Package: grub2-common
Version: 2.02+dfsg1-11
Severity: grave
Dear Maintainer,
I'm unsure about the severity, so feel free to adjust it. But it did
make my system unbootable twice already, and as its a setup one can
get directly from within debian-installer, it would be nice if it can be
fixed before buster.
Setup: A new buster install with a fully (except for the EFI partition)
encrypted disk. That includes /boot as encrypted, as /boot is just part
of / here. In that setup, grub-install writes a
/boot/efi/EFI/debian/grub.cfg that contains something like
--8<---------------cut here---------------start------------->8---
cryptomount -u e37941013b6c4997bfcdff6145ee0918
search.fs_uuid a6cd673c-de1d-474f-8808-2ae4fdc7e755 root
lvmid/0l70u1-APaW-hXej-Sn6a-Nnsb-ue1X-0cFW3Y/APpMrR-2yO8-7EOl-V1pi-DH3a-eNby-lwWX3K
set prefix=($root)'/boot/grub'
configfile $prefix/grub.cfg
--8<---------------cut here---------------end--------------->8---
Which tries to be clever to not duplicate the actual information in
grub.cfg by loading it from the usual /boot/grub/grub.cfg place.
Unfortunately the cryptomount line above appears to *not* be enough to
enable grub to decrypt /, so it can not load the real config and you end
up in a rather unusable tiny grub shell. Ugh.
A cp /boot/grub/grub.cfg /boot/efi/EFI/debian/grub.cfg fixes it and
makes it nicely bootable. No idea which of the many extra commands in
the full grub.cfg are doing the magic, but they do. grub asks for
passphrase, then takes ages (easily 45 seconds) to decrypt, then shows
grub menu and boots. Yay.
I do get the same small efi grub.cfg again if i run another grub-install
--efi-directory=/boot/efi/EFI/debian/ so I guess it comes from there.
-- Package-specific info:
*********************** BEGIN /proc/mounts
/dev/mapper/lennier-root / ext4 rw,relatime,discard,errors=remount-ro 0 0
/dev/nvme0n1p1 /boot/efi vfat
rw,relatime,fmask=0077,dmask=0077,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro
0 0
*********************** END /proc/mounts
*********************** BEGIN /boot/grub/grub.cfg
#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#
### BEGIN /etc/grub.d/00_header ###
if [ -s $prefix/grubenv ]; then
set have_grubenv=true
load_env
fi
if [ "${next_entry}" ] ; then
set default="${next_entry}"
set next_entry=
save_env next_entry
set boot_once=true
else
set default="0"
fi
if [ x"${feature_menuentry_id}" = xy ]; then
menuentry_id_option="--id"
else
menuentry_id_option=""
fi
export menuentry_id_option
if [ "${prev_saved_entry}" ]; then
set saved_entry="${prev_saved_entry}"
save_env saved_entry
set prev_saved_entry=
save_env prev_saved_entry
set boot_once=true
fi
function savedefault {
if [ -z "${boot_once}" ]; then
saved_entry="${chosen}"
