No Grub to launch my new Debian 10 with LUKS&LVM (UEFI)

l0f4r0 · 12-21-2019, 07:01 PM

Hi,

I have a recent Lenovo ThinkPad X390 with Windows pre-installed.

Some months ago, I installed Debian 9 Stretch on it and upgraded it some time after to Debian 10 Buster. No particular issue so far, Debian was working as expected in dual-boot with Windows.
But following a power hardware issue, I sent my laptop back to Lenovo for reparation.
They gave it back to me last week but with a cleared SSD (only pre-installed Windows 10 on it).

It was no big deal since I wanted to reinstall my Debian (directly to version 10, not 9) and, above all, I wanted now to encrypt my whole disk with LUKS and LVM (LVM is contained inside the LUKS container, not the contrary, so there is only 1 password).

So I made a bootable Debian 10 USB key and installed a new fresh Debian again in dual-boot.
First I created a new partition on my SSD to leave Windows alone and then I did my best to configure LUKS and LVM via the Debian installer (4 logical volumes for /, /home, /var and swap). I created a 300MB /boot partition outside LUKS to be more compatible with Grub.

Everything went well except I can't boot easily on my fresh-new Debian, I don't even see Grub. Windows is launched automatically.
My only solution is to launch a rEFInd USB key, boot on it and select either "Boot EFI\Boot\grubx64.efi from SYSTEM" or "Boot EFI\debian\grubx64.efi from SYSTEM" (among 6 options, see below) in order to launch my Debian. It's not very handy but it seems to indicate I'm not very far from the solution because everything works fine after that (it proves that my Linux is well installed)...

The following didn't resolve anything even if command outputs were encouraging (those commands have been entered after booting on Debian via rEFInd):

Code:

apt install --reinstall grub-efi
Reading package lists... Done
Building dependency tree      
Reading state information... Done
0 upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 0 not upgraded.
Need to get 2560 B of archives.
After this operation, 0 B of additional disk space will be used.
Get:1 http://deb.debian.org/debian buster/main amd64 grub-efi amd64 2.02+dfsg1-20 [2560 B]
Fetched 2560 B in 0s (94.6 kB/s)  
(Reading database ... 102187 files and directories currently installed.)
Preparing to unpack .../grub-efi_2.02+dfsg1-20_amd64.deb ...
Unpacking grub-efi (2.02+dfsg1-20) over (2.02+dfsg1-20) ...
Setting up grub-efi (2.02+dfsg1-20) ...

grub-install /dev/nvme0n1
Installing for x86_64-efi platform.
Installation finished. No error reported.

update-grub
Generating grub configuration file ...
Found background image: /usr/share/images/desktop-base/desktop-grub.png
Found linux image: /boot/vmlinuz-4.19.0-6-amd64
Found initrd image: /boot/initrd.img-4.19.0-6-amd64
Found Windows Boot Manager on /dev/nvme0n1p1@/EFI/Microsoft/Boot/bootmgfw.efi
Adding boot menu entry for EFI firmware configuration
done

Some useful details:

Code:

uname -a
Linux ikki 4.19.0-6-amd64 #1 SMP Debian 4.19.67-2+deb10u2 (2019-11-11) x86_64 GNU/Linux

lsblk -o NAME,FSTYPE,LABEL,MOUNTPOINT,SIZE
NAME                       FSTYPE      LABEL         MOUNTPOINT   SIZE
sda                        iso9660     rEFInd_0.11.4             29,9G
nvme0n1                                                           477G
├─nvme0n1p1                vfat        SYSTEM        /boot/efi    260M
├─nvme0n1p2                                                        16M
├─nvme0n1p3                ntfs        Windows                  122,1G
├─nvme0n1p4                ntfs        WinRE_DRV                 1000M
├─nvme0n1p5                ext4                      /boot        300M
└─nvme0n1p6                crypto_LUKS                          353,3G
  └─nvme0n1p6_crypt        LVM2_member                          353,3G
    ├─myLvmGroup-myLvmSwap swap                      [SWAP]      14,9G
    ├─myLvmGroup-myLvmVar  ext4        var           /var        18,6G
    ├─myLvmGroup-myLvmRoot ext4        racine        /           74,5G
    └─myLvmGroup-myLvmHome ext4        home          /home      186,3G

fdisk -l
Disk /dev/nvme0n1: 477 GiB, 512110190592 bytes, 1000215216 sectors
Disk model: SAMSUNG MZVLB512HAJQ-000L7             
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt

