EFI forgets cryptboot USB drive when unplugged

[gmpreussner]

I haven't figured out yet whether this is a problem with my laptop's UEFI firmware, grub, cryptboot, or (more likely) a combination of them. Any insight on this would be highly appreciated.

My laptop is a Lenogo Yoga 920, and I'm using cryptboot with a USB stick that has an unencrypted FAT32 EFI partition and an encrypted boot partition that contains the kernel, initramfs, etc. Everything works fine as long as I keep the USB stick plugged in. However, if I remove the stick and try to boot the laptop later, UEFI does not recognize the stick as a bootable device. It doesn't seem to matter whether the laptop is powered on or off while the stick is unplugged and plugged back in.

I am still able to boot an ArchLinux live USB, which does not use grub. Running efibootmgr shows that the EFI boot entry for the cryptboot stick is apparently being removed from the NVRAM. From what I understand, this is actually a feature on a lot of UEFI systems. By manually adding the boot entry with efibootmgr I am able to make the cryptboot stick bootable again, and everything works fine; until I unplug it again, of course.

Given that other boot managers are able to be recognized by UEFI as bootable, I wonder if we are missing something in grub and/or cryptboot to make this work properly.

[JuniorJPDJ]

Boot options are deleted if while booting the device they was located on is not present.

If it's external storage you should use /efi/boot/bootx64.efi path for your bootloader, it will be detected as boot option from xternal storage.