[Bug 1827928] Re: efi encrypted /boot grub installation does not include crypto support
Jon Hood
squinky86 at gmail.com
Fri Nov 8 13:46:37 UTC 2019
(replying to #2)
Sorry, I didn't see your reply earlier. This could be argued either way as a separate issue or not, but most importantly, the fix for bug 1565950 will also resolve this issue.
For example, if I install vmware and their unsigned kernel modules, I
wouldn't be able to use secure boot but may still want an encrypted
/boot partition. I had separated out the secure boot aspect from the
encrypted /boot aspect.
I'm ok if you want to consolidate these issues by resolving this as a
duplicate with the acknowledgement that this is a specific issue
(specifically the cryptomount portion) of one aspect of bug 1565950.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2-signed in Ubuntu.
https://bugs.launchpad.net/bugs/1827928
Title:
efi encrypted /boot grub installation does not include crypto support
Status in grub2-signed package in Ubuntu:
Confirmed
Bug description:
Installing with full disk encryption, including /boot, resulted in the
following error after grub loaded: "error: Can't find command
'cryptomount'"
This is identical to the OpenSUSE bug identified at
https://forums.opensuse.org/showthread.php/511111
Including an efi, secureboot grub image that is capable of encrypted
/boot filesystem mounting is essential for securing the desktop. I see
this issue as a prerequisite for bug #1773457.
OpenSUSE resolved this issue by including crypto support in their .efi
grub images. I believe that this should be the default for Ubuntu as
well, or an additional crypto-enabled grub efi package should be made
available.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2-signed/+bug/1827928/+subscriptions
More information about the foundations-bugs
mailing list