Bug#1001248: grub-efi-amd64-bin: Add luks2 module
Vagrant Cascadian
vagrant at debian.org
Tue Jan 3 03:31:23 GMT 2023
On 2021-12-06, Marc Riedel wrote:
> Please add luks2 module to build-efi-images and please notice in the
> changelog, that only PBKDF2 is currently supported.
I've been poking at this, and grub-efi-amd64-bin 2.06-7 does end up with
luks2.mod on the boot partition, but it fails to load unless I disable
secure boot from EFI.
With secure boot disabled, I was able to manually decrypt a luks2 volume
with cryptomount (when using --pbkdf2 pbkdf2) ... from rough memory:
insmod luks2
insmod pbkdf2
insmod password_pbkdf2
cryptmount -u UUID
ls (cryptN)/
Not entirely sure I actually needed to load pbkdf2 and password_pkdf2.
So it seems support is needed to make sure the luks2 module is signed
and loaded from grub.cfg when needed...
> *** /tmp/build-efi-images.patch
> --- build-efi-images.orig 2021-12-06 23:47:58.369609691 +0100
> +++ build-efi-images 2021-12-06 23:48:07.717711282 +0100
> @@ -180,6 +180,7 @@
> gcry_twofish
> gcry_whirlpool
> luks
> + luks2
> lvm
> mdraid09
> mdraid1x
Will this patch fix the signed module issue? Or is that handled some
other way?
live well,
vagrant
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-grub-devel/attachments/20230102/38508c4c/attachment.sig>
More information about the Pkg-grub-devel
mailing list