Device             Start        End   Sectors   Size Type
/dev/nvme0n1p1      2048     534527    532480   260M EFI System
/dev/nvme0n1p2    534528     567295     32768    16M Microsoft reserved
/dev/nvme0n1p3    567296  256567295 256000000 122.1G Microsoft basic data
/dev/nvme0n1p4 998166528 1000214527   2048000  1000M Windows recovery environment
/dev/nvme0n1p5 256567296  257181695    614400   300M Linux filesystem
/dev/nvme0n1p6 257181696  998166527 740984832 353.3G Linux filesystem

Quote:

UEFI BIOS version : N2JET83W (1.61)
UEFI BIOS Date : 2019-11-22
Embedded Controller Version : N2JHT32W (1.16)
ME Firmware Version : 12.0.40.1433
UEFI Secure Boot : Off (just to allow my rEFInd bootable USB key to be launched properly. When my issue will be resolved, I will certainly reactivate UEFI Secure Boot since I've been told that Debian 10 now deals with it appropriately)
UEFI Only - No CSM support
Default booting on SSD first

rEFInd choices and results:

Quote:

rEFInd (0.11.4):

Boot Microsoft EFI boot from SYSTEM (--> it launches Windows OK)
Boot EFI\Boot\grubx64.efi from SYSTEM (--> it launches Grub 2.02 where I can choose "Debian GNU/Linux" and access my Debian eventually)
Boot EFI\Boot\LenovoBT.EFI from SYSTEM (--> it gives me a fatal error "ASSERT c:\code\efi\source\edk2\ShellPkg\Application\Shell\ShellParametersProtocol.c(368): !EFI_ERROR (Status)")
Boot EFI\debian\grubx64.efi from SYSTEM (--> it launches Grub 2.02 where I can choose "Debian GNU/Linux" and access my Debian eventually)
Boot failback boot loader from SYSTEM (--> it reboots my laptop and launches Windows)
Boot vmlinuz-4.19.0-6-amd64 from boot (--> I get an ash shell BusyBox v1.30.1 with a "(initramfs)" prompt and I don't know what I'm supposed to do...)

I have the feeling I have too many .efi files, don't I have?
Could someone give me some hints in order to have Grub displaying itself after powering on my laptop so I can easily choose to launch Debian or Windows?
Please be explicit as I'm not really used to booting processes, especially in UEFI/GPT mode...

Many thanks in advance!

colorpurple21859 · 12-22-2019, 02:02 PM

Have you tried to go into the uefi bios setup and make changes there to the boot order? Try pressing the f1, esc, or one of the other f-keys when you first turn it on to get into the bios setup.
if not able to change in bios, as root post the ouput of

Code:

efibootmgr

yancek · 12-22-2019, 05:27 PM

The command you used to install Grub from Debian won't work the way it did on a Legacy system where installing to /dev/sda, or in your particular case to:
grub-install /dev/nvme0n1. You should have Debian EFI files on the EFI partition for windows/DEbian on the first partition (nvme0n1p1). Easy enough to mount that and check. Then as suggested above, you need to go into the BIOS firmware setup and change the boot priority to Debian permanently. Some machines will allow you to do this with efibootmgr.

l0f4r0 · 12-23-2019, 09:46 AM

Thank you colorpurple21859 and yancek for your advice.
Below are more information, including those you asked for:

UEFI boot order setup (by pressing a key during startup):

Quote:

NVMe0 SAMSUNG MZVLB512HAJQ-000L7
Windows Boot Manager
NVMe1
ATA HDD0
ATA HDD1
USB HDD
USB CD
PXE BOOT
HTTPS BOOT
LENOVO CLOUD

Grub 2 entries:

Quote:

Debian GNU/Linux
Advanced options for Debian GNU/Linux
Windows Boot Manager (on /dev/nvme0n1p1)
System setup

Code:

blkid
/dev/nvme0n1: PTUUID="2f4a1d84-1013-4306-b71e-4405484186b6" PTTYPE="gpt"
/dev/nvme0n1p1: LABEL="SYSTEM" UUID="EEC2-AB2E" TYPE="vfat" PARTLABEL="EFI system partition" PARTUUID="33fb123e-8e5d-445d-b812-33250a0237e3"
/dev/nvme0n1p2: PARTLABEL="Microsoft reserved partition" PARTUUID="56d4fd68-bdaa-44f8-ab2d-49660d4cab26"
/dev/nvme0n1p3: LABEL="Windows" UUID="A820C50D20C4E402" TYPE="ntfs" PARTLABEL="Basic data partition" PARTUUID="6be45cbb-90c4-4ac3-816a-d62a359932d3"
/dev/nvme0n1p4: LABEL="WinRE_DRV" UUID="B862C5E062C5A38A" TYPE="ntfs" PARTLABEL="Basic data partition" PARTUUID="3fe971bd-7446-42a8-bc53-fd97f56d9b51"
/dev/nvme0n1p5: UUID="8eb18b8f-6ae3-4ed5-813a-5197b03c694f" TYPE="ext4" PARTLABEL="boot" PARTUUID="c85c64f1-315c-4a7f-96d5-e19b626851b0"
/dev/nvme0n1p6: UUID="1da3f9ee-cc43-4259-a0f5-fc31f5a576bd" TYPE="crypto_LUKS" PARTLABEL="myLuks" PARTUUID="4fe539e1-0815-499e-8533-709d2605b3bf"
/dev/mapper/nvme0n1p6_crypt: UUID="Sc8j2m-TRdR-fe0e-pTO8-Qp1J-Gj9N-UcxACQ" TYPE="LVM2_member"
/dev/sda: UUID="2018-11-12-15-17-38-00" LABEL="rEFInd_0.11.4" TYPE="iso9660"
/dev/mapper/myLvmGroup-myLvmSwap: UUID="72dc6ad9-015c-40da-a285-6575930a5c83" TYPE="swap"
/dev/mapper/myLvmGroup-myLvmVar: LABEL="var" UUID="0ca3f4db-96d1-4916-8aa6-dfab5e4265b6" TYPE="ext4"
/dev/mapper/myLvmGroup-myLvmRoot: LABEL="racine" UUID="e027a578-d898-48c7-a910-244b7336c24f" TYPE="ext4"
/dev/mapper/myLvmGroup-myLvmHome: LABEL="home" UUID="35bde65a-6638-4758-a2d5-cd4f76c18342" TYPE="ext4"

Code:

