Linux - Add windows 11 entry in Grub the secure way
Introduction
You have a linux machine runing grub ? you installed windows 11 but it is not displayed in the Grub menu at boot?
If you are like me in a situation where you have to systematically press F12 in the boot menu of the bios to select which “drive” you want to use to select your OS :) then this article is for you!
How
1) Boot on your linux installation as usual, start a terminal and run: sudo os-prober (Install it if necessary)
The output will be something simiar to this:
➜ ~ sudo os-prober
/dev/nvme0n1p1@/efi/Microsoft/Boot/bootmgfw.efi:Windows Boot Manager:Windows:efi
2) Retrieve the UUID of the EFI partition
sudo blkid /dev/nvme0n1p1 (Replace nvme0n1p1 with the correct partition you retrieved at step 1)
sudo blkid /dev/nvme0n1p1
/dev/nvme0n1p1: UUID="1212-1FF1" BLOCK_SIZE="512" TYPE="vfat" PARTLABEL="EFI system partition" PARTUUID="ffffff00-07ff-4bff-9bff-fcffffff13c3"
UUID=”1212-1FF1”
3) Customize grub the correct way
To customize grub the proper way we will simply declare custom configuration. That’s great because that’s exactly what /etc/grub.d/40_custom is for :)
sudo nano /etc/grub.d/40_custom
And then at the end of the file we will add the new entry:
menuentry 'Windows 11' {
search --fs-uuid --set=root <UUID>
chainloader (${root})/EFI/Microsoft/Boot/bootmgfw.efi
}
Replace
Save the changes in the file
4) Remove write permissions
sudo chmod o-w /etc/grub.d/40_custom
5) Regenerate grub.cfg including your overrided changes
sudo update-grub if you have it on your distrib, otherwise the full command:
sudo grub-mkconfig -o /boot/grub/grub.cfg
6) (Optional) Check the generated file
you can see if your changes are now included if you run sudo cat /boot/grub/grub.cfg | grep "Windows 11"
7) Reboot
reboot and see if it work :)
Why doing it this way ?
Some answers propose to enable os-prober (disabled by default). It would automatically add entries for detected systems (convenient). But disabled for security reasons by default (up to you) https://forum.manjaro.org/t/grub2-secure-boot-bypass-and-other-issues-update-highly-recommended/57280
Some answers propose to edit directly the /boot/grub/grub.cfg file, but take care, this file is generated by commands by the system. So basically if you go put your fingers there… you take the risk to have your custom changes being overrided.
There is a simple way to customize grub via custom file extra for that purpose let’s use it :) /etc/grub.d/40_custom
References
- https://bbs.archlinux.org/viewtopic.php?pid=2006988#p2006988
- https://askubuntu.com/a/1425651
Author:svermeille for CookieCode
(CC BY-NC-SA 4.0 license)
title:《 Linux - Add windows 11 entry in Grub the secure way 》
permalink:https://cookiecode.dev/linux/linux-add-windows-11-entry-in-grub-the-secure-way.html
Contents
- Introduction
- How
- 1) Boot on your linux installation as usual, start a terminal and run:
sudo os-prober(Install it if necessary) - 2) Retrieve the UUID of the EFI partition
- 3) Customize grub the correct way
- 4) Remove write permissions
- 5) Regenerate grub.cfg including your overrided changes
- 6) (Optional) Check the generated file
- 7) Reboot
- 1) Boot on your linux installation as usual, start a terminal and run:
- Why doing it this way ?
- References
Developer Advocate, enthusiast attracted by Clean Code concepts and keeping code enjoyable to work with :)
