Comment 25 for bug 1898129

Verification done for focal-proposed
---

All good, the package from -proposed works correctly in both scenarios -- without the option (ie, default behavior) and with the option (ie, opt-in behavior.)

Note: tested on VM with UEFI OVMF firmware with secure boot enabled (OVMF_CODE_4M.ms.fd), as shim-signed is also updated in the upload.
All good -- both scenarios install/boot to login screen w/ secboot.

Steps:
=====

On install, select Try Ubuntu, and launch Terminal.

$ sudo add-apt-repository 'deb http://archive.ubuntu.com/ubuntu focal-proposed main' && sudo apt install -y ubiquity && apt policy ubiquity
...
ubiquity:
  Installed: 20.04.15.3
  Candidate: 20.04.15.3
  Version table:
 *** 20.04.15.3 500
        500 http://archive.ubuntu.com/ubuntu focal-proposed/main amd64 Packages
        100 /var/lib/dpkg/status
...

$ grep -c luksopts /lib/partman/lib/crypto-base.sh
4

$ dmesg | grep -i secure
[ 0.000000] secureboot: Secure boot enabled
[ 0.000000] Kernel is locked down from EFI Secure Boot mode; see man kernel_lockdown.7
[ 0.008398] secureboot: Secure boot enabled

Move on with installer, select install to LVM/Encrypt.

Check on Terminal:

$ lsblk --ascii | grep -B1 crypt
`-vda3 252:3 0 8.8G 0 part
  `-vda3_crypt 253:0 0 8.8G 0 crypt

Without option (default)
---

$ sudo debconf-get partman-crypto/luksformat_options

$

$ sudo cryptsetup luksDump /dev/vda3 | head -n2
LUKS header information
Version: 2

With option (opt-in)
---

$ sudo debconf-get partman-crypto/luksformat_options
--type luks1
$

$ sudo cryptsetup luksDump /dev/vda3 | head -n3
LUKS header information for /dev/vda3

Version: 1

$ grep luks /var/log/partman
/usr/bin/autopartition-crypto: Additional options for luksFormat: '--type luks1'