[Bug 1062623] Re: enable grub-2.00 boot-from-luks support
TJ
ubuntu at iam.tj
Thu May 19 17:10:22 UTC 2016
GRUB_CRYPTODISK_ENABLE=y
will cause UEFI Secure Boot to fail until the Canonical signed GRUB
images include the necessary modules for crypto algorithms, cryptodisk
and luks.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub-installer in Ubuntu.
https://bugs.launchpad.net/bugs/1062623
Title:
enable grub-2.00 boot-from-luks support
Status in grub-installer package in Ubuntu:
Confirmed
Bug description:
(I suppose this comes too late in the release cycle to make the
change, but perhaps it's simple enough:)
With only minimal manual intervention, I found I could use today's
Ubuntu Server 12.10 daily iso to install a system with luks+lvm and no
separate /boot partition (which doesn't really have any security
advantages, but it makes managing space on a smallish disk easier). If
grub-installer could manage the final 2 steps below, it would all be
fully automatic. Thanks!
Steps:
1: go through the default installer motions
2: in partman, choose the manual option
3: create a single, whole-disk primary partition, use it as a luks encrypted volume
4: on top of that, create an lvm physical volume
5: insert lvm logical volumes for swap and / (I used btrfs, probably irrelevant)
6: finish remaining installer steps; find that grub install fails
7: drop into shell, per alt+f2, and chroot to /target
8: append "GRUB_CRYPTODISK_ENABLE=y" to /etc/default/grub
9: run "grub-install /dev/sda" (replace sda etc etc), then "update-grub", reboot
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub-installer/+bug/1062623/+subscriptions
More information about the foundations-bugs
mailing list