[Bug 2037537] Re: grub-mkconfig always generates a devicetree line when a dtb is present, causing a boot delay when grub is in lockdown (e.g. due to Secure Boot)

Isaac True 2037537 at bugs.launchpad.net
Wed Sep 27 12:30:55 UTC 2023 

I've created a patch showing a potential fix for this using an
environment variable.

** Patch added: "ubuntu-add-disable-devicetree-variable.patch"
   https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/2037537/+attachment/5704903/+files/ubuntu-add-disable-devicetree-variable.patch

** Summary changed:

- grub-mkconfig always generates a devicetree line when a dtb is present, causing a boot delay when grub is in lockdown (e.g. due to Secure Boot)
+ grub-mkconfig always generates a devicetree line when a dtb is present, causing a boot delay when grub is in lockdown

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2 in Ubuntu.
https://bugs.launchpad.net/bugs/2037537

Title:
  grub-mkconfig always generates a devicetree line when a dtb is
  present, causing a boot delay when grub is in lockdown

Status in grub2 package in Ubuntu:
  New

Bug description:
  When a device tree is found in /boot, grub-mkconfig automatically
  appends a devicetree line to the menu entry to load the device tree
  alongside the initrd and kernel.

  Excerpt from /etc/grub.d/10_linux from grub-2.12:

      if test -n "${dtb}" ; then
        if [ x"$quiet_boot" = x0 ] || [ x"$type" != xsimple ]; then
          message="$(gettext_printf "Loading device tree blob...")"
          sed "s/^/$submenu_indentation/" << EOF
          echo    '$(echo "$message" | grub_quote)'
  EOF
        fi
        sed "s/^/$submenu_indentation/" << EOF
          devicetree      ${rel_dirname}/${dtb}
  EOF
      fi

  This is however not always desired, in particular when GRUB is in
  lockdown (e.g. due to Secure Boot), as the devicetree command is then
  forbidden. This causes a ~5 second boot delay during startup as the
  following message is shown:

  error: devicetree: the command is not allowed when lockdown is
  enforced.

  Press any key to continue...

  GRUB continues to boot without a key being pressed, but this is an
  unnecessary delay when booting. I suggest adding an additional
  variable (e.g. GRUB_DISABLE_DEVICETREE) that can be set in
  /etc/default/grub to tell GRUB that it should not add the devicetree
  command.

  I don't think this is something that can be automatically detected and
  accounted for during grub-mkconfig, as the command may not be being
  executed on the target, and it may not know that the target will be
  booting with a locked down GRUB.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/2037537/+subscriptions

More information about the foundations-bugs mailing list