Ubuntu
grub2 package

update-grub fails when having multiple encrypted zfs root datasets

Bug #1938635 reported by Ubuntu on 2021-08-01

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	grub2 (Ubuntu)	Triaged	Undecided	Unassigned

Bug Description

== Test Case ==
1. Have a multi-boot linux setup installed on zfs
2. Use external boot partition
3. Use encryption (using diffent keys) for each zfs root dataset
4. Boot into one environment without loading key of other dataset
5. Run update-grub

In our case we have 2 root datasets. We're booted into /legion/work/root
/legion/personal/root
/legion/work/root

* Expected Result *
update-grub succeeds updating grub config file with (at least) currently booted environment in configuration file.

* Actual Result *
update-grub fails, effectively updating config file removing currently booted environment from grub config.

update-grub output:

$ sudo update-grub
Sourcing file `/etc/default/grub'
Sourcing file `/etc/default/grub.d/init-select.cfg'
Generating grub configuration file ...
filesystem 'legion/personal/root' can not be mounted: Permission denied
Adding boot menu entry for UEFI Firmware Settings
done

* Workaround / Fix *
A nice fix would be to add flag to either ignore datasets without loaded key. As I'm not interested in having personal root dataset listed in grub I added a workaround in "/etc/grub.d/10_linux_zfs" modifying function "get_root_datasets()".

Original expression: zfs list -H -o name,canmount,mountpoint -t filesystem | grep -E '^'"${p}"'(\s|/[[:print:]]*\s)(on|noauto)\s'"${rel_pool_root}"'$' | awk '{print $1}'

Modified expression: zfs list -H -o name,canmount,mountpoint,keystatus -t filesystem | grep -E '^'"${p}"'(\s|/[[:print:]]*\s)(on|noauto)\s'"${rel_pool_root}"'\savailable$' | awk '{print $1}'
---
ProblemType: Bug
ApportVersion: 2.20.11-0ubuntu27.18
Architecture: amd64
CasperMD5CheckResult: skip
CurrentDesktop: KDE
DistroRelease: Ubuntu 20.04
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair nvidia_modeset nvidia
Package: grub2 (not installed)
ProcVersionSignature: Ubuntu 5.4.0-80.90-generic 5.4.124
Tags: focal
Uname: Linux 5.4.0-80-generic x86_64
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip libvirt lpadmin plugdev sudo
_MarkForUpload: True
---
ProblemType: Bug
ApportVersion: 2.20.11-0ubuntu27.18
Architecture: amd64
CasperMD5CheckResult: skip
CurrentDesktop: KDE
DistroRelease: Ubuntu 20.04
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair nvidia_modeset nvidia
Package: grub2 (not installed)
ProcVersionSignature: Ubuntu 5.4.0-80.90-generic 5.4.124
Tags: focal
Uname: Linux 5.4.0-80-generic x86_64
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip libvirt lpadmin plugdev sudo
_MarkForUpload: True

See original description

Tags: