Bug#930531: grub2-common: grub-install --force-extra-removable does not work properly with Secure Boot

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Bug#930531: grub2-common: grub-install --force-extra-removable does not work properly with Secure Boot

Steve McIntyre
Package: grub2-common
Version: 2.02+dfsg1-18
Severity: serious

Hey Colin,

Now that we have shim and signed binaries in the archive, the extra
code to install grubXXX.efi to the removable media path has to take
this into account too, or people using secure boot will end up with
broken systems that won't boot.

Looking into code to do this now.

-- Package-specific info:

*********************** BEGIN /proc/mounts
/dev/mapper/tack--vg-lv_root / ext4 rw,relatime,errors=remount-ro 0 0
/dev/sda2 /boot ext2 rw,relatime,block_validity,barrier,user_xattr,acl,stripe=4 0 0
/dev/sda1 /boot/efi vfat rw,relatime,fmask=0077,dmask=0077,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_scratch /scratch ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_scratch /var/www/mirror ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/buster-amd64-ae95d8fb-ca7e-4d82-8da8-45d8e8dc78bc ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /run/schroot/mount/buster-amd64-ae95d8fb-ca7e-4d82-8da8-45d8e8dc78bc/home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/buster-amd64-ae95d8fb-ca7e-4d82-8da8-45d8e8dc78bc/tmp ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-410245e6-819e-42a5-a194-9ae0b254ef7f ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /run/schroot/mount/sid-410245e6-819e-42a5-a194-9ae0b254ef7f/home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-410245e6-819e-42a5-a194-9ae0b254ef7f/tmp ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-4568a602-5a45-4ec9-9103-fb115cc4f1a4 ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /run/schroot/mount/sid-4568a602-5a45-4ec9-9103-fb115cc4f1a4/home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-4568a602-5a45-4ec9-9103-fb115cc4f1a4/tmp ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-6544df41-9ed7-490a-8f32-df7aa7cb09cb ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /run/schroot/mount/sid-6544df41-9ed7-490a-8f32-df7aa7cb09cb/home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-6544df41-9ed7-490a-8f32-df7aa7cb09cb/tmp ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-6616ad0e-5db2-4d38-96a4-2680a17ca733 ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /run/schroot/mount/sid-6616ad0e-5db2-4d38-96a4-2680a17ca733/home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-6616ad0e-5db2-4d38-96a4-2680a17ca733/tmp ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-9471e88b-b7e3-4973-b8d2-07dd531b56a8 ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /run/schroot/mount/sid-9471e88b-b7e3-4973-b8d2-07dd531b56a8/home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-9471e88b-b7e3-4973-b8d2-07dd531b56a8/tmp ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-96cd9c31-1413-45a3-aa51-fc4ab220b5e9 ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /run/schroot/mount/sid-96cd9c31-1413-45a3-aa51-fc4ab220b5e9/home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-96cd9c31-1413-45a3-aa51-fc4ab220b5e9/tmp ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-9b8885af-ce11-40f2-8ded-b907cf102d0f ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /run/schroot/mount/sid-9b8885af-ce11-40f2-8ded-b907cf102d0f/home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-9b8885af-ce11-40f2-8ded-b907cf102d0f/tmp ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-c39fecac-ca7e-4f75-a800-5137c3adfb35 ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /run/schroot/mount/sid-c39fecac-ca7e-4f75-a800-5137c3adfb35/home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-c39fecac-ca7e-4f75-a800-5137c3adfb35/tmp ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-cb9d44d0-9848-4bb1-b9d2-09c4cb0b0723 ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /run/schroot/mount/sid-cb9d44d0-9848-4bb1-b9d2-09c4cb0b0723/home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-cb9d44d0-9848-4bb1-b9d2-09c4cb0b0723/tmp ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-cbc655da-b64d-4820-b814-874a8582c425 ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /run/schroot/mount/sid-cbc655da-b64d-4820-b814-874a8582c425/home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-cbc655da-b64d-4820-b814-874a8582c425/tmp ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-i386-9025294e-dd77-4c33-849f-ddad65273ff6 ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /run/schroot/mount/sid-i386-9025294e-dd77-4c33-849f-ddad65273ff6/home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-i386-9025294e-dd77-4c33-849f-ddad65273ff6/tmp ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-bbcf116e-ae3b-4e0e-bcdd-1eb25836cb07 ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /run/schroot/mount/sid-bbcf116e-ae3b-4e0e-bcdd-1eb25836cb07/home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-bbcf116e-ae3b-4e0e-bcdd-1eb25836cb07/tmp ext4 rw,relatime,errors=remount-ro 0 0
*********************** END /proc/mounts

*********************** BEGIN /boot/grub/grub.cfg
#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#

### BEGIN /etc/grub.d/00_header ###
if [ -s $prefix/grubenv ]; then
  set have_grubenv=true
  load_env
fi
if [ "${next_entry}" ] ; then
   set default="${next_entry}"
   set next_entry=
   save_env next_entry
   set boot_once=true
else
   set default="0"
fi

if [ x"${feature_menuentry_id}" = xy ]; then
  menuentry_id_option="--id"
else
  menuentry_id_option=""
fi

export menuentry_id_option

if [ "${prev_saved_entry}" ]; then
  set saved_entry="${prev_saved_entry}"
  save_env saved_entry
  set prev_saved_entry=
  save_env prev_saved_entry
  set boot_once=true
fi

function savedefault {
  if [ -z "${boot_once}" ]; then
    saved_entry="${chosen}"
    save_env saved_entry
  fi
}
function load_video {
  if [ x$feature_all_video_module = xy ]; then
    insmod all_video
  else
    insmod efi_gop
    insmod efi_uga
    insmod ieee1275_fb
    insmod vbe
    insmod vga
    insmod video_bochs
    insmod video_cirrus
  fi
}

if [ x$feature_default_font_path = xy ] ; then
   font=unicode
else
insmod part_gpt
insmod ext2
set root='hd0,gpt2'
if [ x$feature_platform_search_hint = xy ]; then
  search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2  38f2e7c9-3871-435a-b87b-4a0bee7c1132
else
  search --no-floppy --fs-uuid --set=root 38f2e7c9-3871-435a-b87b-4a0bee7c1132
fi
    font="/grub/unicode.pf2"
fi

if loadfont $font ; then
  set gfxmode=auto
  load_video
  insmod gfxterm
  set locale_dir=$prefix/locale
  set lang=en_GB
  insmod gettext
fi
terminal_output gfxterm
if [ "${recordfail}" = 1 ] ; then
  set timeout=30
else
  if [ x$feature_timeout_style = xy ] ; then
    set timeout_style=menu
    set timeout=5
  # Fallback normal timeout code in case the timeout_style feature is
  # unavailable.
  else
    set timeout=5
  fi
fi
### END /etc/grub.d/00_header ###

### BEGIN /etc/grub.d/05_debian_theme ###
insmod part_gpt
insmod ext2
set root='hd0,gpt2'
if [ x$feature_platform_search_hint = xy ]; then
  search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2  38f2e7c9-3871-435a-b87b-4a0bee7c1132
else
  search --no-floppy --fs-uuid --set=root 38f2e7c9-3871-435a-b87b-4a0bee7c1132
fi
insmod png
if background_image /grub/.background_cache.png; then
  set color_normal=white/black
  set color_highlight=black/white
else
  set menu_color_normal=cyan/blue
  set menu_color_highlight=white/blue
fi
### END /etc/grub.d/05_debian_theme ###

