Once upon a time, Robbie Harwood <rharwood(a)redhat.com> said:
So: if you install Windows and set up Bitlocker booting through grub,
will continue to work through grub. If you install Windows outside grub
(or it's pre-provisioned), it will continue to work outside grub. If
you want to move from not using grub to using grub, then Bitlocker needs
to be reestablished with the new TPM values.
Aside from this not covering what is likely the most common case of
installing Linux on a computer that had Windows pre-installed (as Adam
pointed out)... is there any documentation on how to fix a pre-existing
Windows install that is broken by booting grub?
Also: if I understand the TPM measured boot methodology correctly, this
exposes the Windows install to being lost when grub is updated, because
there's no way for the Linux system updating grub to update the Windows
stored hash. Users would have to have their Bitlocker recovery key at
the ready (and know how to use it) BEFORE any potential grub update.
We really need grub to support setting the UEFI BootNext value; it's the
safest and sanest way to boot Windows with the least impact. Is there a
technical reason grub should _not_ do this?
I guess an alternative if grub devs refuse to support this would be a
stand-alone UEFI executable that could set BootNext and reboot.
Chris Adams <linux(a)cmadams.net>