EFI fallback binary should not be installed in --removable mode
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
grub2 (Ubuntu) |
Fix Released
|
Critical
|
Mathieu Trudel-Lapierre | ||
Trusty |
Confirmed
|
Undecided
|
Unassigned | ||
Xenial |
Fix Released
|
Undecided
|
Unassigned | ||
Yakkety |
Fix Released
|
Undecided
|
Unassigned | ||
Zesty |
Fix Released
|
Critical
|
Mathieu Trudel-Lapierre |
Bug Description
[Impact]
Building some images depending on calling grub-install --removable still installs fbx64.efi; which we don't want on removable media.
[Test case]
On an EFI system, run 'grub-install --removable --target=
[Regression potential]
If any system is depending on running grub-install with --removable, and on fbx64.efi being installed in /boot/efi/EFI/BOOT; this would cause this assumption to fail -- leading to incorrect fallback behavior when BootEntries are not present on a system.
Failures to boot with "System BootOrder not found" errors should be considered a possible regression.
Any missing files in /boot/efi/EFI/BOOT or /boot/efi/
----
The patch I did to fix names for the new naming of shim binaries included the addition of fbx64.efi; but it was done wrong: fbx64.efi should only exist under \EFI\BOOT, it's not required in the "removable" path; except if we're trying to force installing to the removable path *too*.
In other words:
1) we normally don't want /EFI/ubuntu/
and
a) on a desktop or server, we want /EFI/BOOT/fbx64.efi to exist (ie. installs without --removable, and with --force-
b) on removable media, we do not want /EFI/BOOT/fbx64.efi to exist (ie. when grub-installed is called with --removable).
Furthermore, the (a) case is probably not the typical case we want to run grub-install with. Calls to grub-install with --force-
In any case, let's move the fbx64.efi installation step to also_install_
summary: |
- EFI fallback binary should only be installed in removable path + EFI fallback binary should only be installed in force-extra-removable |
Changed in grub2 (Ubuntu): | |
status: | New → Triaged |
importance: | Undecided → Critical |
status: | Triaged → In Progress |
assignee: | nobody → Mathieu Trudel-Lapierre (cyphermox) |
milestone: | none → ubuntu-17.05 |
description: | updated |
summary: |
- EFI fallback binary should only be installed in force-extra-removable + EFI fallback binary should not be installed in --removable mode |
Changed in cloud-images: | |
importance: | Undecided → High |
tags: | removed: verification-failed |
no longer affects: | cloud-images |
This bug was fixed in the package grub2 - 2.02~beta3-4ubuntu3
--------------- 4ubuntu3) artful; urgency=medium
grub2 (2.02~beta3-
* debian/ patches/ install_ signed. patch, grub-install- extra-removable .patch: extra-removable .patch to reverse its logic: in the removable; as we don't want
- Make sure if we install shim; it should also be exported as the default
bootloader to install later to a removable path, if we do.
- Rework grub-install-
default case, install the bootloader to /EFI/BOOT, unless we're trying
to install on a removable device, or explicitly telling grub *not* to
do it.
- Move installing fb$arch.efi to --no-extra-
fallback to be installed unless we're also installing to /EFI/BOOT.
(LP: #1684341)
-- Mathieu Trudel-Lapierre <email address hidden> Wed, 26 Apr 2017 21:08:22 -0400