Public bug reported:
Booting in UEFI Secure Boot requires that all code loaded up to and
including the OS kernel be signed. This includes all grub modules.
This is accomplished by including selected modules in a single signed
binary. However, the modules required for grub to use an encrypted
volume have been omitted from the binary package and therefore Ubuntu
cannot boot from an encrypted volume with Secure Boot enabled. This can
be corrected as follows.
The debian/build-efi-images file needs to have lines 136-140 changed from:
GRUB_MODULES="$CD_MODULES
lvm
mdraid09
mdraid1x
"
to:
GRUB_MODULES="$CD_MODULES
cryptodisk
gcry_arcfour
gcry_blowfish
gcry_camellia
gcry_cast5
gcry_crc
gcry_des
gcry_dsa
gcry_idea
gcry_md4
gcry_md5
gcry_rfc2268
gcry_rijndael
gcry_rmd160
gcry_rsa
gcry_seed
gcry_serpent
gcry_sha1
gcry_sha256
gcry_sha512
gcry_tiger
gcry_twofish
gcry_whirlpool
luks
lvm
mdraid09
mdraid1x
"
** Affects: grub2 (Ubuntu)
Importance: Undecided
Status: New
** Tags: boot encrypted luks partition secure uefi
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1565950
Title:
Grub 2 fails to boot a kernel on a luks encrypted volume with Secure
Boot enabled
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1565950/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