### BEGIN /etc/grub.d/10_linux ###
function gfxmode {
        set gfxpayload="${1}"
}
set linux_gfx_mode=
export linux_gfx_mode
menuentry 'Debian GNU/Linux' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-simple-4980b8a2-d677-453f-8f35-fdc8705e06d0' {
        load_video
        insmod gzio
        if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
        insmod part_gpt
        insmod ext2
        set root='hd0,gpt2'
        if [ x$feature_platform_search_hint = xy ]; then
          search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2  38f2e7c9-3871-435a-b87b-4a0bee7c1132
        else
          search --no-floppy --fs-uuid --set=root 38f2e7c9-3871-435a-b87b-4a0bee7c1132
        fi
        echo 'Loading Linux 4.19.0-5-amd64 ...'
        linux /vmlinuz-4.19.0-5-amd64 root=/dev/mapper/tack--vg-lv_root ro  net.ifnames=0
        echo 'Loading initial ramdisk ...'
        initrd /initrd.img-4.19.0-5-amd64
}
submenu 'Advanced options for Debian GNU/Linux' $menuentry_id_option 'gnulinux-advanced-4980b8a2-d677-453f-8f35-fdc8705e06d0' {
        menuentry 'Debian GNU/Linux, with Linux 4.19.0-5-amd64' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-4.19.0-5-amd64-advanced-4980b8a2-d677-453f-8f35-fdc8705e06d0' {
                load_video
                insmod gzio
                if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
                insmod part_gpt
                insmod ext2
                set root='hd0,gpt2'
                if [ x$feature_platform_search_hint = xy ]; then
                  search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2  38f2e7c9-3871-435a-b87b-4a0bee7c1132
                else
                  search --no-floppy --fs-uuid --set=root 38f2e7c9-3871-435a-b87b-4a0bee7c1132
                fi
                echo 'Loading Linux 4.19.0-5-amd64 ...'
                linux /vmlinuz-4.19.0-5-amd64 root=/dev/mapper/tack--vg-lv_root ro  net.ifnames=0
                echo 'Loading initial ramdisk ...'
                initrd /initrd.img-4.19.0-5-amd64
        }
        menuentry 'Debian GNU/Linux, with Linux 4.19.0-5-amd64 (recovery mode)' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-4.19.0-5-amd64-recovery-4980b8a2-d677-453f-8f35-fdc8705e06d0' {
                load_video
                insmod gzio
                if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
                insmod part_gpt
                insmod ext2
                set root='hd0,gpt2'
                if [ x$feature_platform_search_hint = xy ]; then
                  search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2  38f2e7c9-3871-435a-b87b-4a0bee7c1132
                else
                  search --no-floppy --fs-uuid --set=root 38f2e7c9-3871-435a-b87b-4a0bee7c1132
                fi
                echo 'Loading Linux 4.19.0-5-amd64 ...'
                linux /vmlinuz-4.19.0-5-amd64 root=/dev/mapper/tack--vg-lv_root ro single
                echo 'Loading initial ramdisk ...'
                initrd /initrd.img-4.19.0-5-amd64
        }
        menuentry 'Debian GNU/Linux, with Linux 4.19.0-4-amd64' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-4.19.0-4-amd64-advanced-4980b8a2-d677-453f-8f35-fdc8705e06d0' {
                load_video
                insmod gzio
                if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
                insmod part_gpt
                insmod ext2
                set root='hd0,gpt2'
                if [ x$feature_platform_search_hint = xy ]; then
                  search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2  38f2e7c9-3871-435a-b87b-4a0bee7c1132
                else
                  search --no-floppy --fs-uuid --set=root 38f2e7c9-3871-435a-b87b-4a0bee7c1132
                fi
                echo 'Loading Linux 4.19.0-4-amd64 ...'
                linux /vmlinuz-4.19.0-4-amd64 root=/dev/mapper/tack--vg-lv_root ro  net.ifnames=0
                echo 'Loading initial ramdisk ...'
                initrd /initrd.img-4.19.0-4-amd64
        }
        menuentry 'Debian GNU/Linux, with Linux 4.19.0-4-amd64 (recovery mode)' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-4.19.0-4-amd64-recovery-4980b8a2-d677-453f-8f35-fdc8705e06d0' {
                load_video
                insmod gzio
                if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
                insmod part_gpt
                insmod ext2
                set root='hd0,gpt2'
                if [ x$feature_platform_search_hint = xy ]; then
                  search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2  38f2e7c9-3871-435a-b87b-4a0bee7c1132
                else
                  search --no-floppy --fs-uuid --set=root 38f2e7c9-3871-435a-b87b-4a0bee7c1132
                fi
                echo 'Loading Linux 4.19.0-4-amd64 ...'
                linux /vmlinuz-4.19.0-4-amd64 root=/dev/mapper/tack--vg-lv_root ro single
                echo 'Loading initial ramdisk ...'
                initrd /initrd.img-4.19.0-4-amd64
        }
}

### END /etc/grub.d/10_linux ###

### BEGIN /etc/grub.d/20_linux_xen ###

### END /etc/grub.d/20_linux_xen ###

### BEGIN /etc/grub.d/20_memtest86+ ###
### END /etc/grub.d/20_memtest86+ ###

### BEGIN /etc/grub.d/30_os-prober ###
### END /etc/grub.d/30_os-prober ###

### BEGIN /etc/grub.d/30_uefi-firmware ###
menuentry 'System setup' $menuentry_id_option 'uefi-firmware' {
        fwsetup
}
### END /etc/grub.d/30_uefi-firmware ###

### BEGIN /etc/grub.d/40_custom ###
# This file provides an easy way to add custom menu entries.  Simply type the
# menu entries you want to add after this comment.  Be careful not to change
# the 'exec tail' line above.
### END /etc/grub.d/40_custom ###

### BEGIN /etc/grub.d/41_custom ###
if [ -f  ${config_directory}/custom.cfg ]; then
  source ${config_directory}/custom.cfg
elif [ -z "${config_directory}" -a -f  $prefix/custom.cfg ]; then
  source $prefix/custom.cfg;
fi
### END /etc/grub.d/41_custom ###
*********************** END /boot/grub/grub.cfg

*********************** BEGIN /proc/mdstat
Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] [raid10]
unused devices: <none>
*********************** END /proc/mdstat

*********************** BEGIN /dev/disk/by-id
total 0
lrwxrwxrwx 1 root root  9 Jun 13 18:44 ata-CT2000MX500SSD1_1752E1091BFA -> ../../sda
lrwxrwxrwx 1 root root 10 Jun 13 18:44 ata-CT2000MX500SSD1_1752E1091BFA-part1 -> ../../sda1
lrwxrwxrwx 1 root root 10 Jun 13 18:44 ata-CT2000MX500SSD1_1752E1091BFA-part2 -> ../../sda2
lrwxrwxrwx 1 root root 10 Jun 13 18:44 ata-CT2000MX500SSD1_1752E1091BFA-part3 -> ../../sda3
lrwxrwxrwx 1 root root 10 Jun 13 18:44 dm-name-sda3_crypt -> ../../dm-0
lrwxrwxrwx 1 root root 10 Jun 13 18:44 dm-name-tack--vg-lv_home -> ../../dm-3
lrwxrwxrwx 1 root root 10 Jun 13 18:44 dm-name-tack--vg-lv_root -> ../../dm-2
lrwxrwxrwx 1 root root 10 Jun 13 18:44 dm-name-tack--vg-lv_scratch -> ../../dm-4
lrwxrwxrwx 1 root root 10 Jun 13 18:44 dm-name-tack--vg-swap_1 -> ../../dm-1
lrwxrwxrwx 1 root root 10 Jun 13 18:44 dm-uuid-CRYPT-LUKS1-cb16346b21ac4bc5a8919c22116aec27-sda3_crypt -> ../../dm-0
lrwxrwxrwx 1 root root 10 Jun 13 18:44 dm-uuid-LVM-4DbQas8xfQdRo5u2VXQdwxnMayviuB5C7VhX7lOFUf5lZYa4pG19SNK6hRacF0eu -> ../../dm-3
lrwxrwxrwx 1 root root 10 Jun 13 18:44 dm-uuid-LVM-4DbQas8xfQdRo5u2VXQdwxnMayviuB5CC15F1n298dsJRgvUVeirIfsIAOlEFxEv -> ../../dm-1
lrwxrwxrwx 1 root root 10 Jun 13 18:44 dm-uuid-LVM-4DbQas8xfQdRo5u2VXQdwxnMayviuB5CHEpXXjqm1H3pBmfrr0e8pwsf3eQf9rnM -> ../../dm-4
lrwxrwxrwx 1 root root 10 Jun 13 18:44 dm-uuid-LVM-4DbQas8xfQdRo5u2VXQdwxnMayviuB5COxWe4dPl91Qb8EUlqTm6gOrxb1r7IPFU -> ../../dm-2
lrwxrwxrwx 1 root root 10 Jun 13 18:44 lvm-pv-uuid-1j5a37-CXzf-L0JL-QFb5-d8Kh-YLD3-D25B1e -> ../../dm-0
lrwxrwxrwx 1 root root  9 Jun 13 18:44 usb-Generic-_SD_MMC_20120501030900000-0:0 -> ../../sdb
lrwxrwxrwx 1 root root  9 Jun 14 17:27 usb-TSSTcorp_CDDVDW_SE-S084F_R96XB81-0:0 -> ../../sr0
lrwxrwxrwx 1 root root  9 Jun 13 18:44 wwn-0x500a0751e1091bfa -> ../../sda
lrwxrwxrwx 1 root root 10 Jun 13 18:44 wwn-0x500a0751e1091bfa-part1 -> ../../sda1
lrwxrwxrwx 1 root root 10 Jun 13 18:44 wwn-0x500a0751e1091bfa-part2 -> ../../sda2
lrwxrwxrwx 1 root root 10 Jun 13 18:44 wwn-0x500a0751e1091bfa-part3 -> ../../sda3
*********************** END /dev/disk/by-id

