Dear All,

this question is crossposted on AskUbuntu!

I have a laptop with an UEFI setup and I have the following OS installed:

- Windows 8
- Fedora 21
- Ubuntu 14.10

Secure Boot is turned on!

Booting all these from the UEFI boot menu works fine. I am using the Ubuntu grub2 bootloader as main bootloader and I can chainload the Windows bootloader and boot Windows perfectly.

The problem comes with Fedora. Fedora has a separate boot partition with the kernels but the Ubuntu grub configuration (os-prober) seems not to pick them up, not even if I mount the partition before launching the update-grub command. So I decided to create a manual entry in grub that boots the "EFI/fedora/shim.efi" and the grub bootloader

Unfortunately, this seems not to be working. Shim seems not to be able to find the grubx64.efi fedora bootloader file, and prints a "File not found" error, then goes back to the Ubuntu grub main menu

Has anybody been able to detect the Fedora kernel using grub in Ubuntu with a UEFI setup or to successfully chainload the Fedora Grub from the Ubuntu grub?

Thanks for all your help!

Valerio

Post the link to the Create BootInfo summary report. Is part of Boot-Repair:
https://help.ubuntu.com/community/Boot-Info

Also post the grub.cfg in /EFI/Fedora. It should be just three lines if like Ubuntu's that is a configfile entry to chainload to grub.cfg in Fedora's boot partition.

Thanks for the help and the assistance!

Here is the BootInfo:

http://paste.ubuntu.com/9717607/

And here is the content of grub.cfg of EFI/fedora/grub.cfg. It is not a link, but the real cfg file.



## DO NOT EDIT THIS FILE
#
# It is automatically generated by grub2-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#


### BEGIN /etc/grub.d/00_header ###
set pager=1


if [ -s $prefix/grubenv ]; then
load_env
fi
if [ "${next_entry}" ] ; then
set default="${next_entry}"
set next_entry=
save_env next_entry
set boot_once=true
else
set default="${saved_entry}"
fi


if [ x"${feature_menuentry_id}" = xy ]; then
menuentry_id_option="--id"
else
menuentry_id_option=""
fi


export menuentry_id_option


if [ "${prev_saved_entry}" ]; then
set saved_entry="${prev_saved_entry}"
save_env saved_entry
set prev_saved_entry=
save_env prev_saved_entry
set boot_once=true
fi


function savedefault {
if [ -z "${boot_once}" ]; then
saved_entry="${chosen}"
save_env saved_entry
fi
}


function load_video {
if [ x$feature_all_video_module = xy ]; then
insmod all_video
else
insmod efi_gop
insmod efi_uga
insmod ieee1275_fb
insmod vbe
insmod vga
insmod video_bochs
insmod video_cirrus
fi
}


terminal_output console
if [ x$feature_timeout_style = xy ] ; then
set timeout_style=menu
set timeout=5
# Fallback normal timeout code in case the timeout_style feature is
# unavailable.
else
set timeout=5
fi
### END /etc/grub.d/00_header ###


