Grub2Win support for Ubuntu grub2

[Ed P]

Ubuntu's grub2 supports EFI's Secure Boot function, Grub2Win's does not. Installing Ubuntu's grub2 looks easy enough to do according to this link: https://www.pendrivelinux.com/install-grub2-on-usb-from-ubuntu-linux/ . So if Grub2Win could interface with it it would be a win-win senario for users.

Having the Ubuntu grub2 replace the grub2 in Grub2Win would be even better.

While disabling Secure Boot is feasible on personal computers and those of friends it is not an option on proprietary computers.

[Drummer]

Hey Ed,

I'm not sure this will work. Here's why:

The signed Ubuntu EFI boot module doesn't have support for NTFS so it will not find the Grub config file or libraries on a Windows disk partition.

Generating an EFI module with the required support (ntfs, normal, search etc) will invalidate the special Microsoft signature that Ubuntu uses to bypass the secure boot check. The EFI firmware will deny the boot.

This makes sense, because otherwise a hacker could embed and generate malicious code in the specially signed Ubuntu EFI boot module and secure boot would be useless.

Also, Ubuntu grub expects a Linux extx library structure in the Linux /boot partition at boot time. It would never find the C:\grub2 directory. or grub.cfg file.

These are my initial thoughts. I will have a closer look when I return from vacation October 1.

Thanks,

Dave

[Ed P]

Dave,

Ok, so replacing the grub2 in Grub2Win doesn't sound possible but adding support to Grub2Win for accessing the Ubuntu grub.cfg file on a USB drive should be.

Ed

[Ed P]

A couple of links that may interest you Dave.

https://github.com/schierlm/usb-modboot/blob/master/grub-ubuldr.cfg

http://reboot.pro/topic/21845-uefi-bootloader-boot-manager-signed-with-microsofts-secure-boot-key/

[Drummer]

Hey Ed,

Grub2Win is a Windows application. It cannot access the Ubuntu grub.cfg file because it is on a Linux extx partition. Not accessable from Windows apps.

Dave

[Ed P]

Dave,

Ubuntu's grub runs just fine on FAT partitions, just like EFI. Pretty sure Grub2Win can access them.

Ed

[Drummer]

Hey Ed,

Yes Ubuntu can possibly run on FAT partitions, however the Ubuntu install program default is ext4, not FAT.

This means that 95% plus of Ubuntu root partitions in the wild are ext4, not accessable from Windows apps. People rarely change from the default to FAT at install time, they nearly always take the default ext4 format.

I know this from the many disk maps included in the diagnostic files I have received from users.

Dave

[Ed P]

Dave,

You are missing the point here. I'm not talking about Ubuntu, I'm talking about Ubuntu's grub2, and how it, the grub2 sw, can be installed to a USB drive, without installing Ubuntu. Using Grub2Win's menu editing capablities to maintain that grub2's menu would be super helpful.

Ed

[Ed P]

Hey Dave,

I'll try your suggestion, it's an easy fix. I just put this script in the c:\grub2 folder.

SBgrub2.cmd

@echo off&title Secure Boot grub.cfg 

set USBdrv=G:

rename c:\grub2\grub.cfg G2Wgrub.cfg
copy   %USBdrv%\boot\grub\grub.cfg c:\grub2\
c:\grub2\grub2win.exe
move   c:\grub2\grub.cfg %USBdrv%\boot\grub\ /y
rename c:\grub2\G2Wgrub.cfg grub.cfg
pause > nul
exit

-update-

The grub.cfg I ended up manually creating for booting the grub2 system on my USB drive actually doesn't need a lot of editing.

if loadfont /boot/grub/font.pf2 ; then
#   set gfxmode=auto
    set gfxmode=800x600,auto
    insmod efi_gop
    insmod efi_uga
    insmod gfxterm
    terminal_output gfxterm
fi

set menu_color_normal=white/black
set menu_color_highlight=black/light-gray

set timeout=60
set gfxpayload=1024x768

menuentry " 1. UEFI Porteus 4.0 system - for Secure Boot enabled" {

     set efibootmgr=/EFI/boot/grubx64.efi
     set porteus_parms="volume=33 reboot=cold extramod=/Modules;/Modsavedat noload=save.dat;cinnamon"
#    Change parms to fit your needs.

     set bootdrv=$root
     search -f $efibootmgr
     if [ $? == 0 ]; then
        linux  /boot/syslinux/vmlinuz $porteus_parms
        initrd /boot/syslinux/initrd.xz
        echo " "
        echo " -> "
        echo " -> If /boot/grub/x86-64-efi errors appear, disregard."
        echo " -> It means Secure Boot has not been enabled."
        echo " -> "
        sleep -i 4
     else
        echo "----------------------------------------"
        echo $efibootmgr was NOT found.
        echo
        sleep -i 10
     fi
     set root=$bootdrv
     }

menuentry " 2. UEFI Porteus 4.0 boot menu - aborts if Secure Boot is enabled" {

     set efibootmgr=/EFI/Porteusboot/bootx64.efi

     set bootdrv=$root
     search -f $efibootmgr 
     if [ $? == 0 ]; then
        chainloader $efibootmgr
        echo " "
        echo " -> "
        echo " -> If /boot/grub/x86-64-efi errors appear, disregard."
        echo " -> "
        sleep -i 4 
     else
        echo "----------------------------------------"
        echo $efibootmgr was NOT found.
        echo
        sleep -i 10
     fi
     set root=$bootdrv 
     }

menuentry " " { echo }

menuentry " 3. Reboot" {
     reboot
     }
menuentry " 4. Shutdown" {
     halt
     }

menuentry " " { echo }

menuentry " Notes" {
     echo
     echo "To switch the USB drive's boot mode to BIOS mode "
     echo "run the BIOSboot.sh script in the /EFI directory."
     echo 
     echo "To switch the USB drive boot mode back to EFI mode"
     echo "run the Secureboot.sh script in the /EFI directory." 
     echo 
     sleep -i 10
     }

I suspect a similar setup would work with other USB systems.

Ed

-update-

This grub.cfg works also but not as planned.

if loadfont /boot/grub/font.pf2 ; then
#   set gfxmode=auto
    set gfxmode=800x600,auto
    insmod efi_gop
    insmod efi_uga
    insmod gfxterm
    terminal_output gfxterm
fi

set menu_color_normal=white/black
set menu_color_highlight=black/light-gray

set timeout=60
set gfxpayload=1024x768


set efibootmgr=/EFI/Porteusboot/bootx64.efi 
set porteus_parms="volume=33 reboot=cold extramod=/Modules;/Modsavedat noload=save.dat;cinnamon"
#  Change parms to fit your needs. 


insmod /boot/grub/x86_64-efi/cat
if rmmod cat; then
   linux  /boot/syslinux/vmlinuz $porteus_parms
   initrd /boot/syslinux/initrd.xz
   boot
   exit
else
   chainloader $efibootmgr
   boot
   exit
fi

The goal was to have the grub.cfg automatically boot the Secure Boot enabled option or the Secure Boot disabled option but that is not how it is working. Regardless of the Secure Boot setting the top option is executed. Not a bad situation, just not the desired situation.

Ed