[Bug 1778848] Re: Support for grub upgrades with bios+uefi bootloader targets

Steve Langasek steve.langasek at canonical.com
Tue Jul 17 20:41:37 UTC 2018 

On Tue, Jul 17, 2018 at 07:15:06PM -0000, Phillip Susi wrote:
> On 07/02/2018 12:51 PM, Steve Langasek wrote:
> > On Mon, Jul 02, 2018 at 12:14:40AM -0000, Phillip Susi wrote:
> >> Why would you want to install grub-efi if you can't update the EFI boot
> >> catalog?  Without that, it can't be booted in EFI mode.
> > Because with shim's 'fallback' implementation, a system that could not
> > update the boot catalog in nvram because it was not booted under UEFI
> > initially still stands a chance of auto-configuring itself to be able to
> > boot Ubuntu, via selecting the disk for boot from the firmware boot
> > selector.

> You mean we are now installing a "removable media" boot loader in 
> EFI/BOOT that chainloads the one in EFI/Ubuntu?

The "removable media" bootloader does not chainload the one in EFI\Ubuntu;
it chainloads fbx64.efi, whose sole function is to (re)populate the nvram
boot settings from the set of BOOT.CSV files it discovers on disk.

https://github.com/rhboot/shim/blob/master/README.fallback

So even if the we cannot populate nvram at install time (e.g. because the
system is not booted in EFI mode at that point), it is useful to initialize
and populate an ESP for future EFI compatibility.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                   https://www.debian.org/
slangasek at ubuntu.com                                     vorlon at debian.org

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2 in Ubuntu.
https://bugs.launchpad.net/bugs/1778848

Title:
  Support for grub upgrades with bios+uefi bootloader targets

Status in grub-installer package in Ubuntu:
  Fix Released
Status in grub2 package in Ubuntu:
  Fix Released
Status in grub2-signed package in Ubuntu:
  Fix Released
Status in shim-signed package in Ubuntu:
  Fix Released
Status in ubiquity package in Ubuntu:
  Fix Released
Status in grub-installer source package in Bionic:
  Fix Released
Status in grub2 source package in Bionic:
  Fix Released
Status in grub2-signed source package in Bionic:
  Fix Released
Status in shim-signed source package in Bionic:
  Fix Released
Status in ubiquity source package in Bionic:
  Fix Released

Bug description:
  [Impact]

  There are multiple use cases which require both BIOS and UEFI bootloaders installed on a target image and to keep them both updated.
  - cloud images on clouds that support both BIOS and UEFI boot in alternate instance types
  - PC installs that should remain bootable in the face of firmware upgrades or reconfigurations

  This currently doesn't work because 'grub-install' selects its install
  target based on which of grub-pc or grub-efi-amd64 is installed.

  In cosmic we have introduced a --auto-nvram grub-install option that
  automatically determines if we're running with NVRAM access or not and
  if yes, updates the NVRAM contents. This allows such dual BIOS-UEFI
  bootloader setups to work. Same changes are required to be backported
  to bionic for our cloud images.

  [Test Case]

  Basic grub2 grub-install test:
   * Boot up a bionic system in UEFI mode.
   * Upgrade grub2-common to the version in -proposed.
   * Run `grub-install --target=x86_64-efi --auto-nvram` and make sure it succeeds.
   * Prepare a system with an UEFI installed system that can be booted into in legacy BIOS mode.
   * Boot up the UEFI-installed bionic system in legacy BIOS mode.
   * Upgrade grub2-common to the version in -proposed.
   * Run `grub-install --target=x86_64-efi --auto-nvram` and make sure it succeeds (actually not doing anything).

  Install test for UEFI (repeat for both server-live, server and desktop):
   * Download the latest bionic -proposed-enabled image.
   * Make sure the image includes the -proposed version of grub2, grub2-signed, shim-signed and grub-installer (and/or ubiquity).
   * Install the system normally on an EFI system.
   * Reboot and make sure the system is bootable.

  Install test for legacy BIOS (repeat for both server-live, server and desktop):
   * Download the latest bionic -proposed-enabled image.
   * Make sure the image includes the -proposed version of grub2, grub2-signed, shim-signed and grub-installer (and/or ubiquity).
   * Install the system normally on a BIOS system.
   * Reboot and make sure the system is bootable.

  TODO: Add cloud image testing.

  [Regression Potential]

  The backport introduces a change in the dependency chain for grub
  which, in some cases, can lead to systems loosing their ability to
  boot. Basically the symptoms to look for is the inability of booting
  the installed system on EFI or BIOS. A lot of testing and dogfooding
  will be required to make sure no installation-case has been broken by
  this.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub-installer/+bug/1778848/+subscriptions

More information about the foundations-bugs mailing list