save_env saved_entry
fi
}
function load_video {
if [ x$feature_all_video_module = xy ]; then
insmod all_video
else
insmod efi_gop
insmod efi_uga
insmod ieee1275_fb
insmod vbe
insmod vga
insmod video_bochs
insmod video_cirrus
fi
}
insmod part_gpt
insmod fat
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root FAAB-1A17
else
search --no-floppy --fs-uuid --set=root FAAB-1A17
fi
if loadfont /EFI/debian/grubfont.pf2 ; then
set gfxmode=auto
load_video
insmod gfxterm
set locale_dir=$prefix/locale
set lang=de_DE
insmod gettext
fi
terminal_input gfxterm
terminal_output gfxterm
if [ "${recordfail}" = 1 ] ; then
set timeout=30
else
if [ x$feature_timeout_style = xy ] ; then
set timeout_style=menu
set timeout=5
# Fallback normal timeout code in case the timeout_style feature is
# unavailable.
else
set timeout=5
fi
fi
### END /etc/grub.d/00_header ###
### BEGIN /etc/grub.d/05_debian_theme ###
insmod part_gpt
insmod cryptodisk
insmod luks
insmod gcry_rijndael
insmod gcry_rijndael
insmod gcry_sha256
insmod lvm
insmod ext2
cryptomount -u e37941013b6c4997bfcdff6145ee0918
set
root='lvmid/0l70u1-APaW-hXej-Sn6a-Nnsb-ue1X-0cFW3Y/APpMrR-2yO8-7EOl-V1pi-DH3a-eNby-lwWX3K'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root
--hint='lvmid/0l70u1-APaW-hXej-Sn6a-Nnsb-ue1X-0cFW3Y/APpMrR-2yO8-7EOl-V1pi-DH3a-eNby-lwWX3K'
a6cd673c-de1d-474f-8808-2ae4fdc7e755
else
search --no-floppy --fs-uuid --set=root a6cd673c-de1d-474f-8808-2ae4fdc7e755
fi
insmod png
if background_image
/usr/share/desktop-base/futureprototype-theme/grub/grub-16x9.png; then
set color_normal=white/black
set color_highlight=black/white
else
set menu_color_normal=cyan/blue
set menu_color_highlight=white/blue
fi
### END /etc/grub.d/05_debian_theme ###
### BEGIN /etc/grub.d/10_linux ###
function gfxmode {
set gfxpayload="${1}"
}
set linux_gfx_mode=
export linux_gfx_mode
menuentry 'Debian GNU/Linux' --class debian --class gnu-linux --class gnu
--class os $menuentry_id_option
'gnulinux-simple-a6cd673c-de1d-474f-8808-2ae4fdc7e755' {
load_video
insmod gzio
if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
insmod part_gpt
insmod cryptodisk
insmod luks
insmod gcry_rijndael
insmod gcry_rijndael
insmod gcry_sha256
insmod lvm
insmod ext2
cryptomount -u e37941013b6c4997bfcdff6145ee0918
set
root='lvmid/0l70u1-APaW-hXej-Sn6a-Nnsb-ue1X-0cFW3Y/APpMrR-2yO8-7EOl-V1pi-DH3a-eNby-lwWX3K'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root
--hint='lvmid/0l70u1-APaW-hXej-Sn6a-Nnsb-ue1X-0cFW3Y/APpMrR-2yO8-7EOl-V1pi-DH3a-eNby-lwWX3K'
a6cd673c-de1d-474f-8808-2ae4fdc7e755
else
search --no-floppy --fs-uuid --set=root
a6cd673c-de1d-474f-8808-2ae4fdc7e755
fi
echo 'Loading Linux 4.19.0-2-amd64 ...'
linux /boot/vmlinuz-4.19.0-2-amd64 root=/dev/mapper/lennier-root ro
cryptdevice=UUID=e3794101-3b6c-4997-bfcd-ff6145ee0918:lvm quiet
echo 'Loading initial ramdisk ...'
initrd /boot/initrd.img-4.19.0-2-amd64
}
submenu 'Advanced options for Debian GNU/Linux' $menuentry_id_option
'gnulinux-advanced-a6cd673c-de1d-474f-8808-2ae4fdc7e755' {
menuentry 'Debian GNU/Linux, with Linux 4.19.0-2-amd64' --class debian
--class gnu-linux --class gnu --class os $menuentry_id_option
'gnulinux-4.19.0-2-amd64-advanced-a6cd673c-de1d-474f-8808-2ae4fdc7e755'
{
load_video
insmod gzio
if [ x$grub_platform = xxen ]; then insmod xzio; insmod
lzopio; fi
insmod part_gpt
insmod cryptodisk
insmod luks
insmod gcry_rijndael
insmod gcry_rijndael
insmod gcry_sha256
insmod lvm
insmod ext2
cryptomount -u e37941013b6c4997bfcdff6145ee0918
set
root='lvmid/0l70u1-APaW-hXej-Sn6a-Nnsb-ue1X-0cFW3Y/APpMrR-2yO8-7EOl-V1pi-DH3a-eNby-lwWX3K'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root
--hint='lvmid/0l70u1-APaW-hXej-Sn6a-Nnsb-ue1X-0cFW3Y/APpMrR-2yO8-7EOl-V1pi-DH3a-eNby-lwWX3K'
a6cd673c-de1d-474f-8808-2ae4fdc7e755
else
search --no-floppy --fs-uuid --set=root
a6cd673c-de1d-474f-8808-2ae4fdc7e755
fi
echo 'Loading Linux 4.19.0-2-amd64 ...'
