A bit stumped trying to get Zorin to work. For now I have installed on an external drive to slowly transition.
However, when the drive is plugged in, with Ubuntu boot manager listed first for boot in uefi/bios, I get a list of errors from buffer misalignment to not allowed with secure boot.
I get to grub... But launching zorin there just cycles through the errors again.
This happens with or without secure boot enabled.
Now for the funny part:
When I press f9 during boot to select boot device OR I choose uefi firmware options in grub...
I choose Ubuntu... (listed first) and zorin starts up normally. No issues.
I fail to understand the difference between the two and how to resolve it so I do not need to go through the firmware every launch.
Under the normall UEFI Boot Order, the firmware reads the boot entry for "ubuntu" (which is just the boot label, this is Zorin OS), follows the device path, and loads GRUB. However, it may use stale or generic paths or fail to properly initialize external USB devices in time, leading to errors.
F9 > Manual Boot Selection or GRUB > UEFI Firmware Options > Ubuntu: These actions often trigger a fresh enumeration of devices and an explicit reinitialization of the boot path, allowing external devices to be recognized and initialized properly.
Since you are booting an external drive, i think it seems likely that the above is your culprit.
You might be able to offset this for your Normal boot using a grub parameter to set a delay, allowing full init of USB devices: rootdelay=10
To add a grub parameter:
You are not adding the nomodeset parameter; you are adding the rootdelay=10 parameter. You also can play with that time delay - try 3 seconds instead of ten and see if that is enough, without needing to wait a full ten seconds: rootdelay=3
Once you have added the parameter, please remember that you must run
If a delay on the init of the drive did not work, I can only suggest using rEFInd instead of GRUB. It is stable, secure and strong and should resolve this issue:
Thank you for the tip. That worked reasonably well, bar one thing.
The buffer misalignment errors and the need to go through uefi firmware settings in grub to select the boot device are all gone.
I do get ablue screen security policy violation though (without MOK menu, just an ok field):
Then the following errors appear:
failed to load image: security policy violation
failed to get device path
failed to find fs: invalid parameter
Failed to load image :invalid parameter
start_image() returned invalid parameter
Not sure where that comes from. I checked with mokutil the secure boot status after start and it displays as secure boot enabled... so my efforts to follow the secure boot instructions registering shim and mmx and the refinder_localkey seem to have worked.
As the blue screen disappears the boot process proceeds and zorin loads fine.
Linux seems to be truly and utterly unstable on boot (or at least the bootloaders seem to be).
I have now spent a full week trying to get ZorinOS to run on my laptop from an external drive... with windows booting when nothing is plugged into the laptop and Zorin booting when the external drive is plugged in.
With refind bootloader, it kind of worked once... until the next time I tried to launch windows and then come back to Zorin. Everything went ape again.
I now have 3 entries for refind bootloader in my BIOS instead of 1 for ubuntu and 1 for windows previously (no idea how there came to be three of them).
And even with those entries... I end up in a situation where the bootloader does give the blue screen security violation (so I know it's the refind bootloader)... but then skips over any Zorin on the external drive and simply boots into Windows. On top, I get a bitlocker recovery code requirement every single time I try to switch...
After a week, I am exhausted and frustrated. I like working in Zorin, but basically the overall situation is near impossible. How on earth can this be so difficult.
Let alone the fact that the front speakers of the laptop refuse to work and ELAN fingerprint sensor is also absent from the recognized hardware, with no driver available apparently.
At this rate Linux will always fail to convert anyone to offload windows... it's simply undoable... and honestly I am no chicken with command line either...
I know this sounds very much like a rant, but my word has this been frustrating. The only good thing was actually working in Zorin... unfortunately... it's not going to happen with this impossible boot situation.
Of note... my current status is that I've eliminated all linux boot lines other than windows boot manager, which had ended up in my boot list on windows even with no linux partition attached.
So the HPSpectrex360 laptop keeps starting well in windows.
