[Bug 1062623] Re: enable grub-2.00 boot-from-luks support
Mate Kukri
1062623 at bugs.launchpad.net
Thu Jun 13 13:11:52 UTC 2024
Encrypted /boot partitions isn't a currently supported configuration.
Despite this signed UEFI GRUBs have the `luks` module built-in for
backwards compatibility with some old setups, we have no plans to
include `luks2` or support more modern encrypted /boot setups going
forward.
For full disk encryption on modern Ubuntu, I recommend looking into the
current password based or TPM FDE options provided by the Ubuntu
installer.
** Changed in: grub2 (Ubuntu)
Status: Triaged => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2 in Ubuntu.
https://bugs.launchpad.net/bugs/1062623
Title:
enable grub-2.00 boot-from-luks support
Status in grub2 package in Ubuntu:
Won't Fix
Bug description:
(I suppose this comes too late in the release cycle to make the
change, but perhaps it's simple enough:)
With only minimal manual intervention, I found I could use today's
Ubuntu Server 12.10 daily iso to install a system with luks+lvm and no
separate /boot partition (which doesn't really have any security
advantages, but it makes managing space on a smallish disk easier). If
grub-installer could manage the final 2 steps below, it would all be
fully automatic. Thanks!
Steps:
1: go through the default installer motions
2: in partman, choose the manual option
3: create a single, whole-disk primary partition, use it as a luks encrypted volume
4: on top of that, create an lvm physical volume
5: insert lvm logical volumes for swap and / (I used btrfs, probably irrelevant)
6: finish remaining installer steps; find that grub install fails
7: drop into shell, per alt+f2, and chroot to /target
8: append "GRUB_CRYPTODISK_ENABLE=y" to /etc/default/grub
9: run "grub-install /dev/sda" (replace sda etc etc), then "update-grub", reboot
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1062623/+subscriptions
More information about the foundations-bugs
mailing list