[Bug 1647235] Re: Wrong /boot/grub/grub.cfg processed after change of GRUB_DISTRIBUTOR

[UlfZibis]

Ubuntu boot loaders (here grubx64.efi), which are signed for secure
boot, internally always refer to grub.cfg in the boot directory
"EFI/ubuntu/" in the EFI system partition. If changed e.g. via hex
editor, the UEFI boot signature check of it will and must fail.

A fix could be to remove the fixation on "EFI/ubuntu/" in grubx64.efi
and instead to detect the belonging "EFI/xxx/grub.cfg" by examination of
it's own location "EFI/xxx/".

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2-signed in Ubuntu.
https://bugs.launchpad.net/bugs/1647235

Title:
  Wrong /boot/grub/grub.cfg processed after change of GRUB_DISTRIBUTOR

Status in grub2-signed package in Ubuntu:
  Confirmed

Bug description:
  I have 2 Ubuntu 64-Bit installations on 2 different partitions.
  I have added a 2nd UEFI boot directory:
  /boot/efi/EFI/ubuntu-64
  After booting into the 2nd installation, I have changed in /etc/default/grub:
  GRUB_DISTRIBUTOR="Ubuntu-64"
  After grub-install and update-grub I got new .efi files in /boot/efi/EFI/ubuntu-64 and a new /boot/grub/grub.cfg and /boot/efi/EFI/ubuntu-64/grub.cfg refers to the partition of the 2nd installation.

  When I again boot via /boot/efi/EFI/ubuntu-64 the /boot/grub/grub.cfg
  of the 1st installation is processed instead the one of the 2nd
  installation. I think, this is wrong.

  Looking into /boot/efi/EFI/ubuntu-64/grubx64.efi of the 2nd
  installation with a hex editor I find the string EFI/ubuntu instead
  EFI/ubuntu-64.

  The failure can only be avoided when installing GRUB with --no-uefi-
  secure-boot.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2-signed/+bug/1647235/+subscriptions