*********************** BEGIN /dev/disk/by-uuid
total 0
lrwxrwxrwx 1 root root 10 Jun 13 18:44 357d0304-dd74-495d-bb0d-6625da21b817 -> ../../dm-3
lrwxrwxrwx 1 root root 10 Jun 13 18:44 37d5a91d-767b-4836-ad53-4aeac219c1b8 -> ../../dm-4
lrwxrwxrwx 1 root root 10 Jun 13 18:44 38f2e7c9-3871-435a-b87b-4a0bee7c1132 -> ../../sda2
lrwxrwxrwx 1 root root 10 Jun 13 18:44 4980b8a2-d677-453f-8f35-fdc8705e06d0 -> ../../dm-2
lrwxrwxrwx 1 root root 10 Jun 13 18:44 55D2-DB80 -> ../../sda1
lrwxrwxrwx 1 root root 10 Jun 13 18:44 cb16346b-21ac-4bc5-a891-9c22116aec27 -> ../../sda3
lrwxrwxrwx 1 root root 10 Jun 13 18:44 e3c1ddee-07cb-4abc-89dd-fd7d8d863f91 -> ../../dm-1
*********************** END /dev/disk/by-uuid

-- System Information:
Debian Release: 10.0
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages grub-efi-amd64 depends on:
ii  debconf [debconf-2.0]  1.5.71
ii  grub-common            2.02+dfsg1-18
ii  grub-efi-amd64-bin     2.02+dfsg1-18
ii  grub2-common           2.02+dfsg1-18
ii  ucf                    3.0038+nmu1

grub-efi-amd64 recommends no packages.

grub-efi-amd64 suggests no packages.

-- debconf information excluded

Reply | Threaded
Open this post in threaded view
|

Bug#930531: marked as pending in grub2

Colin Watson
Control: tag -1 pending

Hello,

Bug #930531 in grub2 reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/grub-team/grub/commit/f05b2405603e80801890b11fd887a172b8830e77

------------------------------------------------------------------------
Deal with --force-extra-removable with signed shim too

Closes: #930531
------------------------------------------------------------------------

(this message was generated automatically)
--
Greetings

https://bugs.debian.org/930531

Reply | Threaded
Open this post in threaded view
|

Processed: Bug#930531 marked as pending in grub2

Debian Bug Tracking System
In reply to this post by Steve McIntyre
Processing control commands:

> tag -1 pending
Bug #930531 [grub2-common] grub2-common: grub-install --force-extra-removable does not work properly with Secure Boot
Added tag(s) pending.

--
930531: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930531
Debian Bug Tracking System
Contact [hidden email] with problems

Reply | Threaded
Open this post in threaded view
|

Bug#930531: marked as done (grub2-common: grub-install --force-extra-removable does not work properly with Secure Boot)

Debian Bug Tracking System
In reply to this post by Steve McIntyre
Your message dated Fri, 14 Jun 2019 18:18:47 +0000
with message-id <[hidden email]>
and subject line Bug#930531: fixed in grub2 2.02+dfsg1-19
has caused the Debian Bug report #930531,
regarding grub2-common: grub-install --force-extra-removable does not work properly with Secure Boot
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [hidden email]
immediately.)


--
930531: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930531
Debian Bug Tracking System
Contact [hidden email] with problems

Package: grub2-common
Version: 2.02+dfsg1-18
Severity: serious

Hey Colin,

Now that we have shim and signed binaries in the archive, the extra
code to install grubXXX.efi to the removable media path has to take
this into account too, or people using secure boot will end up with
broken systems that won't boot.

Looking into code to do this now.

-- Package-specific info:

*********************** BEGIN /proc/mounts
/dev/mapper/tack--vg-lv_root / ext4 rw,relatime,errors=remount-ro 0 0
/dev/sda2 /boot ext2 rw,relatime,block_validity,barrier,user_xattr,acl,stripe=4 0 0
/dev/sda1 /boot/efi vfat rw,relatime,fmask=0077,dmask=0077,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_scratch /scratch ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_scratch /var/www/mirror ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/buster-amd64-ae95d8fb-ca7e-4d82-8da8-45d8e8dc78bc ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /run/schroot/mount/buster-amd64-ae95d8fb-ca7e-4d82-8da8-45d8e8dc78bc/home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/buster-amd64-ae95d8fb-ca7e-4d82-8da8-45d8e8dc78bc/tmp ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-410245e6-819e-42a5-a194-9ae0b254ef7f ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /run/schroot/mount/sid-410245e6-819e-42a5-a194-9ae0b254ef7f/home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-410245e6-819e-42a5-a194-9ae0b254ef7f/tmp ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-4568a602-5a45-4ec9-9103-fb115cc4f1a4 ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /run/schroot/mount/sid-4568a602-5a45-4ec9-9103-fb115cc4f1a4/home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-4568a602-5a45-4ec9-9103-fb115cc4f1a4/tmp ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-6544df41-9ed7-490a-8f32-df7aa7cb09cb ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /run/schroot/mount/sid-6544df41-9ed7-490a-8f32-df7aa7cb09cb/home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-6544df41-9ed7-490a-8f32-df7aa7cb09cb/tmp ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-6616ad0e-5db2-4d38-96a4-2680a17ca733 ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /run/schroot/mount/sid-6616ad0e-5db2-4d38-96a4-2680a17ca733/home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-6616ad0e-5db2-4d38-96a4-2680a17ca733/tmp ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-9471e88b-b7e3-4973-b8d2-07dd531b56a8 ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /run/schroot/mount/sid-9471e88b-b7e3-4973-b8d2-07dd531b56a8/home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-9471e88b-b7e3-4973-b8d2-07dd531b56a8/tmp ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-96cd9c31-1413-45a3-aa51-fc4ab220b5e9 ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /run/schroot/mount/sid-96cd9c31-1413-45a3-aa51-fc4ab220b5e9/home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-96cd9c31-1413-45a3-aa51-fc4ab220b5e9/tmp ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-9b8885af-ce11-40f2-8ded-b907cf102d0f ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /run/schroot/mount/sid-9b8885af-ce11-40f2-8ded-b907cf102d0f/home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-9b8885af-ce11-40f2-8ded-b907cf102d0f/tmp ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-c39fecac-ca7e-4f75-a800-5137c3adfb35 ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /run/schroot/mount/sid-c39fecac-ca7e-4f75-a800-5137c3adfb35/home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-c39fecac-ca7e-4f75-a800-5137c3adfb35/tmp ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-cb9d44d0-9848-4bb1-b9d2-09c4cb0b0723 ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /run/schroot/mount/sid-cb9d44d0-9848-4bb1-b9d2-09c4cb0b0723/home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-cb9d44d0-9848-4bb1-b9d2-09c4cb0b0723/tmp ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-cbc655da-b64d-4820-b814-874a8582c425 ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /run/schroot/mount/sid-cbc655da-b64d-4820-b814-874a8582c425/home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-cbc655da-b64d-4820-b814-874a8582c425/tmp ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-i386-9025294e-dd77-4c33-849f-ddad65273ff6 ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /run/schroot/mount/sid-i386-9025294e-dd77-4c33-849f-ddad65273ff6/home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-i386-9025294e-dd77-4c33-849f-ddad65273ff6/tmp ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-bbcf116e-ae3b-4e0e-bcdd-1eb25836cb07 ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /run/schroot/mount/sid-bbcf116e-ae3b-4e0e-bcdd-1eb25836cb07/home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-bbcf116e-ae3b-4e0e-bcdd-1eb25836cb07/tmp ext4 rw,relatime,errors=remount-ro 0 0
*********************** END /proc/mounts