### BEGIN /etc/grub.d/10_linux ###
menuentry 'Fedora, with Linux 3.17.8-300.fc21.x86_64' --class fedora --class gnu-linux --class gnu --class os --unrestricted $menuentry_id_option 'gnulinux-3.17.8-300.fc21.x86_64-advanced-e7bd7f1c-ec36-4aba-94da-33c035d17fc2' {
load_video
set gfxpayload=keep
insmod gzio
insmod part_gpt
insmod ext2
set root='hd0,gpt11'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt11 --hint-efi=hd0,gpt11 --hint-baremetal=ahci0,gpt11 ef19f6b3-d25f-4886-a523-7c8ed5ba034d
else
search --no-floppy --fs-uuid --set=root ef19f6b3-d25f-4886-a523-7c8ed5ba034d
fi
linuxefi /vmlinuz-3.17.8-300.fc21.x86_64 root=UUID=e7bd7f1c-ec36-4aba-94da-33c035d17fc2 ro rootflags=subvol=root rhgb quiet
initrdefi /initramfs-3.17.8-300.fc21.x86_64.img
}
menuentry 'Fedora, with Linux 3.17.4-301.fc21.x86_64' --class fedora --class gnu-linux --class gnu --class os --unrestricted $menuentry_id_option 'gnulinux-3.17.4-301.fc21.x86_64-advanced-e7bd7f1c-ec36-4aba-94da-33c035d17fc2' {
load_video
set gfxpayload=keep
insmod gzio
insmod part_gpt
insmod ext2
set root='hd0,gpt11'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt11 --hint-efi=hd0,gpt11 --hint-baremetal=ahci0,gpt11 ef19f6b3-d25f-4886-a523-7c8ed5ba034d
else
search --no-floppy --fs-uuid --set=root ef19f6b3-d25f-4886-a523-7c8ed5ba034d
fi
linuxefi /vmlinuz-3.17.4-301.fc21.x86_64 root=UUID=e7bd7f1c-ec36-4aba-94da-33c035d17fc2 ro rootflags=subvol=root rhgb quiet
initrdefi /initramfs-3.17.4-301.fc21.x86_64.img
}
menuentry 'Fedora, with Linux 0-rescue-d50721219e80494ab14a089773249f44' --class fedora --class gnu-linux --class gnu --class os --unrestricted $menuentry_id_option 'gnulinux-0-rescue-d50721219e80494ab14a089773249f44-advanced-e7bd7f1c-ec36-4aba-94da-33c035d17fc2' {
load_video
insmod gzio
insmod part_gpt
insmod ext2
set root='hd0,gpt11'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt11 --hint-efi=hd0,gpt11 --hint-baremetal=ahci0,gpt11 ef19f6b3-d25f-4886-a523-7c8ed5ba034d
else
search --no-floppy --fs-uuid --set=root ef19f6b3-d25f-4886-a523-7c8ed5ba034d
fi
linuxefi /vmlinuz-0-rescue-d50721219e80494ab14a089773249f44 root=UUID=e7bd7f1c-ec36-4aba-94da-33c035d17fc2 ro rootflags=subvol=root rhgb quiet
initrdefi /initramfs-0-rescue-d50721219e80494ab14a089773249f44.img
}


### END /etc/grub.d/10_linux ###


### BEGIN /etc/grub.d/20_linux_xen ###


### END /etc/grub.d/20_linux_xen ###


### BEGIN /etc/grub.d/20_ppc_terminfo ###
### END /etc/grub.d/20_ppc_terminfo ###


### BEGIN /etc/grub.d/30_os-prober ###
### END /etc/grub.d/30_os-prober ###


### BEGIN /etc/grub.d/40_custom ###
# This file provides an easy way to add custom menu entries. Simply type the
# menu entries you want to add after this comment. Be careful not to change
# the 'exec tail' line above.
### END /etc/grub.d/40_custom ###


### BEGIN /etc/grub.d/41_custom ###
if [ -f ${config_directory}/custom.cfg ]; then
source ${config_directory}/custom.cfg
elif [ -z "${config_directory}" -a -f $prefix/custom.cfg ]; then
source $prefix/custom.cfg;
fi
### END /etc/grub.d/41_custom ###

You have 2 EFI partitions, sda2 and sda3. sda3 only has the windows files so I expect you are using sda2. Don't know if that has anything to do with the problem.
Ubuntu shows as being on sda8 and its boot files are there. There are no files shown on any of the other Linux partitions. If you look at the section under blkid output, you see the entry below with the label fedora which I would expect to be your fedora installation. sda12.


/dev/sda12 e7bd7f1c-ec36-4aba-94da-33c035d17fc2 btrfs fedora

Your grub.cfg file from Fedora which you posted above shows "set root='hd0,gpt11'" which would be sda11. Is that where you have Fedora, on the ext4 or is it actually on sda12. Not sue why you don't show any boot files for your Fedora partitions when they show for Ubuntu?

Please use code tags for longer text or terminal output.

You have two partitions with efi files, but only one is flagged as the efi partition. I think some vendors do that do they can switch or reconfigure UEFI to boot their recovery partition or repair tools. That should be ok.

If Fedora boots directly from UEFI, I do not see why the chain entry from Ubuntu's grub would not work.

It does look like you have secure boot on. Have you tried with it off?
And you have Windows hibernated which will cause issues trying to boot Windows from grub2.

Just not familiar with Fedora's grub2. Because it is btrfs, did script not see its grub.cfg? Possible issue with script? Or you may need to manually load btrfs drivers when running script?

I think the set root is the /boot partitition's UUID and the Linux line is the UUID from the / install, when you have a separate /boot partition. Not sure if then you also need an insmod for btrfs, since /boot is ext4?

oldfred-- found a old thread you posted an answer in , could that still be the solution ? http://askubuntu.com/questions/342908/fedora-missing-in-grub-inside-ubuntu?rq=1

valmar-lp-- did you use LVM in fedora's install ?

