grub-efi-amd64-signed is missing modules for GRUB_ENABLE_CRYPTODISK=y
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
grub2-signed (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
Grub has support for booting from a fully encrypted /, including encrypted /boot, when GRUB_ENABLE_
insmod procfs
insmod cryptodisk
insmod luks
insmod gcry_rijndael
insmod gcry_sha1
cryptomount -u <32-digit uuid>
With secure boot disabled, this works fine. (I’m slightly annoyed about getting two passphrase prompts, one for GRUB and one for Linux, but whatever.)
However, the insmod commands prevent me from enabling secure boot:
error: Secure Boot forbids loading module from (hd0,gpt2)
error: Secure Boot forbids loading module from (hd0,gpt2)
error: Secure Boot forbids loading module from (hd0,gpt2)
error: Secure Boot forbids loading module from (hd0,gpt2)
error: Secure Boot forbids loading module from (hd0,gpt2)
Would it be possible to add those modules to grub-efi-
Status changed to 'Confirmed' because the bug affects multiple users.