*********************** BEGIN /boot/grub/grub.cfg
#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#

### BEGIN /etc/grub.d/00_header ###
if [ -s $prefix/grubenv ]; then
  set have_grubenv=true
  load_env
fi
if [ "${next_entry}" ] ; then
   set default="${next_entry}"
   set next_entry=
   save_env next_entry
   set boot_once=true
else
   set default="0"
fi

if [ x"${feature_menuentry_id}" = xy ]; then
  menuentry_id_option="--id"
else
  menuentry_id_option=""
fi

export menuentry_id_option

if [ "${prev_saved_entry}" ]; then
  set saved_entry="${prev_saved_entry}"
  save_env saved_entry
  set prev_saved_entry=
  save_env prev_saved_entry
  set boot_once=true
fi

function savedefault {
  if [ -z "${boot_once}" ]; then
    saved_entry="${chosen}"
    save_env saved_entry
  fi
}
function load_video {
  if [ x$feature_all_video_module = xy ]; then
    insmod all_video
  else
    insmod efi_gop
    insmod efi_uga
    insmod ieee1275_fb
    insmod vbe
    insmod vga
    insmod video_bochs
    insmod video_cirrus
  fi
}

if [ x$feature_default_font_path = xy ] ; then
   font=unicode
else
insmod part_gpt
insmod ext2
set root='hd0,gpt2'
if [ x$feature_platform_search_hint = xy ]; then
  search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2  38f2e7c9-3871-435a-b87b-4a0bee7c1132
else
  search --no-floppy --fs-uuid --set=root 38f2e7c9-3871-435a-b87b-4a0bee7c1132
fi
    font="/grub/unicode.pf2"
fi

if loadfont $font ; then
  set gfxmode=auto
  load_video
  insmod gfxterm
  set locale_dir=$prefix/locale
  set lang=en_GB
  insmod gettext
fi
terminal_output gfxterm
if [ "${recordfail}" = 1 ] ; then
  set timeout=30
else
  if [ x$feature_timeout_style = xy ] ; then
    set timeout_style=menu
    set timeout=5
  # Fallback normal timeout code in case the timeout_style feature is
  # unavailable.
  else
    set timeout=5
  fi
fi
### END /etc/grub.d/00_header ###

### BEGIN /etc/grub.d/05_debian_theme ###
insmod part_gpt
insmod ext2
set root='hd0,gpt2'
if [ x$feature_platform_search_hint = xy ]; then
  search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2  38f2e7c9-3871-435a-b87b-4a0bee7c1132
else
  search --no-floppy --fs-uuid --set=root 38f2e7c9-3871-435a-b87b-4a0bee7c1132
fi
insmod png
if background_image /grub/.background_cache.png; then
  set color_normal=white/black
  set color_highlight=black/white
else
  set menu_color_normal=cyan/blue
  set menu_color_highlight=white/blue
fi
### END /etc/grub.d/05_debian_theme ###

### BEGIN /etc/grub.d/10_linux ###
function gfxmode {
        set gfxpayload="${1}"
}
set linux_gfx_mode=
export linux_gfx_mode
menuentry 'Debian GNU/Linux' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-simple-4980b8a2-d677-453f-8f35-fdc8705e06d0' {
        load_video
        insmod gzio
        if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
        insmod part_gpt
        insmod ext2
        set root='hd0,gpt2'
        if [ x$feature_platform_search_hint = xy ]; then
          search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2  38f2e7c9-3871-435a-b87b-4a0bee7c1132
        else
          search --no-floppy --fs-uuid --set=root 38f2e7c9-3871-435a-b87b-4a0bee7c1132
        fi
        echo 'Loading Linux 4.19.0-5-amd64 ...'
        linux /vmlinuz-4.19.0-5-amd64 root=/dev/mapper/tack--vg-lv_root ro  net.ifnames=0
        echo 'Loading initial ramdisk ...'
        initrd /initrd.img-4.19.0-5-amd64
}
submenu 'Advanced options for Debian GNU/Linux' $menuentry_id_option 'gnulinux-advanced-4980b8a2-d677-453f-8f35-fdc8705e06d0' {
        menuentry 'Debian GNU/Linux, with Linux 4.19.0-5-amd64' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-4.19.0-5-amd64-advanced-4980b8a2-d677-453f-8f35-fdc8705e06d0' {
                load_video
                insmod gzio
                if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
                insmod part_gpt
                insmod ext2
                set root='hd0,gpt2'
                if [ x$feature_platform_search_hint = xy ]; then
                  search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2  38f2e7c9-3871-435a-b87b-4a0bee7c1132
                else
                  search --no-floppy --fs-uuid --set=root 38f2e7c9-3871-435a-b87b-4a0bee7c1132
                fi
                echo 'Loading Linux 4.19.0-5-amd64 ...'
                linux /vmlinuz-4.19.0-5-amd64 root=/dev/mapper/tack--vg-lv_root ro  net.ifnames=0
                echo 'Loading initial ramdisk ...'
                initrd /initrd.img-4.19.0-5-amd64
        }
        menuentry 'Debian GNU/Linux, with Linux 4.19.0-5-amd64 (recovery mode)' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-4.19.0-5-amd64-recovery-4980b8a2-d677-453f-8f35-fdc8705e06d0' {
                load_video
                insmod gzio
                if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
                insmod part_gpt
                insmod ext2
                set root='hd0,gpt2'
                if [ x$feature_platform_search_hint = xy ]; then
                  search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2  38f2e7c9-3871-435a-b87b-4a0bee7c1132
                else
                  search --no-floppy --fs-uuid --set=root 38f2e7c9-3871-435a-b87b-4a0bee7c1132
                fi
                echo 'Loading Linux 4.19.0-5-amd64 ...'
                linux /vmlinuz-4.19.0-5-amd64 root=/dev/mapper/tack--vg-lv_root ro single
                echo 'Loading initial ramdisk ...'
                initrd /initrd.img-4.19.0-5-amd64
        }
        menuentry 'Debian GNU/Linux, with Linux 4.19.0-4-amd64' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-4.19.0-4-amd64-advanced-4980b8a2-d677-453f-8f35-fdc8705e06d0' {
                load_video
                insmod gzio
                if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
                insmod part_gpt
                insmod ext2
                set root='hd0,gpt2'
                if [ x$feature_platform_search_hint = xy ]; then
                  search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2  38f2e7c9-3871-435a-b87b-4a0bee7c1132
                else
                  search --no-floppy --fs-uuid --set=root 38f2e7c9-3871-435a-b87b-4a0bee7c1132
                fi
                echo 'Loading Linux 4.19.0-4-amd64 ...'
                linux /vmlinuz-4.19.0-4-amd64 root=/dev/mapper/tack--vg-lv_root ro  net.ifnames=0
                echo 'Loading initial ramdisk ...'
                initrd /initrd.img-4.19.0-4-amd64
        }
        menuentry 'Debian GNU/Linux, with Linux 4.19.0-4-amd64 (recovery mode)' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-4.19.0-4-amd64-recovery-4980b8a2-d677-453f-8f35-fdc8705e06d0' {
                load_video
                insmod gzio
                if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
                insmod part_gpt
                insmod ext2
                set root='hd0,gpt2'
                if [ x$feature_platform_search_hint = xy ]; then
                  search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2  38f2e7c9-3871-435a-b87b-4a0bee7c1132
                else
                  search --no-floppy --fs-uuid --set=root 38f2e7c9-3871-435a-b87b-4a0bee7c1132
                fi
                echo 'Loading Linux 4.19.0-4-amd64 ...'
                linux /vmlinuz-4.19.0-4-amd64 root=/dev/mapper/tack--vg-lv_root ro single
                echo 'Loading initial ramdisk ...'
                initrd /initrd.img-4.19.0-4-amd64
        }
}

