Bug#924151: grub2-common: wrong grub.cfg for efi boot and fully encrypted disk

Joerg Jaspert joerg at ganneff.de
Sun Mar 10 16:30:02 GMT 2019 

On 15337 March 1977, Colin Watson wrote:

>> I'm unsure about the severity, so feel free to adjust it. But it did
>> make my system unbootable twice already, and as its a setup one can
>> get directly from within debian-installer, it would be nice if it can be
>> fixed before buster.
> (Not by guided partitioning though, as I believe that always gives you a
> separate unencrypted /boot right now, and you have to arrange for
> GRUB_ENABLE_CRYPTODISK=y to be set.)

Granted, yes, I won't complain if you downgrade it a tad due to that.
Still, it breaks the boot, so a fix would be nice in buster. It might
not be the normal users way, but i bet i am not the only one with this
type of setup.

>> A cp /boot/grub/grub.cfg /boot/efi/EFI/debian/grub.cfg fixes it and
>> makes it nicely bootable. No idea which of the many extra commands in
>> the full grub.cfg are doing the magic, but they do.
> I tried reproducing this today and couldn't.  Now, I was doing it by
> setting up a matching stretch installation (somewhat by accident) and
> then upgrading, but still ...

I used the "Debian GNU/Linux buster-DI-alpha5 "Buster" - Official
Snapshot amd64 DVD Binary-1 20190126-00:15" image for it.
And since the install apt update.

> Could you tell me exactly which GRUB packages you have installed?  In
> particular it may matter whether you have grub-efi-amd64-signed and
> shim-signed installed or not (since the -signed image is monolithic
> rather than relying on "insmod" commands).  And it would be helpful to
> get the full output of "grub-install --debug".

$ dpkg -l|grep grub
ii  grub-common                           2.02+dfsg1-11 
amd64        GRand Unified Bootloader (common files)
ii  grub-efi-amd64                        2.02+dfsg1-11 
amd64        GRand Unified Bootloader, version 2 (EFI-AMD64 version)
ii  grub-efi-amd64-bin                    2.02+dfsg1-11 
amd64        GRand Unified Bootloader, version 2 (EFI-AMD64 modules)
ii  grub-efi-amd64-signed                 1+2.02+dfsg1+11 
amd64        GRand Unified Bootloader, version 2 (amd64 UEFI signed by Debian)
ii  grub2-common                          2.02+dfsg1-11 
amd64        GRand Unified Bootloader (common files for version 2)

I run grub-install --debug --efi-directory=/boot/efi/ >/tmp/grub.debug
2>/tmp/grub.stderr and the two files are attached.

The result is the grub.cfg in the efi/EFI/debian dir having the 4 lines
only.

-- 
bye, Joerg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: grub.debug
Type: #("text/plain" 0 7 (face (completions-first-difference completions-common-part)) 7 8 (face (completions-first-difference completions-common-part)) 8 10 (face (completions-first-difference completions-common-part)))
Size: 1082 bytes
Desc: grub stdout
URL: <http://alioth-lists.debian.net/pipermail/pkg-grub-devel/attachments/20190310/7dcd737a/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: grub.stderr
Type: #("text/plain" 0 7 (face (completions-common-part completions-first-difference)) 7 8 (face (completions-common-part completions-first-difference)) 8 10 (face (completions-common-part completions-first-difference)))
Size: 605631 bytes
Desc: grub stderr
URL: <http://alioth-lists.debian.net/pipermail/pkg-grub-devel/attachments/20190310/7dcd737a/attachment-0003.bin>

More information about the Pkg-grub-devel mailing list