Originally posted by steveriley
View Post
Announcement
Collapse
No announcement yet.
Ubuntu Switches Back To GRUB2 For SecureBoot
Collapse
X
-
-
Originally posted by randomizer View PostThis has me wondering what precisely we are all referring to when talking about how long it takes to render.
Leave a comment:
-
Originally posted by Kano View PostThat's pretty simple (lets think you use /dev/sda1 for /boot/efi - basically i would not even need -d/p in that case and /dev/sda2 for /), try this
Code:sudo cp /boot/vmlinuz-$(uname -r) /boot/efi/EFI/ubuntu/linux.efi sudo efibootmgr -c -d /dev/sda -p 1 -l '\EFI\ubuntu\linux.efi' -L 'Ubuntu direct' -u 'quiet root=/dev/sda2'
Code:echo root=PARTUUID=$(blkid -p -s PART_ENTRY_UUID -o value /dev/root)
Originally posted by Kano View PostYou dont need to embed that, it can be read from the filesystem. You only have to be sure that your hd can be mounted without extra drivers - thats default for ubuntu kernels when you dont use raid. But in the case you want to boot with initrd, thats a piece of cake as well.
Code:sudo cp /boot/initrd.img-$(uname -r) /boot/efi/EFI/ubuntu/initrd.img sudo efibootmgr -c -d /dev/sda -p 1 -l '\EFI\ubuntu\linux.efi' -L 'Ubuntu direct with initrd' -u 'quiet root=/dev/sda2 initrd=EFI\ubuntu\initrd.img'
Code:echo root=UUID=$(blkid -p -s UUID -o value /dev/root)
Leave a comment:
-
Well you can reuse the ubuntu shim/grub for all purpose Because it allows boot of unsigned kernels. Basically they use both shim to chainload to grub. shim can be configured to allow only a signed binary (when you build it plain it is just a chainloader). Fedora wants to use signed kernels, somewhere are kernel patches to do that, maybe you find the link. With one working shim/grub combination you can boot every system - well it depends how many features ubuntu allows in the signed grub, if chainloader is possible you can start any other efi binary (signed or not) - and even win.Last edited by Kano; 22 September 2012, 01:17 PM.
Leave a comment:
-
Fedora approach
How does Ubuntu's SecureBoot approach now differ from that of Fedora?
Leave a comment:
-
You dont need to embed that, it can be read from the filesystem. You only have to be sure that your hd can be mounted without extra drivers - thats default for ubuntu kernels when you dont use raid. But in the case you want to boot with initrd, thats a piece of cake as well.
Code:sudo cp /boot/initrd.img-$(uname -r) /boot/efi/EFI/ubuntu/initrd.img sudo efibootmgr -c -d /dev/sda -p 1 -l '\EFI\ubuntu\linux.efi' -L 'Ubuntu direct with initrd' -u 'quiet root=/dev/sda2 initrd=EFI\ubuntu\initrd.img'
Code:echo root=UUID=$(blkid -p -s UUID -o value /dev/root)
Leave a comment:
-
Originally posted by Kano View PostThat's pretty simple (lets think you use /dev/sda1 for /boot/efi - basically i would not even need -d/p in that case and /dev/sda2 for /), try this
Code:sudo cp /boot/vmlinuz-$(uname -r) /boot/efi/EFI/ubuntu/linux.efi sudo efibootmgr -c -d /dev/sda -p 1 -l '\EFI\ubuntu\linux.efi' -L 'Ubuntu direct' -u 'quiet root=/dev/sda2'
Code:echo root=PARTUUID=$(blkid -p -s PART_ENTRY_UUID -o value /dev/root)
my kernel is now a standalone efi bootable which can boot any linux partitions in my PC by:
1. do not allow module, compile all function builtin
2. embed initramfs
3. embed video firmware blob
Leave a comment:
-
That's pretty simple (lets think you use /dev/sda1 for /boot/efi - basically i would not even need -d/p in that case and /dev/sda2 for /), try this
Code:sudo cp /boot/vmlinuz-$(uname -r) /boot/efi/EFI/ubuntu/linux.efi sudo efibootmgr -c -d /dev/sda -p 1 -l '\EFI\ubuntu\linux.efi' -L 'Ubuntu direct' -u 'quiet root=/dev/sda2'
Code:echo root=PARTUUID=$(blkid -p -s PART_ENTRY_UUID -o value /dev/root)
Leave a comment:
-
Originally posted by 89c51 View PostYou can still multiboot if your motherboard allows you to have a boot menu (probably does). You just create more entries to it.
Leave a comment:
-
Originally posted by steveriley View PostSo it's baked into Ubuntu kernels now? Must investigate. Since I don't multiboot, I'd love to purge GRUB completely.
Leave a comment:
Leave a comment: