[Bug 1762988] Re: Bootloader installation fails on UEFI systems with FDE (incl. /boot)

Tom Reynolds 1762988 at bugs.launchpad.net
Fri Dec 28 17:25:48 UTC 2018 

This also affects the 18.04.1 "alterantive installer (debian-installer),
where I reproduced it today.

This error will not occur on the current default server installer
(Subiquity) at this time since it does not support dmcrypt-luks at all.
To my knowledge, the desktop installer (Ubiquity) does not support
dmcrypt-luks FDE incl. /boot), so it will not occur there either.


To work around this issue, after d-i reports that grub-install failed, choose to 'continue', confirm that you will have to live without a boot loader. Then press escape or select 'go back', which brings up the installers' main menu. There, select to 'run a shell' (one of the latter options), then:

# Mount the EFI system partition (ESP) you defined during manual partitioning ( usually /dev/sda1 - double-check this using: blkid -t TYPE=vfat ) to /target/boot/efi:
mount /dev/sda1 /target/boot/efi

mount --bind /dev /target/dev
mount --bind /dev/pts /target/dev/pts
mount --bind /sys /target/sys
mount --bind /sys/firmware/efi/efivars /target/sys/firmware/efi/efivars
mount --bind /run /target/run  # needed for resolver

chroot /target /bin/bash
echo GRUB_ENABLE_CRYPTODISK=y >> /etc/default/grub
apt update 
apt purge grub-efi-amd64-signed  # unfortunately, to this date, this lacks the grub "cryptodisk" command required to decrypt LUKS and we have to resort to the unsigned grub variant
apt --purge autoremove
apt install grub-efi-amd64
update-initramfs -k all
update-grub
grub-install /dev/sda  # this may be different for you, choose the storage device which contains the ESP
exit

umount /target/run
umount /target/sys/firmware/efi/efivars
umount /target/sys
umount /target/dev/pts
umount /target/dev
umount /target/boot/efi

exit

This brings you back into the installer, from where you can continue
from the step after "install bootloader".

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ubiquity in Ubuntu.
https://bugs.launchpad.net/bugs/1762988

Title:
  Bootloader installation fails on UEFI systems with FDE (incl. /boot)

Status in ubiquity package in Ubuntu:
  Confirmed

Bug description:
  Partition setup was a luks partition with an existing home directory,
  which I'd unlocked prior to starting ubiquity (otherwise it wouldn't
  even find the partition)

  Bootloader install partition was an efi system partition

  This section of syslog looks relevant, looks like it couldn't handle
  the encrypted disk

  Apr 11 10:02:32 kubuntu ubiquity: grub-install: error: attempt to install to encrypted disk without cryptodisk enabled. Set `GRUB_ENABLE_CRYPTODISK=y' in file `/etc/default/grub'.
  Apr 11 10:02:32 kubuntu ubiquity: dpkg: error processing package shim-signed (--configure):
  Apr 11 10:02:32 kubuntu ubiquity:  subprocess installed post-installation script returned error exit status 1
  Apr 11 10:02:32 kubuntu ubiquity: Setting up grub-efi-amd64-signed (1.85.3+2.02~beta3-4ubuntu7.3) ...
  Apr 11 10:02:32 kubuntu ubiquity: Installing for x86_64-efi platform.
  Apr 11 10:02:33 kubuntu ubiquity: File descriptor 4 (/dev/nvme0n1p1) leaked on vgs invocation. Parent PID 4675: grub-install
  Apr 11 10:02:33 kubuntu ubiquity: File descriptor 4 (/dev/nvme0n1p1) leaked on vgs invocation. Parent PID 4675: grub-install
  Apr 11 10:02:33 kubuntu ubiquity: grub-install: error: attempt to install to encrypted disk without cryptodisk enabled. Set `GRUB_ENABLE_CRYPTODISK=y' in file `/etc/default/grub'.


  Also this bit might be useful as well

  updates/main amd64 linux-headers-generic amd64 4.13.0.38.41 [2290 B]
  Apr 11 10:03:08 kubuntu /plugininstall.py: Exception during installation:
  Apr 11 10:03:08 kubuntu /plugininstall.py: Traceback (most recent call last):
  Apr 11 10:03:08 kubuntu /plugininstall.py:   File "/usr/share/ubiquity/plugininstall.py", line 1721, in <module>
  Apr 11 10:03:08 kubuntu /plugininstall.py:     install.run()
  Apr 11 10:03:08 kubuntu /plugininstall.py:   File "/usr/share/ubiquity/plugininstall.py", line 61, in wrapper
  Apr 11 10:03:08 kubuntu /plugininstall.py:     func(self)
  Apr 11 10:03:08 kubuntu /plugininstall.py:   File "/usr/share/ubiquity/plugininstall.py", line 227, in run
  Apr 11 10:03:08 kubuntu /plugininstall.py:     self.configure_bootloader()
  Apr 11 10:03:08 kubuntu /plugininstall.py:   File "/usr/share/ubiquity/plugininstall.py", line 971, in configure_bootloader
  Apr 11 10:03:08 kubuntu /plugininstall.py:     "GrubInstaller failed with code %d" % ret)
  Apr 11 10:03:08 kubuntu /plugininstall.py: ubiquity.install_misc.InstallStepError: GrubInstaller failed with code 141
  Apr 11 10:03:08 kubuntu /plugininstall.py: 
  Apr 11 10:03:08 kubuntu ubiquity: umount: /target: target is busy.

  ProblemType: Bug
  DistroRelease: Ubuntu 17.10
  Package: ubiquity 17.10.10
  ProcVersionSignature: Ubuntu 4.13.0-21.24-generic 4.13.13
  Uname: Linux 4.13.0-21-generic x86_64
  ApportVersion: 2.20.7-0ubuntu3.7
  Architecture: amd64
  CasperVersion: 1.387
  Date: Wed Apr 11 20:06:47 2018
  LiveMediaBuild: Kubuntu 17.10 "Artful Aardvark" - Release amd64 (20180105.2)
  ProcEnviron:
   LANGUAGE=
   TERM=xterm-256color
   PATH=(custom, no user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: ubiquity
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubiquity/+bug/1762988/+subscriptions

More information about the foundations-bugs mailing list