[Bug 2043101] Re: Mantic+noble inadvertently includes the luks2 module in signed grub-efis
Mate Kukri
2043101 at bugs.launchpad.net
Tue Nov 28 13:43:27 UTC 2023
All tests are passing now, will do the verification soon.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2-unsigned in Ubuntu.
https://bugs.launchpad.net/bugs/2043101
Title:
Mantic+noble inadvertently includes the luks2 module in signed grub-
efis
Status in grub2-unsigned package in Ubuntu:
Fix Released
Status in grub2-unsigned source package in Mantic:
Fix Committed
Status in grub2-unsigned source package in Noble:
Fix Released
Bug description:
[ Impact ]
* The luks2 module was accidentally enabled during a merge from Debian. This
isn't intended to be a supported feature, and we should disable it before
users accidentally start relying on it.
* Removing it early in the mantic cycle reduces the chance someone relies on
it, and hence gets broken when upgrading to noble where it is already gone.
[ Test Plan ]
* Boot GRUB2 in Secure Boot mode and make sure LUKS2 is unavailable.
(e.g. insmod luks2 should throw an error)
[ Where problems could occur ]
* If someone already managed to create a Mantic install with /boot on a LUKS2
encrypted location, this update will break booting with Secure Boot on.
* However this was never a supported configuration from any
installer, and this required deliberate manual effort to achieve.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2-unsigned/+bug/2043101/+subscriptions
More information about the foundations-bugs
mailing list