enable grub-2.00 boot-from-luks support

Bug #1062623 reported by Yung-Chin Oei on 2012-10-06
302
This bug affects 51 people
Affects Status Importance Assigned to Milestone
grub2 (Ubuntu)
High
Unassigned
Nominated for Precise by Adam Stokes
Nominated for Quantal by Adam Stokes
Nominated for Raring by Adam Stokes

Bug Description

(I suppose this comes too late in the release cycle to make the change, but perhaps it's simple enough:)

With only minimal manual intervention, I found I could use today's Ubuntu Server 12.10 daily iso to install a system with luks+lvm and no separate /boot partition (which doesn't really have any security advantages, but it makes managing space on a smallish disk easier). If grub-installer could manage the final 2 steps below, it would all be fully automatic. Thanks!

Steps:
1: go through the default installer motions
2: in partman, choose the manual option
3: create a single, whole-disk primary partition, use it as a luks encrypted volume
4: on top of that, create an lvm physical volume
5: insert lvm logical volumes for swap and / (I used btrfs, probably irrelevant)
6: finish remaining installer steps; find that grub install fails
7: drop into shell, per alt+f2, and chroot to /target
8: append "GRUB_CRYPTODISK_ENABLE=y" to /etc/default/grub
9: run "grub-install /dev/sda" (replace sda etc etc), then "update-grub", reboot

Yung-Chin Oei (yungchin) wrote :

I erroneously filed this bug against partman-crypto - should have probably been grub-installer.

affects: partman-crypto (Ubuntu) → grub-installer (Ubuntu)
summary: - enable grub-2.00 luks support
+ enable grub-2.00 boot-from-luks support
description: updated
tags: added: quantal
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in grub-installer (Ubuntu):
status: New → Confirmed
Mark Russell (marrusl) on 2013-02-14
tags: added: raring
Adam Stokes (adam-stokes) wrote :

After speaking with engineering my premature nominations wouldn't be applicable since the changes necessary would be very invasive.

Adam Stokes (adam-stokes) wrote :

Yung-Chin,

This would be a very welcome enhancement, however, TMK there has been nothing in the roadmap to suggest supporting cryptodisk within grub-installer. I do feel that this should be kept open as a feature request to revisit in the future.

Thank you,
Adam

Yung-Chin Oei (yungchin) wrote :

Thanks for keeping this updated Adam!

I don't complete understand though - I believe the only real change needed is that this step:

 8: append "GRUB_CRYPTODISK_ENABLE=y" to /etc/default/grub

gets done automatically. Would it be harmful to just stick that in the default template for all setups? Other than causing a few extra modules to be installed in the grub partition, I don't think it would do any bad, or?

Adam Stokes (adam-stokes) wrote :

Hi Yung-Chin,

I will investigate your suggestion and see what our options are. I'll post back here when I have some more information for you.

Thanks again
Adam

Adam Stokes (adam-stokes) wrote :

Colin,

Hope you don't mind I subscribed you to this bug in hopes you may have some more information to shed on this particular issue.

Thank you!
Adam

Mark Russell (marrusl) wrote :

Enabling boot from LUKS would also fix LP bug 1067106.

timjor19 (timjor19) wrote :

It has been since 2013 and there is still no solution to this or fixed Ubuntu installer?

If there is a solution/guide elsewhere please link it to this thread.

TJ (tj) wrote :

GRUB_CRYPTODISK_ENABLE=y

will cause UEFI Secure Boot to fail until the Canonical signed GRUB images include the necessary modules for crypto algorithms, cryptodisk and luks.

Phillip Susi (psusi) on 2016-07-13
Changed in grub-installer (Ubuntu):
status: Confirmed → Triaged
importance: Undecided → High
affects: grub-installer (Ubuntu) → grub2 (Ubuntu)
kay (kay-diam) wrote :

At last high importance. BTW, what about this bug? https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1401532

Nazar Mokrynskyi (nazar-pc) wrote :

Some more details with exact steps needed for this to be fixed on UEFI system in following bug report: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1670552

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers