Mailinglist Archive: opensuse-bugs (5243 mails)

< Previous Next >
[Bug 809038] EFI problems - cannot boot windows with secure boot

--- Comment #48 from Neil Rickert <nrickert@xxxxxxxxxxxxx> 2013-03-25 15:06:05
UTC ---
Reply to comment 41:

It seems not Windows but the firmware erroneously erases the entry during

Yes, I believe to be true.

During my testing, I reinstalled grub on my secondary installation of 12.3,
putting it back into the Windows EFI partition, but with the name

Immediately following that, I used "efibootmgr" and it showed both the Windows
entry and the "opensuse_alt-secure" entry. (The entry for "opensuse-secure",
using an EFI partition on the second drive was also there).

I then booted into opensuse again. And, "efibootmgr" now showed that the
Windows entry was missing.

So it looks as if the efi firmware only allows one nvram entry per EFI
partition, and enforces this on reboot.

I then booted into windows from the entry in grub from my secondary install.
And when I next booted the system, the nvram entry for my secondary install
(for "opensuse_alt-secure") was gone. But the entry for "opensuse-secure" (my
primary install) was there, and I could set that back to be the default.

That the efi firmware only allows one entry per EFI partition is not itself a
big problem. The really big problem is that Windows then insists on putting
its own entry back there. It does not need to do that. I was able to boot
Windows without that nvram entry. If not having the nvram entry prevented
booting Windows, then I would have needed a repair boot from install media.

My rant about Windows:

1: It should not routinely force its entry into the UEFI nvram. That comes
across as looking like a monopolistic practice, though I suspect it is really
more a matter that they didn't think this through.

2: If they really want everybody to use the Windows Boot Manager, then there
needs to be a way to use the Windows Boot Manager to boot another system that
is defined in the EFI partition. I could not find a way of doing this, and I
could not find anything in their documentation. They do have a provision for
OSLOADER entries, but those are defined for loading legacy systems such as with
NTLDR. There is actually an entry in the Windows BCD for "opensuse-secure",
given the type "firmware application". I tried adding that to the Windows boot
menu, but it was ignored. Maybe I could have added as a tool (like their
memory checker) and have it available after hitting F8 - I did not test that.
I am wondering whether something like the old LOADLIN could be revived in a
suitable way to be used as a legacy OSLOADER from the Windows Boot Manager.

Configure bugmail:
------- You are receiving this mail because: -------
You are on the CC list for the bug.

< Previous Next >