efibootmgr -v
BootCurrent: 0021
Timeout: 0 seconds
BootOrder: 001C,001D,0000,001E,001F,0020,0021,001B,0023,0024,0022,0012,0011
Boot0000* Windows Boot Manager HD(1,GPT,33fb123e-8e5d-445d-b812-33250a0237e3,0x800,0x82000)/File(\EFI\Microsoft\Boot\bootmgfw.efi)WINDOWS.........x...B.C.D.O.B.J.E.C.T.=.{.9.d.e.a.8.6.2.c.-.5.c.d.d.-.4.e.7.0.-.a.c.c.1.-.f.3.2.b.3.4.4.d.4.7.9.5.}....p...............
Boot0010  ThinkShield secure wipe FvFile(3593a0d5-bd52-43a0-808e-cbff5ece2477)
Boot0011* LENOVO CLOUD VenMsg(bc7838d2-0f82-4d60-8316-c068ee79d25b,ad38ccbbf7edf04d959cf42aa74d3650)/Uri(https://download.lenovo.com/pccbbs/cdeploy/efi/boot.efi)
Boot0012* HTTPS BOOT VenMsg(bc7838d2-0f82-4d60-8316-c068ee79d25b,ad38ccbbf7edf04d959cf42aa74d3650)/Uri()
Boot0013  Setup FvFile(721c8b66-426c-4e86-8e99-3457c46ab0b9)
Boot0014  Boot Menu FvFile(126a762d-5758-4fca-8531-201a7f57f850)
Boot0015  Diagnostic Splash Screen FvFile(a7d8d9a6-6ab0-4aeb-ad9d-163e59a7a380)
Boot0016  Lenovo Diagnostics FvFile(3f7e615b-0d45-4f80-88dc-26b234958560)
Boot0017  Regulatory Information FvFile(478c92a0-2622-42b7-a65d-5894169e4d24)
Boot0018  Startup Interrupt Menu FvFile(f46ee6f4-4785-43a3-923d-7f786c3c8479)
Boot0019  Rescue and Recovery FvFile(665d3f60-ad3e-4cad-8e26-db46eee9f1b5)
Boot001A  MEBx Hot Key FvFile(ac6fd56a-3d41-4efd-a1b9-870293811a28)
Boot001B* USB CD VenMsg(bc7838d2-0f82-4d60-8316-c068ee79d25b,86701296aa5a7848b66cd49dd3ba6a55)
Boot001C  USB FDD VenMsg(bc7838d2-0f82-4d60-8316-c068ee79d25b,6ff015a28830b543a8b8641009461e49)
Boot001D* NVMe0 VenMsg(bc7838d2-0f82-4d60-8316-c068ee79d25b,001c199932d94c4eae9aa0b6e98eb8a400)
Boot001E* NVMe1 VenMsg(bc7838d2-0f82-4d60-8316-c068ee79d25b,001c199932d94c4eae9aa0b6e98eb8a401)
Boot001F* ATA HDD0 VenMsg(bc7838d2-0f82-4d60-8316-c068ee79d25b,91af625956449f41a7b91f4f892ab0f602)
Boot0020* ATA HDD1 VenMsg(bc7838d2-0f82-4d60-8316-c068ee79d25b,91af625956449f41a7b91f4f892ab0f601)
Boot0021* USB HDD VenMsg(bc7838d2-0f82-4d60-8316-c068ee79d25b,33e821aaaf33bc4789bd419f88c50803)
Boot0022* PXE BOOT VenMsg(bc7838d2-0f82-4d60-8316-c068ee79d25b,78a84aaf2b2afc4ea79cf5cc8f3d3803)
Boot0023  Other CD VenMsg(bc7838d2-0f82-4d60-8316-c068ee79d25b,aea2090adfde214e8b3a5e471856a35406)
Boot0024  Other HDD VenMsg(bc7838d2-0f82-4d60-8316-c068ee79d25b,91af625956449f41a7b91f4f892ab0f606)
Boot0025* IDER BOOT CDROM PciRoot(0x0)/Pci(0x14,0x0)/USB(11,1)
Boot0026* IDER BOOT Floppy PciRoot(0x0)/Pci(0x14,0x0)/USB(11,0)
Boot0027* ATA HDD VenMsg(bc7838d2-0f82-4d60-8316-c068ee79d25b,91af625956449f41a7b91f4f892ab0f6)
Boot0028* ATAPI CD VenMsg(bc7838d2-0f82-4d60-8316-c068ee79d25b,aea2090adfde214e8b3a5e471856a354)

Code:

ls -lR /boot/efi/
/boot/efi/:
total 16
drwx------ 2 root root 4096 déc.  10 01:41 '$RECYCLE.BIN'
drwx------ 2 root root 4096 déc.  10 01:28  BOOT
drwx------ 5 root root 4096 déc.  15 20:33  EFI
drwx------ 4 root root 4096 déc.  10 01:39 'System Volume Information'

'/boot/efi/$RECYCLE.BIN':
total 4
-rwx------ 1 root root 129 déc.  10 01:41 desktop.ini

/boot/efi/BOOT:
total 3096
-rwx------ 1 root root 3170304 sept. 15  2018 BOOT.SDI

/boot/efi/EFI:
total 12
drwx------ 2 root root 4096 déc.  15 22:05 Boot
drwx------ 2 root root 4096 déc.  15 20:33 debian
drwx------ 4 root root 4096 déc.  10 01:28 Microsoft

