On 29/11/2024 atà 18:19, Steve McIntyre wrote:
On Fri, Nov 29, 2024 at 05:51:43PM +0100, Georg Gast wrote:
Checked the sha1sums from the installed efi binaries in /boot/EFI/EFI/debian
The EFI partition mount point should be /boot/efi, not /boot/EFI.
Now my question is: Is it intended that the efi binaries in
/boot/EFI/EFI/debian/ are not updated? Is this a bug or a feature? (..)
This should all work automatically for you, assuming you have
appropriate packages installed.
Appropriate package are installed, otherwise manually running
grub-install [1] would not work.
shim-signed postinst script runs grub-install [2] only if
/boot/efi/EFI/$bootloader_id (default=debian) exists and is a directory.
If /boot is in a case-sensitive filesystem, /boot/EFI will not match.
[1] I was surprised that grub-install does not mind using /boot/EFI, but
indeed it tries /boot/EFI if /boot/efi does not exist or is not a directory.
[2] IMO running grub-install in shim-signed postinst script is wrong;
shim-signed should trigger the active boot loader instead because just
having grub-install present does not mean that grub-efi-amd64-signed is
the active boot loader. But this is another issue.
