[Bug 1999345] Re: please add luks2 module to the signed grub2 images
Steve Langasek
1999345 at bugs.launchpad.net
Tue Jul 9 13:11:11 UTC 2024
Mantic will EOL soon. This has never been supported in noble. It's
unfortunate that it remained enabled in mantic as long as it did when we
knew we intended not to support it, inducing some users to rely on an
unsupported configuration, but I don't think there's any more action to
take here.
If you don't care about the integrity of SecureBoot, you can disable it
in your firmware. Or you can locally sign a grub.efi including whatever
modules you want. But for the EFI binary signed by Ubuntu, we have a
duty to ensure the code doesn't unduly risk the security of all Ubuntu
users, and the luks2 module has not passed muster.
** Changed in: grub2 (Ubuntu)
Status: Fix Released => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2 in Ubuntu.
https://bugs.launchpad.net/bugs/1999345
Title:
please add luks2 module to the signed grub2 images
Status in grub2 package in Ubuntu:
Won't Fix
Bug description:
I (erroneously) created my new root partition with LUKS2 (with pbkdf2
though) and tried to mount it from GRUB. It didn't work with Secure
Boot enabled, but it did work with Secure Boot disabled, because I was
then able to load the luks2 module.
Please consider including the luks2 module in the signed EFI images.
$ lsb_release -rd
Description: Ubuntu 22.04.1 LTS
Release: 22.04
$ LANG=C apt-cache policy grub-efi-amd64
grub-efi-amd64:
Installed: (none)
Candidate: 2.06-2ubuntu10
Version table:
2.06-2ubuntu10 500
500 http://security.ubuntu.com/ubuntu jammy-security/main amd64 Packages
500 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages
2.06-2ubuntu7 500
500 http://archive.ubuntu.com/ubuntu jammy/main amd64 Packages
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1999345/+subscriptions
More information about the foundations-bugs
mailing list