Announcement

Collapse
No announcement yet.

Ubuntu Switches Back To GRUB2 For SecureBoot

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    randomizer: it may relate to theming. grub2 seems considerably slower to render when themed on some hardware, compared to when un-themed.

    Comment


    • #12
      Originally posted by AdamW View Post
      randomizer: it may relate to theming. grub2 seems considerably slower to render when themed on some hardware, compared to when un-themed.
      The theme is really nothing but a purple background. I would hope that this wouldn't be too taxing on the system

      This has me wondering what precisely we are all referring to when talking about how long it takes to render. Are we talking about the time between when the bootloader screen first appears until it has fully rendered or the time between a completed POST sequence and when it has fully rendered? The delay I'm referring to is mostly between the end of the POST and when the bootloader menu first appears, which is a couple of seconds. This delay is much shorter with other distros.

      Comment


      • #13
        Originally posted by Kano View Post
        You dont need grub when you use efi. Did you ever try without?
        So it's baked into Ubuntu kernels now? Must investigate. Since I don't multiboot, I'd love to purge GRUB completely.

        Comment


        • #14
          Originally posted by steveriley View Post
          So it's baked into Ubuntu kernels now? Must investigate. Since I don't multiboot, I'd love to purge GRUB completely.
          You can still multiboot if your motherboard allows you to have a boot menu (probably does). You just create more entries to it.

          Comment


          • #15
            Originally posted by 89c51 View Post
            You can still multiboot if your motherboard allows you to have a boot menu (probably does). You just create more entries to it.
            Yeah, both my ThinkPads have a crappy boot manager menu, which basically just lists whatever it sees in Bootnnnn NVRAM variables. Right now, my one-and-only entry, called "ubuntu," points to \EFI\ubuntu\grubx64.efi. EFI boot appears to allow me to skip the irrelevant GRUB stuff and directly boot-load the kernel. Just need to spend a couple hours learning how to stitch it all together.

            Comment


            • #16
              That's pretty simple (lets think you use /dev/sda1 for /boot/efi - basically i would not even need -d/p in that case and /dev/sda2 for /), try this
              Code:
              sudo cp /boot/vmlinuz-$(uname -r) /boot/efi/EFI/ubuntu/linux.efi
              sudo efibootmgr -c -d /dev/sda -p 1 -l '\EFI\ubuntu\linux.efi' -L 'Ubuntu direct' -u 'quiet root=/dev/sda2'
              instead of root=/dev/sda2 you could use in the case you have got gpt this:
              Code:
              echo root=PARTUUID=$(blkid -p -s PART_ENTRY_UUID -o value /dev/root)
              Thats usually not needed for only 1 internal hd, but would not hurt of course. A partuuid is the id of the partition and NOT the id of the filesystem, this is not supported without initrd. It is possible to boot with initrd as well, but i think you wanted to boot with max speed.

              Comment


              • #17
                Originally posted by Kano View Post
                That's pretty simple (lets think you use /dev/sda1 for /boot/efi - basically i would not even need -d/p in that case and /dev/sda2 for /), try this
                Code:
                sudo cp /boot/vmlinuz-$(uname -r) /boot/efi/EFI/ubuntu/linux.efi
                sudo efibootmgr -c -d /dev/sda -p 1 -l '\EFI\ubuntu\linux.efi' -L 'Ubuntu direct' -u 'quiet root=/dev/sda2'
                instead of root=/dev/sda2 you could use in the case you have got gpt this:
                Code:
                echo root=PARTUUID=$(blkid -p -s PART_ENTRY_UUID -o value /dev/root)
                Thats usually not needed for only 1 internal hd, but would not hurt of course. A partuuid is the id of the partition and NOT the id of the filesystem, this is not supported without initrd. It is possible to boot with initrd as well, but i think you wanted to boot with max speed.
                actually it is not that simple, because initrd may be required.

                my kernel is now a standalone efi bootable which can boot any linux partitions in my PC by:
                1. do not allow module, compile all function builtin
                2. embed initramfs
                3. embed video firmware blob

                Comment


                • #18
                  You dont need to embed that, it can be read from the filesystem. You only have to be sure that your hd can be mounted without extra drivers - thats default for ubuntu kernels when you dont use raid. But in the case you want to boot with initrd, thats a piece of cake as well.
                  Code:
                  sudo cp /boot/initrd.img-$(uname -r) /boot/efi/EFI/ubuntu/initrd.img
                  sudo efibootmgr -c -d /dev/sda -p 1 -l '\EFI\ubuntu\linux.efi' -L 'Ubuntu direct with initrd' -u 'quiet root=/dev/sda2 initrd=EFI\ubuntu\initrd.img'
                  As you see you have to write the path to the initrd relatively to the efi partition, you can add a \ in front, but that is optional. You have to use \ and not / because that's the UEFI syntax. So whats your problem now? Btw you can use the root=UUID=... statement you usually get by
                  Code:
                  echo root=UUID=$(blkid -p -s UUID -o value /dev/root)
                  if you want when you use an initrd as well, thats the uuid of the filesystem - this would even work when you use mbr partitions - the efi fat partition must be a PRIMARY one in that case!

                  Comment


                  • #19
                    Fedora approach

                    How does Ubuntu's SecureBoot approach now differ from that of Fedora?

                    Comment


                    • #20
                      Well you can reuse the ubuntu shim/grub for all purpose Because it allows boot of unsigned kernels. Basically they use both shim to chainload to grub. shim can be configured to allow only a signed binary (when you build it plain it is just a chainloader). Fedora wants to use signed kernels, somewhere are kernel patches to do that, maybe you find the link. With one working shim/grub combination you can boot every system - well it depends how many features ubuntu allows in the signed grub, if chainloader is possible you can start any other efi binary (signed or not) - and even win.
                      Last edited by Kano; 22 September 2012, 01:17 PM.

                      Comment

                      Working...
                      X