[Bug 1915536] Re: one grub
Dimitri John Ledkov
1915536 at bugs.launchpad.net
Fri Feb 12 17:14:12 UTC 2021
** Description changed:
[Impact]
- * Currently
+ * Currently one needs grub-$platform-bin and grub-$platform-signed
+ packages installed together. As first one provides modules, and the
+ later one provides signed .efi images. The two are built from different
+ source packages, and there is a delay of manual reviews before matching
+ signed grub appears.
+
+ * The proposal is to rename modules in -bin to be shipped in the
+ $platfrom-unsigned directly.
+
+ * And make -signed package ship both modules and signed binaries
+
+ * And add dependency from the -bin onto > -signed one, such that grub
+ uses whichever modules match the signed images.
+
+ * This allows allows in the future for grub2-signed to pull appropriate
+ grub modules for a given distro. For example, using 2.04 modules &
+ signed images from focal on bionic to gain support for TPM verifies and
+ other EFI platform specific developments without affecting userspace
+ grub tooling.
[Test Case]
- * detailed instructions how to reproduce the bug
+ * Upgrade to new grub-efi-amd64-bin and grub-efi-amd64-signed packages
- * these should allow someone who is not familiar with the affected
- package to reproduce the bug and verify that the updated package fixes
- the problem.
+ * Observe that system boots, one can use grub-mkimage / grub-mkrescue
+ without issues.
[Where problems could occur]
- * Think about what the upload changes in the software. Imagine the change is
- wrong or breaks something else: how would this show up?
-
- * It is assumed that any SRU candidate patch is well-tested before
- upload and has a low overall risk of regression, but it's important
- to make the effort to think about what ''could'' happen in the
- event of a regression.
-
- * This must '''never''' be "None" or "Low", or entirely an argument as to why
- your upload is low risk.
-
- * This both shows the SRU team that the risks have been considered,
- and provides guidance to testers in regression-testing the SRU.
+ * The binaries shipped by -signed packages are innert, they are
+ bootloader binaries only. The only compatibility that has to be
+ maintained is within the userspace tooling - specifically maintainer
+ scripts, and file names and locations.
[Other Info]
-
- * Anything else you think is useful to include
- * Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board
- * and address these questions in advance
+
+ * See all the bug reports that grub can't be installed or upgraded when
+ people use -proposed.
** Also affects: grub2-signed (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2 in Ubuntu.
https://bugs.launchpad.net/bugs/1915536
Title:
one grub
Status in grub2 package in Ubuntu:
New
Status in grub2-signed package in Ubuntu:
New
Bug description:
[Impact]
* Currently one needs grub-$platform-bin and grub-$platform-signed
packages installed together. As first one provides modules, and the
later one provides signed .efi images. The two are built from
different source packages, and there is a delay of manual reviews
before matching signed grub appears.
* The proposal is to rename modules in -bin to be shipped in the
$platfrom-unsigned directly.
* And make -signed package ship both modules and signed binaries
* And add dependency from the -bin onto > -signed one, such that grub
uses whichever modules match the signed images.
* This allows allows in the future for grub2-signed to pull
appropriate grub modules for a given distro. For example, using 2.04
modules & signed images from focal on bionic to gain support for TPM
verifies and other EFI platform specific developments without
affecting userspace grub tooling.
[Test Case]
* Upgrade to new grub-efi-amd64-bin and grub-efi-amd64-signed
packages
* Observe that system boots, one can use grub-mkimage / grub-mkrescue
without issues.
[Where problems could occur]
* The binaries shipped by -signed packages are innert, they are
bootloader binaries only. The only compatibility that has to be
maintained is within the userspace tooling - specifically maintainer
scripts, and file names and locations.
[Other Info]
* See all the bug reports that grub can't be installed or upgraded
when people use -proposed.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1915536/+subscriptions
More information about the foundations-bugs
mailing list