Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I dual boot with VeraCrypted Windows, and after I made some change to the Windows 10 grub menuentry in the beginning this has been working fine, i.e. changing the menuentry to point from EFI\Microsoft\Boot\Bootmgfw.efi to instead EFI\VeraCrypt\DcsBoot.efi.
Something, I am guessing an update, has reverted this back to how it was initially, so that the same entry that was working now makes Windows attempt repairs. Thankfully I can still boot Windows 10 by hitting F12 on boot to bring up the boot menu and selecting VeraCrypt boot loader.
I am not sure how I edited the menuentry in the beginning, but I have been trying to use Grub Customiser this time, and I have edited and saved the Windows entry as:
And I can see this is reflected in /boot/grub/grub.cfg as:
Code:
menuentry "Windows Boot Manager (on /dev/sda1)" --class windows --class os $menuentry_id_option 'osprober-efi-E625-C979' {
insmod part_gpt
insmod fat
set root='hd0,gpt1'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 E625-C979
else
search --no-floppy --fs-uuid --set=root E625-C979
fi
chainloader \EFI\VeraCrypt\DcsBoot.efi
}
Still when I boot, when I select that menu entry Windows starts attemtping repairs, and if I select 'e' on the menuentry, I can see it is still set to try and boot EFI\Microsoft\Boot\Bootmgfw.efi. I rebooted and input sudo update-grub, but this did not change anything.
How can I make the changes I made be reflected in the actual menuentry, and better yet, how can I make it so that this is a last changing, even through future updates?
add the windows entry you want to use to /etc/grub.d/40_custom and the run update-grub. To prevent from having two windows entries you can add this
Code:
GRUB_DISABLE_OS_PROBER=true
to /etc/default/grub before running
Code:
sudo update-grub
to disable the os-prober entries. If you don't won't to diable os-prober coping the /etc/grub.d/40_custom to /etc/grub.d/25_custom will put the custom entry ahead of the os-prober entries.
Last edited by colorpurple21859; 01-22-2019 at 12:21 PM.
add the windows entry you want to use to /etc/grub.d/40_custom and the run update-grub. To prevent from having two windows entries you can add this
Code:
GRUB_DISABLE_OS_PROBER=true
to /etc/default/grub before running
Code:
sudo update-grub
to disable the os-prober entries. If you don't won't to diable os-prober coping the /etc/grub.d/40_custom to /etc/grub.d/25_custom will put the custom entry ahead of the os-prober entries.
I copied from /boot/grub/grub.cfg this:
Code:
menuentry "Windows Boot Manager (on /dev/sda1)" --class windows --class os $menuentry_id_option 'osprober-efi-E625-C979' {
insmod part_gpt
insmod fat
set root='hd0,gpt1'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 E625-C979
else
search --no-floppy --fs-uuid --set=root E625-C979
fi
chainloader \EFI\VeraCrypt\DcsBoot.efi
}
to a new file I created, /etc/grub.d/40_custom, saved it, added GRUB_DISABLE_OS_PROBER=true to /etc/default/grub, and ran sudo update-grub. On reboot, I can see that pressing 'e' on the Windows entry shows it is still trying to boot the Windows boot manager.
When I logged back in, and opened /boot/grub/grub.cfg so I could copy the menu entry to this post, I noticed it is under ### BEGIN /etc/grub.d/40_custom_proxy ###, unsure if it was before reboot.
Anything else I can try please, or can you see something I did wrong?
I can see that pressing 'e' on the Windows entry shows it is still trying to boot the Windows boot manager
.At the grub boot menu, if you hit e at the grub windows menu and edit the windows menu to what it should it be does it work? What is in your /boot/efi/EFI?
what is the ouput of
Code:
fdisk -l
a small l
AT the grub menu prompt hit c and post the output of
Yes, I literally created the file and just pasted in the text in my last post. Code the issue perhaps be with the permissions of this new file, as below?
.At the grub boot menu, if you hit e at the grub windows menu and edit the windows menu to what it should it be does it work?
I had only actually successfully booted into Windows 10 since this occurred by pressing F12 and manually selecting the VeraCrypt boot loader, but I just edited the Windows 10 grub menuentry to /EFI/VeraCrypt/DcsBoot.efi and I can confirm it also boots fine that way.
