Created attachment 1166428 [details] boot error Description of problem: - I have SecureBoot disabled in BIOS. After upgrading to beta Fedora 24 from 23, grub2 no longer boots Windows 10 (for games). Version-Release number of selected component (if applicable): grub2-2.02-0.33.fc24.x86_64 (newest version in koji as of today) How reproducible: 100% Steps to Reproduce: 1. Upgrade from Fedora 23 -> Fedora 24 beta/RC 2. Reboot, unable to boot Windows 10. Actual results: Fails (See attached screenshot) Expected results: Boots OS Additional info: This also shows 'no shim lock protocol' booting Linux but it continues to boot after prompting.
Workaround available: I can use Dell BIOS UEFI menu boot prompt to boot Windows 10 normally, just not via grub2.
See also: https://bugs.mageia.org/show_bug.cgi?id=18389 not sure if that's any help, but...they reference a SUSE advisory: http://lists.suse.com/pipermail/sle-security-updates/2015-December/001770.html which lists a change "Do not use shim lock protocol for reading PE header as it won't be available when secure boot is disabled. (bsc#943380)"
Proposed as a Blocker for 24-final by Fedora user pwalter using the blocker tracking app because: violation of "The installer must be able to install into free space alongside an existing clean Windows installation and install a bootloader which can boot into both Windows and Fedora."
So far our best guess is that this fails when chainloading Windows (10? or all?) with Secure Boot disabled, but it'd be great to get more testing to confirm or deny that.
Enabling Secure Boot, no grub2 prompts are shown, the laptop boots directly into Windows 10 only.
That sounds like you also switched to the Windows UEFI boot manager entry at the same time.
So I have this sort of fixed - except the odd boot of Windows 10 with SB *disabled* - Turned Secure Boot on: 1) I noticed the Dell UEFI boot entry in fedora was 'fedora' not Fedora - Fedora 22/23 laptop originally 2) I disabled all entries except 'fedora', got an error saying the boot loader signature was not valid (it appears it was using grubx64.efi in the BIOS listing) Turned Secure Boot off: 3) Removed 'fedora' from list, had UEFI only use the UEFI: hard disk model boot option, this booted grub2, Linux/Windows w/o shim error. 4) I went BACK into BIOS and saw a NEW entry 'Fedora' and it had shim.efi, with this, I booted Linux/Windows 10 ok (see another attachment for the output however which looks wrong - Should show Windows or Dell Logo not ACPI message) Turned Secure Boot ON 5) Was able to boot grub2, not Linux kernel (since this is not a signed kernel got a double free error etc), Windows 10 booted just fine. Note: When I upgraded from Fedora 23 -> 24 i had the shim protocol failure error. I also did run grub2-install (which I now know you should not). So I have repaired the EFI boot since it points to shim.efi now. Attached is picture of the booting of Windows 10 with shim.efi used and SB disabled
Created attachment 1166434 [details] Booting with message - still boots OK - Secure Boot ENABLED
The message appears to be new(?) but I do get the Dell/Windows logo now that appears very quickly however (maybe just noise?) I wonder if the NVRAM entry was corrupt prior and somehow this triggered all of this?
I am not sure this is a blocker, because too many moving parts here. Its fixed for me now. Except the added string notice I see which is just verbose.
Shawn can you update to grub2-efi-2.02-0.34.fc24.x86_64.rpm grub2-efi-modules-2.02-0.34.fc24.x86_64.rpm grub2-tools-2.02-0.34.fc24.x86_64.rpm http://koji.fedoraproject.org/koji/buildinfo?buildID=771914 Don't use grub2-install after installing these, just test secure boot enabled and disabled and report back. I'd say grub2-install is sufficiently not out of the box on UEFI that it's not a blocker since it installs a rather different behaving grubx64.efi and also sets its own NVRAM boot entry.
grub2-2.02-0.33.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-c4d43baacc
grub2-2.02-0.33.fc24, grub2-2.02-0.34.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-c4d43baacc
Discussed at 2016-06-13 blocker review meeting: [1]. This bug was rejected as Final blocker: from current data this seems to have been a sort of transient bug dating back to F22 UEFI boot manager configuration, no solid indication that it violates the criteria [1] https://meetbot.fedoraproject.org/fedora-blocker-review/2016-06-13/f24-blocker-review.2016-06-13-16.04.html
Tested: SB: Windows 10 boots w/o ACPI message, no errors on booting SB: Fedora signed kernel boots successfully (SB: Fedora unsigned kernel shows 'double free' error from grub2 (press any key, does not take you back to Grub menu but boots Windows 10). - Not in scope of this ticket) non-SB: Windows 10 boots w/o ACPI message, no errors on booting non-SB: Fedora signed kernel boots successfully. non-SB: Fedora unsigned kernel boots successfully. This is now resolved.
I will give karma to the RPMs now.
grub2-2.02-0.34.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.