Bug#925134: grub-efi-amd64-signed: doesn't mount cryptodisk
It seems like this bug is related to GRUB lacking LUKS2 support. Back in buster, GRUB only supported LUKS1, so this bug could only be worked- around by using LUKS1 for /boot. Now GRUB has some support for LUKS2 at boot time, but grub-probe doesn't recognise LUKS2 devices properly so the necessary modules don't get loaded automatically. There is a separate bug report #1028301 explicitly relating to grub- probe. I found the upstream commits that seem to fix it and added them to that bug report. Perhaps they would also fix this? Ben. -- Ben Hutchings The two most common things in the universe are hydrogen and stupidity. signature.asc Description: This is a digitally signed message part
Bug#925134: grub-efi-amd64-signed: doesn't mount cryptodisk
For what it's worth, I am unable to reproduce it on the latest weekly build of Bullseye. Paolo, are you OK for this bug to be closed? -- Regards, A
Bug#925134: grub-efi-amd64-signed: doesn't mount cryptodisk
Hi Mark and all, I'm in the same situation. So what do we do ? Thx On Thu, 4 Jul 2019 18:34:01 +0200 Mark Caglienzi wrote: > Hi all, > is this bug relevant yet? > > I have a buster laptop (so no VM, but real hardware, and no fresh > install) with encrypted disk, and I blocked the upgrade of grub since > March because of the fear to not be able to boot it after the upgrade of > grub. > > I am still with 2.02+dfsg1-12 because of this. > > The severity is critical (and if the bug is confirmed, I understand > that's *critical*), but I don't understand if I can upgrade or not. > > I don't see "movement" in the thread since some months, and the bug just > "lies here". > > Thanks in advance, > Mark > -- Félix Defrance PGP: 0x46A603D10F04DC57 signature.asc Description: OpenPGP digital signature
Bug#925134: grub-efi-amd64-signed: doesn't mount cryptodisk
Hi all, is this bug relevant yet? I have a buster laptop (so no VM, but real hardware, and no fresh install) with encrypted disk, and I blocked the upgrade of grub since March because of the fear to not be able to boot it after the upgrade of grub. I am still with 2.02+dfsg1-12 because of this. The severity is critical (and if the bug is confirmed, I understand that's *critical*), but I don't understand if I can upgrade or not. I don't see "movement" in the thread since some months, and the bug just "lies here". Thanks in advance, Mark signature.asc Description: OpenPGP digital signature
Bug#925134: grub-efi-amd64-signed: doesn't mount cryptodisk
I noticed that I haven't told that I'm on buster (I took it for granted based on the package version). On 2019-03-30 I upgraded my system and I suffer again of this bug: without explicit "insmod luks" in /boot/efi/EFI/debian/grub.cfg the boot stops in a grub shell. This packages where upgraded by the update (from /var/log/apt/history.log, purged from apps upgrades): Start-Date: 2019-03-30 20:55:36 Commandline: apt full-upgrade Requested-By: Upgrade: grub-efi:amd64 (2.02+dfsg1-13, 2.02+dfsg1-16), grub-common:amd64 (2.02+dfsg1-13, 2.02+dfsg1-16), grub2-common:amd64 (2.02+dfsg1-13, 2.02+dfsg1-16), grub-efi-amd64-bin:amd64 (2.02+dfsg1-13, 2.02+dfsg1-16), grub-efi-amd64:amd64 (2.02+dfsg1-13, 2.02+dfsg1-16), grub-efi-amd64-signed:amd64 (1+2.02+dfsg1+13, 1+2.02+dfsg1+16) End-Date: 2019-03-30 20:55:52 Start-Date: 2019-03-30 20:56:05 Commandline: apt autoremove --purge Requested-By: Purge: efibootmgr:amd64 (15-1) End-Date: 2019-03-30 20:56:05 I've tried to reinstall efibootmgr but nothing changes. I can do some tests, but I need directions. -- Mandi. Paolo
Bug#925134: grub-efi-amd64-signed: doesn't mount cryptodisk
Il 23/03/19 15:01, Colin Watson ha scritto: > Could you please describe, in as much detail as possible, how to set up > an environment that replicates this bug? Hello Colin, thanks for your reply. Installing the package grub-efi-amd64 with this command line: apt install --reinstall grub-efi-amd64 still removes from /boot/efi/EFI/debian/grub.cfg any line like this: insmod luks But now both the vms that I've installed to replicate the bug and my laptop are booting correctly without that line. I don't know why immediately after the package upgrade it didn't works and now it works, but I'm not able to replicate it to help who have a similar upgrade path. I have a detailed description of the steps to replicate the line removal, but, as this is no more a issue, I don't know if you want to investigate further. If so, feel free to ask. Bye. -- Paolo
Bug#925134: grub-efi-amd64-signed: doesn't mount cryptodisk
On Wed, Mar 20, 2019 at 08:33:05AM +, Paolo Miotto wrote: > this is a continuation of BUG #917117, that is archived. > > In that bug every GRUB2 update removes cryptomount call from > /boot/efi/EFI/debian/grub.cfg, and thus breaks the boot. > > Now if I call update-grub, all is fine, but every package update (this > happens for 2.02+dfsg1-12 and 2.02+dfsg1-13) > removes cryptomount call from /boot/efi/EFI/debian/grub.cfg again, and breaks > the boot. Could you please describe, in as much detail as possible, how to set up an environment that replicates this bug? The setup described in https://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no=924151#20 doesn't reproduce this problem, and I need something along those lines that does reproduce this in order to fix it. Thanks, -- Colin Watson [cjwat...@debian.org]
Bug#925134: grub-efi-amd64-signed: doesn't mount cryptodisk
Package: grub-efi-amd64 Version: 2.02+dfsg1-13 Severity: critical Dear Maintainer, this is a continuation of BUG #917117, that is archived. In that bug every GRUB2 update removes cryptomount call from /boot/efi/EFI/debian/grub.cfg, and thus breaks the boot. Now if I call update-grub, all is fine, but every package update (this happens for 2.02+dfsg1-12 and 2.02+dfsg1-13) removes cryptomount call from /boot/efi/EFI/debian/grub.cfg again, and breaks the boot. I have GRUB_ENABLE_CRYPTODISK=y in /etc/default/grub and /boot/efi/EFI/debian/grub.cfg was: insmod luks insmod lvm cryptomount (hd0,gpt2) search.fs_uuid 0c4e1d15-07b4-4757-9fd4-02a8e0c42e1b root lvmid/iRGCxh-2PcK-EDWe-zWim-n3Qu-F0KP-HMOfJi/bzEuy6-onGG-oFyt-fAIn-q69G-c9RE-t0iHce set prefix=($root)'/boot/grub' configfile $prefix/grub.cfg and becomes search.fs_uuid 0c4e1d15-07b4-4757-9fd4-02a8e0c42e1b root lvmid/iRGCxh-2PcK-EDWe-zWim-n3Qu-F0KP-HMOfJi/bzEuy6-onGG-oFyt-fAIn-q69G-c9RE-t0iHce set prefix=($root)'/boot/grub' configfile $prefix/grub.cfg I've tried apt install --reinstall grub-efi-amd64 and the /boot/efi/EFI/debian/grub.cfg was changed again. -- Mandi. Paolo