can not boot up in uefi secure boot mode unbuntu 13.04, can run in a live from cd uefi secure mode. will boot non secure boot mode

Thanks for reporting this issue, Dan. Can you confirm that the install on the hard drive that fails to boot was installed under secure boot mode? When the system fails to boot, what exactly do you see on the screen - where does it stop? (Screenshots would be good here)

After booting the system in non-secureboot mode, can you please run the command 'sudo efibootmgr -v' and post the output?

Dear Steve,

Here are 3 pictures for you. The screen shot is the output of what you had
me run in the terminal mode.
Pic p4180031 is how I have the computer set up when I ran ubuntu in the
live mode and also when I installed it from the cd. When the computer
restarts and I am using the the first boot device ubuntu in my uefi boot to
boot from I get a blank screen. When I use the F12 key and go to my boot
menu and pick ubuntu boot device in pic p4180031 the I get this screen pic
p4180029. I hope this helps you to help me. Thanks Dan Winkler

On Wed, Apr 17, 2013 at 10:30 PM, Steve Langasek <
<email address hidden>> wrote:

> Thanks for reporting this issue, Dan. Can you confirm that the install
> on the hard drive that fails to boot was installed under secure boot
> mode? When the system fails to boot, what exactly do you see on the
> screen - where does it stop? (Screenshots would be good here)
>
> After booting the system in non-secureboot mode, can you please run the
> command 'sudo efibootmgr -v' and post the output?
>
> ** Changed in: shim (Ubuntu)
> Status: New => Incomplete
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1170183
>
> Title:
> can not boot up in uefi secure boot mode unbuntu 13.04, can run in a
> live from cd uefi secure mode. will boot non secure boot mode
>
> Status in “shim” package in Ubuntu:
> Incomplete
>
> Bug description:
> I am running on a dell inspiron 7720. Have install ubuntu 13.04 with
> the windows 8 hard drive removed. I can run in a live from cd in uefi
> secure mode and can install the same in secure mode. I can not boot to
> the hard drive which has only unbuntu 13.04 installed on in secure
> mode. I have installed unbunta with the windows 8 hard dirve removed
> because I don't want any issues with unbuntu or windows messing with
> each other. It will boot up in non secure mode. I want to able to boot
> to windows 8 hard drive or unbunta hard with out changing secure on
> and off. can any one help me. thanks dan winkler
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1170183/+subscriptions
>

Thanks. A text paste would have been preferred to a screenshot for the command output, but this is sufficient to show that your system is configured to boot /efi/ubuntu/grubx64.efi... when it should be configured to boot /efi/ubuntu/shimx64.efi.

To correct this problem on your local system, you should be able to run the command 'grub-install --uefi-secure-boot'.

Reassigning this bug to grub2, because grub-installer or grub2 should have automatically done the right thing at install time. Colin, could you take a look at this?

the command 'sudo grub-install --uefi-secure-boot' was entered into the
terminal
it said it had finished with no errors
the computer was then shut down and restarted, the boot was changed to
secure boot, again I got a blank screen, I then restarted the computer and
hit f12 to access the boot menu, selected ubuntu (which boot 1st
automatically because it is at the top of the boot list) and received the
same screen that states access denied (which I sent you a pic of
previously). So I turned the secure boot off, once again and booted to
ubuntu, then entered in the 'sudo efibootmgr-v' command into the terminal
and got

 lucille@lucille-Inspiron-7720:~$ sudo sudo efibootmgr -v

[sudo] password for lucille:

BootCurrent: 000C

Timeout: 0 seconds

BootOrder:
000C,0000,0001,0002,0003,0004,0005,0006,0007,000B,0009,000A,0008,000E,000F

Boot0000 Setup

Boot0001 Boot Menu

Boot0002* Removable Drive
030a2400d23878bc820f604d8316c068ee79d25b20699b27e1a34f488e97534d40523c1d

Boot0003* Hard Drive
030a2400d23878bc820f604d8316c068ee79d25bf5b01cc8ce8e9841b3a8fb94b6dfefee

Boot0004* USB Storage Device
030a2400d23878bc820f604d8316c068ee79d25b6895f49a99882e4bb0da03ec784d2828

Boot0005* CD/DVD/CD-RW Drive
030a2400d23878bc820f604d8316c068ee79d25b3750dce1249e1748876bee5d3f25ebfb

Boot0006* Second Hard Drive
030a2400d23878bc820f604d8316c068ee79d25b293b8046e622c74ebd287431e0c56179

Boot0007* Network
030a2400d23878bc820f604d8316c068ee79d25b6567de8ee595634d842b325e6a43510b

Boot0008* Network Boot
030a2400d23878bc820f604d8316c068ee79d25b1b7f7356e3475744a9a6ed8e91832083

Boot0009 Diagnostics

Boot000A Change boot mode setting

Boot000B* Windows Boot Manager
HD(1,800,fa000,7d58b232-1c76-4fcc-a696-4c6b951a7612)File(\EFI\Microsoft\Boot\bootmgfw.efi)WINDOWS.........x...B.C.D.O.B.J.E.C.T.=.{.9.d.e.a.8.6.2.c.-.5.c.d.d.-.4.e.7.0.-.a.c.c.1.-.f.3.2.b.3.4.4.d.4.7.9.5.}...a................

