URL: <https://savannah.gnu.org/bugs/?67063>
Summary: Regression: GRUB prompts for LUKS password again
when trying to edit a GRUB entry
Group: GNU GRUB
Submitter: mmu
Submitted: Do 01 Mai 2025 13:47:01 GMT
Category: Booting
Severity: Major
Priority: 5 - Normal
Item Group: Software Error
Status: None
Privacy: Public
Assigned to: None
Originator Name:
Originator Email:
Open/Closed: Open
Discussion Lock: Any
Release: Git master
Release:
Reproducibility: Every Time
Planned Release: None
_______________________________________________________
Follow-up Comments:
-------------------------------------------------------
Date: Do 01 Mai 2025 13:47:01 GMT By: Marc Muehlfeld <mmu>
I use a LUKS1-encrypted /boot partition. As expected, GRUB prompts for the
LUKS password to unlock /boot, then shows the boot menu, and I can
successfully boot.
However, if I press [e] to edit a GRUB entry, I'm prompted again to enter the
LUKS password for the /boot partition which I unlocked a few seconds ago. This
makes no sense and adds no extra security.
In Fedora 42, this problem was introduced by GRUB 2.12-24. According to the
Fedora GRUB maintainer, this could be a regression caused by a stricter LUKS
authentication which was introduced by
https://src.fedoraproject.org/rpms/grub2/blob/9002ed87b0e756461f08a85881dd6a791636bc1e/f/0312-disk-cryptodisk-Require-authentication-after-TPM-unl.patch
My Fedora ticket contains a reproducer for Fedora 42:
https://bugzilla.redhat.com/show_bug.cgi?id=2353335
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?67063>
_______________________________________________
Nachricht gesendet über Savannah
https://savannah.gnu.org/
signature.asc
Description: PGP signature
