This bug was fixed in the package grub2 - 2.02+dfsg1-12ubuntu1 --------------- grub2 (2.02+dfsg1-12ubuntu1) disco; urgency=medium * Merge against Debian unstable; remaining changes (LP: #564853): - debian/control: Update Vcs fields for code location on Ubuntu. - debian/control: Breaks shim (<< 13). - Secure Boot support: use newer patchset from rhboot repo: - many linuxefi_* patches added and modified - dropped debian/patches/linuxefi_require_shim.patch - renamed: debian/patches/no_insmod_on_sb.patch -> debian/patches/linuxefi_no_insmod_on_sb.patch - debian/patches/install_signed.patch, grub-install-extra-removable.patch: - Make sure if we install shim; it should also be exported as the default bootloader to install later to a removable path, if we do. - Rework grub-install-extra-removable.patch to reverse its logic: in the default case, install the bootloader to /EFI/BOOT, unless we're trying to install on a removable device, or explicitly telling grub *not* to do it. - Install a BOOT.CSV for fallback to use. - Make sure postinst and templates know about the replacement of --force-extra-removable with --no-extra-removable. - debian/patches/add-an-auto-nvram-option-to-grub-install.patch: Add the --auto-nvram option to grub-install for auto-detecting NVRAM availability before attempting NVRAM updates. - debian/build-efi-images: provide a new grub EFI image which enforces that loaded kernels are signed for Secure Boot: build gsb$arch.efi; which is the same as grub$arch.efi minus the 'linux' module. Without fallback to 'linux' for unsigned loading, this makes it effectively enforce having a signed kernel. - Verify that the current and newer kernels are signed when grub is updated, to make sure people do not accidentally shutdown without a signed kernel. - debian/default/grub: replace GRUB_HIDDEN_* variables with the less confusing GRUB_TIMEOUT_STYLE=hidden. - debian/patches/support_initrd-less_boot.patch: Added knobs to allow non-initrd boot config. - Disable os-prober for ppc64el on the PowerNV platform, to reduce the number of entries/clutter from other OSes in Petitboot - debian/patches/shorter_version_info.patch: Only show the upstream version in menu and console, and hide the package one in a package_version variable. - debian/patches/skip_text_gfxpayload_where_not_supported.patch: Skip the 'text' payload if it's not supported but present in gfxpayload, such as on EFI systems. - debian/patches/bufio_sensible_block_sizes.patch: Don't use arbitrary file fizes as block sizes in bufio: this avoids potentially seeking back in the files unnecessarily, which may require re-open files that cannot be seeked into, such as via TFTP. - debian/patches/ofnet-init-structs-in-bootpath-parser.patch: initialize structs in bootpath parser. - debian/rules: shuffle files around for now to keep build artefacts for signing at the same location as they were expected by Launchpad. - debian/rules, debian/control: enable dh-systemd. - debian/grub-common.install.in: install the systemd unit that's part of initrd fallback handling, missed when the feature landed. - debian/patches/quick-boot-lvm.patch: If we don't have writable grubenv and we're on EFI, always show the menu. - debian/patches/mkconfig_leave_breadcrumbs.patch: make sure grub-mkconfig leaves a trace of what files were sourced to help generate the config we're building. - debian/patches/linuxefi_truncate_overlong_reloc_section.patch: Windows 7 bootloader has inconsistent headers; truncate to the smaller, correct size to fix chainloading Windows 7. - debian/patches/linuxefi_fix_relocate_coff.patch: fix typo in relocate_coff() causing issues with relocation of code in chainload. - debian/patches/add-initrd-less-boot-fallback.patch: add initrd-less capabilities. If a kernel fails to boot without initrd, we will fallback to trying to boot the kernel with an initrd. Patch by Chris Glass. - debian/patches/grub-reboot-warn.patch: Warn when "for the next boot only" promise cannot be kept. * Refreshed patches and fixed up attribution to the right authors after merge with Debian. * debian/patches/linuxefi_missing_include.patch, debian/patches/linuxefi_fixing_more_errors.patch: Apply some additional small fixes to casts, format strings, includes and Makefile to make sure the newer linuxefi patches apply and build properly. grub2 (2.02+dfsg1-12) unstable; urgency=medium [ Colin Watson ] * Remove code to migrate grub-pc/install_devices to persistent device names under /dev/disk/by-id/. This migration happened in 1.98+20100702-1, which was in squeeze (four stable releases ago), so we no longer need to carry around this complex code. * Preserve previous answer to grub-pc/install_devices if we have to ask grub-pc/install_devices_disks_changed and the user