0

I've been trying for a long time to install dual-boot on my machine - tried several different tutorials, I always fail on the installation of grub. Anyone have suggestions? I'm stuck.

I have installed windows via EFI, then Kubuntu via USB key, then I log in again via USB key and attempt to install grub on the existing windows-created EFI partition or via boot-repair.

Boot repair gives me error (most recently attempt) "Locked-NVram detected." Boot-repair paste-bin message here: https://paste.ubuntu.com/p/jKHWNYQXWP/

(It's Windows 10 / Kubuntu 22.04 on a Dell XPS 13 using EFI, if that helps)

Thank you for any suggestions

tartartartartar
  • 1
  • Start by disabling Fast Startup in Windows and Secure Boot in UEFI, the only two factors that can prevent access to the ESP although neither should do that in normal circumstances. – ChanganAuto Sep 18 '22 at 21:14
  • 2
    Some Lenovos, maybe other brands, have an UEFI setting on locked boot order or similar. Check your systems manual and UEFI settings.You also have BIOS versions of grub installed ot MBR and ESP's partition boot sector (PBR or BS) That also can create issues. Grub should never be installed to any Windows formatted partition's PBR. This is for NTFS, not sure if it works for FAT32. [HowTo] Repair the bootsector of a Windows partition - YannBuntu https://help.ubuntu.com/community/BootSectorFix – oldfred Sep 18 '22 at 22:09
  • Were the Ubuntu secure boot utilities installed? mokutil --sb-state will tell you if secure boot is enabled. I believe you will need mokutil and efibootmgr at a minimum if secure boot is not enabled. – Lloyd Kvam Sep 18 '22 at 22:12
  • Can you expand on why mokutil is needed if secure boot is not enabled? I thought it was for self-signing keys to work with secure boot. – Organic Marble Sep 18 '22 at 23:12

2 Answers2

0

Trying to answer again, I did a lot of reading while trying to sort this on a laptop I discovered had hardcoded NVRAM variables in the BIOS due to the EFI mode being just a hack in a unlocked modified BIOS, in the process I've read about some laptops outright refusing to have their default NVRAM boot entries overwritten, here are some useful link , descriptions and a script I wrote for my precellular use case where all attempts to edit the boot order do not survive a reboot even though the list was fine in efibootmgr and easyuefi, I hope this will be of use/provide an answer:

You need to mount the efivarfs in "rescue mode" once entering "chroot"/"run shell in system partition" before running install/update-grub or the locked NVram error will appear.

modprobe nvram
modprobe efivars
mount -t efivarfs efivarfs /sys/firmware/efi/efivars
update-grub

or

"apt-get install --reinstall grub-efi-amd64" /-signed

Alternatively there is Grub2win, which could be one of the other solution here.

https://sourceforge.net/projects/grub2win/

What does update-grub and 'modprobe efivars' programs do in this case?

https://ubuntuforums.org/showthread.php?t=2482909

Locked NVram in dual booted Ubuntu

https://superuser.com/questions/1338643/how-do-i-change-the-uefi-boot-order-from-within-windows-10

https://www.easyuefi.com/index-us.html Hasleo EasyUEFI was suggested in one of the posts I read somewhere on askubuntu.com.

Change boot order using efibootmgr

https://github.com/rhboot/efibootmgr/issues/19

There is also a "Visual BCD Editor", just google. alternativesto .net has some nice suggestions here as well.

For me my solution ended up being to edit the os-prober script (/usr/lib/os-probes/mounted/efi/20microsoft : bootmgfw=$(item_in_dir bootmgfw.efi "$efi/$microsoft/$boot") to search for bootmgfww.efi instead and move EFI/Microsoft/Boot/bootmgfw.efi, copy /boot/EFI/debian/* (/boot/EFI/ubuntu/ in your case) to /boot/EFI/Microsoft/Boot/ and copy grubx64.efi to bootmgfw.efi.

I ended up writing a PowerShell script to run after a Windows update updated the .efi as it did just the other day, I just finalized the script to support the full range of grub.efi's, be properly safe and search for the Linux distro's efi path: https://github.com/threader/ro-nvram-efi-grub

A really hardcore way would be to download https://packages.ubuntu.com/kinetic/grub-efi-amd64-bin or https://packages.ubuntu.com/kinetic/grub-efi-amd64-signed, and the shim-unsigned package(out of links for the post) given that the grub configuration is properly generated at all and set the default via "bcdedit /set".

And in Powershell

mountvol w: /S
mkdir w:\EFI\ubuntu\

Extract the .deb and data.tar with 7zip and copy them, something like this if you follow my workaround from hell:

   cp W:\EFI\Microsoft\Boot\bootmgfw.efi W:\EFI\Microsof\Boot\bootmgfw.efi.bak
cp W:\EFI\Microsoft\Boot\bootmgfw.efi W:\EFI\Microsoft\Boot\bootmgfww.efi

path to: cp "usr\lib\grub\x86_64-efi\monolithic\gcdx64.efi" /.signed
"usr\lib\grub\x86_64-efi\monolithic\grubnetx64.efi" /.signed
"usr\lib\grub\x86_64-efi\monolithic\grubx64.efi" /.signed
 usr\lib\shim\BOOTX64.CSV



to W:\EFI\Microsoft\Boot\ and or w:\EFI\ubuntu

given that grub.cfg and efis are written or generated correctly, you can either replace the windows .efi

    cp W:\EFI\ubuntu\* W:\EFI\Microsoft\Boot\
    cp W:\EFI\ubuntu\grubx64.efi W:\EFI\Microsoft\Boot\bootmgfw.efi

or try

"bcdedit /set {bootmgr} path \EFI\ubuntu\grubx64.efi" /.signed

or with secure boot:

"bcdedit /set {bootmgr} path \EFI\ubuntu\shimx64.efi" /.signed

requiring "packages.ubuntu.com/kinetic/shim" /-signed

(If you've disabled Secure Boot, you can replace shimx64.efi with grubx64.efi, although either should work with Secure Boot disabled.)

Just google bcdedit /set for instructions, the forum rules prevent me from posting more link.

WSL2 can also now mount Linux drives which can be most useful. (and I believe dangerous).

Edit: this post is turning into a mess, but boot we shall! :)

Threader
  • 1
  • 1
    Please can you use code formatting instead of blockquote formatting for code. I'm not sure how to edit your post due to the quote marks... I would be grateful if you could edit and make sure code and file paths etc are exactly as the reader should type them – Zanna Apr 17 '23 at 06:12
  • Sure, thank you, I'll get to shortly. – Threader Apr 19 '23 at 03:19
0

Make sure that the EFI partition is big enough, the windows default EFI FAT32 partition size is ~100MB might be too small, resize it and try to install grub again, i'd suggest atleast 512MB partition

binaryOps20
  • 206