[Bug 1360203] Re: grub-efi-amd64-signed is missing modules for GRUB_ENABLE_CRYPTODISK=y

Phillip Susi psusi at ubuntu.com
Wed Jul 13 14:22:50 UTC 2016 

*** This bug is a duplicate of bug 1062623 ***
    https://bugs.launchpad.net/bugs/1062623

** This bug is no longer a duplicate of bug 1565950
   Grub 2 fails to boot a kernel on a luks encrypted volume with Secure Boot enabled
** This bug has been marked a duplicate of bug 1062623
   enable grub-2.00 boot-from-luks support

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2-signed in Ubuntu.
https://bugs.launchpad.net/bugs/1360203

Title:
  grub-efi-amd64-signed is missing modules for GRUB_ENABLE_CRYPTODISK=y

Status in grub2-signed package in Ubuntu:
  Confirmed

Bug description:
  Grub has support for booting from a fully encrypted /, including
  encrypted /boot, when GRUB_ENABLE_CRYPTODISK=y is set in
  /etc/default/grub. However, grub-efi-amd64-signed needs some extra
  modules to support this: procfs, cryptodisk, luks, gcry_rijndael,
  gcry_sha1. I had to copy these five modules into
  /boot/efi/EFI/ubuntu/x86_64-efi and prepend these lines to
  /boot/efi/EFI/ubuntu/grub.cfg:

    insmod procfs
    insmod cryptodisk
    insmod luks
    insmod gcry_rijndael
    insmod gcry_sha1
    cryptomount -u <32-digit uuid>

  With secure boot disabled, this works fine. (I’m slightly annoyed
  about getting two passphrase prompts, one for GRUB and one for Linux,
  but whatever.)

  However, the insmod commands prevent me from enabling secure boot:

  error: Secure Boot forbids loading module from (hd0,gpt2)/efi/ubuntu/x86_64/procfs.mod
  error: Secure Boot forbids loading module from (hd0,gpt2)/efi/ubuntu/x86_64/cryptodisk.mod
  error: Secure Boot forbids loading module from (hd0,gpt2)/efi/ubuntu/x86_64/luks.mod
  error: Secure Boot forbids loading module from (hd0,gpt2)/efi/ubuntu/x86_64/gcry_rijndael.mod
  error: Secure Boot forbids loading module from (hd0,gpt2)/efi/ubuntu/x86_64/gcry_sha1.mod

  Would it be possible to add those modules to grub-efi-amd64-signed?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2-signed/+bug/1360203/+subscriptions

More information about the foundations-bugs mailing list