Re: [arch-general] GRUB doesn't boot Windows behind Secure Boot
Il 29/11/2016 10:49, David Phillips ha scritto:
>
> I'm not familiar with GRUB anymore, but it sounds like perhaps the file
> bootmgfw.efi has not been signed with a key that is trusted by your board's
> SecureBoot feature. Hence, booting with SB enabled causes a load failure
> while booting without SB fixes the problem.
>
Hello there,
as said previously, I would have posted here after having back a proper
setup. I had to fight over a week to set up the EFI partition and
Windows Boot Manager properly, but I made it somehow.
So, that's what I did:
- I've resetted the UEFI firmware, so that everything was clean
- I've installed GRUB again and I setted up Preloader and HashTool as
stated at [1]
- With HashTool, I've enrolled the Grub EFI binary and also the proper
Windows EFI binaries.
I still face the same error; additionally, also chainloading HashTool
from GRUB gives me errors (with Secure Boot, from here SB, on, tried
only with SB on as it is useless with SB off).
As before, turning off SB allows GRUB to chainload Windows flawlessly.
Still, I would like to keep SB on.
I'm adding also my grub.cfg file at [2].
Hope to have some feedback soon!
Regards
[1] https://wiki.archlinux.org/index.php/Secure_Boot#Set_up_PreLoader
[2] http://paste.ubuntu.com/23594049/
--
Giovanni Santini
My blog: http://giovannisantini.tk
My code: https://git{hub,lab}.com/ItachiSan
My GPG: 2FADEBF5
Re: [arch-general] GRUB doesn't boot Windows behind Secure Boot
Il 29/11/2016 10:49, David Phillips ha scritto:
>
> I'm not familiar with GRUB anymore, but it sounds like perhaps the file
> bootmgfw.efi has not been signed with a key that is trusted by your board's
> SecureBoot feature. Hence, booting with SB enabled causes a load failure
> while booting without SB fixes the problem.
>
> Like I said, not familiar with GRUB, so not sure if that file is grub's
> problem or not. Just a pointer to something for you to investigate.
>
> Thanks,
> David
>
Thank you for your reply David.
This is strange, as Secure Boot works flawlessly booting directly
Windows Boot Manager (that is also the file mentioned above!).
So maybe GRUB doesn't like it anyways... I will think about it in next
days, as I also broke up Windows Boot Manager (resizing EFI partition is
a nope for BCD settings, seems).
Will ping here after some progress.
--
Giovanni Santini
My blog: http://giovannisantini.tk
My code: https://git{hub,lab}.com/ItachiSan
My GPG: 2FADEBF5
Re: [arch-general] GRUB doesn't boot Windows behind Secure Boot
On Mon, Nov 28, 2016 at 01:13:10PM +0100, Giovanni Santini via arch-general wrote: > Good afternoon, Good evening, > > /ACPI(yadda)/PCI(yadda)/Sata(0,0,0)/HD(yaddayadda)/File(\EFI\Microsoft\Boot)/File(bootmgfw.efi)/EndEntire > error: cannot load image. > > The strange thing is that disabling Secure Boot make it works. Not strange at all. > Not really sure what I'm missing here. I'm not familiar with GRUB anymore, but it sounds like perhaps the file bootmgfw.efi has not been signed with a key that is trusted by your board's SecureBoot feature. Hence, booting with SB enabled causes a load failure while booting without SB fixes the problem. Like I said, not familiar with GRUB, so not sure if that file is grub's problem or not. Just a pointer to something for you to investigate. Thanks, David
[arch-general] GRUB doesn't boot Windows behind Secure Boot
Good afternoon,
I have been using GRUB for a long time, but I'm having a strange issue.
My setup consists of ArchLinux as main OS and Windows 10 and Ubuntu
12.04 as secondary OSes.
Turning up Secure Boot in my firmware options results in such an error
when chainloading Windows:
/EndEntire
file path:
/ACPI(yadda)/PCI(yadda)/Sata(0,0,0)/HD(yaddayadda)/File(\EFI\Microsoft\Boot)/File(bootmgfw.efi)/EndEntire
error: cannot load image.
The strange thing is that disabling Secure Boot make it works.
Not really sure what I'm missing here.
--
Giovanni Santini
My blog: http://giovannisantini.tk
My code: https://git{hub,lab}.com/ItachiSan
My GPG: 2FADEBF5
