Bug#1038974: grub2: Update Linux erases Windows entry in boot list
Chris Carr
rantingman at gmail.com
Fri Sep 22 10:14:26 BST 2023
On Fri, 22 Sept 2023 at 08:55, Julian Andres Klode <
julian.klode at canonical.com> wrote:
> It's no secret that we ship a patch in Ubuntu to keep running
> os-prober if the existing grub.cfg has os-prober entries in it to
> avoid the regression, but the ship has sailed for Debian, everyone
> has received the update by now, so introducing it again isn't helping
> anyone (arguably the patch keeps it on if you install fresh but that
> wasn't my personal decision).
>
> If you are interested in multi boot via grub menum, my suggestion would
> be to invest the time to write the code to do os-probing from grub. The
> most important piece - dual booting windows can be easily done by
> checking if the correct windows files exist and then adding a boot
> entry.
>
> Ultimately this is becoming less and less a priority for people because
> it doesn't even work. If you have Windows installed in a normal setup,
> it does its TPM based Bitlocker encryption, you won't be able to start
> it via grub anyhow, but have to boot via the firmware menu. Same for
> other OS, as we move forward to increasingly TPM encrypt OS, dual
> booting only works without a foreign grub in the chain.
>
> What I do want to do is add a boot menu to grub to allow you to boot
> other OS in the boot menu by setting BootNext and resetting the machine;
> but I don't think there's much value to be had sinking considerable
> resources into legacy boot multi booting.
>
> And yes, I want to also add that Windows detection, but I think that's
> a reasonable level of regression for the security benefits.
>
> Alternatively if you feel you need os-prober because you install
> multiple Linux distributions in a BIOS system, I mean, by all means
> enable it and live with the risk or work to sandbox grub-mount, I think
> it could just drop its privileges after opening the device and install
> seccomp filters and whatnot.
>
Thank you for the comprehensive explanation. I'm glad that the problem was
avoided for Ubuntu users. I am not a fan of TPM but accept that it is
inevitable. I agree that your BootNext idea is better in that context.
Good luck,
CC
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-grub-devel/attachments/20230922/ad276d9d/attachment.htm>
More information about the Pkg-grub-devel
mailing list