When I attach the external linux driver it refuses to start when the boot option is USB drives first (goes on and off with a black screen... so apparently does not see or start boot in the efi partition).
When I select start from EFI file, I can see boot and refind, select grub in the refind directory... and then it gives me an invalid signature/security policy violation.
So net/net, I do not know where I stand other than wiping the EFI and linux partitions on the external drive and starting all over again.
That being said though... it has never worked so far. So chances it will ever work are slim I guess.
Windows boots when no external SSD.
Zorin boots when external SSD is plugged in.
That is the state I wanted to achieve and that is now what I have. Question is whether it remains so. But so far so good.
I do still get a security violation and a few load errors from the refind bootloader. It appears some files are incorrectly signed... But unsure how to correct that.
Yes I do run secure boot which is still required for the windows boot (one piece of SW in particular).
Also took the steps with refind and shim to work with secure boot. Registered the key through mok.
But apparently there are files on refind boat that my system finds to be incorrectly signed. Not sure how I can attempt to re-register the refind.cer key or create a local one.
Can I make a new attempt with mokutil... With any specific arguments?
By the way, thank you for the help so far. Very much appreciated... I have another 2 laptops to do later this year when windows support expires, so learning as much as I can.
I have even more information. As I was continuing to search on how to ensure keys are properly registered, I found a suggestion to install refind and then install again manually with ~~shim arguments.... worked for at least that person.
In my case, I treaded carefully and first noticed in the EFI directory that:
the Ubuntu grub bootloader was actually still there, next to refind
I removed the Ubuntu folder
I then did the install of refind again
The result is that I can now no longer boot to Zorin... it goes to windows, after the security violation.
So... this leads me to conclude that:
with grub only, I get a list of errors and cannot boot into Zorin
adding a refind install, I get 1 bluescreen with a security violation... after which I can boot into Zorin BUT
the bootloader being used appears to have been grub anyway and not refind (I actually never get a bootloader selection screen at all after having installed refind).
I am now contemplating what is smart to do. I can of course run a live zorin and bring back the ubuntu folder and grub with boot repair.
The problem is that last time I ran that, it actually did an OS probe and messed up my windows boot on my main harddrive, even though I think I had turned off boot flags on that EFI partition with gparted.
The bigger question is why a refind install actually does not seem to run refind as bootloader, since when the ubuntu folder is gone, I go straight to windows boot manager.
I finally got a situation where in fact I get the refind bootloader selection screen.
So with scrubbing the ubuntu folder and re-installing refind... and killing off redundant/old refind bootlines (via easyBCD in Windows) it now appears as if at least refind is the bootloader of choice and in fact loads (so appears to be properly signed) when I have the SSD booting up (even when the first boot choice is the USB drive and not even specifically the OS bootmanager... so as it should be).
However, none of the linux boot options work; they all fail security policy.
The suggestion is to use the provided mok utility to sign or register the hash... unfortunately none of those work either... so the start works now as would be expected with refind, without security violation... unfortunately, I cannot get through to Zorin at all.
There is the right setup in there somewhere, but I just cannot seem to get it to work as it should. Clearly signing the bootloader files is a problem, even when I have previously signed them with a mok utility on boot... although that might have been through grub of course since at that point I still did not have the refind screen which I now do have.
So I have returned to the one setup that at least worked to boot into Zorin.
First a regular install of Zorin (which gives errors on boot and only boots through firmware), then installing refind on top of that, while leaving the ubuntu grub folder in place... this gives a security violation blue screen on boot which I need to click through but it then at least boots to Zorin (with some image loading errors indicating that probably refind is also failing to load).
Oddly enough for both grub and refind I have registered keys in MOK... so no real reason why there would be a security violation.
Refind on its own without the ubuntu folder can start, but then a selection for Zorin (vmlinuz) simply hangs and I cannot get through to Zorin.
Very confusing... it kind of works, but very far from elegant.