Grub messed up windows secured boot. cannot boot windows

Hi.
I have installed Zorin OS 16 pro on detachable external usb3 hdd.
I didn't want to update drive C with windows.
To my horror, GRUB was installed on drive C and if I try to boot into windows, it fails asking me to recover my secured boot key.
I can boot successfully to Zorin OS, but I need windows as well.
How can I fix this? How can I move grub to the external HDD ? will removing GRUB from C drive fix my windows secure boot?
What a mess. Please help ....
thanks
Eyal

1 Like

It is because you have secure boot enabled...Disable secure boot in the BIOS and turn off TPM as well (if available).

2 Likes

Hi,
Thank you for the answer. I know I can turn off secured boot in bios. I reserve this as the for the last way out, But I think secured boot is important, and after all when I installed Zorin OS, I understood it is supported...
I even gave the secured boot a password...
I need information in order to decide what I want to do:

  1. Currently when I select to boot windows from grub, it complains secured boot has changed, and I am asked for the secured boot password. If I give the password, will it remove grub ? make grub invalid ?
  2. Is there a way to cleanly remove grub from drive C (windows) without damaging windows/or ZorinOS secured boot?
  3. How can I move grub from drive C (windows) to the external USB SSD (\sdb) without messing up the ZorinOS installation/secured boot ?

thanks,

Eyal.

If you want to use linux you should disable secure boot to get a fluent experience.
However, I think this problem can be solved without disabling secure boot. I would remove the grub bootloader from the disk where Windows is installed and install it in the hdd where Zorin is installed. Unfortunately, I have never installed grub in an ntfs partition and don't know if the removal procedure is same.

Maybe not....Can you please say the exact error that you get?

What nobody has asked was how exactly you installed Zorin. What did you select during the install process.

If you're going to boot more than one OS on your drives, then secure boot does nothing but interfere in this process. The main purpose of secure boot is to stop any other OS from booting on the device. And if you do, it interferes with Windows loading correctly to "protect" the files on Windows. Since you want to boot more than one OS, all you're doing is creating your own issues and problems by leaving it enabled. And it's not even that "secure" password or not as my other device it is still on and I have zero issues booting into Linux or Windows on it. It has flaws anyone can drive a truck through, but causes more issues than it is worth.

Grub should not be on drive C in the first place, hence why I asked how you actually installed and what you selected.

When you installed with secure boot on, it should have asked you to reboot, upon rebooting you would have been brought to a screen where you had to enter a password. Then the system would have rebooted. This is the password you should have used. Additionally, if you have fast boot or left your windows side encrypted with bit locker this would have caused a whole bunch of other issues, as bitlocker uses a different password.

If you enter the password upon login that it is asking for, it will not remove Grub. You can not remove Grub by entering a password, nor will it make it "invalid".

But until you actually explain what you did and did not do during install, nobody really can point you in the correct direction to solve your issues.

1 Like