Quote:
Originally Posted by colorpurple21859
What is in your /boot/efi/EFI?
what is the ouput of
Are you running ubuntu from a live iso? It appears to be with all the loop mounts. You have an unusual setup, ubuntu grub set normally uses /boot/grub/grub.cfg file not /EFI/ubunut/grub.cfg.
assuming your efi partition is mounted at /boot/efi, run
Are you running ubuntu from a live iso? It appears to be with all the loop mounts. You have an unusual setup, ubuntu grub set normally uses /boot/grub/grub.cfg file not /EFI/ubunut/grub.cfg.
So I used the following guide setting up my system: ManualFullSystemEncryption. Interesting you asked if I was using a live ISO, because after install (which I did twice as a precaution) some how the icon to 'Install' was visible in my dock, but I removed this with sudo apt-get remove ubiquity.
Quote:
Originally Posted by colorpurple21859
assuming your efi partition is mounted at /boot/efi, run
If your efi partition isn't mounted then first mount with
Code:
sudo mount sda1 /boot/efi
If /boot/efi/doesn't exist them creat it with
Code:
mkdir /boot/efi
you will have to this with any update that involves grub changes.
T
Thank you for that, I just want to make sure none of it will undo or mess up the very specific ManualFullSystemEncryption setup I have, and so I have asked about it in the following thread (which is associated with the guide linked above): Manual Full System Encryption has been updated and simplified.
Here is the response from the creator of the guide I followed:
Quote:
Originally Posted by Paddy Landau
@dusf This system has not been tested with VeraCrypt.
There is a significant problem in that every time Ubuntu releases a kernel update, it doesn't play nicely, and it overwrites Grub.
That's why we have the script /usr/local/sbin/refreshgrub, to refresh Grub and initramfs properly.
I don't know enough about Grub to give you sensible advice, sorry.
All I know is that the file /etc/default/grub is involved.
Maybe, if you figure out what needs doing, you can amend refreshgrub to implement that?
I don't think that what you are being advised to do will mess up the installation. But, in case I'm wrong, simply back up every file that you change prior to changing it. You can restore the files, if necessary, using a Live CD.
So I:
Code:
dusf@contraption:~$ sudo cp /boot/efi/EFI/ubuntu/grub.cfg /boot/efi/EFI/ubuntu/grub.cfg.bak
dusf@contraption:~$ sudo grub-update -o /boot/efi/EFI/ubuntu/grub.cfg
sudo: grub-update: command not found
dusf@contraption:~$ sudo update-grub -o /boot/efi/EFI/ubuntu/grub.cfg
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-4.15.0-43-generic
Found initrd image: /boot/initrd.img-4.15.0-43-generic
Found linux image: /boot/vmlinuz-4.15.0-29-generic
Found initrd image: /boot/initrd.img-4.15.0-29-generic
Adding boot menu entry for EFI firmware configuration
done
On reboot, as per the screenshots attached, grub has a border of question marks, and says to press the ? or ? to navigate, and then when I select Windows it errored.
I have now restored the backup of grub.cfg.
Here is the refreshgrub script:
Code:
cat /usr/local/sbin/refreshgrub
#!/usr/bin/env bash
####################################################################################################
# Run the Automated Grub refresh automatically after kernel updates.
#
# Reference:
# https://help.ubuntu.com/community/ManualFullSystemEncryption/DetailedProcessSetUpBoot
#
# * Run with root permissions, i.e. with sudo.
#
# * Place in /usr/local/sbin/ and name it refreshgrub.
#
# * Automate in root's incrontab with the following line.
#
# /boot/ IN_MODIFY,IN_NO_LOOP /usr/local/sbin/refreshgrub
#
# * Requires the following packages to be installed.
# incron
# libnotify-bin
# yad
#
####################################################################################################
#---------------------------------------------------------------------------------------------------
# Initialise the script.
#
# Parameters
# The parameters to the script.
#---------------------------------------------------------------------------------------------------
function initialise ()
{
preventConcurrentRun "${@}" # Prevent concurrent running.
# Leave a message for every user.
notifyUsers warning 'Grub update required' 'Grub update will be done automatically.\n\nDo not restart or shut down until you receive another message telling you that this has been done, even if the Software Updater asks you restart.\n\nDepending on your system, it could take several minutes.'
waitForOthers # Wait until we are free to proceed.
