Ubuntu
grub2 package

enable grub-2.00 boot-from-luks support

Bug #1062623 reported by Yung-Chin Oei
368
This bug affects 66 people
Affects Status Importance Assigned to Milestone
grub2 (Ubuntu)
Triaged
High
Unassigned
Nominated for Precise by Adam Stokes
Nominated for Quantal by Adam Stokes
Nominated for Raring by Adam Stokes

Bug Description

(I suppose this comes too late in the release cycle to make the change, but perhaps it's simple enough:)

With only minimal manual intervention, I found I could use today's Ubuntu Server 12.10 daily iso to install a system with luks+lvm and no separate /boot partition (which doesn't really have any security advantages, but it makes managing space on a smallish disk easier). If grub-installer could manage the final 2 steps below, it would all be fully automatic. Thanks!

Steps:
1: go through the default installer motions
2: in partman, choose the manual option
3: create a single, whole-disk primary partition, use it as a luks encrypted volume
4: on top of that, create an lvm physical volume
5: insert lvm logical volumes for swap and / (I used btrfs, probably irrelevant)
6: finish remaining installer steps; find that grub install fails
7: drop into shell, per alt+f2, and chroot to /target
8: append "GRUB_CRYPTODISK_ENABLE=y" to /etc/default/grub
9: run "grub-install /dev/sda" (replace sda etc etc), then "update-grub", reboot

See original description
Tags: quantal raring
Revision history for this message
Yung-Chin Oei (yungchin) wrote :

I erroneously filed this bug against partman-crypto - should have probably been grub-installer.

affects: partman-crypto (Ubuntu) → grub-installer (Ubuntu)
summary: - enable grub-2.00 luks support
+ enable grub-2.00 boot-from-luks support
description: updated
Sasa Paporovic (melchiaros)
tags: added: quantal
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in grub-installer (Ubuntu):
status: New → Confirmed
Mark Russell (marrusl)
tags: added: raring
Revision history for this message
Adam Stokes (adam-stokes) wrote :

After speaking with engineering my premature nominations wouldn't be applicable since the changes necessary would be very invasive.

Revision history for this message
Adam Stokes (adam-stokes) wrote :

Yung-Chin,

This would be a very welcome enhancement, however, TMK there has been nothing in the roadmap to suggest supporting cryptodisk within grub-installer. I do feel that this should be kept open as a feature request to revisit in the future.

Thank you,
Adam

Revision history for this message
Yung-Chin Oei (yungchin) wrote :

Thanks for keeping this updated Adam!

I don't complete understand though - I believe the only real change needed is that this step:

 8: append "GRUB_CRYPTODISK_ENABLE=y" to /etc/default/grub

gets done automatically. Would it be harmful to just stick that in the default template for all setups? Other than causing a few extra modules to be installed in the grub partition, I don't think it would do any bad, or?

Revision history for this message
Adam Stokes (adam-stokes) wrote :

Hi Yung-Chin,

I will investigate your suggestion and see what our options are. I'll post back here when I have some more information for you.

Thanks again
Adam

Revision history for this message
Adam Stokes (adam-stokes) wrote :

Colin,

Hope you don't mind I subscribed you to this bug in hopes you may have some more information to shed on this particular issue.

Thank you!
Adam

Revision history for this message
Mark Russell (marrusl) wrote :

Enabling boot from LUKS would also fix LP bug 1067106.

Revision history for this message
timjor19 (timjor19) wrote :

It has been since 2013 and there is still no solution to this or fixed Ubuntu installer?

If there is a solution/guide elsewhere please link it to this thread.

Revision history for this message
TJ (tj) wrote :

GRUB_CRYPTODISK_ENABLE=y

will cause UEFI Secure Boot to fail until the Canonical signed GRUB images include the necessary modules for crypto algorithms, cryptodisk and luks.

Phillip Susi (psusi)
Changed in grub-installer (Ubuntu):
status: Confirmed → Triaged
importance: Undecided → High
affects: grub-installer (Ubuntu) → grub2 (Ubuntu)
Revision history for this message
kay (kay-diam) wrote :

At last high importance. BTW, what about this bug? https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1401532

Revision history for this message
Nazar Mokrynskyi (nazar-pc) wrote :

Some more details with exact steps needed for this to be fixed on UEFI system in following bug report: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1670552

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.