[Bug 2043101] Re: Mantic+noble inadvertently includes the luks2 module in signed grub-efis

Steve Langasek 2043101 at bugs.launchpad.net
Tue Nov 28 04:36:15 UTC 2023 

Hello Mate, or anyone else affected,

Accepted grub2-unsigned into mantic-proposed. The package will build now
and be available at
https://launchpad.net/ubuntu/+source/grub2-unsigned/2.12~rc1-10ubuntu4.1
in a few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, what testing has been
performed on the package and change the tag from verification-needed-
mantic to verification-done-mantic. If it does not fix the bug for you,
please add a comment stating that, and change the tag to verification-
failed-mantic. In either case, without details of your testing we will
not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

** Description changed:

  [ Impact ]
  
-  * The luks2 module was accidentally enabled during a merge from Debian. This 
-    isn't intended to be a supported feature, and we should disable it before 
-    users accidentally start relying on it.
+  * The luks2 module was accidentally enabled during a merge from Debian. This
+    isn't intended to be a supported feature, and we should disable it before
+    users accidentally start relying on it.
  
-  * Removing it early in the mantic cycle reduces the chance someone relies on
-    it, and hence gets broken when upgrading to noble where it is already gone.
+  * Removing it early in the mantic cycle reduces the chance someone relies on
+    it, and hence gets broken when upgrading to noble where it is already gone.
  
  [ Test Plan ]
  
-  * Boot GRUB2 in Secure Boot mode and make sure LUKS2 is unavailable.
-    (e.g. insmod luks2 should throw an error)
+  * Boot GRUB2 in Secure Boot mode and make sure LUKS2 is unavailable.
+    (e.g. insmod luks2 should throw an error)
  
  [ Where problems could occur ]
  
-  * If someone already managed to create a Mantic install with /boot on a LUKS2
-    encrypted location, this update will break booting with Secure Boot on.
+  * If someone already managed to create a Mantic install with /boot on a LUKS2
+    encrypted location, this update will break booting with Secure Boot on.
  
-  * However this was never a supported configuration, and this required 
-    deliberate manual effort to achieve.
+  * However this was never a supported configuration from any installer,
+ and this required deliberate manual effort to achieve.

** Changed in: grub2-unsigned (Ubuntu Mantic)
       Status: Incomplete => Fix Committed

** Tags added: verification-needed verification-needed-mantic

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2-unsigned in Ubuntu.
https://bugs.launchpad.net/bugs/2043101

Title:
  Mantic+noble inadvertently includes the luks2 module in signed grub-
  efis

Status in grub2-unsigned package in Ubuntu:
  Fix Released
Status in grub2-unsigned source package in Mantic:
  Fix Committed
Status in grub2-unsigned source package in Noble:
  Fix Released

Bug description:
  [ Impact ]

   * The luks2 module was accidentally enabled during a merge from Debian. This
     isn't intended to be a supported feature, and we should disable it before
     users accidentally start relying on it.

   * Removing it early in the mantic cycle reduces the chance someone relies on
     it, and hence gets broken when upgrading to noble where it is already gone.

  [ Test Plan ]

   * Boot GRUB2 in Secure Boot mode and make sure LUKS2 is unavailable.
     (e.g. insmod luks2 should throw an error)

  [ Where problems could occur ]

   * If someone already managed to create a Mantic install with /boot on a LUKS2
     encrypted location, this update will break booting with Secure Boot on.

   * However this was never a supported configuration from any
  installer, and this required deliberate manual effort to achieve.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2-unsigned/+bug/2043101/+subscriptions

More information about the foundations-bugs mailing list