linux /boot/vmlinuz-4.19.0-2-amd64
root=/dev/mapper/lennier-root ro
cryptdevice=UUID=e3794101-3b6c-4997-bfcd-ff6145ee0918:lvm
quiet
echo 'Loading initial ramdisk ...'
initrd /boot/initrd.img-4.19.0-2-amd64
}
menuentry 'Debian GNU/Linux, with Linux 4.19.0-2-amd64 (recovery
mode)' --class debian --class gnu-linux --class gnu --class os
$menuentry_id_option
'gnulinux-4.19.0-2-amd64-recovery-a6cd673c-de1d-474f-8808-2ae4fdc7e755'
{
load_video
insmod gzio
if [ x$grub_platform = xxen ]; then insmod xzio; insmod
lzopio; fi
insmod part_gpt
insmod cryptodisk
insmod luks
insmod gcry_rijndael
insmod gcry_rijndael
insmod gcry_sha256
insmod lvm
insmod ext2
cryptomount -u e37941013b6c4997bfcdff6145ee0918
set
root='lvmid/0l70u1-APaW-hXej-Sn6a-Nnsb-ue1X-0cFW3Y/APpMrR-2yO8-7EOl-V1pi-DH3a-eNby-lwWX3K'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root
--hint='lvmid/0l70u1-APaW-hXej-Sn6a-Nnsb-ue1X-0cFW3Y/APpMrR-2yO8-7EOl-V1pi-DH3a-eNby-lwWX3K'
a6cd673c-de1d-474f-8808-2ae4fdc7e755
else
search --no-floppy --fs-uuid --set=root
a6cd673c-de1d-474f-8808-2ae4fdc7e755
fi
echo 'Loading Linux 4.19.0-2-amd64 ...'
linux /boot/vmlinuz-4.19.0-2-amd64
root=/dev/mapper/lennier-root ro single
cryptdevice=UUID=e3794101-3b6c-4997-bfcd-ff6145ee0918:lvm
echo 'Loading initial ramdisk ...'
initrd /boot/initrd.img-4.19.0-2-amd64
}
}
### END /etc/grub.d/10_linux ###
### BEGIN /etc/grub.d/20_linux_xen ###
### END /etc/grub.d/20_linux_xen ###
### BEGIN /etc/grub.d/30_os-prober ###
### END /etc/grub.d/30_os-prober ###
### BEGIN /etc/grub.d/30_uefi-firmware ###
menuentry 'System setup' $menuentry_id_option 'uefi-firmware' {
fwsetup
}
### END /etc/grub.d/30_uefi-firmware ###
### BEGIN /etc/grub.d/40_custom ###
# This file provides an easy way to add custom menu entries. Simply type the
# menu entries you want to add after this comment. Be careful not to change
# the 'exec tail' line above.
### END /etc/grub.d/40_custom ###
### BEGIN /etc/grub.d/41_custom ###
if [ -f ${config_directory}/custom.cfg ]; then
source ${config_directory}/custom.cfg
elif [ -z "${config_directory}" -a -f $prefix/custom.cfg ]; then
source $prefix/custom.cfg;
fi
### END /etc/grub.d/41_custom ###
*********************** END /boot/grub/grub.cfg
*********************** BEGIN LVM
*********************** END LVM
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-2-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_USER
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages grub2-common depends on:
ii dpkg 1.19.5
ii grub-common 2.02+dfsg1-11
ii install-info 6.5.0.dfsg.1-4+b1
ii libc6 2.28-7
ii libdevmapper1.02.1 2:1.02.155-2
ii liblzma5 5.2.4-1
grub2-common recommends no packages.
grub2-common suggests no packages.
-- no debconf information
--
bye, Joerg
