[Bug 2043101] Re: Mantic+noble inadvertently includes the luks2 module in signed grub-efis
Josef Wolf
2043101 at bugs.launchpad.net
Thu Oct 2 18:16:16 UTC 2025
@mkukri, can you please give a pointer how to configure initrd to do the
unlock for luks2 /boot partition?
I'm also hit by this bug, as I used a customized partitioning scheme
with encrypted /boot and /root. Unfortunately, grub won't unlock /boot
partition if it is LUKS2, so the only option seems to be to fall back to
the inferior and unsecure LUKS1 format.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2-unsigned in Ubuntu.
https://bugs.launchpad.net/bugs/2043101
Title:
Mantic+noble inadvertently includes the luks2 module in signed grub-
efis
Status in grub2-unsigned package in Ubuntu:
Fix Released
Status in grub2-unsigned source package in Mantic:
Fix Released
Status in grub2-unsigned source package in Noble:
Fix Released
Bug description:
[ Impact ]
* The luks2 module was accidentally enabled during a merge from Debian. This
isn't intended to be a supported feature, and we should disable it before
users accidentally start relying on it.
* Removing it early in the mantic cycle reduces the chance someone relies on
it, and hence gets broken when upgrading to noble where it is already gone.
[ Test Plan ]
* Boot GRUB2 in Secure Boot mode and make sure LUKS2 is unavailable.
(e.g. insmod luks2 should throw an error)
[ Where problems could occur ]
* If someone already managed to create a Mantic install with /boot on a LUKS2
encrypted location, this update will break booting with Secure Boot on.
* However this was never a supported configuration from any
installer, and this required deliberate manual effort to achieve.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2-unsigned/+bug/2043101/+subscriptions
More information about the foundations-bugs
mailing list