[Bug 1229488] Re: 13.10 USB to USB Install on UEFI Secure Boot Machine Left Host Unbootable

Ubfan 1229488 at bugs.launchpad.net
Sat Feb 18 22:39:24 UTC 2017 

** Description changed:

  Downloaded Sept. 20 daily build of 13.10, 64 bit, desktop ISO, md5sum
  checked it, used "create startup disk" on 13.04 secure boot host to make
  USB live media, rebooted from it, and successfully installed 13.10 to
  another USB. Target USB had gpt partitioning, had an EFI partition set
- up on it, and bootloader target was the UEB's EFI partition.  The USB
- installation boots successfully, but the laptop no longer boots from its
- hard disk, leaving you at the grub prompt.  The cause was the installation
- improperly changed the hard disk's grub.cfg
+ up on it, and the user selected bootloader location was the USB's EFI partition.  The USB installation does not boot (ESP is empty, bug 1173457) and the laptop no longer boots from its hard disk, leaving you at the grub prompt.
  
- Expected change to hard disk's /EFI/ubuntu/grub.cfg -- None.
- Actual change to hard disk's /EFI/ubuntu.grub.cfg -- The uuid in the
- "set root" just before the configfile command was reset from the hard
- disk to the (no longer present) target USB.
+   The cause bootfailure was twofold:
+ 1)The installation improperly changed the hard disk's grub.cfg (bug 1173457).
+ 2)The NVRAM boot entry was improperly changed from shimx64.efi to grubx64.efi (this bug) which will not boot when secure boot is enabled.  
  
- Additionally, no NVRAM changes were expected from installing to a USB
- stick, but a new boot entry was created.  This boot entry was a correct
- (for secure boot) -- /EFI/ubuntu/shimx64.efi.  NVRAM is a finite
- resource, which when used up leaves your machine bricked, or relying on an
- untested vendor supplied reset, so any unnecessary additions are highly
- undesirable.
+ No NVRAM changes or additions were expected from installing to a USB
+ stick.   The existing NVRAM  boot entry was correct for secure boot -- /EFI/ubuntu/shimx64.efi.  The changed NVRAM was /EFI/ubuntu/grubx64.efi and
+ is incorrect for a secure boot, it doesn't work.
  
- Editing the hard disk's improper grub.cfg file by putting in the correct
- UUID allowed the laptop to boot successfully.  The EFI menu now has an
- additional ubuntu entry, which also boots successfully.  To summarize,
- creating or updating a USB installation should not change anything in
- NVRAM nor on the hard disk's EFI partition.  This 13.10 installation did both.
- (The update reference was to a 12.10 USB update, which changed the NVRAM
- shim boot entry's disk code and removed it from the boot order (no bug
- filed), so these issues are not new to 13.10.)
+ Additional notes: The shim entry which was changed to grub was not the
+ default, Windows was the default boot entry.
  
  Hardware: Toshiba Satellite S855-5378, Insydh20 firmware version 6.60,
  8G memory, 750G hard disk, Intel HD4000 video, running dual boot W8 and
  fully patched 64 bit 13.04 Ubuntu desktop with secure boot enabled. The only
  secure boot issue with this machine is the inability to boot Windows
  from grub (bug 1091464), so Windows is the default, and the EFI menu is used
- to select Ubuntu to run shim/grub.  The original Ubuntu selection's path is
- actually grubx64.efi, which is incorrect for secure boot, but
- in /EFI/Boot is a copy of shim.efi named bootx64.efi and grubx64.efi, which must be a
- fallback, because the boot succeeds anyway. The original shim Ubuntu
- selection was improperly changed/removed from boot order and the EFI
- menu by a USB 12.10 update (and never added back since a working EFI choice
- existed).
+ to select Ubuntu to run shim/grub.  In /EFI/Boot is a copy of shimx64.efi named bootx64.efi and a copy of grubx64.efi. This machine uses this as a
+ fallback, allowing Ubuntu to boot.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2 in Ubuntu.
https://bugs.launchpad.net/bugs/1229488

Title:
  13.10 USB to USB Install on UEFI Secure Boot Machine Left Host
  Unbootable

Status in grub2 package in Ubuntu:
  New

Bug description:
  Downloaded Sept. 20 daily build of 13.10, 64 bit, desktop ISO, md5sum
  checked it, used "create startup disk" on 13.04 secure boot host to make
  USB live media, rebooted from it, and successfully installed 13.10 to
  another USB. Target USB had gpt partitioning, had an EFI partition set
  up on it, and the user selected bootloader location was the USB's EFI partition.  The USB installation does not boot (ESP is empty, bug 1173457) and the laptop no longer boots from its hard disk, leaving you at the grub prompt.

    The cause bootfailure was twofold:
  1)The installation improperly changed the hard disk's grub.cfg (bug 1173457).
  2)The NVRAM boot entry was improperly changed from shimx64.efi to grubx64.efi (this bug) which will not boot when secure boot is enabled.  

  No NVRAM changes or additions were expected from installing to a USB
  stick.   The existing NVRAM  boot entry was correct for secure boot -- /EFI/ubuntu/shimx64.efi.  The changed NVRAM was /EFI/ubuntu/grubx64.efi and
  is incorrect for a secure boot, it doesn't work.

  Additional notes: The shim entry which was changed to grub was not the
  default, Windows was the default boot entry.

  Hardware: Toshiba Satellite S855-5378, Insydh20 firmware version 6.60,
  8G memory, 750G hard disk, Intel HD4000 video, running dual boot W8 and
  fully patched 64 bit 13.04 Ubuntu desktop with secure boot enabled. The only
  secure boot issue with this machine is the inability to boot Windows
  from grub (bug 1091464), so Windows is the default, and the EFI menu is used
  to select Ubuntu to run shim/grub.  In /EFI/Boot is a copy of shimx64.efi named bootx64.efi and a copy of grubx64.efi. This machine uses this as a
  fallback, allowing Ubuntu to boot.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1229488/+subscriptions

More information about the foundations-bugs mailing list