[Bug 1450783] [NEW] grub-install with --bootloader-id option creates unusable boot configuration with secure boot

Lukas 1450783 at bugs.launchpad.net
Fri May 1 12:04:26 UTC 2015 

Public bug reported:

When manually creating an EFI boot entry using `grub-install
--bootloader-id=<myid>`, where myid is a string different from "ubuntu",
the resulting boot configuration is broken.

The signed grub EFI binary `grubx64.efi` seems to contain a hardcoded
path to `/EFI/ubuntu`, from which grub will then read the grub.cfg
configuration file specifying the UUID of the root partition. This
approach only works if the bootloader id is in fact equal to "ubuntu".

Either calling grub-install with both an alternative bootloader id and
UEFI secure boot options should fail and print an error explaining the
situation, or the signed boot image should be fixed (i.e. the hardcoded
path removed) so that it reads the grub.cfg from the same directory in
which the image itself is located, which seems preferable because it
allows multi-booting more than one Ubuntu installation on the same
system.

** Affects: grub2 (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2 in Ubuntu.
https://bugs.launchpad.net/bugs/1450783

Title:
  grub-install with --bootloader-id option creates unusable boot
  configuration with secure boot

Status in grub2 package in Ubuntu:
  New

Bug description:
  When manually creating an EFI boot entry using `grub-install
  --bootloader-id=<myid>`, where myid is a string different from
  "ubuntu", the resulting boot configuration is broken.

  The signed grub EFI binary `grubx64.efi` seems to contain a hardcoded
  path to `/EFI/ubuntu`, from which grub will then read the grub.cfg
  configuration file specifying the UUID of the root partition. This
  approach only works if the bootloader id is in fact equal to "ubuntu".

  Either calling grub-install with both an alternative bootloader id and
  UEFI secure boot options should fail and print an error explaining the
  situation, or the signed boot image should be fixed (i.e. the
  hardcoded path removed) so that it reads the grub.cfg from the same
  directory in which the image itself is located, which seems preferable
  because it allows multi-booting more than one Ubuntu installation on
  the same system.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1450783/+subscriptions

More information about the foundations-bugs mailing list