[Bug 1999345] Re: please add luks2 module to the signed grub2 images

Seth Arnold 1999345 at bugs.launchpad.net
Sat Jan 14 01:59:39 UTC 2023 

We haven't really discussed this yet, but I'm initially skeptical.

Handling security updates in our signed boot code is very expensive.
What we include inside the signed boundaries should be as minimal as we
need, we shouldn't just include everything because it would be neat.

Ubuntu is an opinionated distribution, and part of that is the expected
boot paths. I think it's fair to say "decide between secureboot and your
botique boot path".

Does LUKS2 bring along compelling features? Is it mature enough to
recommend to our users? What would it look like to integrate it into our
installers? Do we want to transition users? Do we support both for a
while? How long do we support both?

I think I'd rather this go through a more rigorous process: discussion
at a planning sprint, or summit, etc., before starting in on the more
expensive tasks.

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2 in Ubuntu.
https://bugs.launchpad.net/bugs/1999345

Title:
  please add luks2 module to the signed grub2 images

Status in grub2 package in Ubuntu:
  Confirmed

Bug description:
  I (erroneously) created my new root partition with LUKS2 (with pbkdf2
  though) and tried to mount it from GRUB. It didn't work with Secure
  Boot enabled, but it did work with Secure Boot disabled, because I was
  then able to load the luks2 module.

  Please consider including the luks2 module in the signed EFI images.

  $ lsb_release -rd
  Description:    Ubuntu 22.04.1 LTS
  Release:        22.04
  $ LANG=C apt-cache policy grub-efi-amd64
  grub-efi-amd64:
    Installed: (none)
    Candidate: 2.06-2ubuntu10
    Version table:
       2.06-2ubuntu10 500
          500 http://security.ubuntu.com/ubuntu jammy-security/main amd64 Packages
          500 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages
       2.06-2ubuntu7 500
          500 http://archive.ubuntu.com/ubuntu jammy/main amd64 Packages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1999345/+subscriptions

More information about the foundations-bugs mailing list