Two EFI boot partitions on two disks

I have an ACER V3-771G-9809 laptop, recently purchased. It comes with Windows 8 pre-installed on a 1 TB disk (/dev/sda) and UEFI Secure Boot is specified in the BIOS. I installed a second 1TB disk (/dev/sdb) and did a new 12.3 install from a DVD that I burned from the ISO image. I have some continuing graphics issues with the 12.3 install, but I do have a working installation. However, before the install I could boot to Windows 8, and after, even though there is a Windows entry in the Grub2 menu, selecting it produces no response. Looking at the partitioner I see that there is an EFI boot partition on both disks: /dev/sda2 and /dev/sdb1… Is this supposed to have occurred? And is it a/the problem? I have the impression from reading the posting on

https://en.opensuse.org/openSUSE:UEFI

, that there should be a single EFI boot partition, the original one on /dev/sda2. My grub.cfg file on /boot/grub2 shows

#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub2-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#                                                                                                                                                             
                                                                                                                                                              
### BEGIN /etc/grub.d/00_header ###                                                                                                                           
if  -s $prefix/grubenv ]; then                                                                                                                               
  load_env                                                                                                                                                    
fi                                                                                                                                                            
set default="${saved_entry}"                                                                                                                                  
                                                                                                                                                              
if  x"${feature_menuentry_id}" = xy ]; then                                                                                                                  
  menuentry_id_option="--id"                                                                                                                                  
else                                                                                                                                                          
  menuentry_id_option=""                                                                                                                                      
fi                                                                                                                                                            
                                                                                                                                                              
export menuentry_id_option                                                                                                                                    

if  "${prev_saved_entry}" ]; then
  set saved_entry="${prev_saved_entry}"
  save_env saved_entry
  set prev_saved_entry=
  save_env prev_saved_entry
  set boot_once=true
fi

function savedefault {
  if  -z "${boot_once}" ]; then
    saved_entry="${chosen}"
    save_env saved_entry
  fi
}

function load_video {
  if  x$feature_all_video_module = xy ]; then
    insmod all_video
  else
    insmod efi_gop
    insmod efi_uga
    insmod ieee1275_fb
    insmod vbe
    insmod vga
    insmod video_bochs
    insmod video_cirrus
  fi
}

if  x$feature_default_font_path = xy ] ; then
   font=unicode
else
insmod part_gpt
insmod ext2
set root='hd1,gpt3'
if  x$feature_platform_search_hint = xy ]; then
  search --no-floppy --fs-uuid --set=root --hint-bios=hd1,gpt3 --hint-efi=hd1,gpt3 --hint-baremetal=ahci1,gpt3  cf6af60c-557e-46bf-b4e5-9da2556bd73e
else
  search --no-floppy --fs-uuid --set=root cf6af60c-557e-46bf-b4e5-9da2556bd73e
fi
    font="/usr/share/grub2/unicode.pf2"
fi

if loadfont $font ; then
  set gfxmode=auto
  load_video
  insmod gfxterm
  set locale_dir=$prefix/locale
  set lang=POSIX
  insmod gettext
fi
terminal_output gfxterm
insmod part_gpt
insmod ext2
set root='hd1,gpt3'
if  x$feature_platform_search_hint = xy ]; then
  search --no-floppy --fs-uuid --set=root --hint-bios=hd1,gpt3 --hint-efi=hd1,gpt3 --hint-baremetal=ahci1,gpt3  cf6af60c-557e-46bf-b4e5-9da2556bd73e
else
  search --no-floppy --fs-uuid --set=root cf6af60c-557e-46bf-b4e5-9da2556bd73e
fi
insmod gfxmenu
loadfont ($root)/boot/grub2/themes/openSUSE/DejaVuSans-Bold14.pf2
loadfont ($root)/boot/grub2/themes/openSUSE/DejaVuSans10.pf2
loadfont ($root)/boot/grub2/themes/openSUSE/DejaVuSans12.pf2
loadfont ($root)/boot/grub2/themes/openSUSE/ascii.pf2
insmod png
set theme=($root)/boot/grub2/themes/openSUSE/theme.txt
export theme
if  x${boot_once} = xtrue ]; then
  set timeout=0
elif sleep --interruptible 0 ; then
  set timeout=20
fi
### END /etc/grub.d/00_header ###