} # initialise
#---------------------------------------------------------------------------------------------------
# Prevent concurrent runs.
#
# Lock this script before running. If already locked (i.e. already running), silently terminate.
#
# Parameters
# The parameters to the script.
#---------------------------------------------------------------------------------------------------
function preventConcurrentRun ()
{
# If PCR_CONCURRENT_FLAG is correctly set, it means that we are already locked and should proceed.
# In that case, simply return from this function.
# Otherwise, call the script recursively with a lock, indicating permission to proceed.
if [[ "${PCR_CONCURRENT_FLAG}" != "${0}" ]]
then
# Call the script recursively, using itself as the exclusive lock.
# Terminate silently if already locked; this can happen if the script is accidentally called twice.
PCR_CONCURRENT_FLAG="${0}" flock --exclusive --conflict-exit-code=103 --nonblock -- "${0}" "${0}" "${@}"
local -i RET=${?} # Note the return code.
(( RET == 103 )) && RET=0 # 103 means to fail silently, so reset to zero.
exit ${RET} # Exit the script with the correct return code.
fi
} # preventConcurrentRun
#---------------------------------------------------------------------------------------------------
# Send a message to all users currently logged in.
#
# Shown:
# On the console in either &2 if error or &1 if not.
# With notify-send.
# yad, because notify-send doesn't always work.
#
# Parameters
# 1 Message type: "error", "info" or "warning".
# 2 The title of the message.
# 3 The message text.
#---------------------------------------------------------------------------------------------------
function notifyUsers ()
{
local -r MESSAGE_TYPE=${1}
local -r TITLE="${2}"
local -r MESSAGE="${3}"
local WHOLINE # Results from the command "who".
local WHOUSER # The current user.
local WHODISPLAY # The user's display.
# Find all users logged into the X terminal and notify them.
w --short --no-header |
tr --squeeze-repeats ' ' |
grep -E ' tty[0-9]+ ' |
grep -E ' :[0-9]+ ' |
while read WHOLINE
do
# Extract the user and display.
WHOUSER=$( cut --delimiter=' ' --field=1 <<<${WHOLINE} )
WHODISPLAY=:$( cut --delimiter=':' --field=2 <<<${WHOLINE} | cut --delimiter=' ' --field=1 )
# Put the message onto the console, in case we're running from there.
if [[ ${MESSAGE_TYPE} == 'error' ]]
then
echo -e "refreshgrub: ${TITLE}\n${MESSAGE}" >&2
else
echo -e "refreshgrub: ${TITLE}\n${MESSAGE}"
fi
# Send the message to the user. notify-send doesn't work reliably, so we use yad as well.
DISPLAY=${WHODISPLAY} sudo --user=${WHOUSER} notify-send --urgency=critical --icon=${MESSAGE_TYPE} "refreshgrub: ${TITLE}" "$( date +'%F %T' )\n\n${MESSAGE}" 2>/dev/null
DISPLAY=${WHODISPLAY} sudo --user=${WHOUSER} yad --width=400 --image=dialog-${MESSAGE_TYPE} --window-icon=dialog-${MESSAGE_TYPE} --title="refreshgrub: ${TITLE}" --button=OK:0 --text="$( date +'%F %T' )\n\n${MESSAGE}" 2>/dev/null &
done
wall "refreshgrub: ${MESSAGE}" 2>/dev/null # Send the message to all console users.
return 0 # Ignore previous errors.
} # notifyUsers
#---------------------------------------------------------------------------------------------------
# Wait for the current installation process to finish, if not already done.
#---------------------------------------------------------------------------------------------------
function waitForOthers ()
{
local -i NO_DPKG=0 # How long since termination?
# Wait until any other installation has finished running for at least a short while.
while (( NO_DPKG < 5 ))
do
sleep 1s
if pgrep --count --newest --full 'dpkg|grub-mkconfig|update-initramfs|update-grub' >/dev/null
then
NO_DPKG=0 # Still running or restarted.
else
: $(( ++NO_DPKG )) # Increment the counter.
fi
done
} # waitForOthers
#---------------------------------------------------------------------------------------------------
# Refresh Grub.
#---------------------------------------------------------------------------------------------------
function refreshGrub ()
{
reapplyGrubUpdates # Update Grub, initramfs, etc.
local -ir RET=${?} # Note the return value.
