On 23/08/2024 11:39, Felix Miata wrote:
I don't know what vexing secure boot might introduce, but without it,
GRUB_DISTRIBUTOR= was used by grub-install in Trixie here to produce
results I expected:
[...]
# grep TOR /etc/default/grub
GRUB_DISTRIBUTOR="debian13"
[...]
├── debian13
│ └── grubx64.efi
├── opensuse
How does grubx64.efi find where grub.cfg is located? Is it compatible
with Secure Boot? It is the reason why your experiment is not convincing.
I have tried some variants of full shim+grub signed configurations on
the laptop with buggy firmware where I experienced troubles several
years ago. The results have surprised me and they are the same as for
qemu with OVMF instance.
grubx64.efi (v2.06) from Debian bookworm has no problem with reading
grub.cfg placed in the same directory and directory name does not matter.
grubx64.efi (v2.06) from Ubuntu 20.04 focal reads config file strictly
from EFI/ubuntu/grub.cfg.
I have not figured out what specific patch causes the difference. A lot
of lines are changed. I do not think it is a security measure. Perhaps
something is broken in attempts to improve booting from network.
There was a similar issue with Debian
https://bugs.debian.org/932966
and devuan still used EFI/debian when bootloader id "devuan" is used,
patches have not dropped (but perhaps just to avoid issues with existing
installations).
A couple of problems that I have noticed in bookworm:
1. When /usr/lib/shim/BOOTX64.CSV is installed, bootloader id in it is
not adjusted. As a result if additional removable path EFI/BOOT is used
then there is a chance that fbx64.efi will create "debian" boot entry,
not the name specified in GRUB_DISTRIBUTOR
2. It is not apparent that after modifying GRUB_DISTRIBUTOR it is
necessary to create the directory with matched name in /boot/efi/EFI.
Otherwise "dpkg-reconfigure grub-efi-amd64" does not run grub-install. I
would prefer to have an explicit setting instead of relying on presence
of a directory.
The main point is that I did not expect that Debian and Ubuntu may
diverge in so subtle way. I believed fixed .cfg path is a UEFI
limitation or at best an inherent grub limitation.
