I tried making a custom grub module but insmod is disabled on signed secure boot grub
Thomas Grainger On Fri, 20 Mar 2026, 11:50 graingert, <[email protected]> wrote: > How can I see BootNext from grub without booting an entire Linux > initramfs? > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/2144897 > > Title: > GRUB chainloading Windows breaks BitLocker TPM PCR measurements > > Status in grub2 package in Ubuntu: > New > > Bug description: > When GRUB chainloads \EFI\Microsoft\Boot\bootmgfw.efi to boot Windows, > the > TPM PCR measurements are altered because GRUB is in the boot chain. > This causes > BitLocker to prompt for the recovery key on every boot via GRUB. > . > This affects all Ubuntu dual-boot setups with Windows + BitLocker on > UEFI systems. > . > Workaround: I've developed a workaround that boots a minimal Linux > kernel/initramfs > which sets the UEFI BootNext variable via efibootmgr and immediately > reboots. The > firmware then boots Windows natively with correct TPM state. BitLocker > is happy. > The premount script runs before the LUKS prompt, so you never have to > enter your > Linux disk encryption password just to boot Windows. > . > See: https://gist.github.com/graingert/38d834a24a760d664b3f903ed48d6dca > . > Proposed solution: GRUB (or os-prober / 30_os-prober) should support > setting > EFI BootNext and triggering a reboot instead of chainloading. This > would make > dual-booting with BitLocker work out of the box without breaking TPM > measurements. > > ProblemType: Bug > DistroRelease: Ubuntu 24.04 > Package: grub2-common 2.12-1ubuntu7.3 > ProcVersionSignature: Ubuntu 6.17.0-19.19~24.04.2-generic 6.17.13 > Uname: Linux 6.17.0-19-generic x86_64 > ApportVersion: 2.28.1-0ubuntu3.8 > Architecture: amd64 > CasperMD5CheckResult: pass > CurrentDesktop: ubuntu:GNOME > Date: Thu Mar 19 12:03:36 2026 > InstallationDate: Installed on 2022-07-23 (1335 days ago) > InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Release amd64 > (20220419) > SourcePackage: grub2 > Title: GRUB chainloading Windows breaks BitLocker TPM PCR measurements > UpgradeStatus: Upgraded to noble on 2024-09-12 (553 days ago) > > To manage notifications about this bug go to: > https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/2144897/+subscriptions > > -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2144897 Title: GRUB chainloading Windows breaks BitLocker TPM PCR measurements To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/2144897/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