Post the contains of fedora's grub.cfg "/boot/efi/EFI/fedora/grub.cfg"
It looks like fedora uses the same basic grub-efi as ubuntu https://fedoraproject.org/wiki/GRUB_2?rd=Grub2

I did not see LVM, so I do not think loading the lvm drivers are required.

But not familiar with btrfs, and grub often needs extra modules loaded or insmod btrfs. But if boot partition is ext4 then I do not know if that grub loads drivers, or not?

I did not see LVM, so I do not think loading the lvm drivers are required.

But not familiar with btrfs, and grub often needs extra modules loaded or insmod btrfs. But if boot partition is ext4 then I do not know if that grub loads drivers, or not?
I've been chewing through my lip, trying not to jump in. Not trying to high jack at all <> Just throwing in a hint. This should be much simpler than you are making.

You do not chainload Fedora anymore. They are Grub2 and systemd.

Look at the attached: That is a screen shot of one on my Fedora 20 Servers. That just happens to be on LVM and RAID. No LVM drivers in the menu section itself, but mine has root in a /dev/mapper/. Same kind of logic and boot process, but uses systemd kenrel boot options.

Big hint is to drop to Grub CLI and try the physical type of storage hints


GRUB> ls (hd # <TAB> completion to get seenphysical drives
GRUB> ls (hd1, gpt # <TAB> completion to get seen partitions
GRUB> ls (hd1,gpt11) # to see what the filesystem shows... find the boot images inside the /boot directory to verfiy what to boot
You can test the boot from the Grub CLI or via editing a Grub menu item... but replace the UUID (that it is saying is not correct) with the phyical ID... Until you can get it booted and and see what the UUID is...

I just boot from a LiveCD and redirect the output of


sudo blkid > /dev/sdd/result.text # in this example, a mount USB thumb drive...
then cut and paste that UUID where I need it.

Again. Sorru for the interuption. Just trying to help... Now back to helping others...

It works with secure boot off, but I have to chainload gcdx64.efi instead of shim.efi in the fedora boot partition.

If I try to chainload that with secure boot on (I am trying to find a solution with works with secure boot because Windows is not happy without it), I get a "cannot load image" error. While if I chainload shim I get the error: file not found error.

I would be fine with the other way around (chainload the Ubuntu grub from the Fedora one, but that also does not work)

Thanks for all the answers!

Valerio

Oh. Okay. I understand now...

Is it possible that GRUB2 cannot chainload when secure boot is on?

I noticed this patch that is applied to the OpenSUSE version of GRUB:

https://build.opensuse.org/package/view_file/openSUSE:Factory/grub2/grub2-secureboot-chainloader.patch?expand=1

I don't claim to understand exactly what this does, but maybe one of you can....

I have now tried to compile grub2 with this patch, then I will test it....

Another idea that I have: could the lack of "search" lines in the grub stanza cause the files not to be found?

Valerio

Dear All,

I asked for help in the Fedora forums and received good advice

http://www.forums.fedoraforum.org/showthread.php?t=302536

The problem is that now the Fedora kernel will not boot because it is signed with the Fedora certificate, not with the Ubuntu one. Does anyone know if it is possible to add the Fedora certificate to the Ubuntu bootloader?

Also if understand correctly, Ubuntu does not enforce kernel signature, so O might be able to boot the Ubuntu kernel with the Fedora bootloader.

Any ideas?

Valerio

I have seen a lot of users turn off secure boot and have no issues with Windows.
So do you have to have secure boot on? Or why is Windows complaining.
It was a Microsoft requirement that users be able to turn secure boot off (after much complaining by competitors I think).

Some info on keys, but I understand little of it.
Info on signing keys
https://wiki.ubuntu.com/SecurityTeam/SecureBoot

Ok, I got this to work. I extracted the fedora-ca.cer certificate from the Fedora source package of shim

Then on Ubuntu I installed the mokutil program and I added the key to the allowed keys of the Ubuntu bootloader:

1) sudo mokutil --import fedora-ca.cer and set a password
2) reboot, ubuntu reboots in the MokManager
3) add key, by typing in the password set in point 1

The Ubuntu grub can now boot the Fedora kernel in Secure Boot.

Thanks to everyone who helped!

Valerio