[Bug 1864533] [NEW] grub wrongly booting via bios entry point instead of efi when secureboot disabled

Steve Langasek steve.langasek at canonical.com
Mon Feb 24 19:40:00 UTC 2020 

Public bug reported:

Currently, the Ubuntu patches for secureboot support will boot the
kernel via the EFI stub ONLY if secureboot is enabled.  This means that
if secureboot is disabled, grub wrongly skips the kernel's EFI stub,
resulting in buggy behavior (missing EFI fixups; lack of access to the
TCG log).

When booted on EFI, grub should ALWAYS use the EFI protocol to boot the
kernel, and only do a non-EFI boot as a fallback if the EFI stub is not
available AND secureboot is not enabled.

Patches available at https://people.canonical.com/~chrisccoulson/grub-
efi-fixes/

** Affects: grub2 (Ubuntu)
     Importance: High
         Status: New

** Affects: grub2 (Ubuntu Bionic)
     Importance: High
         Status: New

** Affects: grub2 (Ubuntu Focal)
     Importance: High
         Status: New

** Changed in: grub2 (Ubuntu)
   Importance: Undecided => High

** Also affects: grub2 (Ubuntu Bionic)
   Importance: Undecided
       Status: New

** Also affects: grub2 (Ubuntu Focal)
   Importance: High
       Status: New

** Changed in: grub2 (Ubuntu Bionic)
   Importance: Undecided => High

** Description changed:

  Currently, the Ubuntu patches for secureboot support will boot the
  kernel via the EFI stub ONLY if secureboot is enabled.  This means that
  if secureboot is disabled, grub wrongly skips the kernel's EFI stub,
  resulting in buggy behavior (missing EFI fixups; lack of access to the
  TCG log).
  
  When booted on EFI, grub should ALWAYS use the EFI protocol to boot the
  kernel, and only do a non-EFI boot as a fallback if the EFI stub is not
  available AND secureboot is not enabled.
+ 
+ Patches available at https://people.canonical.com/~chrisccoulson/grub-
+ efi-fixes/

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2 in Ubuntu.
https://bugs.launchpad.net/bugs/1864533

Title:
  grub wrongly booting via bios entry point instead of efi when
  secureboot disabled

Status in grub2 package in Ubuntu:
  New
Status in grub2 source package in Bionic:
  New
Status in grub2 source package in Focal:
  New

Bug description:
  Currently, the Ubuntu patches for secureboot support will boot the
  kernel via the EFI stub ONLY if secureboot is enabled.  This means
  that if secureboot is disabled, grub wrongly skips the kernel's EFI
  stub, resulting in buggy behavior (missing EFI fixups; lack of access
  to the TCG log).

  When booted on EFI, grub should ALWAYS use the EFI protocol to boot
  the kernel, and only do a non-EFI boot as a fallback if the EFI stub
  is not available AND secureboot is not enabled.

  Patches available at https://people.canonical.com/~chrisccoulson/grub-
  efi-fixes/

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1864533/+subscriptions

More information about the foundations-bugs mailing list