### END /etc/grub.d/10_linux ###

### BEGIN /etc/grub.d/20_linux_xen ###

### END /etc/grub.d/20_linux_xen ###

### BEGIN /etc/grub.d/20_memtest86+ ###
### END /etc/grub.d/20_memtest86+ ###

### BEGIN /etc/grub.d/30_os-prober ###
### END /etc/grub.d/30_os-prober ###

### BEGIN /etc/grub.d/30_uefi-firmware ###
menuentry 'System setup' $menuentry_id_option 'uefi-firmware' {
        fwsetup
}
### END /etc/grub.d/30_uefi-firmware ###

### BEGIN /etc/grub.d/40_custom ###
# This file provides an easy way to add custom menu entries.  Simply type the
# menu entries you want to add after this comment.  Be careful not to change
# the 'exec tail' line above.
### END /etc/grub.d/40_custom ###

### BEGIN /etc/grub.d/41_custom ###
if [ -f  ${config_directory}/custom.cfg ]; then
  source ${config_directory}/custom.cfg
elif [ -z "${config_directory}" -a -f  $prefix/custom.cfg ]; then
  source $prefix/custom.cfg;
fi
### END /etc/grub.d/41_custom ###
*********************** END /boot/grub/grub.cfg

*********************** BEGIN /proc/mdstat
Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] [raid10]
unused devices: <none>
*********************** END /proc/mdstat

*********************** BEGIN /dev/disk/by-id
total 0
lrwxrwxrwx 1 root root  9 Jun 13 18:44 ata-CT2000MX500SSD1_1752E1091BFA -> ../../sda
lrwxrwxrwx 1 root root 10 Jun 13 18:44 ata-CT2000MX500SSD1_1752E1091BFA-part1 -> ../../sda1
lrwxrwxrwx 1 root root 10 Jun 13 18:44 ata-CT2000MX500SSD1_1752E1091BFA-part2 -> ../../sda2
lrwxrwxrwx 1 root root 10 Jun 13 18:44 ata-CT2000MX500SSD1_1752E1091BFA-part3 -> ../../sda3
lrwxrwxrwx 1 root root 10 Jun 13 18:44 dm-name-sda3_crypt -> ../../dm-0
lrwxrwxrwx 1 root root 10 Jun 13 18:44 dm-name-tack--vg-lv_home -> ../../dm-3
lrwxrwxrwx 1 root root 10 Jun 13 18:44 dm-name-tack--vg-lv_root -> ../../dm-2
lrwxrwxrwx 1 root root 10 Jun 13 18:44 dm-name-tack--vg-lv_scratch -> ../../dm-4
lrwxrwxrwx 1 root root 10 Jun 13 18:44 dm-name-tack--vg-swap_1 -> ../../dm-1
lrwxrwxrwx 1 root root 10 Jun 13 18:44 dm-uuid-CRYPT-LUKS1-cb16346b21ac4bc5a8919c22116aec27-sda3_crypt -> ../../dm-0
lrwxrwxrwx 1 root root 10 Jun 13 18:44 dm-uuid-LVM-4DbQas8xfQdRo5u2VXQdwxnMayviuB5C7VhX7lOFUf5lZYa4pG19SNK6hRacF0eu -> ../../dm-3
lrwxrwxrwx 1 root root 10 Jun 13 18:44 dm-uuid-LVM-4DbQas8xfQdRo5u2VXQdwxnMayviuB5CC15F1n298dsJRgvUVeirIfsIAOlEFxEv -> ../../dm-1
lrwxrwxrwx 1 root root 10 Jun 13 18:44 dm-uuid-LVM-4DbQas8xfQdRo5u2VXQdwxnMayviuB5CHEpXXjqm1H3pBmfrr0e8pwsf3eQf9rnM -> ../../dm-4
lrwxrwxrwx 1 root root 10 Jun 13 18:44 dm-uuid-LVM-4DbQas8xfQdRo5u2VXQdwxnMayviuB5COxWe4dPl91Qb8EUlqTm6gOrxb1r7IPFU -> ../../dm-2
lrwxrwxrwx 1 root root 10 Jun 13 18:44 lvm-pv-uuid-1j5a37-CXzf-L0JL-QFb5-d8Kh-YLD3-D25B1e -> ../../dm-0
lrwxrwxrwx 1 root root  9 Jun 13 18:44 usb-Generic-_SD_MMC_20120501030900000-0:0 -> ../../sdb
lrwxrwxrwx 1 root root  9 Jun 14 17:27 usb-TSSTcorp_CDDVDW_SE-S084F_R96XB81-0:0 -> ../../sr0
lrwxrwxrwx 1 root root  9 Jun 13 18:44 wwn-0x500a0751e1091bfa -> ../../sda
lrwxrwxrwx 1 root root 10 Jun 13 18:44 wwn-0x500a0751e1091bfa-part1 -> ../../sda1
lrwxrwxrwx 1 root root 10 Jun 13 18:44 wwn-0x500a0751e1091bfa-part2 -> ../../sda2
lrwxrwxrwx 1 root root 10 Jun 13 18:44 wwn-0x500a0751e1091bfa-part3 -> ../../sda3
*********************** END /dev/disk/by-id

*********************** BEGIN /dev/disk/by-uuid
total 0
lrwxrwxrwx 1 root root 10 Jun 13 18:44 357d0304-dd74-495d-bb0d-6625da21b817 -> ../../dm-3
lrwxrwxrwx 1 root root 10 Jun 13 18:44 37d5a91d-767b-4836-ad53-4aeac219c1b8 -> ../../dm-4
lrwxrwxrwx 1 root root 10 Jun 13 18:44 38f2e7c9-3871-435a-b87b-4a0bee7c1132 -> ../../sda2
lrwxrwxrwx 1 root root 10 Jun 13 18:44 4980b8a2-d677-453f-8f35-fdc8705e06d0 -> ../../dm-2
lrwxrwxrwx 1 root root 10 Jun 13 18:44 55D2-DB80 -> ../../sda1
lrwxrwxrwx 1 root root 10 Jun 13 18:44 cb16346b-21ac-4bc5-a891-9c22116aec27 -> ../../sda3
lrwxrwxrwx 1 root root 10 Jun 13 18:44 e3c1ddee-07cb-4abc-89dd-fd7d8d863f91 -> ../../dm-1
*********************** END /dev/disk/by-uuid

-- System Information:
Debian Release: 10.0
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages grub-efi-amd64 depends on:
ii  debconf [debconf-2.0]  1.5.71
ii  grub-common            2.02+dfsg1-18
ii  grub-efi-amd64-bin     2.02+dfsg1-18
ii  grub2-common           2.02+dfsg1-18
ii  ucf                    3.0038+nmu1

grub-efi-amd64 recommends no packages.

grub-efi-amd64 suggests no packages.

