[Bug 2043101] Re: Mantic+noble inadvertently includes the luks2 module in signed grub-efis

Mate Kukri 2043101 at bugs.launchpad.net
Mon Nov 27 12:06:15 UTC 2023 

** Description changed:

- The luks2 module was accidentally enabled during a merge from Debian.
- This isn't intended to be a supported feature, and we should disable it
- before users accidentally start relying on it.
+ [ Impact ]
+ 
+  * The luks2 module was accidentally enabled during a merge from Debian. This 
+    isn't intended to be a supported feature, and we should disable it before 
+    users accidentally start relying on it.
+ 
+  * Removing it early in the mantic cycle reduces the chance someone relies on
+    it, and hence gets broken when upgrading to noble where it is already gone.
+ 
+ [ Test Plan ]
+ 
+  * Boot GRUB2 in Secure Boot mode and make sure LUKS2 is unavailable.
+    (e.g. insmod luks2 should throw an error)
+ 
+ [ Where problems could occur ]
+ 
+  * If someone already managed to create a Mantic install with /boot on a LUKS2
+    encrypted location, this update will break booting with Secure Boot on.
+ 
+  * However this was never a supported configuration, and this required 
+    deliberate manual effort to achieve.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2-unsigned in Ubuntu.
https://bugs.launchpad.net/bugs/2043101

Title:
  Mantic+noble inadvertently includes the luks2 module in signed grub-
  efis

Status in grub2-unsigned package in Ubuntu:
  Fix Released
Status in grub2-unsigned source package in Mantic:
  Incomplete
Status in grub2-unsigned source package in Noble:
  Fix Released

Bug description:
  [ Impact ]

   * The luks2 module was accidentally enabled during a merge from Debian. This 
     isn't intended to be a supported feature, and we should disable it before 
     users accidentally start relying on it.

   * Removing it early in the mantic cycle reduces the chance someone relies on
     it, and hence gets broken when upgrading to noble where it is already gone.

  [ Test Plan ]

   * Boot GRUB2 in Secure Boot mode and make sure LUKS2 is unavailable.
     (e.g. insmod luks2 should throw an error)

  [ Where problems could occur ]

   * If someone already managed to create a Mantic install with /boot on a LUKS2
     encrypted location, this update will break booting with Secure Boot on.

   * However this was never a supported configuration, and this required 
     deliberate manual effort to achieve.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2-unsigned/+bug/2043101/+subscriptions

More information about the foundations-bugs mailing list