grub wrongly booting via bios entry point instead of efi when secureboot disabled

Status changed to 'Confirmed' because the bug affects multiple users.

Hello Steve, or anyone else affected,

Accepted grub2 into eoan-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/grub2/2.04-1ubuntu12.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-eoan to verification-done-eoan. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-eoan. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello Steve, or anyone else affected,

Accepted grub2-signed into eoan-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/grub2-signed/1.128.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-eoan to verification-done-eoan. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-eoan. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello Steve, or anyone else affected,

Accepted grub2 into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/grub2/2.02-2ubuntu8.15 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello Steve, or anyone else affected,

Accepted grub2-signed into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/grub2-signed/1.93.16 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

All autopkgtests for the newly accepted grub2 (2.02-2ubuntu8.15) for bionic have finished running.
The following regressions have been reported in tests triggered by the package:

ubuntu-image/1.8+18.04ubuntu2 (s390x)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/bionic/update_excuses.html#grub2

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

This bug was fixed in the package grub2 - 2.04-1ubuntu22

---------------
grub2 (2.04-1ubuntu22) focal; urgency=medium

  * smbios: Add a --linux argument to apply linux modalias-like filtering
  * Make the linux command in EFI grub always try EFI handover; thanks
    to Chris Coulson for the patches (LP: #1864533)

 -- Julian Andres Klode <email address hidden> Wed, 11 Mar 2020 17:46:35 +0100

bionic:

I upgraded from ubuntu8.14 to ubuntu8.14.

type/version before: 114/2 and 6/38
type/version after: 6/38 and 6/38

Looking at dmesg:

before, enabled: "Secure boot enabled"
before, disabled: "Secure boot could not be determined (mode 0)"
after, enabled: "Secure boot enabled"
after, disabled: "Secure boot disabled"

So apparently we booted via EFI stub :)

to 8.15 of course ...

same for eoan, ubuntu12.1 -> ubuntu12.2

type/version before: 114/2 and 6/38
type/version after: 6/38 and 6/38

before, enabled: "Secure boot enabled"
before, disabled: "Secure boot could not be determined (mode 0)"
after, disabled: "Secure boot disabled"
after, enabled: "Secure boot enabled"

This bug was fixed in the package grub2 - 2.04-1ubuntu12.2

---------------
grub2 (2.04-1ubuntu12.2) eoan; urgency=medium

  * Make the linux command in EFI grub always try EFI handover; thanks
    to Chris Coulson for the patches (LP: #1864533)

 -- Julian Andres Klode <email address hidden> Thu, 12 Mar 2020 17:40:25 +0100

The verification of the Stable Release Update for grub2 has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

This bug was fixed in the package grub2 - 2.02-2ubuntu8.15

---------------
grub2 (2.02-2ubuntu8.15) bionic; urgency=medium

  * Make the linux command in EFI grub always try EFI handover; thanks
    to Chris Coulson for the patches (LP: #1864533)

 -- Julian Andres Klode <email address hidden> Wed, 11 Mar 2020 21:57:49 +0100

2.04-1ubuntu12.2 broke boot on my machine. It doesn't work with kernels that don't have CONFIG_EFI_STUB=y configured. This really needs to fall back to the old mode if EFI handover is not supported by the kernel.

Also, after using a kernel with CONFIG_EFI_STUB=y it still failed to boot one of my machines with root specified by UUID. I was able to workaround it by manually specifying the boot device with /dev/nvme0n1p2 at the grub menu, and then specifying GRUB_DISABLE_LINUX_UUID=true in /etc/default/grub.

2.04-1ubuntu12.2 also broke ubuntu on my dell inspiron 7567 laptop

I had to reinstall ubuntu due to this package upgrade, and have currently blocked grub* package updates until this new issue caused by the bugfix is resolved.

@Mos you should not put grub on hold, but fix your kernels to set CONFIG_EFI_STUB=y

This also broke my Dell Inspiron 7567, running Ubuntu 19.10 and the default kernel from the repos for 5.3.0-46-generic. Based on some other workarounds listed, I tried switching to PARTUUID but that still doesn't work. They system just hangs after 'Loading initial ramdisk ...'

I have secure boot disabled.

The only kernel on my system that boots with this package is an old `4.13.0-45-generic` one, from there I can re-install the older grub package and get the system booting again on the new kernel.

I have a bootable Ubuntu 20.04 LTS USB disk however I am unable to boot from it to install Ubuntu due to this bug, the screen remains blank after I click Enter on the Grub page to boot. Any workarounds?

REF: Blank Screen after upgrading grub:

I confirm that my problem solved by disabling PPT in Dell Bios -> Security settings tab. (https://askubuntu.com/a/1229927/597140)

Disabling PPT also works around the issue for me on my Dell laptop.