Boot000C* ubuntu
HD(1,800,5d21800,1bbce1c1-4706-4196-a31f-ff245bddffed)File(\EFI\ubuntu\grubx64.efi)

Boot000E* dvd boot
ACPI(a0341d0,0)PCI(1f,2)03120a00030000000000CD-ROM(1,8d4,29c8ad)File(EFI\BOOT\BOOTX64.EFI)

Boot000F* UShe B
ACPI(a0341d0,0)PCI(1d,0)USB(0,0)USB(3,0)0311050000HD(1,800,5b4800,e8ac336c-d14c-4ca2-8154-5a790a5df7ea)File(EFI\Boot\bootx64.efi)

lucille@lucille-Inspiron-7720:~$ ^C

lucille@lucille-Inspiron-7720:~$

I believe this still states that the boot is grub and not shim
anyway I still can not boot in secure mode
I appreciate you help, but I still need more
thanks

On Thu, Apr 18, 2013 at 7:22 PM, Steve Langasek <
<email address hidden>> wrote:

> Thanks. A text paste would have been preferred to a screenshot for the
> command output, but this is sufficient to show that your system is
> configured to boot /efi/ubuntu/grubx64.efi... when it should be
> configured to boot /efi/ubuntu/shimx64.efi.
>
> To correct this problem on your local system, you should be able to run
> the command 'grub-install --uefi-secure-boot'.
>
> Reassigning this bug to grub2, because grub-installer or grub2 should
> have automatically done the right thing at install time. Colin, could
> you take a look at this?
>
> ** Package changed: shim (Ubuntu) => grub2 (Ubuntu)
>
> ** Changed in: gru...

On Fri, Apr 19, 2013 at 12:55:13PM -0000, Dan Winkler wrote:
> Boot000C* ubuntu
> HD(1,800,5d21800,1bbce1c1-4706-4196-a31f-ff245bddffed)File(\EFI\ubuntu\grubx64.efi)

Oh, that's very strange. We've seen reports of similar behavior before when
the firmware's nvram space has been filled up (see
https://lists.ubuntu.com/archives/ubuntu-devel/2013-April/037029.html). But
if this is a new install, I don't know why you would have that problem, and
it still doesn't explain why the installer set this to grubx64.efi in the
first place.

First thing's first, can you check that you have the 'shim-signed' package
installed? ('dpkg -l shim-signed') If not, please install it with 'sudo
apt-get install shim-signed', then run 'sudo grub-install
--uefi-secure-boot' again.

If that still doesn't fix it to let you run under secure boot mode, please
do the following.

Show the output of this command:

$ ls -l /sys/firmware/efi/efivars/

Please then also try running these commands from the commandline (one
immediately after the other), and paste the output:

$ sudo efibootmgr -v -c -d /dev/sda -p 1 -w -L ubuntu -l '\EFI\ubuntu\shimx64.efi'
$ echo $?

lucille@lucille-Inspiron-7720:~$ ls -l /sys/firmware/efi/efivars/
total 0
-rw-r--r-- 1 root root 12 Apr 19 15:18
AcpiGlobalVariable-af9ffd67-ec10-488a-9dfc-6cbf5ee22c2e
-rw-r--r-- 1 root root 5 Apr 19 15:18
AutoBootMenuVariable-78c7fa11-1b18-4fec-b317-fbfa03fd32c2
-rw-r--r-- 1 root root 46 Apr 19 15:18
Boot0000-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 54 Apr 19 15:18
Boot0001-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 82 Apr 19 15:18
Boot0002-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 72 Apr 19 15:18
Boot0003-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 88 Apr 19 15:18
Boot0004-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 88 Apr 19 15:18
Boot0005-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 86 Apr 19 15:18
Boot0006-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 66 Apr 19 15:18
Boot0007-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 76 Apr 19 15:18
Boot0008-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 58 Apr 19 15:18
Boot0009-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 84 Apr 19 15:18
Boot000A-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 304 Apr 19 15:18
Boot000B-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 128 Apr 19 15:18
Boot000C-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 130 Apr 19 15:18
Boot000E-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 145 Apr 19 15:18
Boot000F-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 6 Apr 19 15:18
BootCurrent-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 8 Apr 19 15:18
BootOptionSupport-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 34 Apr 19 15:18
BootOrder-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 26 Apr 19 15:18
BootOrderDefault-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 50 Apr 19 15:18
ConIn-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 50 Apr 19 15:18
ConInDev-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 48 Apr 19 15:18
ConOut-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 48 Apr 19 15:18
ConOutDev-8be4df61-93ca-11d2-aa0d-00e098032b8c
-rw-r--r-- 1 root root 5 Apr 19 15:18
CpuCmpSmt-f31bce44-4db9-40fc-93ab-4de140657b91
-rw-r--r-- 1 root root 5 Apr 19 15:18
CpuOnlyReset-0382f3df-35d3-4716-8219-3f6f8275848e
-rw-r--r-- 1 root root 39 Apr 19 15:18
CpuPpiSetupVar-d1b99f1a-084b-49c3-b88e-378abefa118b
-rw-r--r-- 1 root root 5 Apr 19 15:18
CpuRatio-320c081f-b8ca-40ad-a6bf-30211e51ec0e
-rw-r--r-- 1 root root 3223 Apr 19 15:18
db-d719b2cb-3d3a-4596-a3bc-dad00e67656f
-rw-r--r-- 1 root root 80 Apr 19 15:18
dbx-d719b2cb-3d3a-4596-a3bc-dad00e67656f
-rw-r--r-- 1 root root 9 Apr 19 15:18
DellFpVariable-9c61548f-781a-4f16-a029-67534b441faa
-rw-r--r-- 1 root root 95 Apr 19 15:18
DellHddPwdVariable-149dd1fe-af5d-4895-a407-26458480913a
-rw-r--r-- 1 root root 75 Apr 19 15:18
DellVariable-4fee3d67-18f4-4217-ba7b-bc538148382a
-rw-r--r-- 1 root root 15 Apr 19 15:18
DeviceRecord-46803b29-22e6-4ec7-bd28-7431e0c56179
-rw-r--r-- 1 root ...