-- debconf information excluded

Source: grub2
Source-Version: 2.02+dfsg1-19

We believe that the bug you reported is fixed in the latest version of
grub2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [hidden email],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <[hidden email]> (supplier of updated grub2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [hidden email])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 14 Jun 2019 19:04:01 +0100
Source: grub2
Architecture: source
Version: 2.02+dfsg1-19
Distribution: unstable
Urgency: medium
Maintainer: GRUB Maintainers <[hidden email]>
Changed-By: Colin Watson <[hidden email]>
Closes: 923855 928628 930290 930531
Changes:
 grub2 (2.02+dfsg1-19) unstable; urgency=medium
 .
   [ Colin Watson ]
   * Fix format of debian/copyright.
 .
   [ Steve McIntyre ]
   * Add the ntfs module to signed UEFI images. Closes: #923855
   * Add the cpuid module to signed UEFI images. Closes: #928628
   * Add the play module to signed UEFI images. Closes: #930290
   * Add an extra di-specific version of the UEFI netboot image with a
     different baked-in prefix value. Helps to fix #928750.
   * Deal with --force-extra-removable with signed shim too. Closes: #930531
Checksums-Sha1:
 099a6e8ffd246a413bc793fdbc5fde7b1152ab9f 6935 grub2_2.02+dfsg1-19.dsc
 56c3c2b3eb5aa6add3311004191c1baa55f3d1f4 1136044 grub2_2.02+dfsg1-19.debian.tar.xz
Checksums-Sha256:
 df9bed866880cdf2313a4ae7aa7f71ad453c44fd4eaed49ec0325abb270992a9 6935 grub2_2.02+dfsg1-19.dsc
 4ca60368e43d0bed50755e56e8671d9200b02ee351d7cfd53c4fc56e8d64b5ae 1136044 grub2_2.02+dfsg1-19.debian.tar.xz
Files:
 924dd98b5fbacbc36e8120c66425b0b9 6935 admin optional grub2_2.02+dfsg1-19.dsc
 dd1d82a15e97ae6cd6367f040b7feaf3 1136044 admin optional grub2_2.02+dfsg1-19.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAl0D4hkACgkQOTWH2X2G
UAubow/6ArnZcDLmKSbDCD0ThqHpw7Plwj4nyGVD7EclnQKF1PXl4Wtysl5Mv9lD
xySNcNldd8adsAXozxW1JIBBYqn0wE0XhdEu6+mXdIowQIjmc77k+meweLrHddFY
u4II4IK94F32J0fAKM2ANMcjqybQswoBhigDppZVQbDG7ASeVKB1B2Sg4wE9/VXt
4JKmB+up4M7Rw7uRU1+Pm4xZMSi9/7XD4jokbancx29z6x+nU5lZt1CGgG1uZcHG
mTMT9J3bgKMQxJsdVMtvrKFcjRULbWAPCgH0IX5ymNehLv9OZUfCG2AtN43ZZRPF
aCzeV4UxWd6iLnierOmbF+nEIjOONzQuWFhIvFgjMVTD+FEFoxL3TO4q+CAJZk5b
FMqcl0LmfNq8MlSY3bDPqvSm2GWkT6nV9zGq0MKfMtEWfmHVRf3UTW0+9EgD4J/7
nvyGp+K09D8kxSgI/m2ZYLIHsdRDH2+9XpzgrPN3PLG4q0QULTi5DDeXOmpWJqfA
VAUXBOn/fNsck0nN9Gve32JJ9d0SD4wPX67Wn2hYrmNX/fIpyF3QDHml7HTM7EKX
jawd0mjrqvEk1BdlShtKUeTusOXlTro1p0fCTSZjroed8LYPGRDe/8+LwE0jo7/u
48131pPnRAZANOA+HrbaTYDAbGZ5fcBkOjSpeoHIqbIJ6ohKmc8=
=7nvN
-----END PGP SIGNATURE-----
Reply | Threaded
Open this post in threaded view
|

Bug#930531: marked as done (grub2-common: grub-install --force-extra-removable does not work properly with Secure Boot)

Debian Bug Tracking System
In reply to this post by Steve McIntyre
Your message dated Sat, 15 Jun 2019 09:06:51 +0000
with message-id <[hidden email]>
and subject line Bug#930531: fixed in grub2 2.04~rc1-2
has caused the Debian Bug report #930531,
regarding grub2-common: grub-install --force-extra-removable does not work properly with Secure Boot
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [hidden email]
immediately.)


--
930531: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930531
Debian Bug Tracking System
Contact [hidden email] with problems

Package: grub2-common
Version: 2.02+dfsg1-18
Severity: serious

Hey Colin,

Now that we have shim and signed binaries in the archive, the extra
code to install grubXXX.efi to the removable media path has to take
this into account too, or people using secure boot will end up with
broken systems that won't boot.

Looking into code to do this now.

-- Package-specific info:

*********************** BEGIN /proc/mounts
/dev/mapper/tack--vg-lv_root / ext4 rw,relatime,errors=remount-ro 0 0
/dev/sda2 /boot ext2 rw,relatime,block_validity,barrier,user_xattr,acl,stripe=4 0 0
/dev/sda1 /boot/efi vfat rw,relatime,fmask=0077,dmask=0077,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_scratch /scratch ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_scratch /var/www/mirror ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/buster-amd64-ae95d8fb-ca7e-4d82-8da8-45d8e8dc78bc ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /run/schroot/mount/buster-amd64-ae95d8fb-ca7e-4d82-8da8-45d8e8dc78bc/home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/buster-amd64-ae95d8fb-ca7e-4d82-8da8-45d8e8dc78bc/tmp ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-410245e6-819e-42a5-a194-9ae0b254ef7f ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /run/schroot/mount/sid-410245e6-819e-42a5-a194-9ae0b254ef7f/home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-410245e6-819e-42a5-a194-9ae0b254ef7f/tmp ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-4568a602-5a45-4ec9-9103-fb115cc4f1a4 ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /run/schroot/mount/sid-4568a602-5a45-4ec9-9103-fb115cc4f1a4/home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-4568a602-5a45-4ec9-9103-fb115cc4f1a4/tmp ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-6544df41-9ed7-490a-8f32-df7aa7cb09cb ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /run/schroot/mount/sid-6544df41-9ed7-490a-8f32-df7aa7cb09cb/home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-6544df41-9ed7-490a-8f32-df7aa7cb09cb/tmp ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-6616ad0e-5db2-4d38-96a4-2680a17ca733 ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /run/schroot/mount/sid-6616ad0e-5db2-4d38-96a4-2680a17ca733/home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-6616ad0e-5db2-4d38-96a4-2680a17ca733/tmp ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-9471e88b-b7e3-4973-b8d2-07dd531b56a8 ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /run/schroot/mount/sid-9471e88b-b7e3-4973-b8d2-07dd531b56a8/home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-9471e88b-b7e3-4973-b8d2-07dd531b56a8/tmp ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-96cd9c31-1413-45a3-aa51-fc4ab220b5e9 ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /run/schroot/mount/sid-96cd9c31-1413-45a3-aa51-fc4ab220b5e9/home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-96cd9c31-1413-45a3-aa51-fc4ab220b5e9/tmp ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-9b8885af-ce11-40f2-8ded-b907cf102d0f ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /run/schroot/mount/sid-9b8885af-ce11-40f2-8ded-b907cf102d0f/home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-9b8885af-ce11-40f2-8ded-b907cf102d0f/tmp ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-c39fecac-ca7e-4f75-a800-5137c3adfb35 ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /run/schroot/mount/sid-c39fecac-ca7e-4f75-a800-5137c3adfb35/home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-c39fecac-ca7e-4f75-a800-5137c3adfb35/tmp ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-cb9d44d0-9848-4bb1-b9d2-09c4cb0b0723 ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /run/schroot/mount/sid-cb9d44d0-9848-4bb1-b9d2-09c4cb0b0723/home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-cb9d44d0-9848-4bb1-b9d2-09c4cb0b0723/tmp ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-cbc655da-b64d-4820-b814-874a8582c425 ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /run/schroot/mount/sid-cbc655da-b64d-4820-b814-874a8582c425/home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-cbc655da-b64d-4820-b814-874a8582c425/tmp ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-i386-9025294e-dd77-4c33-849f-ddad65273ff6 ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /run/schroot/mount/sid-i386-9025294e-dd77-4c33-849f-ddad65273ff6/home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-i386-9025294e-dd77-4c33-849f-ddad65273ff6/tmp ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-bbcf116e-ae3b-4e0e-bcdd-1eb25836cb07 ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /run/schroot/mount/sid-bbcf116e-ae3b-4e0e-bcdd-1eb25836cb07/home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-bbcf116e-ae3b-4e0e-bcdd-1eb25836cb07/tmp ext4 rw,relatime,errors=remount-ro 0 0
*********************** END /proc/mounts

