search

thias / glim

GRUB Live ISO Multiboot
638 stars 141 forks source link

EFI install fails on Fedora #104

Open thias opened 1 year ago

thias commented 1 year ago 
Running grub2-install --target=x86_64-efi --efi-directory=/run/media/dude/GLIM --removable --boot-directory=/run/media/dude/GLIM/boot /dev/sdc (with sudo) ...
grub2-install: error: this utility cannot be used for EFI platforms because it does not support UEFI Secure Boot.
ERROR: grub2-install returned with an error exit status.

Reported upstream in January 2021: https://bugzilla.redhat.com/show_bug.cgi?id=1917213

Happening since Fedora 34. The reason is somewhat valid: Users with secure boot enabled will be rendering their OS unbootable if they use grub2-install to reinstall their boot disk EFI files, as the signed efi files will get replaced with grub's unsigned ones.

For my own usage, I have rebuilt Fedora 37 & 38 grub2 packages with the 0144-grub-install-disable-support-for-EFI-platforms.patch excluded: http://dl.marmotte.net/rpms/fedora/

lamixer commented 3 months ago

Hello Thias!

I'm am trying glim for the first time today after having looked at Ventoy and deciding the security risk made it not worth using for me.

I ran into this issue. How about using the suggested solution that grub-install suggests? 

Running grub2-install --target=x86_64-efi --efi-directory=/run/media/mysuer/GLIM --removable --boot-directory=/run/media/myuser/GLIM/boot /dev/sdb (with sudo) ...
Installing for x86_64-efi platform.
grub2-install: error: This utility should not be used for EFI platforms because it does not support UEFI Secure Boot. If you really wish to proceed, invoke the --force option.
Make sure Secure Boot is disabled before proceeding.
ERROR: grub2-install returned with an error exit status.

So, I do:

sudo grub2-install --force --target=x86_64-efi --efi-directory=/run/media/myuser/GLIM --removable --boot-directory=/run/media/myuser/GLIM/boot /dev/sdb

I am a bit confused, are you stating that doing that will break secure boot on my currently-running Fedora system? Not a problem for me as I'm not using it, but of course you wouldn't want that to happen to anyone trying your software.

Anyway, after the forced grub2-install I can either run the script again and say not to install for EFI or modify the script to skip the grub-install steps, then the script will finish and create the directories.

Other issues I got around on my Fedora system: Probably execution permission is not allowed on USB drives, so instead of ./glim.sh I did bash glim.sh.

Also, my system did not have grub2-efi-x64-modules installed, so I had to install that with dnf which was easy (thanks to your hint!).

Thanks for your time making this tool!