[SOLVED] Booting install CD when uefi and secure boot are enabled

[oldfred]

Depending on what options you are checking in Boot-Repair, it renames the windows efi files to a backup and installs shim. When Boot-Repair says to boot with shim, it probably should just say ubuntu from UEFI menu as that is what UEFI will show. Or if only able to boot Windows the shim file may really be named the Windows boot. See below for more explanation.

But there really are 3 main efi files, grub's shim which includes the "key" which is the Microsoft key to boot in secure boot mode, the standard grub, and the Microsoft efi files. But only those systems that only boot from the Microsoft efi file is where Boot-Repair will rename the Windows efi file and use the shim file. Then when booting from Windows entry in UEFI your really get grub menu and from grub menu you boot the Windows backup.

If system will boot ubuntu entry you have two choices. The shim should work with secure boot on or off. The standard grub will only work with secure boot off. Then you do not have to rename the Windows file and copy shim into the Windows directory.

How Boot-Repair fixes a Ubuntu with grub-pc with efi Windows
http://ubuntuforums.org/showpost.php...&postcount=516
Boot-Repair - Updated Jan 1, 2013 to not rename first time, but rename if first time Windows does not boot. Post 706 and 711
http://ubuntuforums.org/showthread.p...769482&page=71
Boot-Repair copied /EFI/ubuntu/grubx64.efi to /EFI/Boot/bootx64.efi (in case the BIOS is hard-coded to boot into /EFI/Boot/bootx64.efi or secure boot
signed GRUB file shimx64.efi.

Depending on how you view efi partition these are the files used for booting. Normally from Ubuntu the efi partition is mounted at /boot/efi so you may see /boot/efi/efi/ubuntu for example. If you see files with bkb then Boot-Repair is making backups and renaming files. Always best to have full backup of efi partition as it is vital for booting.

# UEFI Boot files UEFI sees folder for efi files, so it will show, ubuntu, Windows, Boot and maybe others for recovery.
# for grub/ubuntu
/efi/ubuntu/grubx64.efi
# New secure boot grub version:
/efi/ubuntu/ shimx64.efi.
# for Windows, but for UEFI systems that only boot this file, grub or shim may get renamed to this and this backed up.
/EFI/Microsoft/Boot/bootmgfw.efi
# Both Windows & Ubuntu may provide this shell file, not sure of differeneces.
/efi/Boot/bootx64.efi
# There also may be other files in each directory to support booting.

If Vendors would correctly implement UEFI, even with secure boot we would not have all this hassle of renaming files or having to do other work arounds. Only a few computers seem to work correctly, many need the work arounds, but then that often complicates the install process for everyone.

[squakie]

Thanks again! I think I'm going to try just using the BIOS boot menu to boot Ubuntu for now until I get a better understanding of all of this and the various partitions and how to set the BIOS to use a certain one. Currently I have gotten myself a "little" lost and need to regroup. At least for now it will boot Windows automatically and I can get to Ubuntu via the BIOS boot menu. I'm afraid with not understanding all of this from the get-go I may already have hosed up something with those Windows EFI files/partition - I think that's why the first time through this I had to completely rebuild the disk just to get Windows back.

I *thought* I understood this stuff when I started out, but It's way beyond what I thought. Hopefully with enough more reading I'll be able to get a better handle on this so I can hopefully get to dual-boot.

Thanks so much!

[oldfred]

That makes good backups of efi partition, Windows partition and your data in /home even more important.

The vendor recovery DVDs are just an image of your drive as purchased. If you have housecleaned a lot of cruft normally included, run many updates with many reboots, and added software you may want a full back up.
Backup windows before install - post by Mark Phelps
http://ubuntuforums.org/showthread.php?t=2040149
http://ubuntuforums.org/showthread.php?t=1626990
http://www.macrium.com/reflectfree.asp
Another suggestion by srs5694
http://www.runtime.org/driveimage-xml.htm

[squakie]

I've always used Macrium Reflect, and with a 750gb external drive I should have room for a few of it's files before recycling. I'm pretty sure I need to pretty much leave as-is unless I want to re-install Ubuntu again, because it would appear that the default EFI partition was changed from what I can see. If I remove Ubuntu the grub menu is still showing (at least, that's what happened last time) and I can't boot Windows from it. If I completely reload the disk it gets rid of grub, but then I also don't have any access to Ubuntu. This has gotten REALLY confusing. To create an UEFI partition for Ubuntu, from at least what I've read, it needs to be at the beginning of the disk, and guess what's already there? Of course the Windows UEFI partition, so I haven't been able to try that yet - I think I would get in a deadly embrace - run gparted, remove the partition, allocate the ubunu uefi partition, but then if it doesn't work I would lose everything and have to do the factory reset again.

I can see where this is a multi-layer problem. Trying to sort through those layers to get an understanding of all of this seems to be a bit challenging.

[squakie]

You know, I was a systems programmer and systems administrator on big iron for many years, but I guess I just haven't kept "that part of my brain" working since I am no longer working. It's a little frustrating to me because I know I should understand all of this with no problem - perhaps I just haven't read enough yet

oldfred - thanks so much!