*********************** BEGIN /boot/grub/grub.cfg
#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#

### BEGIN /etc/grub.d/00_header ###
if [ -s $prefix/grubenv ]; then
  set have_grubenv=true
  load_env
fi
if [ "${next_entry}" ] ; then
   set default="${next_entry}"
   set next_entry=
   save_env next_entry
   set boot_once=true
else
   set default="0"
fi

if [ x"${feature_menuentry_id}" = xy ]; then
  menuentry_id_option="--id"
else
  menuentry_id_option=""
fi

export menuentry_id_option

if [ "${prev_saved_entry}" ]; then
  set saved_entry="${prev_saved_entry}"
  save_env saved_entry
  set prev_saved_entry=
  save_env prev_saved_entry
  set boot_once=true
fi

function savedefault {
  if [ -z "${boot_once}" ]; then
    saved_entry="${chosen}"
    save_env saved_entry
  fi
}
function load_video {
  if [ x$feature_all_video_module = xy ]; then
    insmod all_video
  else
    insmod efi_gop
    insmod efi_uga
    insmod ieee1275_fb
    insmod vbe
    insmod vga
    insmod video_bochs
    insmod video_cirrus
  fi
}

if [ x$feature_default_font_path = xy ] ; then
   font=unicode
else
insmod part_gpt
insmod ext2
set root='hd0,gpt2'
if [ x$feature_platform_search_hint = xy ]; then
  search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2  38f2e7c9-3871-435a-b87b-4a0bee7c1132
else
  search --no-floppy --fs-uuid --set=root 38f2e7c9-3871-435a-b87b-4a0bee7c1132
fi
    font="/grub/unicode.pf2"
fi

if loadfont $font ; then
  set gfxmode=auto
  load_video
  insmod gfxterm
  set locale_dir=$prefix/locale
  set lang=en_GB
  insmod gettext
fi
terminal_output gfxterm
if [ "${recordfail}" = 1 ] ; then
  set timeout=30
else
  if [ x$feature_timeout_style = xy ] ; then
    set timeout_style=menu
    set timeout=5
  # Fallback normal timeout code in case the timeout_style feature is
  # unavailable.
  else
    set timeout=5
  fi
fi
### END /etc/grub.d/00_header ###

### BEGIN /etc/grub.d/05_debian_theme ###
insmod part_gpt
insmod ext2
set root='hd0,gpt2'
if [ x$feature_platform_search_hint = xy ]; then
  search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2  38f2e7c9-3871-435a-b87b-4a0bee7c1132
else
  search --no-floppy --fs-uuid --set=root 38f2e7c9-3871-435a-b87b-4a0bee7c1132
fi
insmod png
if background_image /grub/.background_cache.png; then
  set color_normal=white/black
  set color_highlight=black/white
else
  set menu_color_normal=cyan/blue
  set menu_color_highlight=white/blue
fi
### END /etc/grub.d/05_debian_theme ###

### BEGIN /etc/grub.d/10_linux ###
function gfxmode {
        set gfxpayload="${1}"
}
set linux_gfx_mode=
export linux_gfx_mode
menuentry 'Debian GNU/Linux' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-simple-4980b8a2-d677-453f-8f35-fdc8705e06d0' {
        load_video
        insmod gzio
        if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
        insmod part_gpt
        insmod ext2
        set root='hd0,gpt2'
        if [ x$feature_platform_search_hint = xy ]; then
          search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2  38f2e7c9-3871-435a-b87b-4a0bee7c1132
        else
          search --no-floppy --fs-uuid --set=root 38f2e7c9-3871-435a-b87b-4a0bee7c1132
        fi
        echo 'Loading Linux 4.19.0-5-amd64 ...'
        linux /vmlinuz-4.19.0-5-amd64 root=/dev/mapper/tack--vg-lv_root ro  net.ifnames=0
        echo 'Loading initial ramdisk ...'
        initrd /initrd.img-4.19.0-5-amd64
}
submenu 'Advanced options for Debian GNU/Linux' $menuentry_id_option 'gnulinux-advanced-4980b8a2-d677-453f-8f35-fdc8705e06d0' {
        menuentry 'Debian GNU/Linux, with Linux 4.19.0-5-amd64' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-4.19.0-5-amd64-advanced-4980b8a2-d677-453f-8f35-fdc8705e06d0' {
                load_video
                insmod gzio
                if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
                insmod part_gpt
                insmod ext2
                set root='hd0,gpt2'
                if [ x$feature_platform_search_hint = xy ]; then
                  search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2  38f2e7c9-3871-435a-b87b-4a0bee7c1132
                else
                  search --no-floppy --fs-uuid --set=root 38f2e7c9-3871-435a-b87b-4a0bee7c1132
                fi
                echo 'Loading Linux 4.19.0-5-amd64 ...'
                linux /vmlinuz-4.19.0-5-amd64 root=/dev/mapper/tack--vg-lv_root ro  net.ifnames=0
                echo 'Loading initial ramdisk ...'
                initrd /initrd.img-4.19.0-5-amd64
        }
        menuentry 'Debian GNU/Linux, with Linux 4.19.0-5-amd64 (recovery mode)' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-4.19.0-5-amd64-recovery-4980b8a2-d677-453f-8f35-fdc8705e06d0' {
                load_video
                insmod gzio
                if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
                insmod part_gpt
                insmod ext2
                set root='hd0,gpt2'
                if [ x$feature_platform_search_hint = xy ]; then
                  search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2  38f2e7c9-3871-435a-b87b-4a0bee7c1132
                else
                  search --no-floppy --fs-uuid --set=root 38f2e7c9-3871-435a-b87b-4a0bee7c1132
                fi
                echo 'Loading Linux 4.19.0-5-amd64 ...'
                linux /vmlinuz-4.19.0-5-amd64 root=/dev/mapper/tack--vg-lv_root ro single
                echo 'Loading initial ramdisk ...'
                initrd /initrd.img-4.19.0-5-amd64
        }
        menuentry 'Debian GNU/Linux, with Linux 4.19.0-4-amd64' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-4.19.0-4-amd64-advanced-4980b8a2-d677-453f-8f35-fdc8705e06d0' {
                load_video
                insmod gzio
                if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
                insmod part_gpt
                insmod ext2
                set root='hd0,gpt2'
                if [ x$feature_platform_search_hint = xy ]; then
                  search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2  38f2e7c9-3871-435a-b87b-4a0bee7c1132
                else
                  search --no-floppy --fs-uuid --set=root 38f2e7c9-3871-435a-b87b-4a0bee7c1132
                fi
                echo 'Loading Linux 4.19.0-4-amd64 ...'
                linux /vmlinuz-4.19.0-4-amd64 root=/dev/mapper/tack--vg-lv_root ro  net.ifnames=0
                echo 'Loading initial ramdisk ...'
                initrd /initrd.img-4.19.0-4-amd64
        }
        menuentry 'Debian GNU/Linux, with Linux 4.19.0-4-amd64 (recovery mode)' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-4.19.0-4-amd64-recovery-4980b8a2-d677-453f-8f35-fdc8705e06d0' {
                load_video
                insmod gzio
                if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
                insmod part_gpt
                insmod ext2
                set root='hd0,gpt2'
                if [ x$feature_platform_search_hint = xy ]; then
                  search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2  38f2e7c9-3871-435a-b87b-4a0bee7c1132
                else
                  search --no-floppy --fs-uuid --set=root 38f2e7c9-3871-435a-b87b-4a0bee7c1132
                fi
                echo 'Loading Linux 4.19.0-4-amd64 ...'
                linux /vmlinuz-4.19.0-4-amd64 root=/dev/mapper/tack--vg-lv_root ro single
                echo 'Loading initial ramdisk ...'
                initrd /initrd.img-4.19.0-4-amd64
        }
}

