Discussion:
How to protect my efi boot loader.
(too old to reply)
Big Al
2024-09-13 21:39:01 UTC
Permalink
I triple boot. Windows 11, Mint 21.3, and Zorin OS.

I have no issues with the first two, but Zorin just loaded a new kernel and I'll take a wild stab,
but it wrote the boot loader to the EFI and blew away my Mint loader.

I have an easy fix for it, but I have to take the time to do it, and I wish I could find a way to
stop Zorin, or any other linux system (as ubuntu did it once to me too).

Any flag or setting to prevent this?
--
Linux Mint 21.3, Cinnamon 6.0.4, Kernel 5.15.0-121-generic
Al
azigni
2024-09-14 00:46:49 UTC
Permalink
Not that I am a wizard so this may be an ID10T fix. I used to use
separate drives for each one so each one had its own efi area to write to.
I only dual boot now, so things may have changed since then.
Paul
2024-09-14 02:34:56 UTC
Permalink
I triple boot.   Windows 11, Mint 21.3, and Zorin OS.
I have no issues with the first two, but Zorin just loaded a new kernel and I'll take a wild stab, but it wrote the boot loader to the EFI and blew away my Mint loader.
I have an easy fix for it, but I have to take the time to do it, and I wish I could find a way to stop Zorin, or any other linux system (as ubuntu did it once to me too).
Any flag or setting to prevent this?
My guess is, that it is just your luck that Zorin, Ubuntu, and Mint,
share the *same* folder in /EFI :-) That's why this happened. If you
were running OpenSuse, Gentoo, ArchLinux, they would all have their
own private folders and would not trash your Mint for example.

Zorin thought it was patching its own materials, and did not realize
it shares the apartment with two room mates.

Windows has the one folder for W10 and W11 of course, but those
are likely to be aligned.

Mayayana reports that his dual boot Win10/OpenSUSE, the last Patch Tuesday
either revoked a certificate in the key store, or it had something to do
with one of the other storage areas, and it prevented OpenSUSE from booting.

I tested that. Set up a machine for it, but it is pretty hard to do a good
job on the setup. I updated the BIOS on the computer, before the experiment
started, and that seemed to ruin the experiment, and after Patch Tuesday,
everything still booted.

You have to get the vintage of things "just right", to end up
with "severe tire damage" :-) And with the BIOS upgrade, it does not say
what evil it is up to. The release notes are pretty dumb.

It's too bad, that such a "well thought out" new BIOS scheme, does not
have methods available for doing a better job when OSes are in transition
with their certificates and shims.

Paul
Big Al
2024-09-14 13:32:00 UTC
Permalink
Post by Paul
I triple boot.   Windows 11, Mint 21.3, and Zorin OS.
I have no issues with the first two, but Zorin just loaded a new kernel and I'll take a wild stab, but it wrote the boot loader to the EFI and blew away my Mint loader.
I have an easy fix for it, but I have to take the time to do it, and I wish I could find a way to stop Zorin, or any other linux system (as ubuntu did it once to me too).
Any flag or setting to prevent this?
My guess is, that it is just your luck that Zorin, Ubuntu, and Mint,
share the *same* folder in /EFI :-) That's why this happened. If you
were running OpenSuse, Gentoo, ArchLinux, they would all have their
own private folders and would not trash your Mint for example.
Zorin thought it was patching its own materials, and did not realize
it shares the apartment with two room mates.
Windows has the one folder for W10 and W11 of course, but those
are likely to be aligned.
Mayayana reports that his dual boot Win10/OpenSUSE, the last Patch Tuesday
either revoked a certificate in the key store, or it had something to do
with one of the other storage areas, and it prevented OpenSUSE from booting.
I tested that. Set up a machine for it, but it is pretty hard to do a good
job on the setup. I updated the BIOS on the computer, before the experiment
started, and that seemed to ruin the experiment, and after Patch Tuesday,
everything still booted.
You have to get the vintage of things "just right", to end up
with "severe tire damage" :-) And with the BIOS upgrade, it does not say
what evil it is up to. The release notes are pretty dumb.
It's too bad, that such a "well thought out" new BIOS scheme, does not
have methods available for doing a better job when OSes are in transition
with their certificates and shims.
Paul
This is about the 7th time the EFI has been written over. I did a bit of research after #2, and
found as you said that several OS use the same name 'ubuntu' for their folder. Gave a good reason
but, not a well thought out reason as you say, still it told me what I needed.

That's why I backed up the EFI for replacement. I always boot into Mint and let that grub send me
anywhere I want to go, so I could care less about restoring the EFI and reverting from Zorin's
folder back to Mint's.

I guess life is as it is. Thanks.
--
Linux Mint 21.3, Cinnamon 6.0.4, Kernel 5.15.0-121-generic
Al
Loading...