[oldfred]

With BIOS and MBR it has actually been pretty simple at least compared to UEFI. Maybe because it has been the same for nearly 30 years but also because it is implemented pretty much the same on most systems.

But UEFI is new, gpt partitioning is new and every vendor seems to have made UEFI a bit different even though it is a standard. Some do not work well yet. Then Ubuntu is trying to work around the secure boot issues and each vendor's issues as best as it can, but it is all new. Boot-repair does some of the work arounds.

[squakie]

BTW - I tried 12.10 in virtualbox again last night (Windows 8 host). Tried the things recommended to get around the llvm(?) issue of graphics going through the CPU instead of the GPU, but nothing actually worked - still no 3d rendering.

[sms88]

If Vendors would correctly implement UEFI, even with secure boot we would not have all this hassle of renaming files or having to do other work arounds. Only a few computers seem to work correctly, many need the work arounds, but then that often complicates the install process for everyone.

I found one other issue that was causing me grief with a Lenovo desktop. I booted the LiveCD (actually now a LiveDVD as a CD lacks sufficient capacity), but unbeknownst to me it was doing a non-UEFI installation because the DVD drive was a legacy device (with no option to change it to a UEFI boot device).

I don't know if it's simply not possible to do a UEFI installation if the DVD drive is a non-UEFI device, or if the Ubuntu installer simply assumes that if the LiveDVD is booted in legacy mode that it need to do a non-UEFI installation. I finally figured out what was going on when I specified UEFI boot devices only, and the system would not boot from the DVD drive;. I made a Live USB stick and things improved. The UEFI installation went smoothly, but the system would not boot. Boot Repair (run with the Windows 8 drive disconnected) fixed this. then I edited the 40_custom file to manually add the EFI boot partition information for Winodws 8, set the Windows drive to a non-boot device, and Grub came up and allowed either OS to boot.

But this was a desktop with a separate drive for Ubuntu. On a single drive laptop it would likely be much more complicated.

But I think the key thing is that if you can get Grub to load, and Ubuntu to boot, you can manually configure Grub to boot Windows. You just need the UUID of the Windows 8 EFI boot partition. But if Ubuntu is sharing the same boot partition then you're likely out of luck. Even specifying a separate EFI boot partition for Ubuntu may not help because how will the system know which boot partition to use on a bootable UEFI drive? Perhaps going in and managing the flags to disable the Windows EFI boot partition?

When I first ran Boot Repair, with the Windows drive connected, Boot Repair damaged the drive and nothing would boot. Running the Windows 8 recovery from the recovery partition completed, but Windows 8 would still not boot. Only by making a USB recovery key and allowing it to wipe the drive, could I get back to a working Windows 8 system. What I took away from this was MEVER run Boot Repair on a system with Windows 8 pre-installed.

[oldfred]

@sms88
Boot-Repair has worked on many UEFI installed systems, including some Lenovo.

Not sure what your issues was, but Boot-Repair does not know for sure what issues you have and may rename Windows files to use the grub shim file to boot as that also has the Microsoft key. But it can also un-rename files just as easy.

You can only have one efi partition per device. And you can chain load from one drive's efi partition to the efi on anther drive to boot systems on that drive. If installing to a second drive, it really should not be modifying the Windows drive at all. But even with BIOS that was an issue if manual install was not used.

[sms88]

@sms88
Boot-Repair has worked on many UEFI installed systems, including some Lenovo.

Not sure what your issues was, but Boot-Repair does not know for sure what issues you have and may rename Windows files to use the grub shim file to boot as that also has the Microsoft key. But it can also un-rename files just as easy.

You can only have one efi partition per device. And you can chain load from one drive's efi partition to the efi on anther drive to boot systems on that drive. If installing to a second drive, it really should not be modifying the Windows drive at all. But even with BIOS that was an issue if manual install was not used.

The Lenovo system I have is UEFI but does not have Secure Boot enabled. If I enable it, Windows gets upset and says something about not having a valid key.

Boot Repair invariably damaged the Windows drive almost beyond repair. What finally worked was an Ubuntu install with the Windows drive disconnected, then running Boot Repair to get Ubuntu to boot, then manually adding the Windows entry to Grub, making the Windows drive non-bootable in the CMOS setup, then connecting the Windows drive.

I don't know what Boot Repair did to the EFI boot partition on the Windows drive. I did post three of the URLs with the log it creates but I don't think anyone has the time or inclination to figure out what happened.

The Boot Repair dumps are at:

http://paste.ubuntu.com/1694319/
http://paste.ubuntu.com/1694354/
http://paste.ubuntu.com/1694436/

Chaining is what I eventually did, I think. If you call Grub calling the EFI boot partition on the Windows drive chaining.

One question I have is can you have only one EFI boot partition on a drive _period_ or can you only have two EFI boot partitions on a drive with only one having the boot flag set? If you're telling Grub where the boot partition is by specifying the UUID Windows will still boot even if the boot flag is not set (however it won't shut down!).