### BEGIN /etc/grub.d/10_linux ###
menuentry 'openSUSE 12.3' --class 'opensuse-12-3' --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-simple-cf6af60c-557e-46bf-b4e5-9da2556bd73e' {
        load_video
        set gfxpayload=keep
        insmod gzio
        insmod part_gpt
        insmod ext2
        set root='hd1,gpt3'
        if  x$feature_platform_search_hint = xy ]; then
          search --no-floppy --fs-uuid --set=root --hint-bios=hd1,gpt3 --hint-efi=hd1,gpt3 --hint-baremetal=ahci1,gpt3  cf6af60c-557e-46bf-b4e5-9da2556bd73e
        else
          search --no-floppy --fs-uuid --set=root cf6af60c-557e-46bf-b4e5-9da2556bd73e
        fi
        echo    'Loading Linux 3.7.10-1.1-desktop ...'
        linuxefi /boot/vmlinuz-3.7.10-1.1-desktop root=UUID=cf6af60c-557e-46bf-b4e5-9da2556bd73e ro   quiet splash=silent
        echo    'Loading initial ramdisk ...'
        initrdefi /boot/initrd-3.7.10-1.1-desktop
}
submenu 'Advanced options for openSUSE 12.3' $menuentry_id_option 'gnulinux-advanced-cf6af60c-557e-46bf-b4e5-9da2556bd73e' {
        menuentry 'openSUSE 12.3, with Linux 3.7.10-1.1-desktop' --class 'opensuse-12-3' --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-3.7.10-1.1-desktop-advanced-cf6af60c-557e-46bf-b4e5-9da2556bd73e' {
                load_video
                set gfxpayload=keep
                insmod gzio
                insmod part_gpt
                insmod ext2
                set root='hd1,gpt3'
                if  x$feature_platform_search_hint = xy ]; then
                  search --no-floppy --fs-uuid --set=root --hint-bios=hd1,gpt3 --hint-efi=hd1,gpt3 --hint-baremetal=ahci1,gpt3  cf6af60c-557e-46bf-b4e5-9da2556bd73e
                else
                  search --no-floppy --fs-uuid --set=root cf6af60c-557e-46bf-b4e5-9da2556bd73e
                fi
                echo    'Loading Linux 3.7.10-1.1-desktop ...'
                linuxefi /boot/vmlinuz-3.7.10-1.1-desktop root=UUID=cf6af60c-557e-46bf-b4e5-9da2556bd73e ro   quiet splash=silent
                echo    'Loading initial ramdisk ...'
                initrdefi /boot/initrd-3.7.10-1.1-desktop
        }
        menuentry 'openSUSE 12.3, with Linux 3.7.10-1.1-desktop (recovery mode)' --class 'opensuse-12-3' --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-3.7.10-1.1-desktop-recovery-cf6af60c-557e-46bf-b4e5-9da2556bd73e' {
                load_video
                set gfxpayload=keep
                insmod gzio
                insmod part_gpt
                insmod ext2
                set root='hd1,gpt3'
                if  x$feature_platform_search_hint = xy ]; then
                  search --no-floppy --fs-uuid --set=root --hint-bios=hd1,gpt3 --hint-efi=hd1,gpt3 --hint-baremetal=ahci1,gpt3  cf6af60c-557e-46bf-b4e5-9da2556bd73e
                else
                  search --no-floppy --fs-uuid --set=root cf6af60c-557e-46bf-b4e5-9da2556bd73e
                fi
                echo    'Loading Linux 3.7.10-1.1-desktop ...'
                linuxefi /boot/vmlinuz-3.7.10-1.1-desktop root=UUID=cf6af60c-557e-46bf-b4e5-9da2556bd73e ro  showopts apm=off noresume edd=off powersaved=off nohz=off highres=off processor.max_cstate=1 nomodeset x11failsafe
                echo    'Loading initial ramdisk ...'
                initrdefi /boot/initrd-3.7.10-1.1-desktop
        }
}

