[Bug 1548293] Re: Default image of the signed EFI GRUB2 (secureboot) doesn't have "GRUB_ENABLE_CRYPTODISK" feature

Launchpad Bug Tracker 1548293 at bugs.launchpad.net
Thu Jan 19 07:23:34 UTC 2017 

*** This bug is a duplicate of bug 1565950 ***
    https://bugs.launchpad.net/bugs/1565950

Status changed to 'Confirmed' because the bug affects multiple users.

** Changed in: grub2-signed (Ubuntu)
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2 in Ubuntu.
https://bugs.launchpad.net/bugs/1548293

Title:
  Default image of the signed EFI GRUB2 (secureboot) doesn't have
  "GRUB_ENABLE_CRYPTODISK" feature

Status in grub2 package in Ubuntu:
  Confirmed
Status in grub2-signed package in Ubuntu:
  Confirmed

Bug description:
  Fully encrypted LVM (+ encrypted boot partition) with the signed linux
  images.

  When I install grub-efi-amd64 with the "GRUB_ENABLE_CRYPTODISK=y"
  (please note that suggested "GRUB_ENABLE_CRYPTODISK=1" doesn't work
  because of the bug inside /usr/share/grub/grub-mkconfig_lib) it
  successfully generates /boot/grub/x86_64-efi/core.efi file, copies it
  into /boot/efi/EFI/ubuntu/grubx64.efi and boots fine.
  /boot/efi/EFI/ubuntu/grub.cfg looks like:

  cryptomount -u 756189f1463542039f2c03fd3cbb12f6
  search.fs_uuid 22167461-e1e7-4188-80bf-8044c57977b0 root lvmid/qXy4Mj-jfjK-f0r2-ei33-fZrm-y4x5-SciAJP/giWh12-csOK-s766-lnFO-Zxh4-6LY5-pk50UM
  set prefix=($root)'/grub'
  configfile $prefix/grub.cfg

  But when I enable SecureBoot and install grub-efi-amd64-signed - it
  doesn't generate custom /boot/grub/x86_64-efi/core.efi (because it is
  signed) and just copies /usr/lib/grub/x86_64-efi-
  signed/grubx64.efi.signed to the /boot/efi/EFI/ubuntu/grubx64.efi. But
  unfortunately this precompiled signed grub efi image doesn't support
  encrypted volumes (I assume because of the "GRUB_ENABLE_CRYPTODISK=1"
  bug in original grub-efi-amd64 package mentioned above).

  Also affected new Ubuntu Xenial (I tried grub efi image from xenial
  package and it doesn't work as expected). I really appreciate you'll
  fix that before Xenial release.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1548293/+subscriptions

More information about the foundations-bugs mailing list