[Bug 1641793] Re: Invalid Signature detected -- must uncheck secure boot
Mathieu Trudel-Lapierre
mathieu.tl at gmail.com
Mon Nov 21 20:15:19 UTC 2016
Indeed, this is wrong. grub is not an image we get signed with the
Microsoft keys, and so is not going to be recognized as a valid
signature by firmware unless you re-sign it yourself and add the key you
used to the firmware.
With things as they are, it doesn't look like you'd be able to
successfully boot Windows anyway (since you'd likely be missing extra
options normally passed to the Windows Boot Manager). What I see here is
that the ubuntu entry exists (so it should be possible to pick what to
boot via F12 or some other keyboard shortcut appropriate to your
system), but it's been mangled by the firmware. There isn't much we can
do if firmware breaks the boot entries, except tricking it into doing
the right thing by putting files in a different location.
The correct file to use as a BootEntry binary is shimx64.efi, not
grubx64.efi. You may try the same bcdedit command with that file.
Otherwise, please try to fix Windows using the recovery options if you
can (repair boot, etc. as per the AskUbuntu question or Windows
documentation). From that point, you would be able to reinstall Ubuntu
or boot from an Ubuntu CD/USB and reinstall grub, which will create the
right boot entry (which is what Boot0000 should be in this bug's
description).
** Changed in: shim (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to shim in Ubuntu.
https://bugs.launchpad.net/bugs/1641793
Title:
Invalid Signature detected -- must uncheck secure boot
Status in shim package in Ubuntu:
Incomplete
Bug description:
This occurred after a fresh install of 16.04 on an Acer Desktop. At the start only Windows would boot -- no Grub2 screen appeared. I made a number of attempts following "https://help.ubuntu.com/community/UEFI" Nothing worked and they suggested trying "http://askubuntu.com/questions/221835/installing-ubuntu-on-a-pre-installed-windows-10-with-uefi"
I executed a suggested command "bcdedit /set {bootmgr} path \EFI\ubuntu\grubx64.efi"
This gave the Grub2 menu but only in unsecure boot mode.
The same document says to send a bug report if an invalid signature is detected. I am doing that. However in doing so i note that the bug report is sent to "shim". But the instructions said to set the path to "grub64.efi" and not "shimx64.efi" which was also available in the /boot/EFI folder.
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: shim 0.8-0ubuntu2
ProcVersionSignature: Ubuntu 4.4.0-47.68-generic 4.4.24
Uname: Linux 4.4.0-47-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: amd64
CurrentDesktop: Unity
Date: Mon Nov 14 20:47:37 2016
Dependencies:
EFIBootMgr:
BootCurrent: 0001
Timeout: 2 seconds
BootOrder: 0001,0000
Boot0000 ubuntu VenHw(99e275e7-75a0-4b37-a2e6-c5385e6c00cb)
Boot0001* Windows Boot Manager HD(1,GPT,a30e4f73-c41a-4d41-8b33-8bc3beb73cc0,0x800,0x32000)/File(\EFI\ubuntu\grubx64.efi)WINDOWS.........x...B.C.D.O.B.J.E.C.T.=.{.9.d.e.a.8.6.2.c.-.5.c.d.d.-.4.e.7.0.-.a.c.c.1.-.f.3.2.b.3.4.4.d.4.7.9.5.}...}................
InstallationDate: Installed on 2016-11-12 (3 days ago)
InstallationMedia: Ubuntu 16.04.1 LTS "Xenial Xerus" - Release amd64 (20160719)
SourcePackage: shim
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1641793/+subscriptions
More information about the foundations-bugs
mailing list