Package: grub-common
Version: 2.12-8
Severity: important
Dear Maintainers,
The upgrade to GRUB 2.12-8 on my system (UEFI + Secure Boot enabled, full disk
encryption including /boot inside LUKS1) silently replaced my /etc/default/grub
file and removed GRUB_ENABLE_CRYPTODISK=y.
grub-install failed with the error:
grub-install: feil: du forsøkte å installere på kryptert disk uten å slå på
cryptodisk først. Endre eller legg til «GRUB_ENABLE_CRYPTODISK=y» i fila
«/etc/default/grub».
I was not prompted to resolve the config file conflict during the upgrade.
Instead, my previous config was saved as /etc/default/grub.ucf-old, and the new
version was installed silently. This behavior is unexpected and risky, as it
can leave encrypted systems unbootable after upgrade.
System details:
Debian Testing (trixie)
Secure Boot enabled
LUKS1 encryption on root and swap
/boot resides inside the encrypted root
GRUB_ENABLE_CRYPTODISK was previously set
Best regards
