Bug#984760: grub-pc: upgrade works, boot fails (error: symbol `grub_is_lockdown` not found)

2021-06-30 Thread Ryan Thoryk 
I have something to add to this.  This morning I was writing up a 
document on how to convert an existing Debian amd64 AWS VM to arm64 
without reinstalling, which is something I was interested in doing in 
the future to a fairly complex system install that I wasn't excited 
about trying to reinstall/migrate.  Everything worked with the 
conversion, except for the grub stage, grub failed to start on the ARM 
instance and was stuck at the grub-rescue prompt.  When typing "insmod 
normal", it shows the "symbol `grub_is_lockdown` not found" error.  I 
managed to get it working by copying grub modules from an existing 
Debian ARM VM over to it, I did that because I noticed that the modules 
were of a newer version and a different size.


I'm not sure if the "grub-install" step was needed, but after 
investigating I found that when I ran grub-install a standard 
Debian-provided ARM AWS community instance and rebooted, the instance 
fails to boot in the same way.


This is my document if you were interested, I mention the error in it:
https://ryan.thoryk.com/linux/arm_convert.html

--
Ryan Thoryk
r...@thoryk.com
r...@tliquest.net

Bug#984760: grub-pc: upgrade works, boot fails (error: symbol `grub_is_lockdown` not found)

2021-05-13 Thread Sunil Mohan Adapa 
On Thu, 15 Apr 2021 23:00:22 -0700 Sunil Mohan Adapa 
wrote:
> Hi,
> 
> The problem is not limited to amd64. I see this problem on arm64. On a
> FreedomBox arm64 image, on a Raspberry Pi 3B+ (when booted with UEFI
> firmware[1]) when grub efi packages are upgraded, boot fails with the
> error 'symbol `grub_is_lockdown` not found'.
> 
> Links:
> 1) https://github.com/pftf/RPi3
> 

In my case, after uninstalling and reinstalling grub-efi-arm64* and
grub?-common packages, everything worked well. This action installed
additional packages (like shim-signed?) that were not present before.

The problem surfaced after an upgrade, in my case, done using
unattended-upgrades. This may indicate that something that is supposed
to be in Depends: list is in Recommends: list.

-- 
Sunil

Bug#984760: grub-pc: upgrade works, boot fails (error: symbol `grub_is_lockdown` not found)

2021-04-16 Thread Sunil Mohan Adapa 
Hi,

The problem is not limited to amd64. I see this problem on arm64. On a
FreedomBox arm64 image, on a Raspberry Pi 3B+ (when booted with UEFI
firmware[1]) when grub efi packages are upgraded, boot fails with the
error 'symbol `grub_is_lockdown` not found'.

Links:
1) https://github.com/pftf/RPi3

Thanks,

-- 
Sunil

Bug#984760: grub-pc: upgrade works, boot fails (error: symbol `grub_is_lockdown` not found)

2021-04-02 Thread Stefan Nitz 
Package: grub-pc
Followup-For: Bug #984760

Dear Maintainer,


* Install / update to grub-common grub-pc grub-pc-bin grub2 grub2-common - 
version: 2.02+dfsg1-20+deb10u4
* Install 2.02+dfsg1-20+deb10u3 - system works again
* can not boot: ... grub_register_command_lockdown not found ...
* boot system




-- Package-specific info:

*** BEGIN /proc/mounts
/dev/sdb2 / ext4 rw,relatime,errors=remount-ro 0 0
/dev/sdb1 /boot ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/_dev_dm_1 /home/nitz ext4 rw,relatime 0 0
*** END /proc/mounts

*** BEGIN /boot/grub/device.map
(hd0)   /dev/disk/by-id/ata-SAMSUNG_HN-M101MBB_S2R8J1MBA04065
(hd1)   /dev/disk/by-id/ata-WDC_WDS500G2B0A-00SM50_172843424862
#(hd2)  /dev/disk/by-id/lvm-pv-uuid-Vty9C5-u24G-nx3B-Appj-UhSr-wQZj-LtfXc7
*** END /boot/grub/device.map