/boot/efi/EFI/Boot:
total 4348
-rwx------ 1 root root 1322936 déc.  15 22:05 bootx64.efi
-rwx------ 1 root root 1206824 déc.  15 22:05 fbx64.efi
-rwx------ 1 root root 1529200 déc.  15 22:05 grubx64.efi
-rwx------ 1 root root  379992 mai   14  2015 LenovoBT.EFI
-rwx------ 1 root root    1523 juin  18  2012 License.txt
-rwx------ 1 root root      74 août   6  2012 ReadMe.txt

/boot/efi/EFI/debian:
total 5208
-rwx------ 1 root root     108 déc.  22 00:10 BOOTX64.CSV
-rwx------ 1 root root 1206824 déc.  22 00:10 fbx64.efi
-rwx------ 1 root root     112 déc.  22 00:10 grub.cfg
-rwx------ 1 root root 1529200 déc.  22 00:10 grubx64.efi
-rwx------ 1 root root 1261192 déc.  22 00:10 mmx64.efi
-rwx------ 1 root root 1322936 déc.  22 00:10 shimx64.efi

/boot/efi/EFI/Microsoft:
total 12
drwx------ 40 root root 8192 déc.  10 01:28 Boot
drwx------  2 root root 4096 déc.  10 01:28 Recovery
[...]

Obvisouly, I have all the needed EFI files for Debian in /boot/efi/EFI/debian. Why don't I see any Debian entry in my UEFI configuration please?
Anyway, I've created it explicitely:

Code:

efibootmgr -c -d /dev/nvme0n1 -p 1 -L debian -l \EFI\debian\grubx64.efi
BootCurrent: 0021
Timeout: 0 seconds
BootOrder: 0001,001C,001D,0000,001E,001F,0020,0021,001B,0023,0024,0022,0012,0011
Boot0000* Windows Boot Manager
Boot0010  ThinkShield secure wipe
Boot0011* LENOVO CLOUD
Boot0012* HTTPS BOOT
Boot0013  Setup
Boot0014  Boot Menu
Boot0015  Diagnostic Splash Screen
Boot0016  Lenovo Diagnostics
Boot0017  Regulatory Information
Boot0018  Startup Interrupt Menu
Boot0019  Rescue and Recovery
Boot001A  MEBx Hot Key
Boot001B* USB CD
Boot001C  USB FDD
Boot001D* NVMe0
Boot001E* NVMe1
Boot001F* ATA HDD0
Boot0020* ATA HDD1
Boot0021* USB HDD
Boot0022* PXE BOOT
Boot0023  Other CD
Boot0024  Other HDD
Boot0025* IDER BOOT CDROM
Boot0026* IDER BOOT Floppy
Boot0027* ATA HDD
Boot0028* ATAPI CD
Boot0001* debian

It doesn't change anything after reboot. The boot entry has even disappeared...

colorpurple21859 · 12-23-2019, 10:36 AM

Will the system boot on a restart/shutdown if this is ran beforehand?

Code:

efibootmgr -n 0001

something to check
run gdisk on your drive similar to this

Code:

gdisk /dev/nvme0n1
Found valid GPT with protective MBR; using GPT.

Command (? for help): v

this will be message if this is part of the problem

Quote:

Warning: The 0xEE protective partition in the MBR is marked as active. This is technically a violation of the GPT specification, and can cause some EFIs to ignore the disk, but it is required to boot from a GPT disk on some BIOS-based computers. You can clear this flag by creating a fresh protective MBR using
the 'n' option on the experts' menu.

l0f4r0 · 12-23-2019, 11:28 AM

Quote:

Originally Posted by colorpurple21859

Will the system boot on a restart/shutdown if this is ran beforehand?

