[Bug 1684341] Re: EFI fallback binary should not be installed in --removable mode
Mathieu Trudel-Lapierre
mathieu.tl at gmail.com
Wed Jun 14 19:12:41 UTC 2017
Verification done on xenial:
Preparing to unpack .../grub-efi-amd64-signed_1.66.11+2.02~beta2-36ubuntu3.11_amd64.deb ...
Unpacking grub-efi-amd64-signed (1.66.11+2.02~beta2-36ubuntu3.11) over (1.66.9+2.02~beta2-36ubuntu3.9) ...
Preparing to unpack .../grub-efi-amd64_2.02~beta2-36ubuntu3.11_amd64.deb ...
Unpacking grub-efi-amd64 (2.02~beta2-36ubuntu3.11) over (2.02~beta2-36ubuntu3.9) ...
Preparing to unpack .../grub2-common_2.02~beta2-36ubuntu3.11_amd64.deb ...
Unpacking grub2-common (2.02~beta2-36ubuntu3.11) over (2.02~beta2-36ubuntu3.9) ...
Preparing to unpack .../grub-efi-amd64-bin_2.02~beta2-36ubuntu3.11_amd64.deb ...
Unpacking grub-efi-amd64-bin (2.02~beta2-36ubuntu3.11) over (2.02~beta2-36ubuntu3.9) ...
Preparing to unpack .../grub-common_2.02~beta2-36ubuntu3.11_amd64.deb ...
Unpacking grub-common (2.02~beta2-36ubuntu3.11) over (2.02~beta2-36ubuntu3.9) ...
I've verified that the fbx64.efi file is indeed no longer installed in
/boot/efi/EFI/ubuntu.
** Tags added: verification-done-xenial
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2 in Ubuntu.
https://bugs.launchpad.net/bugs/1684341
Title:
EFI fallback binary should not be installed in --removable mode
Status in cloud-images:
New
Status in grub2 package in Ubuntu:
Fix Released
Status in grub2 source package in Trusty:
Confirmed
Status in grub2 source package in Xenial:
Fix Committed
Status in grub2 source package in Yakkety:
Fix Committed
Status in grub2 source package in Zesty:
Fix Committed
Bug description:
[Impact]
Building some images depending on calling grub-install --removable still installs fbx64.efi; which we don't want on removable media.
[Test case]
On an EFI system, run 'grub-install --removable --target=x86_64-efi'. Observe whether fbx64.efi is installed to /boot/efi/EFI/BOOT. It should not.
[Regression potential]
If any system is depending on running grub-install with --removable, and on fbx64.efi being installed in /boot/efi/EFI/BOOT; this would cause this assumption to fail -- leading to incorrect fallback behavior when BootEntries are not present on a system.
Failures to boot with "System BootOrder not found" errors should be
considered a possible regression.
Any missing files in /boot/efi/EFI/BOOT or /boot/efi/EFI/ubuntu after
install should be considered a potential regression of this update.
----
The patch I did to fix names for the new naming of shim binaries included the addition of fbx64.efi; but it was done wrong: fbx64.efi should only exist under \EFI\BOOT, it's not required in the "removable" path; except if we're trying to force installing to the removable path *too*.
In other words:
1) we normally don't want /EFI/ubuntu/fbx64.efi to exist;
and
a) on a desktop or server, we want /EFI/BOOT/fbx64.efi to exist (ie. installs without --removable, and with --force-extra-removable used when grub-install was called);
b) on removable media, we do not want /EFI/BOOT/fbx64.efi to exist (ie. when grub-installed is called with --removable).
Furthermore, the (a) case is probably not the typical case we want to
run grub-install with. Calls to grub-install with --force-extra-
removable probably should be limited to shim-signed's postinst.
In any case, let's move the fbx64.efi installation step to
also_install_removable() in grub-installer to avoid installing it when
it shouldn't be.
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-images/+bug/1684341/+subscriptions
More information about the foundations-bugs
mailing list