### END /etc/grub.d/10_linux ###

### BEGIN /etc/grub.d/20_linux_xen ###
### END /etc/grub.d/20_linux_xen ###

### BEGIN /etc/grub.d/20_memtest86+ ###
### END /etc/grub.d/20_memtest86+ ###

### BEGIN /etc/grub.d/20_ppc_terminfo ###
### END /etc/grub.d/20_ppc_terminfo ###

### BEGIN /etc/grub.d/30_os-prober ###
menuentry 'Windows Boot Manager (on /dev/sda2)' --class windows --class os $menuentry_id_option 'osprober-efi-CCD7-9020' {
        insmod part_gpt
        insmod fat
        set root='hd0,gpt2'
        if  x$feature_platform_search_hint = xy ]; then
          search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2  CCD7-9020
        else
          search --no-floppy --fs-uuid --set=root CCD7-9020
        fi
        chainloader /efi/Microsoft/Boot/bootmgfw.efi
}
### END /etc/grub.d/30_os-prober ###

### BEGIN /etc/grub.d/40_custom ###
# This file provides an easy way to add custom menu entries.  Simply type the
# menu entries you want to add after this comment.  Be careful not to change
# the 'exec tail' line above.
### END /etc/grub.d/40_custom ###

### BEGIN /etc/grub.d/41_custom ###
if  -f  ${config_directory}/custom.cfg ]; then
  source ${config_directory}/custom.cfg
elif  -z "${config_directory}" -a -f  $prefix/custom.cfg ]; then
  source $prefix/custom.cfg;
fi
### END /etc/grub.d/41_custom ###

### BEGIN /etc/grub.d/90_persistent ###
### END /etc/grub.d/90_persistent ###

and the last menu entry does point to /dev/sda2 which is the EFI boot partition of the Windows installation.

I am not exactly heartbroken that I can’t boot to Windows, but since it is there, I might as well have access to it should the unlikely event occur that I, or someone else, needs it. I am also prepared to do a re-install of 12.3 if I mangled the options there and produced this problem. Thanks.

Your install looks good.

I have a similar setup.

If you had used only a single EFI partition, you might have had more serious problems such as being able to boot Windows but not opensuse. Having a separate EFI partition for opensuse is good.

I’m a bit surprised that you have no response from booting Windows 8. I get an obscure error message which seems to come from Windows.

I’m not sure about the details of your ACER system. With my Dell system, I can hit F12 during boot, and there I can select either Windows or opensuse, with opensuse as the default. It boots properly that way.

You should be able to disable secure-boot in your BIOS. If you do that, then boot to Windows should work.

If you keep secure-boot, then as root, in your linux install, you should be able to type:


# efibootmgr

and the output should tell you the bootable systems. For my system, it lists Windows as 00 and opensuse as 04. If I then enter the command:


# efibootmgr -n 0

that forces the next boot to be from bootable system 0, and Windows will come up on reboot.

The problem that I think you are having is documented in Bug 809038. I am currently testing a fix, which seems to work. I have no idea when the fix will be pushed out as an update.

I have this problem in 12.2, grub seems to be incapable of cross-disk booting. You must have a single EFI partition.

I’m using the bios boot menu to select the OS (both systems should show up in the boot menu) as a work-around.

I tried the efibootmgr command and yes, it showed three systems: opensuse-secure, opensuse, and windows. Disabling secure boot on this machine is not simply a matter of changing an option in the BIOS. There are two fields: one gives the choice between Legacy BIOS and UEFI, and the other is the choice of Enabled or Disabled for Secure Boot. They are (sort of) linked together. The procedure that produces UEFI with Secure Boot Disabled is:

  1. Select Legacy BIOS. Restart, and get nothing bootable.
  2. Restart, hit F2 to get into the BIOS, boot options shows Legacy BIOS, Secure Boot Disabled
  3. Change Legacy BIOS to UEFI. Secure Boot Disabled still shows.
  4. Reboot, hit F2, boot options shows UEFI, Secure Boot Disabled
  5. Exit BIOS, machine boots directly to Windows, no grub2 menu.

If I want to return to UEFI, Secure Boot Enabled, I have to choose Setup Defaults in the BIOS, which returns the machine to how I received it. And of course, the 12.3 install is inaccessible.

