Bug#917117: grub-efi-amd64-signed: doesn't mount cryptodisk
Alexander Batischev
eual.jp at gmail.com
Sat Dec 22 21:13:08 GMT 2018
Package: grub-efi-amd64-bin
Version: 1+2.02+dfsg1+9
Severity: critical
Dear Maintainer,
I'm running a UEFI system. I have GRUB_ENABLE_CRYPTODISK=y in my
/etc/default/grub. Ever since 2.02+dfsg1+6, each GRUB2 update removes
cryptomount call from /boot/efi/EFI/debian/grub.cfg, and thus breaks the
boot: GRUB drops into a recovery shell, unable to find my root partition
(which is on LVM inside LUKS). /boot/efi is where I mount the ESP
partition. I don't recall if the problem existed before 2.02+dfsg1+6.
This has been reported in #908162 before (against 2.02+dfsg1+6).
Ostensibly fixed in 2.02+dfsg1+7, but I still experience the bug.
I'm running Debian testing which only has 2.02+dfsg1+8 at the moment, so
I got 2.02+dfsg1+9 from Sid. That didn't fix the problem.
For now, my solution is to manually edit aforementioned grub.cfg, and
add the following at the very start:
set prefix=(hd0,gpt1)/efi/grub
insmod luks
insmod lvm
cryptomount (lvm/sda2_lvm-root)
These lines are removed each time grub-efi-amd64 is reinstalled.
Reinstallation of grub-efi-amd64-signed doesn't touch those lines.
However, if I uninstall grub-efi-amd64-signed, reinstalling
grub-efi-amd64 *doesn't* remove those lines.
Thank you for maintaining the package! I've been running Debian on and
off for almost ten years now, and that's the first critical bug I ever
encountered. Please keep up the good work!
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (600, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.18.0-3-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages grub-efi-amd64-bin depends on:
ii efibootmgr 15-1
ii grub-common 2.02+dfsg1-9
grub-efi-amd64-bin recommends no packages.
-- no debconf information
More information about the Pkg-grub-devel
mailing list