subiquity

Encrypted LVM install with no separate /boot results in unbootable system

Bug #1876989 reported by Paride Legovini
20
This bug affects 3 people
Affects Status Importance Assigned to Milestone
subiquity
Triaged
Undecided
Unassigned

Bug Description

With manual partitioning it is possible to install with the root filesystem in an encrypted LVM volume without a separate unencrypted partition for /boot. This setup results in a system that doesn't boot, as Grub does not support LUKS2 [1].

I think subiquity should not allow this kind of setup.

[1] https://savannah.gnu.org/bugs/?55093

Paride Legovini (paride)
summary: - Encrypted LVM install with no separate /boot should not be allowed
+ Encrypted LVM install with no separate /boot results in unbootable
+ system
Revision history for this message
Paride Legovini (paride) wrote :

Grub has support for LUKS2 in master, and once a new version gets released and included in Ubuntu I think it would be nice to stop creating a separate /boot in the guided encrypted LVM setup, and permit a manual setup without a separate /boot.

[1] https://git.savannah.gnu.org/cgit/grub.git/commit/?id=365e0cc3e7e44151c14dd29514c2f870b49f9755

Michael Hudson-Doyle (mwhudson)
Changed in subiquity:
status: New → Triaged
Revision history for this message
Michael Hudson-Doyle (mwhudson) wrote :

Yeah, that would be nice. I suspect that would mean having to enter your passphrase twice though, which wouldn't be a great experience?

And yes, we should probably check that /boot isn't on an encrypted volume for now.

Revision history for this message
Paride Legovini (paride) wrote :

There is a way to avoid having to enter the password twice: a second key from a keyfile has to be added to LUKS (cryptsetup luksAddKey --key-file), and the keyfile stored in the initramfs.

However this can be kind of complex to do automatically and it's obscure to the user, who can not realize that a running system can expose the keyfile to local users. In other words I don't know this path can be any good for us here.

Revision history for this message
TJ (tj) wrote :

Adding a keyfile to be automatically used is done via the cryptsetup-initramfs package. Keyfile is only exposed to root user. When embedding the keyfile in the initrd.img /boot/ should be encrypted so the keyfile cannot be obtained without unlocking the LUKS container.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.