So I confess I am totally confused by the whole UEFI Secure Boot controversy. I could care less about Secure Boot, but I thought it was necessary for Windows to run, or is it that when Secure Boot is enabled, the hardware checks that the Windows binary is correctly signed, and when it is disabled it does not check and just loads it? I had fiddled with the BIOS when I got the machine originally and figured out how to disable secure boot and obviously Windows still runs, but when I did a 12.3 install in this configuration I never even got a grub menu, so that is not an option. Thanks to a previous poster I did check to see if I could get a boot menu using F12. The BIOS allows such an option, and I enabled it, but so far to no result.

Unfortunately, during this fiddling with the BIOS options I did not write down some other information, particularly the boot order listed. When I started with the working 12.3 install, but inaccessible Windows 8, my memory was that the CD-ROM was first, the Windows Boot Manager was listed second, the second hard disk (HDD1) listed third, opensuse-secure listed fourth, and then I forget. What is sure is that every time I changed the BIOS boot options, this order changed and various entries disappeared, and/ or shifted, including both the Windows Boot Manager and opensuse-secure. In the Default configuration Windows Bootmanager comes first, then HDD0:, HDD1:, ATAPI CDROM: and so forth. At this point it looks like I need to do another 12.3 install and just see what happens.

You should be able to change the BIOS boot order with “efibootmgr” (check the man page).

If you cannot get into your 12.3 system, then try booting the rescue CD in UEFI mode, to get access to “efibootmgr”.

Your BIOS sounds a bit more restrictive than mine.

No, it isn’t.
It is requested by Microsoft for PC systems or laptops/notebooks that come along with a pre-installed windows 8.
As far as I know, windows 8, despite of that, will boot fine in non-secure boot mode.

Right.

And if a Linux system like openSUSE is to be booted, that then (i.e. in secure boot mode) is checked just as well.

Sorry everybody,

the term non-secure boot mode should rather read
non-SecureBoot mode,
making clear that “SecureBoot” is a name of a product,
instead of a description of sth. real.
Bad game.

Yes, it will, and I have booted it that way.

I did a re-install of 12.3 after setting the BIOS to Setup Defaults, so UEFI, Secure Boot Enabled. As root, I type efibootmgr and get output:

Bootcurrent 0003
Timeout 2 seconds
BootOrder 0003,0002,0001,0000
Boot0000* Windows Boot Manager
Boot0001* ATAPI CDROM
Boot0002* opensuse
Boot0003* opensuse-secure

If I now restart, hit F2 to enter the BIOS, the boot priority there is

  1. ATAPI CDROM
  2. Windows Boot Manager
  3. opensuse-secureboot
  4. HDD1:
  5. USB FDD
  6. NetworkBoot-IPV4

and three more entries. So I understand from this that there is a difference between boot priority and boot order, but I am not sure what the relation between the two is. I would have said boot priority is more hardware related, but then that doesn’t square with Windows Boot Manager and opensuse-secure appearing. I note that ATAPI CDROM also inexplicably shifts down several entries in the boot priority list after several subsequent reboots. This is certainly a new feature(?). After the install I am back to where I started: on boot I get the Grub2 menu with three choices: OpenSuSE 12.3, Advanced Options, Windows. If I choose OpenSuSE 12.3 I boot to my new install; if I choose Windows I get a blank screen.

What I did discover after the new install is that hitting F12 at the POST now does bring up a boot menu, with the choices:

  1. Windows Boot Manager
  2. opensuse-secure
  3. opensuse

If I choose Windows Boot Manager from this menu I boot direct to Windows, no Grub2 menu. If I choose opensuse-secure I go to the Grub2 menu, with the same results as before. If I choose opensuse I get a text box saying:

“opensuse has been blocked by the current security policy”

So I have a workaround at this point using the F12 Boot Options menu in the BIOS, but the Grub2 menu item for Windows remains broken. This is not how I prefer to operate, but in lieu of another solution, I guess I will just have to be patient while more of the bugs in the UEFI boot situation get worked out. Thanks for the advice.

This is how it worked for me until recently.

It now works (for me) the way that you want, mainly because I am testing a fix for the problem. This is from Bug 809038.

I advise waiting for the update to come through. The most recent comments in that bug report indicate that it has been submitted. I do not know how long the process will take.

Based on your “efibootmgr” output, if you were to enter the command (as root):


# efibootmgr -n 0

then when you next boot, you would go straight into Windows without seeing a grub menu.