URL: <https://savannah.gnu.org/bugs/?65113>
Summary: Add All Keyboard Layouts and Selector to Early GRUB Core Image (grubx64.efi) Group: GNU GRUB Submitter: adrelanos Submitted: Wed 03 Jan 2024 03:44:12 PM UTC Category: Configuration Severity: Major Priority: 5 - Normal Item Group: Feature Request Status: None Privacy: Public Assigned to: None Originator Name: Originator Email: Open/Closed: Open Release: Git master Release: Discussion Lock: Any Reproducibility: Every Time Planned Release: None _______________________________________________________ Follow-up Comments: ------------------------------------------------------- Date: Wed 03 Jan 2024 03:44:12 PM UTC By: adrelanos <adrelanos> Issue: When using encrypted /boot, the boot process fails for users with non-QWERTY keyboards. This issue arises when a user sets a passphrase for disk encryption using a keyboard layout other than American QWERTY. At boot time, the keyboard layout defaults to American, causing the entered passphrase to differ from the expected one, leading to problems in unlocking the encrypted disk. This issue has been discussed on the issue tracker of the popular Calamares Linux installer software. [1] Suggested Solution: 1. Modify `grub-mkimage` to by default include all keyboard layouts in the resulting GRUB core image (`grubx64.efi`). 2. Add a keyboard layout switcher to early GRUB. 3. Read the keyboard layout from EFI variables or another file. This might need to be split into separate tickets. Potential Issue: Adding all keyboard layouts to the image might significantly increase the size of the core image, potentially making it too large or slow for practical use. Alternative Solution: Could the core image search for (signed) keyboard layout files in the EFI partition and load them? Non-Solution: The Arch Linux Wiki describes how a user can build a custom EFI core image (`grubx64.efi`). [2] However, this leads to issues with Secure Boot, as the image isn't signed with a key trusted by Shim. This is not easily implementable since this issue has been unresolved since at least 2019. Distributions such as Ubuntu and PureOS (among possibly others) are reverting back to unencrypted /boot. Not So Great Solution: Distributions could ship multiple images, one for each keyboard layout. However, if this is the suggested approach, please specify. EFI Specific: Suggestions 1 and 2 are generic. Suggestion 3 is EFI specific and should therefore be optional. Terminology: - Early GRUB: The GRUB core image (`grubx64.efi`) just after being started by Shim or firmware, prompting for the password for the full disk encrypted (FDE) disk (including encrypted /boot). At this time, even /boot is unavailable, hence no keyboard layout files can be loaded from `/boot/grub` and there's no `/boot/grub/grub.cfg`. References: [1] https://github.com/calamares/calamares/issues/1203 [2] https://wiki.archlinux.org/title/GRUB/Tips_and_tricks#Manual_configuration_of_core_image_for_early_boot _______________________________________________________ Reply to this item at: <https://savannah.gnu.org/bugs/?65113> _______________________________________________ Message sent via Savannah https://savannah.gnu.org/