Re: UEFI boot with BIOS password, am I screwed?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Apr 24, 2019 at 5:35 PM Chris Murphy <lists@xxxxxxxxxxxxxxxxx> wrote:
On Wed, Apr 24, 2019 at 8:02 AM Richard Shaw <hobbes1069@xxxxxxxxx> wrote:
>
> While I had to run it through the shredder I finally sat down and went through all the passwords I've ever used and figured it out :)
>
> I turned off Secure Boot but it still won't boot Fedora.
>
> I finally figured out I had to use -v to get what I wanted from efibootmgr:
>
> BootCurrent: 0001
> Timeout: 0 seconds
> BootOrder: 000E,0001,0003,2001,2002,2003

Offhand, this looks like the problem. 000E points to Windows. You need
to use `efibootmgr --bootorder 0,E,1` so it boots Fedora first. It's
not strictly necessary to list everything in bootorder, you can just
have one. The idea of populating it fully is to have exactly the
predictable fallback boot behavior the user wants, whatever that is.
e.g. if something with the Fedora bootloader gets nerfed then it'd
boot Windows.

I'm pressing F12 and manually selecting Fedora, but I did later try to change the boot order, both with efibootmgr and in the BIOS to no avail.

 
> Boot0000* Fedora        HD(1,GPT,b2fa98e2-c3c8-4798-8faa-1e424d313bb1,0x800,0x32000)/File(\EFI\fedora\shimx64.efi)

Offhand, looks valid but I can't vouch for either the partition number
or its GUID.

I can confirm it's the correct UUID for the EFI partition. I have also reinstalled Fedora after deleting all the superfluous entries... Looks the same, still doesn't boot.

 
> Boot0001* Linpus lite   HD(1,MBR,0x7c3f77cf,0x1c7e4,0x4df8)/File(\EFI\Boot\grubx64.efi)RC
> Boot0002* Unknown Device:       HD(1,GPT,b2fa98e2-c3c8-4798-8faa-1e424d313bb1,0x800,0x32000)/File(\EFI\fedora\shim.efi)RC
> Boot0003* Fedora        PciRoot(0x0)/Pci(0x17,0x0)/Sata(0,0,0)/HD(1,GPT,0d7acc81-f083-490b-b47f-a8cce7c591be,0x800,0x32000)/File(\EFI\fedora\grubx64.efi)A01 ..
> Boot0004* Unknown Device:       HD(1,GPT,0d7acc81-f083-490b-b47f-a8cce7c591be,0x800,0x32000)/File(\EFI\fedora\shim.efi)RC

I would use efibootmgr to delete these, they look either suboptimal
(unknown device) or use old paths to grub rather than shim.

As far as I can tell, these are auto entries from the BIOS boot order. When I press F12 only Fedora and Windows Boot Manager are listed as available (Or Linpus Lite for the F29 Live USB).

 
If you're not sure you can delete them all, and then do:

# grep efibootmgr /var/log/anaconda/program.log

And you'll see the longest command there is what's used to add the
menu entry. You can just use the same command, although you'll need to
escape the backslashes with backslashes, so the path becomes
\\efi\\fedora\\shimx64.efi

Tried this too, although I used "" instead of escaping, no luck.

 
Also, firmware password and UEFI Secure Boot are two different things.
Secure Boot I don't recommend disabling, it's a feature that
cryptographically verifies the bootloaders, the kernel and kernel
modules. If you're building out of tree kernel modules, then it's
understandable to run without Secure Boot but I would still go through
the effort to create your own signing cert, register it in the
firmware, and then use it to sign your modules so that you can enable
secure boot.

I disabled it to remove it as the problem, still won't boot Fedora. Once I get it working I can mark the efi file (presumably shimx64.efi) as trusted and re-enable.

Thanks,
Richard
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux