What is the difference between grubx64 and shimx64?

dual-boot grub2 refit
88,331

Typically, EFI/ubuntu/grubx64.efi on the EFI System Partition (ESP) is the GRUB binary, and EFI/ubuntu/shimx64.efi is the binary for shim. The latter is a relatively simple program that provides a way to boot on a computer with Secure Boot active. On such a computer, an unsigned version of GRUB won't launch, and signing GRUB with Microsoft's keys is impossible, so shim bridges the gap and adds its own security tools that parallel those of Secure Boot. In practice, shim registers itself with the firmware and then launches a program called grubx64.efi in the directory from which it was launched, so on a computer without Secure Boot (such as a Mac), launching shimx64.efi is just like launching grubx64.efi. On a computer with Secure Boot active, launching shimx64.efi should result in GRUB starting up, whereas launching grubx64.efi directly probably won't work.

Note that there's some ambiguity possible. In particular, if you want to use a boot manager or boot loader other than GRUB in a Secure Boot environment with shim, you must call that program grubx64.efi, even though it's not GRUB. Thus, if you were to install rEFInd on a Secure Boot-enabled computer, grubx64.efi could be the rEFInd binary. This binary would probably not reside in EFI/ubuntu, though; both it and a shim binary would probably go in EFI/refind. Also, as you've got a Mac (which doesn't support Secure Boot), there's no need to install rEFInd in this way; it makes much more sense to install rEFInd as EFI/refind/refind_x64.efi (its default location and name).

Note that the rEFInd documentation includes a whole page on Secure Boot. Chances are you won't benefit from reading it, user190735, since you're using a Mac. I mention it only in case some other reader comes along who's trying to use rEFInd in conjunction with Secure Boot.

Share:
88,331

Related videos on Youtube

user190735
Author by

user190735

Updated on September 18, 2022

Comments

  • user190735
    user190735 over 1 year

    I'm new to Linux. I loaded Ubuntu on my Mac and I'm booting it with rEFInd. I see two choices:

    1. EFI\ubuntu\grubx64.efi
    2. EFI\ubuntu\shimx64.efi

    They both boot into Ubuntu.

    What's the difference between the two and which one should I use? Did I do something wrong that made both show up?

    • mojo706
      mojo706 over 10 years
      hello, shimx64.efi is the secure boot option
    • Eliah Kagan
      Eliah Kagan over 10 years
      @mojo706 I recommend posting a (maybe only slightly) expanded version of that as an answer.
    • Yaroslav Nikitenko
      Yaroslav Nikitenko over 6 years
      On Fedora Core there is also a third file shimx64-fedora.efi :)
  • mx7
    mx7 over 10 years
    Nice application , add this link too wiki.ubuntu.com/SecurityTeam/SecureBoot
  • Mâtt Frëëman
    Mâtt Frëëman about 9 years
    Did MS sign shimx64.efi then?
  • Rod Smith
    Rod Smith about 9 years
    Yes, Microsoft signed shimx64.efi -- at least, the version that Ubuntu installs on Secure Boot computers. (There are also unsigned Shim binaries available; or you can install your own Secure Boot keys and sign shimx64.efi yourself to take full control of your computer's Secure Boot process.
  • vulcan raven
    vulcan raven about 3 years
    Fedora and Ubuntu have different approaches after secure boot is succeeded (during the runtime). In former, the shim also passes on flag to the kernel to indicate that it was loaded with secure boot, and during the runtime, kernel validates all device drivers. In latter, this runtime validation by kernel is not performed.
  • Rod Smith
    Rod Smith about 3 years
    @vulcanraven, that used to be true, but Ubuntu's been verifying kernel modules for some time now. (I don't recall when this change was made, but it's a time measured in years.) I've had to sign the modules used by VirtualBox (which installs out-of-tree kernel modules) on Ubuntu to get VirtualBox to work for quite a while now. (My script for doing so is timestamped May of 2017.)
  • Hugh Perkins
    Hugh Perkins over 2 years
    so that I can find this later: if you dont have shimx64, and you want it, doing sudo apt-get install shim-signed will magically result in it appearing in the EFI/ubuntu folder, and show up in sudo efibootmgr -v :)

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to install Grub2 on Macbook Pro with the grub-install command without warning about "blocklists" requiring the use of --force?
Do I really need both bootloaders? It really slow down the actual boot up time
Grub Rescue on Mac after Partition Resize
Unable to boot OS X after installing Ubuntu 12.04
No grub menu after installing Ubuntu
How can I install Ubuntu over Fedora 15 without ending up with redundant options in the bootloader menu?
Windows not booting in dual boot with Ubuntu 12.04 and Windows 7
Windows 8.1 not appearing in Grub2 after installing ubuntu 14.04
Clear Complete Instructions to Dual-Boot 12.04 on OSX Lion
Installed ubuntu on external hardrive, tried to boot got grub rescue?