Comment 4 for bug 1247933

grub-install, at least on 14.04 and 15.04, seems to hardcode the path "EFI/ubuntu" into all secureboot images. This has the effect that regardless of the boot entry that is selected in the EFI interface, grub always reads (ESP)/EFI/ubuntu/grub.cfg and continues to boot from the volume referenced there.

The binary /EFI/<bootloader-id>/grubx64.efi always contains the hardcoded string "EFI/ubuntu", which seems to be covered by canonical's signature and thus unchangeable.

If secure boot is deactivated, editing the grubx64.efi binary to reflect the correct path fixes the issue for me; i.e. if the bootloader is in EFI/mysecondubuntu, change EFI/ubunt2/grubx64.efi so that the string "EFI/ubuntu" becomes "EFI/ubunt2" (better keep the length the same in order to not break the binary alignment). This only works with secure boot disabled in the firmware; otherwise the signature becomes invalid.

However, when grub-install is invoked using --no-uefi-secure-boot, it gets even more confusing: grubx64.efi doesn't contain the hardcoded string anymore, but it seems as if grub.cfg is not even considered anymore – grub directly continues to boot from some hardcoded boot volume which I am unable to modify!

All of this makes it almost impossible to install two versions of Ubuntu on a single machine.