On Fri, Apr 19, 2013 at 10:26:36PM -0000, Dan Winkler wrote:
> Boot000D* ubuntu
> HD(1,800,5d21800,1bbce1c1-4706-4196-a31f-ff245bddffed)File(\EFI\ubuntu\shimx64.efi)
> lucille@lucille-Inspiron-7720:~$ echo $?
> 0
> lucille@lucille-Inspiron-7720:~$

Ok. The efibootmgr command succeeded, and the efivars usage looks
reasonable, so this doesn't seem to be a problem with the nvram being filled
up.

So when you checked, you found the shim-signed package installed? I.e., the
output looked like this?

Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-==============-============-============-=================================
ii shim-signed 1.2+0~201209 amd64 Secure Boot chain-loading bootloa

Can you confirm that /boot/efi/EFI/ubuntu/shimx64.efi is present on your
system?

If it is, you should now be able to boot Ubuntu under Secure Boot.

If it's not, you still need to install the shim-signed package after all.

I too wound up with \EFI\ubuntu\grubx64.efi as a uefi boot entry on a machine which had always had secure boot enabled. This was caused by an earlier grub-install which left a corrupt /EFI/ubuntu directory, which gave an IO error on any attempted access. After fixing the corrupted directory, rerunning grub-install --uefi-secure-boot added a new, correct ubuntu/shimx63.efi entry. Looks like the error checking on grub-install might need a little improvement -- looks like a check for shim failed, but only because the directory itself was unreadable.

Thanks, we installed Ubuntu 13.04 in secure boot mode, after running it in
secure boot live mode, it installed and then booted in secure boot.
Guess the updates which downloaded when we reinstalled the system fixed
whatever the problem was. Thanks a lot for all you time and effort. We
really appreciate it.
=)
Anyway we really like the 13.04 (final) it works well on this new system.
Ubuntu is great, and it keeps getting better and better. You are part of
what makes it better and better.
Thanks again, you were very, very helpful. =)
sincerely,
Lucille Winkler

On Thu, May 9, 2013 at 8:02 PM, Ubfan <email address hidden> wrote:

> I too wound up with \EFI\ubuntu\grubx64.efi as a uefi boot entry on a
> machine which had always had secure boot enabled. This was caused by an
> earlier grub-install which left a corrupt /EFI/ubuntu directory, which
> gave an IO error on any attempted access. After fixing the corrupted
> directory, rerunning grub-install --uefi-secure-boot added a new,
> correct ubuntu/shimx63.efi entry. Looks like the error checking on
> grub-install might need a little improvement -- looks like a check for
> shim failed, but only because the directory itself was unreadable.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1170183
>
> Title:
> can not boot up in uefi secure boot mode unbuntu 13.04, can run in a
> live from cd uefi secure mode. will boot non secure boot mode
>
> Status in “grub2” package in Ubuntu:
> New
>
> Bug description:
> I am running on a dell inspiron 7720. Have install ubuntu 13.04 with
> the windows 8 hard drive removed. I can run in a live from cd in uefi
> secure mode and can install the same in secure mode. I can not boot to
> the hard drive which has only unbuntu 13.04 installed on in secure
> mode. I have installed unbunta with the windows 8 hard dirve removed
> because I don't want any issues with unbuntu or windows messing with
> each other. It will boot up in non secure mode. I want to able to boot
> to windows 8 hard drive or unbunta hard with out changing secure on
> and off. can any one help me. thanks dan winkler
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1170183/+subscriptions
>

Status changed to 'Confirmed' because the bug affects multiple users.

This release of Ubuntu is no longer receiving maintenance updates. If this is still an issue on a maintained version of Ubuntu please let us know.

[Expired for grub2 (Ubuntu) because there has been no activity for 60 days.]