[Bug 1091464] Re: Unable to chainload Windows 8 with Secure Boot enabled

Ubfan 1091464 at bugs.launchpad.net
Sun May 26 17:10:12 UTC 2013 

A second workaround, more convienent than the USB boot is to invoke the EFI device select menu, select HDD, then select ubuntu or Windows (both of which work).  The ubuntu selection starts grub, but from grub, the Windows boot still fails with the above chainloader error.  
  With the number of different brands mentioned in this bug, I begin to doubt the problem is vendor related.  Maybe something we did caused this, so here's what I did:
  My first install was to a USB stick without ann EFI partition( used HD EFI, booted Ubuntu OK, did not boot Windows, and killed the Windows boot off the hard disk when not present).  Installed to (prepared HD) in this condition, worked, but got a grub install error (Windows boot worked again). Installed to USB again after putting on a EFI partition, the install still mounted the HD EFI, which I manually unmounted and replaced with the USB EFI (this worked).  At this point, the HD /EFI/ubuntu directory was corrupted, so had to manually delete it and replace the signed binaries.  The USB would boot Ubuntu, but not Windows, and the HD would boot Windows (default).  Using efibootmgr -v, I could see that the ubuntu boot was set up wrong, trying to boot grub instead of shim -- but much to my surprise, it still booted, so I surmise a silent failure, then a fallback to the /EFI/Boot/bootx64.efi (which was a copy of shim) which succeeded.  I manually added (grub-install --uefi-secure-boot /dev/sda) a correct shim boot path, which worked too.  I normally now enter F12 to select ubuntu or Windows.  Not a totally clean history, but on the other hand, the machine has never been out of secure boot, I have never run boot-repair, and the only EFI variable manipulation I have done is through grub-install.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2 in Ubuntu.
https://bugs.launchpad.net/bugs/1091464

Title:
  Unable to chainload Windows 8 with Secure Boot enabled

Status in “grub2” package in Ubuntu:
  Confirmed

Bug description:
  I've been working with Yannubuntu and he suggested I post a bug here.
  Here's what I did.

  Received a brand new Dell XPS13 laptop with Windows8 pre-installed
  with both UEFI and SecureBoot enabled.    After playing around,
  decided to wipe everything and create a dual boot configuration with
  both Windows 8 and Ubuntu 12.10.  Steps:

  1. Install Windows 8 via Dell supplied recovery media in UEFI mode.  The installer will create the /boot/efi, recovery and main partition.  
  2. Use Windows 8 to resize hard drive down to 50GB.  Use the rest for Ubuntu.
  3. Verify the computer boots successfully to Windows 8 with UEFI and Secure Boot enabled.
  4. Boot with USB Ubuntu install media and select 'do something else' to create partitions and indicate /boot/efi
  5. Let the install complete.  Normally here, I run boot repair because the signed bootloader doesn't seem to install.  In boot repair, I use advance options, indicate where the EFI boot should go, primary OS (ubuntu) and select SecureBoot.
  6. Now, everything is configured as I want it.  Upon boot up, the computer will boot to grub and then I can go to either Ubuntu or Windows UEFI.  
  7. Upon selecting Windows UEFI, I get the error:

   /EndEntire
  file path: /ACPI(a0341d0,0)/PCI(2,1f)/UnknownMessaging(12)/HD(2,96800,32000,7c043777b8608641,87,f6)/File(\EFI\Microsoft\Boot)/File(bootmgfw.efi)/EndEntire
  error: cannot load image

  8.  If I swap the order in the BIOS to boot to Windows first (with UEFI and Secure Boot) it directly boots to Windows so I know the EFI boot files are working.
  9. If I go back to my original configuration (e.g. Ubuntu first) with UEFI, but Secure Boot disabled, then the system is able to successfully chainload the MSFT boot files.

  My gut tells me that grub is unable to chainload to an OS (or maybe
  just windows 8) which is expecting a secure boot to be initiated from
  the UEFI bios.

  As a work around, I have disabled Secure Boot, but I'd like my
  ultimate configuration to support Secure Booting to either Ubuntu or
  Windows 8 via grub.

  Thanks,

  Neeraj

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1091464/+subscriptions

More information about the foundations-bugs mailing list