Bug#1122685: grub2-common: Upgrade to grub 2.14 breaks tboot due to version_find_latest no longer available

Mathias Krause minipli at grsecurity.net
Fri Dec 12 10:58:59 GMT 2025 

Package: grub2-common
Version: 2.14~git20250718.0e36779-2
Severity: important
Tags: upstream
X-Debbugs-Cc: minipli at grsecurity.net

Dear Maintainer,

The recent import of the grub 2.14 sources broke tboot as it still makes
use of 'version_find_latest' in /etc/grub.d/20_linux_tboot:

$ grep -rw version_find_latest /etc/grub.d/
/etc/grub.d/20_linux_xen_tboot:    current_xen=`version_find_latest $xen_list`
/etc/grub.d/20_linux_xen_tboot:        current_tboot=`version_find_latest $tlist`
/etc/grub.d/20_linux_xen_tboot:            linux=`version_find_latest $list`
/etc/grub.d/20_linux_tboot:    current_tboot=`version_find_latest $tboot_list`
/etc/grub.d/20_linux_tboot:	linux=`version_find_latest $list`

That helper was removed in commit 04d2a50f31c4 ("Revert "templates:
Reinstate unused version comparison functions with warning"").

As even the latest version of tboot isn't fixed wrt that GRUB2 change, I
suggest the easiest solution is to revert commit 04d2a50f31c4 in Debian.
This will make tboot's grub script work again and also re-add the
"version_test_numeric() is deprecated. Use version_sort() instead."
warning that, hopefully, makes tboot users care enough to get the matter
solved upstream.

Here is the error message that can be observed:

# apt autopurge
[...]
/etc/grub.d/20_linux_tboot: 1: version_find_latest: not found
run-parts: /etc/kernel/postrm.d/zz-update-grub exited with return code 127
dpkg: error processing package linux-image-6.16.12+deb14+1-amd64 (--remove):
 installed linux-image-6.16.12+deb14+1-amd64 package post-removal script subprocess returned error exit status 127
dpkg: too many errors, stopping
[...]


Thanks,
Mathias

-- Package-specific info:

-- System Information:
Debian Release: forky/sid
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable-security'), (500, 'oldoldstable-updates'), (500, 'oldoldstable-security'), (500, 'oldoldstable'), (500, 'testing'), (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.17.8+deb14-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages grub2-common depends on:
ii  gettext-base        0.23.2-1
ii  libc6               2.42-5
ii  libdevmapper1.02.1  2:1.02.205-2
ii  libefiboot1t64      39-2
ii  libefivar1t64       39-2
ii  libfreetype6        2.13.3+dfsg-1
ii  libfuse3-4          3.17.4-1
ii  liblzma5            5.8.1-2

Versions of packages grub2-common recommends:
ii  os-prober  1.84

Versions of packages grub2-common suggests:
ii  console-setup  1.244
ii  desktop-base   14.0.0~pre2
pn  grub-emu       <none>
pn  mtools         <none>
pn  multiboot-doc  <none>
ii  xorriso        1.5.6-1.2+b1

-- Configuration Files:
/etc/grub.d/40_custom changed [not included]

-- no debconf information

More information about the Pkg-grub-devel mailing list