#954 PR merged: GRUB_RESCUE=y now works with UEFI based systems

Labels: enhancement, fixed / solved / done

gozora opened issue at 2016-08-07 14:28:

Hello all,
I've managed to find (hopefully) universal solution to boot ReaR on UEFI based systems without endless (and as I've learned pointless) chasing after grub.cfg when GRUB_RESCUE=y
The idea behind this pull request is simple:
Don't modify grub.cfg but rather create separate UEFI boot entry.

UEFI "Relax-and-Recover" boot entry motivation:
If UEFI boot is in use, we will not modify grub.cfg, but setup "Relax-and-Recover" entry in UEFI boot menu instead. This looks to be simplest and safest approach since finding out what mechanisms were used to boot OS in UEFI mode, looks to be near to impossible.
One could argue that efibootmgr/efivars can tell you, however this entry is not mandatory and OS could be booted using default values or startup.nsh.
Once UEFI loads Grub2 hell breaks loose, as Grub2 can load whatever arbitrary configuration file anywhere on the system or configuration file can be even embedded in bootx64.efi (and friends) as file or memdisk. Unfortunately there seems to be no reliable way how to track this back.

This code should work regardless on distribution or whether you have Secure Boot enabled or not.

I did testing on:

  • SUSE Linux Enterprise Server 12 SP1 (Secure boot)
  • Debian GNU/Linux 8.4 (jessie)
  • CentOS Linux release 7.2.1511 (Secure boot)

Hope it will prove useful in the future...


jsmeix commented at 2016-08-08 09:38:

regarding UEFI I fully trust @gozora and
because he tested it on SLES, Debian, and CentOS
I would just accept it for Rear 1.19
provided @gdha you agree.

in particular I like your "quite long comment" very much!

jsmeix commented at 2016-08-08 09:50:

I assume in case of UEFI support for
GRUB_RESCUE_USER does not make sense.
If my assumption is right I would document in default.conf
that GRUB_RESCUE_USER is only supported for GRUB2
with Legacy BIOS booting.

gozora commented at 2016-08-08 10:15:

@jsmeix yes, that is correct for this version of code.
If there is a need for it in the future, I can implement password authentication.
Should not be that hard...

jsmeix commented at 2016-08-09 08:08:

I consider no exited objection from @gdha until now
as tacit consent so that I merge it now.

[Export of Github issue for rear/rear.]