# Check for errors and leave a message.
if (( RET ))
then
notifyUsers error 'Grub update failed' 'Grub update failed.\n\nPlease do not restart or shut down until you have manually run the following command, even if the Software Updater asks you restart.\n\nsudo refreshgrub'
exit ${RET} # Return with error.
fi
notifyUsers info 'Grub update succeeded' 'The Grub update has finished.\n\nYou are advised to restart the machine.'
} # refreshGrub
#---------------------------------------------------------------------------------------------------
# Reapply Grub updates.
#---------------------------------------------------------------------------------------------------
function reapplyGrubUpdates ()
{
local -i RET # To hold return codes.
# Copy boot modules to EFI
mkdir --parents /boot/efi/EFI/ubuntu/
RET=${?}
(( RET )) && echo 'Failed to create boot modules folder in EFI.' >&2 && return ${RET}
cp --recursive /boot/grub/x86_64-efi /boot/efi/EFI/ubuntu/
RET=${?}
(( RET )) && echo 'Failed to copy boot modules to EFI.' >&2 && return ${RET}
# Install and repair Grub
grub-install --target=x86_64-efi --uefi-secure-boot --efi-directory=/boot/efi --bootloader=ubuntu --boot-directory=/boot/efi/EFI/ubuntu --recheck /dev/sda
RET=${?}
(( RET )) && echo 'Failed to reinstall Grub.' >&2 && return ${RET}
grub-mkconfig --output=/boot/efi/EFI/ubuntu/grub/grub.cfg
RET=${?}
(( RET )) && echo 'Failed to reconfigure Grub.' >&2 && return ${RET}
# Allow Ubuntu to boot
cd /boot/efi/EFI
RET=${?}
(( RET )) && echo 'Failed to enter /boot/efi/EFI.' >&2 && return ${RET}
[[ -d Boot ]] && rm --force --recursive Boot-backup && mv Boot Boot-backup
RET=${?}
# Ignore error code 1.
(( RET > 1 )) && echo 'Failed to enter /boot/efi/EFI.' >&2 && return ${RET}
# Prepare initramfs
update-initramfs -ck all
RET=${?}
(( RET )) && echo 'Failed to prepare initrafms.' >&2 && return ${RET}
return 0 # Because of "(( ... ))".
} # reapplyGrubUpdates
####################################################################################################
# MAIN SCRIPT CONTROL
####################################################################################################
initialise # Set up the script.
refreshGrub # Do the work and let the user know.
That's why we have the script /usr/local/sbin/refreshgrub, to refresh Grub and initramfs properly.
Have you tried and run that script?
Code:
sudo sh /usr/local/sbin/refreshgrub
to fix the problem.
are these installed?
Quote:
Requires the following packages to be installed.
# incron
# libnotify-bin
# yad
#
The other option is to move the original /EFI/ubuntu/grub.cfg back in place and manually edit the original/EFI/ubuntu/grub.cfg windows menu to what it needs to be. you will most likely have to do it again with any kernel updates to ubuntu.
Another thought, if
Code:
sudo update-grub
is creating the correct grub.cfg in /boot/grub/grub.cfg, copy it to /EFI/ubuntu/grub.cfg
Last edited by colorpurple21859; 01-23-2019 at 12:16 PM.
dusf@contraption:~$ sudo sh /usr/local/sbin/refreshgrub
[sudo] password for dusf:
/usr/local/sbin/refreshgrub: 34: /usr/local/sbin/refreshgrub: Syntax error: "(" unexpected
I know that some updates, or certain changes to my system trigger the script, so I tried switching my graphics driver to Nouveau and then back to nvidia-driver-415, but this did not trigger the usual popup warnings about being fixed. Despite this I rebooted, and pressed 'e' on the Windows entry, and I can see it has changed to not have the line \EFI\VeraCrypt\DcsBoot.efi, and although this still does not work, if I change the three \ to / it does work (even though for Windows they must be \).
I am not sure what triggered the update to the actual menuentry, I edited /etc/grub.d/40_custom to use forwardslashes instead of backslashes, and then tried the script with the same command again, and the output was the same, and I then switched to Nouveau and then back to Nvidia just incase again but this made no change.
When I logged back in again, I opened grub-customiser, which threw errors. Note the errors directly references the 40_custom file, screenshot attached.
