Ubuntu – Boot into GRUB from Windows boot manager in UEFI dual boot configuration

dual-bootgrub2uefi

TL;DR

It's not possible to add Grub boot entry in Windows Boot Manager.
But something similar can be achieved using a third party boot manager like Rod Smith's rEFInd.
Installation steps are well explained in this gist
But Acer laptops (tested on 3 Acers) apparently forgets boot entries and only windows boot manager loads despite refind/grub is present in ESP.
Acer laptop's UEFI menu has two hidden settings that become available only when you set a password for the UEFI menu. You can then mark any third party boot manager as TRUSTED without signing the boot manager with RSA key (as shown in the gist and many other places). You can disable secure boot too if a password is set. If UEFI is enabled, only TRUSTED boot managers are loaded by UEFI and all others are ignored because of which only windows boots and we incorrectly think UEFI forgets boot entries.
An alternative is to disable UEFI but why lower the security ourselves when there is a solution?

The long story

My old laptop used MBR scheme and I was able to install grub on Ubuntu's partition (not on MBR) and then added a boot entry for grub in Windows boot manager.
This enabled me to keep windows boot manager as well as grub.

My new laptop came with Windows 10 pre-installed with UEFI.
I installed Ubuntu Gnome 17.04 with the following partitioning-

/boot ext4 1GB
/ (root) ext4 25GB
/home ext4 400GB

I thought this will install grub on /boot (It might have, I don't know)

Installation was successful

I rebooted into Windows and ran EasyBCD 2.3 (latest) to add a boot entry for grub in windows boot manager.
But that option was greyed out. EasyBCD say that because I have secure boot enabled some features are not supported. I can see option for adding a boot entry for another Windows OS but the same options are greyed out for linux OSes.

I want to keep both Windows boot manager and GRUB but on separate partitions so that I can goto GRUB from Windows boot manager as I did in my old laptop.

Why?

  1. I plan to upgrade to 18.04 LTS and/or update OS shipped kernel to mainline kernel
  2. The GRUB screen is quite scary for my siblings who also use my laptop

Update 1: UEFI boot menu (from F12 key) shows only one entry which is for Windows. If grub is present in /boot or /EFI/Ubuntu it should show up in boot menu.
I have tried reinstalling without a /boot partition but still no luck.

Edit: It's Acer V3-574G-54VY running on i5-5200U. System Information shows-

BIOS Version : Insyde Corp V1.35, 30-11-2015
BIOS Mode : UEFI

It came with UEFI firmware ("BIOS Version" in System Information) V1.1. I updated it to V1.35 two months ago.

Update 2: I followed @RodSmith 's blog and fixed grub not being shown in UEFI boot menu using efibootmgr. I am now using GRUB (via shim with SecureBoot Enabled) as the default bootloader. But my question is still unanswered. How do I add Grub/Ubuntu bootloader entry to Windows Boot Manager? Does Windows Boot Manager support such configuration? I am in doubt now because when Windows Boot Manager was default, it deleted GRUB boot entry in EFI at every boot.

Another thing worth noting, I did not disable fast startup in Windows probably because of it Ubuntu installer could not install GRUB (or it installed grub but Windows Boot Manager that loaded first because of fast startup, removed it at boot)

Update 3: I rebooted to Windows and it deleted GRUB boot entry and made itself default again. Now I m back to where I was.

Update 4: I configured boot order from Windows bcdedit and now the boot order persists across boots. I had to disable secure boot. Secure Boot toggle is ungreyed after setting Supervisor password in UEFI. I have to enter that password everytime I goto UEFI menu. This probably implies it would be impossible for any app to modify UEFI settings when Secure Boot is disabled. I don't think my UEFI is buggy, it's quite advanced and more secure than other vendors

Best Answer

You should first be aware that modern EFI-based computers boot in entirely different ways from older BIOS-based computers. I suspect you're laboring under incorrect BIOS-mode mental models, which is leading you astray. I recommend reading:

That's admittedly a long reading list. If you have time for just one, I'd go with the first, or possibly the second. The third and fourth are more practical tutorial on installation, but you've already got a working system, albeit one that's not working in quite the way you want.

Of particular importance for this discussion, under EFI, boot loaders are stored as ordinary files in the EFI System Partition (ESP). The boot loader to be launched by default is stored in NVRAM, which can be displayed by sudo efibootmgr -v in Ubuntu, and modified with other options to efibootmgr. (Type man efibootmgr for details, in the usual terse manpage style.) Your /boot partition holds Linux kernels, GRUB configuration and support files, and a few other boot-related tools; but the main GRUB binary, grubx64.efi, is stored on the ESP, which is mounted at /boot/efi in Ubuntu.

That out of the way, Windows requires the Windows boot loader, and Ubuntu requires a Linux boot loader. The latter is GRUB 2 by default, but can be any of several other EFI boot loaders for Linux. The task of a boot loader is to load an OS kernel into memory and start it running.

A boot manager, OTOH, displays a menu or otherwise provides a way for a user to select what OS to launch. GRUB and the Windows boot loader both provide boot manager functions as well as boot loader functions; but there are programs that provide boot loader functions only or boot manager functions only. In fact, all EFIs provide some sort of boot manager, although in some cases it's so primitive that it's useless.

I've heard that it's possible to configure the Windows boot manager to launch GRUB, even in EFI mode; but I don't know the details of how to do this. You might ask about it on a Windows forum if you want to investigate this approach.

Another alternative, if you don't like the GRUB UI, is to look into another boot manager. For something that's non-intimidating once configured, my own rEFInd boot manager may be to your liking. It presents a graphical view (although it's still keyboard-driven), so it's likely to be less intimidating than the text-mode GRUB. You might want to tweak rEFInd's configuration once it's installed. See its configuration and Secure Boot documentation in particular.