#3423 Issue open: GRUB UEFI Secure Boot entry not working, non-secure boot entry works

Labels: bug

schlomo opened issue at 2025-03-11 09:40:

ReaR version

Relax-and-Recover 2.9 / 2025-01-31

Describe the ReaR bug in detail

It seems like we should get rid of the separate boot entries for secure boot and regular.

Image

Image

I'm wondering if this is related to us fixing the automated secure boot detection, and if the separate boot entries are still required.

Booting from the "non Secure Boot" entry works totally fine and mokutil --sb-state also shows secure boot to be enabled. Which is why I'm wondering if we should remove the dual boot entries.

rear mkbackup log: rear-rear-u24.log

Platform

Linux x64

OS version

Ubuntu 24.04

Backup

NETFS

Storage layout

No response

What steps will reproduce the bug?

my site.conf is super simple:

OUTPUT_URL=nfs://pvm/rear-backup
BACKUP_URL=$OUTPUT_URL
BACKUP=NETFS

Workaround, if any

Use the seemingly wrong non-secure-boot boot entry

Additional information

No response

schlomo commented at 2025-03-11 10:13:

BTW, when I switch to BIOS boot then this ISO doesn't even boot because of a ISOLINUX error:

Image

But maybe this is the case of https://github.com/rear/rear/issues/2471#issuecomment-671320189 and not really a problem as we don't support BIOS booting a recovery image created on an UEFI machine.

schlomo commented at 2025-03-11 10:25:

https://projects.theforeman.org/issues/38178 sugests that initrdefi was a temporary solution that has been deprecated, and that GRUB2 in Ubuntu 24.04 doesn't support that any more.

Given that both GRUB2 boot entries seem to be identical and use the exactly same $grub2_kernel except for the efi suffix, maybe we can find out if we still need to support that efi suffix for our currently supported distros?
https://github.com/rear/rear/blob/15e9f9cc3575f31d1347db6559e8fd3f0527a535/usr/share/rear/lib/bootloader-functions.sh#L678-L693

https://github.com/rear/rear/pull/2001 seems to be related to the introduction of the linuxefi commands, but on this Ubuntu 24.04 I got here there is no linuxefi.mod at all.

jsmeix commented at 2025-03-12 13:21:

@schlomo
only a side note FYI:

Since a long time it is known that those two entries
behave somewhat unpredictable / misleading / problematic
in this or that cases so the usual way in practice is to
"just try out which one works in your particular environment".

In general:
I am not at all a sufficient UEFI expert so normally
I can neither actually help with debugging UEFI related issues
nor can I fix UEFI related issues (except exceptions).
What I could do via basically blind trial and error
would be to make things somehow work for my specific system
but this would be certainly not a proper solution for ReaR.
Fortunately things work so far for me with SLE15, cf.
https://github.com/rear/rear/issues/3084#issuecomment-1835773844

[Export of Github issue for rear/rear.]