*** BEGIN /boot/grub/grub.cfg
#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#

### BEGIN /etc/grub.d/00_header ###
if [ -s $prefix/grubenv ]; then
  set have_grubenv=true
  load_env
fi
if [ "${next_entry}" ] ; then
   set default="${next_entry}"
   set next_entry=
   save_env next_entry
   set boot_once=true
else
   set default="Debian GNU/Linux, mit Xen-Hypervisor"
fi

if [ x"${feature_menuentry_id}" = xy ]; then
  menuentry_id_option="--id"
else
  menuentry_id_option=""
fi

export menuentry_id_option

if [ "${prev_saved_entry}" ]; then
  set saved_entry="${prev_saved_entry}"
  save_env saved_entry
  set prev_saved_entry=
  save_env prev_saved_entry
  set boot_once=true
fi

function savedefault {
  if [ -z "${boot_once}" ]; then
saved_entry="${chosen}"
save_env saved_entry
  fi
}
function load_video {
  if [ x$feature_all_video_module = xy ]; then
insmod all_video
  else
insmod efi_gop
insmod efi_uga
insmod ieee1275_fb
insmod vbe
insmod vga
insmod video_bochs
insmod video_cirrus
  fi
}

if [ x$feature_default_font_path = xy ] ; then
   font=unicode
else
insmod part_msdos
insmod ext2
set root='hd1,msdos2'
if [ x$feature_platform_search_hint = xy ]; then
  search --no-floppy --fs-uuid --set=root --hint-bios=hd1,msdos2 
--hint-efi=hd1,msdos2 --hint-baremetal=ahci1,msdos2  
31010fdb-7e31-49df-bbce-b9fc3d11930d
else
  search --no-floppy --fs-uuid --set=root 31010fdb-7e31-49df-bbce-b9fc3d11930d
fi
font="/usr/share/grub/unicode.pf2"
fi

if loadfont $font ; then
  set gfxmode=auto
  load_video
  insmod gfxterm
  set locale_dir=$prefix/locale
  set lang=C
  insmod gettext
fi
terminal_output gfxterm
if [ "${recordfail}" = 1 ] ; then
  set timeout=30
else
  if [ x$feature_timeout_style = xy ] ; then
set timeout_style=menu
set timeout=5
  # Fallback normal timeout code in case the timeout_style feature is
  # unavailable.
  else
set timeout=5
  fi
fi
### END /etc/grub.d/00_header ###

### BEGIN /etc/grub.d/05_debian_theme ###
insmod part_msdos
insmod ext2
set root='hd1,msdos2'
if [ x$feature_platform_search_hint = xy ]; then
  search --no-floppy --fs-uuid --set=root --hint-bios=hd1,msdos2 
--hint-efi=hd1,msdos2 --hint-baremetal=ahci1,msdos2  
31010fdb-7e31-49df-bbce-b9fc3d11930d
else
  search --no-floppy --fs-uuid --set=root 31010fdb-7e31-49df-bbce-b9fc3d11930d
fi
insmod png
if background_image 
/usr/share/desktop-base/futureprototype-theme/grub/grub-4x3.png; then
  set color_normal=white/black
  set color_highlight=black/white
else
  set menu_color_normal=cyan/blue
  set menu_color_highlight=white/blue
fi
### END /etc/grub.d/05_debian_theme ###

### BEGIN /etc/grub.d/10_linux ###
function gfxmode {
set gfxpayload="${1}"
}
set linux_gfx_mode=
export linux_gfx_mode
menuentry 'Debian GNU/Linux' --class debian --class gnu-linux --class gnu 
--class os $menuentry_id_option 
'gnulinux-simple-31010fdb-7e31-49df-bbce-b9fc3d11930d' {
load_video
insmod gzio
if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
insmod part_msdos
insmod ext2
set root='hd1,msdos1'
if [ x$feature_platform_search_hint = xy ]; then
  search --no-floppy --fs-uuid --set=root --hint-bios=hd1,msdos1 
--hint-efi=hd1,msdos1 --hint-baremetal=ahci1,msdos1  
21ec0055-1c79-4010-a7b8-421818b40973
else
  search --no-floppy --fs-uuid --set=root 
21ec0055-1c79-4010-a7b8-421818b40973
fi
echo'Linux 4.19.0-16-amd64 wird geladen …'
linux   /vmlinuz-4.19.0-16-amd64 
root=UUID=31010fdb-7e31-49df-bbce-b9fc3d11930d ro  quiet
echo'Initiale Ramdisk wird geladen …'
initrd  /initrd.img-4.19.0-16-amd64
}
submenu 'Erweiterte Optionen für Debian GNU/Linux' $menuentry_id_option 
'gnulinux-advanced-31010fdb-7e31-49df-bbce-b9fc3d11930d' {
menuentry 'Debian GNU/Linux, mit Linux 4.19.0-16-amd64' --class debian 
--class gnu-linux --class gnu --class os $menuentry_id_option