grub2-signed doesn't support removable drive.

I can manually input the following commands in grub2-signed=1.9~ubuntu12.04.1+1.99-21ubuntu3.5 and grub2-sign=1.9+2.00-7ubuntu11 on USB drive to show GRUB menu.

search.fs_uuid 4B61-C71D root hd1,msdos1
set prefix=($root)/boot/grub
configfile $prefix/grub.cfg

So the problem seems to be that it will not read grub.cfg under the (hd1,msdos1)/EFI/BOOT/ by default.

When I put grub.cfg under the (hd1,msdos1)/EFI/ubuntu/, it works.

<FourDollars> cjwatson: grub2-signed will only read (hd1,msdos1)/EFI/ubuntu/grub.cfg but not (hd1,msdos1)/EFI/BOOT/grub.cfg .
<cjwatson> FourDollars: grubx64.efi reads from /EFI/ubuntu/; gcdx64.efi reads from /EFI/BOOT/
<cjwatson> they're intentionally configured differently per the UEFI specification
<cjwatson> so grub-install --removable probably needs to remember to use gcdx64.efi

I'm not going to create a precise task on this bug, because it's simply a mistake in the set of secure boot changes currently undergoing SRU and is not yet actually a bug in precise; but I will backport the fix.

(As discussed on IRC, this also requires creating /.disk/info - contents irrelevant - on the removable device, and depending on grub.cfg may require copying /usr/share/grub/unicode.pf2 to /media/UsbStick/boot/grub/unicode.pf2 if you want a pretty menu.)

This bug was fixed in the package grub2 - 2.00-7ubuntu14

---------------
grub2 (2.00-7ubuntu14) raring; urgency=low

  * When installing to removable media with UEFI Secure Boot, install
    gcdx64.efi.signed rather than grubx64.efi.signed (LP: #1087653).
  * Make gcdx64.efi.signed fall back to sourcing $prefix/grub.cfg if
    $prefix/x86_64-efi/grub.cfg is missing, as is likely when using
    'grub-install --removable'.
 -- Colin Watson <email address hidden> Mon, 10 Dec 2012 11:29:04 +0000