI" -L recovery
  7. Append 'from recovery partition' to every menuentry title in /mnt/boot/grub/grub.cfg .
  8. Reboot and select the boot entry 'recovery' from UEFI boot option menu.

  * Expected Result
  We can see every menu entry of grub with the suffix 'from recovery partition'.

  * Actual Result
  There is no suffix 'from recovery partition' on menu entries of grub.

  P.S. The USB drive is still plunged in the laptop. After we unplug the
  USB drive and select the boot entry 'recovery' from UEFI boot option
  menu, we can see every menu entry of grub with the suffix 'from
  recovery partition'.

To manage notifications about this bug go to:
https://bugs.launchpad.net/oem-priority/+bug/1097570/+subscriptions