I noticed on my other computer, my laptop, which has the same dual boot Ubuntu ManualFullSystemEncryption setup, albeit without VeraCrypt configured for Windows yet, 40_custom has the following text:
Code:
dusf@apparatus:~$ cat /etc/grub.d/40_custom
#!/bin/sh
exec tail -n +3 $0
# This file provides an easy way to add custom menu entries. Simply type the
# menu entries you want to add after this comment. Be careful not to change
# the 'exec tail' line above.
Comparing that to my desktop, the system that has the issue with the menuentry:
Code:
dusf@contraption:~$ cat /etc/grub.d/40_custom
menuentry "Windows Boot Manager (on /dev/sda1)" --class windows --class os $menuentry_id_option 'osprober-efi-E625-C979' {
insmod part_gpt
insmod fat
set root='hd0,gpt1'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 E625-C979
else
search --no-floppy --fs-uuid --set=root E625-C979
fi
chainloader /EFI/VeraCrypt/DcsBoot.efi
}
I tried the script again but it output the same error. On reboot The backslashes in the Windows menuentry were still the wrong way around, so I had a closer look at /boot/grub/grub.cfg, and I could see that the Windows entry was now instead under the commented lines:
Code:
### BEGIN /etc/grub.d/LS_custom ###
# This file provides an easy way to add custom menu entries. Simply type the
# menu entries you want to add after this comment. Be careful not to change
# the 'exec tail' line above.
I expected to find the Windows menuentry in LS_custom, but instead there was some reference to another file /etc/grub.d/proxifiedScripts/custom - I cannot post the reference, as since rebooting, although the correct working menuentry is still under the same commented lines in grub.cfg, the LS_custom file no longer exists?
In /etc/grub.d/proxifiedScripts/custom I found my Windows menu entry, which although references the VeraCrypt Bootloader, had the backslashes the wrong way around. I corrected this, and ran the script, this time without sh, and it did not throw an error:
Code:
daire@contraption:~$ cat /etc/grub.d/proxifiedScripts/custom
#!/bin/sh
exec tail -n +3 $0
# This file provides an easy way to add custom menu entries. Simply type the
# menu entries you want to add after this comment. Be careful not to change
# the 'exec tail' line above.
menuentry "Windows Boot Manager (on /dev/sda1)" --class windows --class os $menuentry_id_option 'osprober-efi-E625-C979' {
insmod part_gpt
insmod fat
set root='hd0,gpt1'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 E625-C979
else
search --no-floppy --fs-uuid --set=root E625-C979
fi
chainloader /EFI/VeraCrypt/DcsBoot.efi
}
Code:
sudo /usr/local/sbin/refreshgrub
On reboot, Windows now correctly loads the VeraCrypt Bootloader.
I am glad it is now working, although I am left unsure what caused the issue to begin with, and if what I have done will prevent it recurring in future. Also, is it okay that my menuentry is in that custom file seems to be generated from the custom file in proxifiedScripts rather than 40_custom?
Also, is it okay that my menuentry is in that custom file seems to be generated from the custom file in proxifiedScripts rather than 40_custom?
If i had to guess I would say yes since you didn't have a 40_custom originally and had to create it and your using refreshgrub to update your grub.cfg file instead of grub-update.
Quote:
I am glad it is now working, although I am left unsure what caused the issue to begin with,
Hard to say what really happened, but at least you got it working again.
I'm not sure what the cause of your problem was initially by I would agree that not having a 40_custom file in /etc/grub.d was unusual, to say the least. I've never seen a system with Grub2 that did not have it.
Quote:
chainloader \EFI\VeraCrypt\DcsBoot.ef
Unusual that the entry above which you showed in posts 1 and 3 had backward slashes in grub.cfg rather than forwar slashes although later it shows correctly. Not sure how that would have happened.
Ubuntu has two grub.cf files. One is in the EFI/ubuntu directory which you posted in your post 9 above. You can see by looking at that file that there are no menuentries in it. The menuentries used are in the /boot/grub/grub.cfg file on the Ubuntu root partition. Strange thing about it is that it is pointing to itself which won't work. It should be pointing to the grub.cfg file on the Ubuntu partition. An example from a working Ubuntu below shows the grub.cfg file in the EFI/ubuntu directory and in the example below it points to the Ubuntu system on sda6 (Hd0,gpt6) with the uuid of sda6.
When you update grub you need to update the grub.cfg file on your system partition not in the EFI partition as you were doing in post 8.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.