[Bug 2037537] Re: grub-mkconfig always generates a devicetree line when a dtb is present, causing a boot delay when grub is in lockdown

Ubuntu Foundations Team Bug Bot 2037537 at bugs.launchpad.net
Wed Sep 27 16:18:39 UTC 2023 

The attachment "ubuntu-add-disable-devicetree-variable.patch" seems to
be a patch.  If it isn't, please remove the "patch" flag from the
attachment, remove the "patch" tag, and if you are a member of the
~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by
~brian-murray, for any issues please contact him.]

** Tags added: patch

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2 in Ubuntu.
https://bugs.launchpad.net/bugs/2037537

Title:
  grub-mkconfig always generates a devicetree line when a dtb is
  present, causing a boot delay when grub is in lockdown

Status in grub2 package in Ubuntu:
  New

Bug description:
  When a device tree is found in /boot, grub-mkconfig automatically
  appends a devicetree line to the menu entry to load the device tree
  alongside the initrd and kernel.

  Excerpt from /etc/grub.d/10_linux from grub-2.12:

      if test -n "${dtb}" ; then
        if [ x"$quiet_boot" = x0 ] || [ x"$type" != xsimple ]; then
          message="$(gettext_printf "Loading device tree blob...")"
          sed "s/^/$submenu_indentation/" << EOF
          echo    '$(echo "$message" | grub_quote)'
  EOF
        fi
        sed "s/^/$submenu_indentation/" << EOF
          devicetree      ${rel_dirname}/${dtb}
  EOF
      fi

  This is however not always desired, in particular when GRUB is in
  lockdown (e.g. due to Secure Boot), as the devicetree command is then
  forbidden. This causes a ~5 second boot delay during startup as the
  following message is shown:

  error: devicetree: the command is not allowed when lockdown is
  enforced.

  Press any key to continue...

  GRUB continues to boot without a key being pressed, but this is an
  unnecessary delay when booting. I suggest adding an additional
  variable (e.g. GRUB_DISABLE_DEVICETREE) that can be set in
  /etc/default/grub to tell GRUB that it should not add the devicetree
  command.

  I don't think this is something that can be automatically detected and
  accounted for during grub-mkconfig, as the command may not be being
  executed on the target, and it may not know that the target will be
  booting with a locked down GRUB.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/2037537/+subscriptions

More information about the foundations-bugs mailing list