Code:

efibootmgr -n 0001

Code:

efibootmgr -c -d /dev/nvme0n1 -p 1 -L debian -l \EFI\debian\grubx64.efi
 efibootmgr -n 0001

lead to

Code:

 
efibootmgr 
BootNext: 0001
BootCurrent: 0021
Timeout: 0 seconds
BootOrder: 0001,001C,001D,0000,001E,001F,0020,0021,001B,0023,0024,0022,0012,0011
Boot0000* Windows Boot Manager
Boot0001* debian
Boot0010  ThinkShield secure wipe
Boot0011* LENOVO CLOUD
Boot0012* HTTPS BOOT
Boot0013  Setup
Boot0014  Boot Menu
Boot0015  Diagnostic Splash Screen
Boot0016  Lenovo Diagnostics
Boot0017  Regulatory Information
Boot0018  Startup Interrupt Menu
Boot0019  Rescue and Recovery
Boot001A  MEBx Hot Key
Boot001B* USB CD
Boot001C  USB FDD
Boot001D* NVMe0
Boot001E* NVMe1
Boot001F* ATA HDD0
Boot0020* ATA HDD1
Boot0021* USB HDD
Boot0022* PXE BOOT
Boot0023  Other CD
Boot0024  Other HDD
Boot0025* IDER BOOT CDROM
Boot0026* IDER BOOT Floppy
Boot0027* ATA HDD
Boot0028* ATAPI CD

and don't allow me to boot on debian (0001) as advertised.
Actually, it seems that efibootmgr -n 0001 is already called after the debian entry creation so it's superfluous here...

Quote:

Originally Posted by colorpurple21859

something to check
run gdisk on your drive similar to this

Code:

gdisk /dev/nvme0n1
Found valid GPT with protective MBR; using GPT.
Command (? for help): v

this will be message if this is part of the problem

Indeed!

Code:

gdisk /dev/nvme0n1
GPT fdisk (gdisk) version 1.0.3

Partition table scan:
  MBR: protective
  BSD: not present
  APM: not present
  GPT: present

Found valid GPT with protective MBR; using GPT.

What am I supposed to do? If I just quit ("q"), I get the samed output next time I launch gdisk. If I type "w", gdisk tells me:

Code:

Final checks complete. About to write GPT data. THIS WILL OVERWRITE EXISTING
PARTITIONS!!

I'm not sure I want to overwrite all my existing partitions^^. Maybe this is just a superfluous/generic message here?
By the way, everything is good with option "v":

Code:

No problems found. 2669 free sectors (1.3 MiB) available in 2
segments, the largest of which is 2014 (1007.0 KiB) in size.

EDIT: I've run options "n" and then "w" to create a fresh protective MBR as you wrote it (I don't understand because I thought this protective MBR was the problem):

Code:

Final checks complete. About to write GPT data. THIS WILL OVERWRITE EXISTING
PARTITIONS!!

Do you want to proceed? (Y/N): Y
OK; writing new GUID partition table (GPT) to /dev/nvme0n1.
Warning: The kernel is still using the old partition table.
The new table will be used at the next reboot or after you
run partprobe(8) or kpartx(8)
The operation has completed successfully.

I've run option "w" as well just after the message "Found valid GPT with protective MBR; using GPT.". The output is the same but let's wait &see after a reboot now...

l0f4r0 · 12-23-2019, 11:50 AM

Ok, I've rebooted.
Nothing has changed, I still have the same global issue

It's weird because gdisk still tells me "Found valid GPT with protective MBR; using GPT.".
Obviously, option "n" did not delete this protective MBR...
Am I supposed to do the following?

Code:

dd if=/dev/zero of=/dev/nvme0n1 bs=446 count=1

colorpurple21859 · 12-23-2019, 12:21 PM

If you was getting this message

Quote:

Warning: The 0xEE protective partition in the MBR is marked as active. This is technically a violation of the GPT specification, and can cause some EFIs to ignore the disk, but it is required to boot from a GPT disk on some BIOS-based computers. You can clear this flag by creating a fresh protective MBR using
the 'n' option on the experts' menu.

and now getting this message

Quote:

No problems found. 2669 free sectors (1.3 MiB) available in 2
segments, the largest of which is 2014 (1007.0 KiB) in size.

with the v option in gdisk, rerun

Code:

efibootmgr -c -d /dev/nvme0n1 -p 1 -L debian -l \EFI\debian\grubx64.efi

and see if it will work like it is suppose to.

l0f4r0 · 12-23-2019, 12:31 PM

^ Actually, I never got this specific message:

Quote:

Warning: The 0xEE protective partition in the MBR is marked as active. This is technically a violation of the GPT specification, and can cause some EFIs to ignore the disk, but it is required to boot from a GPT disk on some BIOS-based computers. You can clear this flag by creating a fresh protective MBR using
the 'n' option on the experts' menu.

