[Solved] grub, efibootmg and headaches

Posted: Sat Oct 17, 2020 12:38 pm
by oz42
I successfully have transfered Mint to my new M.2 SSD, including secure boot.

But UEFI gives me headaches. Whenever I run grub-install, it re-enables outdated UEFI boot entries:

Code: Select all

root@hanni:~# efibootmgr 
BootCurrent: 0003
Timeout: 0 seconds
BootOrder: 0003,0007,0000,0001,2001,2002,2003
Boot0000* Linpus lite
Boot0001* openSUSE
Boot0003* ubuntu
Boot0007  Windows Boot Manager
Boot2001* EFI USB Device
Boot2003* EFI Network
Boot2004* Huawei Firmware Update Program
I can remove them with efibootmgr, but on the next run of grub they reapper. What's wrong?

And do I need grub anymore? It was great in the old i386 days, but today there should be a better boot loader. Is any available?

Posted: Sat Oct 17, 2020 3:33 pm
by oz42
Meanwhile I have tried refind, but still no luck. I can enroll as many keys as I like, secure boot does not work. But there must be a way to get around the grub bugs and problems.

And I have learned that efibootmgr is completely useless because it fails to delete entries from the EFI partition and shows no error message when it fails. I had to delete them manually.

I am just looking for a not so complicated bootloader solution. In the 2000s, it was okay to fight with lilo :wink: but nowadays I would like to see a more comfortable booting solution.

Posted: Sat Oct 17, 2020 6:14 pm
by antikythera
There's systemd-boot which PopOS! use as their default instead of grub. It's not quite as mature though for obvious reasons.

efibootmgr is not meant to delete anything from the EFI partition(s) on your drive. You are responsible for cleaning up redundant files.

It's used to solely manage information stored in a size limited boot entry list capsule of the motherboards firmware chip. ... temd-boot/

Posted: Mon Oct 19, 2020 3:39 am
by oz42
Thank you!

Posted: Mon Oct 19, 2020 9:39 am
by fabien85
As antikythera said : efibootmgr does not delete any file on the EFI partition. That is the role of the package manager of the distribution with which you installed the bootloader.
If you deleted the distro by deleting its partition, then yes you are left with leftovers on the EFI partition that you can clean up manually. (although normally they do not pose any problem as long as you have a valid bootloader higher up in the boot order)

Instead, efibootmgr allows you to manage the boot entries in the NVRAM. i.e. what tells the firmware where to look for a bootloader.
Now it does happen that some machines have a buggy firmware, and efibootmgr cannot communicate with them. The symptom I have witnessed is that you delete a boot entry with efibootmgr, you confirm with efibootmgr -v, but next time you reboot the entries are back.
In those cases, you need to go in the firmware interface (/BIOS) to delete manually the offending entries.

For secure boot, I suggest you just abandon that battle. Turn it off and forget about it. For Linux, secure boot does not bring much in real life situations. Also it's another point where firmwares can be buggy.

Posted: Mon Oct 19, 2020 9:51 am
by oz42
Removing Secure Boot is exactly what I have done meanwhile. :D Right now, everything is working as expected.