chooses not to install to any devices, so that we can recover from temporary bugs that cause /dev/disk/by-id/ paths to change (closes: #919029). * debian/signing-template.json.in: Add trusted_certs key (empty, since GRUB has no hardcoded list of trusted certificates). * util: Detect more I/O errors (closes: #922741). [ Leif Lindholm ] * arm64/efi: Fix grub_efi_get_ram_base(). [ Steve McIntyre ] * grub-install: Check for arm-efi as a default target (closes: #922104). [ James Clarke ] * osdep/freebsd: Fix partition calculation for EBR entries (closes: #923253). grub2 (2.02+dfsg1-11) unstable; urgency=medium [ Colin Watson ] * Apply patches from Alexander Graf to set arm64-efi code offset to EFI_PAGE_SIZE (closes: #919012, LP: #1812317). * Upgrade to debhelper v10. * Set Rules-Requires-Root: no. * Add help and ls modules to signed UEFI images (closes: #919955). * Fix application of answers from dpkg-reconfigure to /etc/default/grub (based loosely on a patch by Steve Langasek, for which thanks; closes: #921702). [ Steve McIntyre ] * Make grub-efi-amd64-signed recommend shim-signed (closes: #919067). [ Jeroen Dekkers ] * Initialize keyboard in at_keyboard module init if keyboard is ready (closes: #741464). [ John Paul Adrian Glaubitz ] * Include a.out header in assembly of sparc64 boot loader (closes: #921249). [ Hervé Werner ] * Fix setup on Secure Boot systems where cryptodisk is in use (closes: #917117). [ Debconf translations ] * [de] German (Helge Kreutzmann and Holger Wansing; closes: #921018). grub2 (2.02+dfsg1-10) unstable; urgency=medium * Apply patch from Heinrich Schuchardt (mentioned in #916695 though unrelated): - grub-core/loader/efi/fdt.c: do not copy random memory * Add luks modules to signed UEFI images (pointed out by Alex Griffin and Hervé Werner; closes: #908162, LP: #1565950). * Keep track of the previous version of /usr/share/grub/default/grub and set UCF_FORCE_CONFFOLD=1 when running ucf if it hasn't changed; ucf can't figure this out for itself since we apply debconf-based customisations on top of the template configuration file (closes: #812574, LP: #564853). * Backport Xen PVH guest support from upstream (closes: #776450). Thanks to Hans van Kranenburg for testing. grub2 (2.02+dfsg1-9) unstable; urgency=medium [ Colin Watson ] * Sync Maintainer/Uploaders in debian/signing-template/control.in with the main packaging. * Tell reportbug to submit bug reports against unsigned packages rather than generated signed packages. * Update Homepage, debian/copyright Source, and debian/watch to use HTTPS. * Move bash completions to /usr/share/bash-completion/completions/grub and add appropriate symlinks (closes: #912852). * Build with GCC 8 (closes: #915735). [ Leif Lindholm ] * Apply patch series (mostly) from upstream to switch the arm loader over to use the arm64 loader code and improve arm/arm64 initrd handling (closes: #907596, #909420, #915091). [ Matthew Garrett ] * Don't enforce Shim signature validation if Secure Boot is disabled. grub2 (2.02+dfsg1-8) unstable; urgency=medium * Revise grub--bin and grub- package descriptions to try to explain better how they fit together and which one should be used (based loosely on work by Justin B Rye, for which thanks; closes: #630224). * Skip flaky grub_cmd_set_date test (closes: #906470). * Work around bug in obsolete init-select package: add Conflicts/Replaces from grub-common, and take over /etc/default/grub.d/init-select.cfg with a no-op stub (thanks to Guillem Jover for the suggestion; closes: #863801). * Build-depend on dosfstools and mtools on non-Linux variants of i386/amd64/arm64 as well, to match debian/rules. * Cherry-pick from upstream: - i386/linux: Add support for ext_lfb_base (LP: #1785033). * Don't source /etc/default/grub.d/*.cfg in config maintainer scripts, since otherwise we incorrectly merge settings from there into /etc/default/grub (closes: #872637, LP: #1797894). * Add xfs module to signed UEFI images (closes: #911147, LP: #1652822). * Cope with / being on a ZFS root dataset (closes: #886178). [ Debconf translations ] * [sv] Swedish (Martin Bagge and Anders Jonsson; closes: #851964). grub2 (2.02+dfsg1-7) unstable; urgency=medium * Move kernel maintainer script snippets into grub2-common (thanks, Bastian Blank; closes: #910959). * Add cryptodisk and gcry_* modules to signed UEFI images (closes: #908162, LP: #1565950). * Remove dh_builddeb override to use xz compression; this has been the default since dpkg 1.17.0. grub2 (2.02+dfsg1-6) unstable; urgency=medium * Only build *-signed packages on their native architecture for now, since otherwise we end up with clashing source packages (closes: #906596). * Refer to source packages in Built-Using, not binary packages (closes: #907483). -- Mathieu Trudel-Lapierre