On 2018-09-18 15:00, Chris Murphy wrote:
On Tue, Sep 18, 2018 at 12:25 PM, Austin S. Hemmelgarn
<ahferro...@gmail.com> wrote:
It actually is independent of /boot already. I've got it running just fine
on my laptop off of the EFI system partition (which is independent of my
/boot partition), and thus have no issues with handling of the grubenv file.
The problem is that all the big distros assume you want it in /boot, so they
have no option for putting it anywhere else.
Actually installing it elsewhere is not hard though, you just pass
`--boot-directory=/wherever` to the `grub-install` script and turn off your
distributions automatic reinstall mechanism so it doesn't get screwed up by
the package manager when the GRUB package gets updated. You can also make
`/boot/grub` a symbolic link pointing to the real GRUB directory, so that
you don't have to pass any extra options to tools like grub-reboot or
grub-set-default.
This is how Fedora builds their signed grubx64.efi to behave. But you
cannot ever run grub-install on a Secure Boot enabled computer, or you
now have to learn all about signing your own binaries. I don't even
like doing that, let alone saner users.
So for those distros that support Secure Boot, in practice you're
stuck with the behavior of their prebuilt GRUB binary that goes on the
ESP.
Agreed, but that avoids the issues we're talking about here completely
because the grubenv file ends up on the ESP too.
