Public bug reported: Currently, the Ubuntu patches for secureboot support will boot the kernel via the EFI stub ONLY if secureboot is enabled. This means that if secureboot is disabled, grub wrongly skips the kernel's EFI stub, resulting in buggy behavior (missing EFI fixups; lack of access to the TCG log).
When booted on EFI, grub should ALWAYS use the EFI protocol to boot the kernel, and only do a non-EFI boot as a fallback if the EFI stub is not available AND secureboot is not enabled. Patches available at https://people.canonical.com/~chrisccoulson/grub- efi-fixes/ ** Affects: grub2 (Ubuntu) Importance: High Status: New ** Affects: grub2 (Ubuntu Bionic) Importance: High Status: New ** Affects: grub2 (Ubuntu Focal) Importance: High Status: New ** Changed in: grub2 (Ubuntu) Importance: Undecided => High ** Also affects: grub2 (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: grub2 (Ubuntu Focal) Importance: High Status: New ** Changed in: grub2 (Ubuntu Bionic) Importance: Undecided => High ** Description changed: Currently, the Ubuntu patches for secureboot support will boot the kernel via the EFI stub ONLY if secureboot is enabled. This means that if secureboot is disabled, grub wrongly skips the kernel's EFI stub, resulting in buggy behavior (missing EFI fixups; lack of access to the TCG log). When booted on EFI, grub should ALWAYS use the EFI protocol to boot the kernel, and only do a non-EFI boot as a fallback if the EFI stub is not available AND secureboot is not enabled. + + Patches available at https://people.canonical.com/~chrisccoulson/grub- + efi-fixes/ -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1864533 Title: grub wrongly booting via bios entry point instead of efi when secureboot disabled To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1864533/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
