[Bug 2037537] [NEW] grub-mkconfig always generates a devicetree line when a dtb is present, causing a boot delay when grub is in lockdown (e.g. due to Secure Boot)
Isaac True
2037537 at bugs.launchpad.net
Wed Sep 27 12:22:27 UTC 2023
Public bug reported:
When a device tree is found in /boot, grub-mkconfig automatically
appends a devicetree line to the menu entry to load the device tree
alongside the initrd and kernel.
Excerpt from /etc/grub.d/10_linux from grub-2.12:
if test -n "${dtb}" ; then
if [ x"$quiet_boot" = x0 ] || [ x"$type" != xsimple ]; then
message="$(gettext_printf "Loading device tree blob...")"
sed "s/^/$submenu_indentation/" << EOF
echo '$(echo "$message" | grub_quote)'
EOF
fi
sed "s/^/$submenu_indentation/" << EOF
devicetree ${rel_dirname}/${dtb}
EOF
fi
This is however not always desired, in particular when GRUB is in
lockdown (e.g. due to Secure Boot), as the devicetree command is then
forbidden. This causes a ~5 second boot delay during startup as the
following message is shown:
error: devicetree: the command is not allowed when lockdown is enforced.
Press any key to continue...
GRUB continues to boot without a key being pressed, but this is an
unnecessary delay when booting. I suggest adding an additional variable
(e.g. GRUB_DISABLE_DEVICETREE) that can be set in /etc/default/grub to
tell GRUB that it should not add the devicetree command.
I don't think this is something that can be automatically detected and
accounted for during grub-mkconfig, as the command may not be being
executed on the target, and it may not know that the target will be
booting with a locked down GRUB.
** Affects: grub2 (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2 in Ubuntu.
https://bugs.launchpad.net/bugs/2037537
Title:
grub-mkconfig always generates a devicetree line when a dtb is
present, causing a boot delay when grub is in lockdown (e.g. due to
Secure Boot)
Status in grub2 package in Ubuntu:
New
Bug description:
When a device tree is found in /boot, grub-mkconfig automatically
appends a devicetree line to the menu entry to load the device tree
alongside the initrd and kernel.
Excerpt from /etc/grub.d/10_linux from grub-2.12:
if test -n "${dtb}" ; then
if [ x"$quiet_boot" = x0 ] || [ x"$type" != xsimple ]; then
message="$(gettext_printf "Loading device tree blob...")"
sed "s/^/$submenu_indentation/" << EOF
echo '$(echo "$message" | grub_quote)'
EOF
fi
sed "s/^/$submenu_indentation/" << EOF
devicetree ${rel_dirname}/${dtb}
EOF
fi
This is however not always desired, in particular when GRUB is in
lockdown (e.g. due to Secure Boot), as the devicetree command is then
forbidden. This causes a ~5 second boot delay during startup as the
following message is shown:
error: devicetree: the command is not allowed when lockdown is
enforced.
Press any key to continue...
GRUB continues to boot without a key being pressed, but this is an
unnecessary delay when booting. I suggest adding an additional
variable (e.g. GRUB_DISABLE_DEVICETREE) that can be set in
/etc/default/grub to tell GRUB that it should not add the devicetree
command.
I don't think this is something that can be automatically detected and
accounted for during grub-mkconfig, as the command may not be being
executed on the target, and it may not know that the target will be
booting with a locked down GRUB.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/2037537/+subscriptions
More information about the foundations-bugs
mailing list