[Bug 1999345] Re: please add luks2 module to the signed grub2 images

[Julian Andres Klode]

We do not provide users any means to install to encrypted systems
without a separate /boot, and we have *a lot* of CVEs in grub, so I'm
leaning towards saying no here.

The existing modules are there to not break boot on existing systems,
but we should try to avoid adding new modules to the list wherever
possible.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2 in Ubuntu.
https://bugs.launchpad.net/bugs/1999345

Title:
  please add luks2 module to the signed grub2 images

Status in grub2 package in Ubuntu:
  Confirmed

Bug description:
  I (erroneously) created my new root partition with LUKS2 (with pbkdf2
  though) and tried to mount it from GRUB. It didn't work with Secure
  Boot enabled, but it did work with Secure Boot disabled, because I was
  then able to load the luks2 module.

  Please consider including the luks2 module in the signed EFI images.

  $ lsb_release -rd
  Description:    Ubuntu 22.04.1 LTS
  Release:        22.04
  $ LANG=C apt-cache policy grub-efi-amd64
  grub-efi-amd64:
    Installed: (none)
    Candidate: 2.06-2ubuntu10
    Version table:
       2.06-2ubuntu10 500
          500 http://security.ubuntu.com/ubuntu jammy-security/main amd64 Packages
          500 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages
       2.06-2ubuntu7 500
          500 http://archive.ubuntu.com/ubuntu jammy/main amd64 Packages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1999345/+subscriptions