Bug#1017887: grub-efi-amd64-signed: SecureBoot Grub-Install with Custom Bootloader ID Drops Grub into Grub Shell
Pascal Hambourg
pascal at plouf.fr.eu.org
Tue May 2 19:02:35 BST 2023
(Not replying to the submitter because gmail rejects all my mails)
On Mon, 22 Aug 2022 10:58:06 +0800 Chew Kean Ho
<hollowaykeanho at gmail.com> wrote:
>
> When performing a manual grub-install in a debootstrap Debian OS setup,
> installing SecureBoot Grub with --bootloader-id value other than 'debian' causes
> the Grub to drop into Grub Shell (failed to locate /boot/grub/grub.cfg) despite
> having the UUID and root prefix values correct at /boot/EFI/<name>/grub.cfg
> level.
This bug should be partially fixed since version 2.06-3~deb11u5 as a
lucky side effect of embedding a grub.cfg into memdisk.
> Exact cause is unknown (still not sure what causes the drop). The only
> workaround is NOT to mess with the --bootloader-id or set --bootloader-id to
> strictly 'debian' as value.
The cause is well known, see #925309. (maybe merge the two bugs ?)
<https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925309>
An effective workaround was to copy /boot/EFI/<name>/grub.cfg into
/boot/EFI/debian/ where GRUB expected to find it.
> The same thing happens when SecureBoot is turned off at BIOS.
If secure boot is disabled, another workaround was to install GRUB
without secure boot support, either by removing shim-signed or by
running grub-install --no-uefi-secure-boot.
More information about the Pkg-grub-devel
mailing list