[Bug 1450783] Re: grub-install with --bootloader-id option creates unusable boot configuration with secure boot

[Mate Kukri]

The way this works on core.efi+modules based installs is that the
installer modifies core.efi with a path to grub.cfg.

This cannot be done in signed images, as that obviously invalidates the
signature.

It would make sense to change upstream GRUB to have a feature that is
"please load config from same directory as EFI executable" is an option,
but I don't believe this to be the case.

I think this should be contributed upstream.

** Changed in: grub2 (Ubuntu)
       Status: Triaged => Won't Fix

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2 in Ubuntu.
https://bugs.launchpad.net/bugs/1450783

Title:
  grub-install with --bootloader-id option creates unusable boot
  configuration with secure boot

Status in grub2 package in Ubuntu:
  Won't Fix

Bug description:
  When manually creating an EFI boot entry using `grub-install
  --bootloader-id=<myid>`, where myid is a string different from
  "ubuntu", the resulting boot configuration is broken.

  The signed grub EFI binary `grubx64.efi` seems to contain a hardcoded
  path to `/EFI/ubuntu`, from which grub will then read the grub.cfg
  configuration file specifying the UUID of the root partition. This
  approach only works if the bootloader id is in fact equal to "ubuntu".

  Either calling grub-install with both an alternative bootloader id and
  UEFI secure boot options should fail and print an error explaining the
  situation, or the signed boot image should be fixed (i.e. the
  hardcoded path removed) so that it reads the grub.cfg from the same
  directory in which the image itself is located, which seems preferable
  because it allows multi-booting more than one Ubuntu installation on
  the same system.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1450783/+subscriptions