Bug#917117: grub-efi-amd64-signed: doesn't mount cryptodisk

Alexander Batischev eual.jp at gmail.com
Sat Dec 22 21:13:08 GMT 2018 

Package: grub-efi-amd64-bin
Version: 1+2.02+dfsg1+9
Severity: critical

Dear Maintainer,

I'm running a UEFI system. I have GRUB_ENABLE_CRYPTODISK=y in my 
/etc/default/grub. Ever since 2.02+dfsg1+6, each GRUB2 update removes 
cryptomount call from /boot/efi/EFI/debian/grub.cfg, and thus breaks the 
boot: GRUB drops into a recovery shell, unable to find my root partition 
(which is on LVM inside LUKS). /boot/efi is where I mount the ESP 
partition. I don't recall if the problem existed before 2.02+dfsg1+6.

This has been reported in #908162 before (against 2.02+dfsg1+6). 
Ostensibly fixed in 2.02+dfsg1+7, but I still experience the bug.

I'm running Debian testing which only has 2.02+dfsg1+8 at the moment, so 
I got 2.02+dfsg1+9 from Sid. That didn't fix the problem.

For now, my solution is to manually edit aforementioned grub.cfg, and 
add the following at the very start:

    set prefix=(hd0,gpt1)/efi/grub
    insmod luks
    insmod lvm
    cryptomount (lvm/sda2_lvm-root)

These lines are removed each time grub-efi-amd64 is reinstalled. 
Reinstallation of grub-efi-amd64-signed doesn't touch those lines. 
However, if I uninstall grub-efi-amd64-signed, reinstalling 
grub-efi-amd64 *doesn't* remove those lines.


Thank you for maintaining the package! I've been running Debian on and 
off for almost ten years now, and that's the first critical bug I ever 
encountered. Please keep up the good work!

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (600, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.18.0-3-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages grub-efi-amd64-bin depends on:
ii  efibootmgr   15-1
ii  grub-common  2.02+dfsg1-9

grub-efi-amd64-bin recommends no packages.

-- no debconf information

More information about the Pkg-grub-devel mailing list