[Bug 1360203] Re: grub-efi-amd64-signed is missing modules for GRUB_ENABLE_CRYPTODISK=y
kay
1360203 at bugs.launchpad.net
Mon Apr 4 13:52:46 UTC 2016
@christopher-l-marks, well, please ping Ubuntu grub team. They didn't
yet respond to me :(
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2-signed in Ubuntu.
https://bugs.launchpad.net/bugs/1360203
Title:
grub-efi-amd64-signed is missing modules for GRUB_ENABLE_CRYPTODISK=y
Status in grub2-signed package in Ubuntu:
Confirmed
Bug description:
Grub has support for booting from a fully encrypted /, including
encrypted /boot, when GRUB_ENABLE_CRYPTODISK=y is set in
/etc/default/grub. However, grub-efi-amd64-signed needs some extra
modules to support this: procfs, cryptodisk, luks, gcry_rijndael,
gcry_sha1. I had to copy these five modules into
/boot/efi/EFI/ubuntu/x86_64-efi and prepend these lines to
/boot/efi/EFI/ubuntu/grub.cfg:
insmod procfs
insmod cryptodisk
insmod luks
insmod gcry_rijndael
insmod gcry_sha1
cryptomount -u <32-digit uuid>
With secure boot disabled, this works fine. (I’m slightly annoyed
about getting two passphrase prompts, one for GRUB and one for Linux,
but whatever.)
However, the insmod commands prevent me from enabling secure boot:
error: Secure Boot forbids loading module from (hd0,gpt2)/efi/ubuntu/x86_64/procfs.mod
error: Secure Boot forbids loading module from (hd0,gpt2)/efi/ubuntu/x86_64/cryptodisk.mod
error: Secure Boot forbids loading module from (hd0,gpt2)/efi/ubuntu/x86_64/luks.mod
error: Secure Boot forbids loading module from (hd0,gpt2)/efi/ubuntu/x86_64/gcry_rijndael.mod
error: Secure Boot forbids loading module from (hd0,gpt2)/efi/ubuntu/x86_64/gcry_sha1.mod
Would it be possible to add those modules to grub-efi-amd64-signed?
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2-signed/+bug/1360203/+subscriptions
More information about the foundations-bugs
mailing list