[Bug 1915536] Re: one grub

Dimitri John Ledkov 1915536 at bugs.launchpad.net
Thu Feb 18 07:49:03 UTC 2021 

** Patch removed: "one-grub2-signed.diff"
   https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1915536/+attachment/5464727/+files/one-grub2-signed.diff

** Patch added: "one-grub2-signed.diff"
   https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1915536/+attachment/5464728/+files/one-grub2-signed.diff

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2 in Ubuntu.
https://bugs.launchpad.net/bugs/1915536

Title:
  one grub

Status in grub2 package in Ubuntu:
  New
Status in grub2-signed package in Ubuntu:
  New

Bug description:
  [Impact]

   * Currently one needs grub-$platform-bin and grub-$platform-signed
  packages installed together. As first one provides modules, and the
  later one provides signed .efi images. The two are built from
  different source packages, and there is a delay of manual reviews
  before matching signed grub appears.

   * The proposal is to rename modules in -bin to be shipped in the
  $platfrom-unsigned directly.

   * And make -signed package ship both modules and signed binaries

   * And add dependency from the -bin onto > -signed one, such that grub
  uses whichever modules match the signed images.

   * This allows allows in the future for grub2-signed to pull
  appropriate grub modules for a given distro. For example, using 2.04
  modules & signed images from focal on bionic to gain support for TPM
  verifies and other EFI platform specific developments without
  affecting userspace grub tooling.

  [Test Case]

   * Upgrade to new grub-efi-amd64-bin and grub-efi-amd64-signed
  packages

   * Observe that system boots, one can use grub-mkimage / grub-mkrescue
  without issues.

  [Where problems could occur]

   * The binaries shipped by -signed packages are innert, they are
  bootloader binaries only. The only compatibility that has to be
  maintained is within the userspace tooling - specifically maintainer
  scripts, and file names and locations.

  [Other Info]

   * See all the bug reports that grub can't be installed or upgraded
  when people use -proposed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1915536/+subscriptions

More information about the foundations-bugs mailing list