I just have:

Quote:

Partition table scan:
MBR: protective
BSD: not present
APM: not present
GPT: present

Found valid GPT with protective MBR; using GPT.

Unfortunately, the following does nothing better after manipulations via gdisk:

Code:

efibootmgr -c -d /dev/nvme0n1 -p 1 -L debian -l \EFI\debian\grubx64.efi

Do you think I can delete the MBR with dd?

colorpurple21859 · 12-23-2019, 12:41 PM

Quote:

Actually, I never got this specific message:

Then that is not the problem, that was something to check to make sure that wasn't part of the problem.

Quote:

Obviously, option "n" did not delete this protective MBR.

The n option doesn't delete the protective MBR, it creates a new protective MBR if there is something wrong with the existing one.

Quote:

UEFI boot order setup (by pressing a key during startup):

The boot order I'm talking about changing is in the bios setup where secure boot is turned on/off, legacy boot enable/disabled, ect.

l0f4r0 · 12-23-2019, 12:57 PM

Quote:

Originally Posted by colorpurple21859

The boot order I'm talking about changing is in the bios setup where secure boot is turned on/off, legacy boot enable/disabled, ect

Oh! I thought you were speaking about efibootmgr.
Ok, but I don't know what modification should be better in my current configuration as I don't see any Linux/Debian entry...

Quote:

NVMe0 SAMSUNG MZVLB512HAJQ-000L7
Windows Boot Manager
NVMe1
ATA HDD0
ATA HDD1
USB HDD
USB CD
PXE BOOT
HTTPS BOOT
LENOVO CLOUD

Excluded:

USB FDD
Other CD
Other HDD

EDIT: based on this thread http://forums.debian.net/viewtopic.php?f=30&t=142343, I've tried different things with no avail...:
1) Force grub-efi installation to the removable media path

Code:

grub-install --removable

No error but nothing's better
2) Instruct Windows to start Debian bootloader by running this command from an Administrator prompt in PowerShell:

Code:

bcdedit /set "{bootmgr}" path "\EFI\debian\grubx64.efi"

Not better...

I don't dare doing the following at this stage (I find this pretty ugly) but maybe this is my last chance?

Code:

cp /mnt/EFI/debian/shimx64.efi /mnt/EFI/Microsoft/Boot/bootmgfw.efi
cp /mnt/EFI/debian/grubx64.efi /mnt/EFI/Microsoft/Boot

l0f4r0 · 12-29-2019, 03:03 PM

Does anyone have a new suggestion please?

Thank you in advance

l0f4r0 · 12-31-2019, 11:21 AM

I've eventually given up as I didn't know what else to try...
Instead I've taken advantage of the opportunity to delete Windows install from my new laptop (except its recovery and small reserved partitions).
It has resolved some of my problems but I have another one: Debian 10 cannot launch with Secure Boot activated (I've created a new thread on this same Debian subforum).

l0f4r0 · 01-03-2020, 08:50 AM

For those interested, here is a new information.
I cannot be sure it was the root cause, but it didn't help for sure.
I've realized that I had "enabled" options "Lock UEFI BIOS Settings" along with "Boot Order Lock" in ThinkPad Setup at startup. That's the reason why changes via efibootmgr didn't survive after reboot.
Maybe my new Debian boot loader would have done the job without those options but I cannot confirm now that I've erased my whole Windows installation

HIH

colorpurple21859 · 01-03-2020, 08:56 AM

[QUOTE]I've realized that I had "enabled" options "Lock UEFI BIOS Settings" along with "Boot order lock" in ThinkPad Setup at startup./QUOTE] I agree that is most likely the cause of your problems. Not every system has those firmware options.