### END /etc/grub.d/10_linux ###

### BEGIN /etc/grub.d/20_linux_xen ###

### END /etc/grub.d/20_linux_xen ###

### BEGIN /etc/grub.d/20_memtest86+ ###
### END /etc/grub.d/20_memtest86+ ###

### BEGIN /etc/grub.d/30_os-prober ###
### END /etc/grub.d/30_os-prober ###

### BEGIN /etc/grub.d/30_uefi-firmware ###
menuentry 'System setup' $menuentry_id_option 'uefi-firmware' {
        fwsetup
}
### END /etc/grub.d/30_uefi-firmware ###

### BEGIN /etc/grub.d/40_custom ###
# This file provides an easy way to add custom menu entries.  Simply type the
# menu entries you want to add after this comment.  Be careful not to change
# the 'exec tail' line above.
### END /etc/grub.d/40_custom ###

### BEGIN /etc/grub.d/41_custom ###
if [ -f  ${config_directory}/custom.cfg ]; then
  source ${config_directory}/custom.cfg
elif [ -z "${config_directory}" -a -f  $prefix/custom.cfg ]; then
  source $prefix/custom.cfg;
fi
### END /etc/grub.d/41_custom ###
*********************** END /boot/grub/grub.cfg

*********************** BEGIN /proc/mdstat
Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] [raid10]
unused devices: <none>
*********************** END /proc/mdstat

*********************** BEGIN /dev/disk/by-id
total 0
lrwxrwxrwx 1 root root  9 Jun 13 18:44 ata-CT2000MX500SSD1_1752E1091BFA -> ../../sda
lrwxrwxrwx 1 root root 10 Jun 13 18:44 ata-CT2000MX500SSD1_1752E1091BFA-part1 -> ../../sda1
lrwxrwxrwx 1 root root 10 Jun 13 18:44 ata-CT2000MX500SSD1_1752E1091BFA-part2 -> ../../sda2
lrwxrwxrwx 1 root root 10 Jun 13 18:44 ata-CT2000MX500SSD1_1752E1091BFA-part3 -> ../../sda3
lrwxrwxrwx 1 root root 10 Jun 13 18:44 dm-name-sda3_crypt -> ../../dm-0
lrwxrwxrwx 1 root root 10 Jun 13 18:44 dm-name-tack--vg-lv_home -> ../../dm-3
lrwxrwxrwx 1 root root 10 Jun 13 18:44 dm-name-tack--vg-lv_root -> ../../dm-2
lrwxrwxrwx 1 root root 10 Jun 13 18:44 dm-name-tack--vg-lv_scratch -> ../../dm-4
lrwxrwxrwx 1 root root 10 Jun 13 18:44 dm-name-tack--vg-swap_1 -> ../../dm-1
lrwxrwxrwx 1 root root 10 Jun 13 18:44 dm-uuid-CRYPT-LUKS1-cb16346b21ac4bc5a8919c22116aec27-sda3_crypt -> ../../dm-0
lrwxrwxrwx 1 root root 10 Jun 13 18:44 dm-uuid-LVM-4DbQas8xfQdRo5u2VXQdwxnMayviuB5C7VhX7lOFUf5lZYa4pG19SNK6hRacF0eu -> ../../dm-3
lrwxrwxrwx 1 root root 10 Jun 13 18:44 dm-uuid-LVM-4DbQas8xfQdRo5u2VXQdwxnMayviuB5CC15F1n298dsJRgvUVeirIfsIAOlEFxEv -> ../../dm-1
lrwxrwxrwx 1 root root 10 Jun 13 18:44 dm-uuid-LVM-4DbQas8xfQdRo5u2VXQdwxnMayviuB5CHEpXXjqm1H3pBmfrr0e8pwsf3eQf9rnM -> ../../dm-4
lrwxrwxrwx 1 root root 10 Jun 13 18:44 dm-uuid-LVM-4DbQas8xfQdRo5u2VXQdwxnMayviuB5COxWe4dPl91Qb8EUlqTm6gOrxb1r7IPFU -> ../../dm-2
lrwxrwxrwx 1 root root 10 Jun 13 18:44 lvm-pv-uuid-1j5a37-CXzf-L0JL-QFb5-d8Kh-YLD3-D25B1e -> ../../dm-0
lrwxrwxrwx 1 root root  9 Jun 13 18:44 usb-Generic-_SD_MMC_20120501030900000-0:0 -> ../../sdb
lrwxrwxrwx 1 root root  9 Jun 14 17:27 usb-TSSTcorp_CDDVDW_SE-S084F_R96XB81-0:0 -> ../../sr0
lrwxrwxrwx 1 root root  9 Jun 13 18:44 wwn-0x500a0751e1091bfa -> ../../sda
lrwxrwxrwx 1 root root 10 Jun 13 18:44 wwn-0x500a0751e1091bfa-part1 -> ../../sda1
lrwxrwxrwx 1 root root 10 Jun 13 18:44 wwn-0x500a0751e1091bfa-part2 -> ../../sda2
lrwxrwxrwx 1 root root 10 Jun 13 18:44 wwn-0x500a0751e1091bfa-part3 -> ../../sda3
*********************** END /dev/disk/by-id

*********************** BEGIN /dev/disk/by-uuid
total 0
lrwxrwxrwx 1 root root 10 Jun 13 18:44 357d0304-dd74-495d-bb0d-6625da21b817 -> ../../dm-3
lrwxrwxrwx 1 root root 10 Jun 13 18:44 37d5a91d-767b-4836-ad53-4aeac219c1b8 -> ../../dm-4
lrwxrwxrwx 1 root root 10 Jun 13 18:44 38f2e7c9-3871-435a-b87b-4a0bee7c1132 -> ../../sda2
lrwxrwxrwx 1 root root 10 Jun 13 18:44 4980b8a2-d677-453f-8f35-fdc8705e06d0 -> ../../dm-2
lrwxrwxrwx 1 root root 10 Jun 13 18:44 55D2-DB80 -> ../../sda1
lrwxrwxrwx 1 root root 10 Jun 13 18:44 cb16346b-21ac-4bc5-a891-9c22116aec27 -> ../../sda3
lrwxrwxrwx 1 root root 10 Jun 13 18:44 e3c1ddee-07cb-4abc-89dd-fd7d8d863f91 -> ../../dm-1
*********************** END /dev/disk/by-uuid

-- System Information:
Debian Release: 10.0
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages grub-efi-amd64 depends on:
ii  debconf [debconf-2.0]  1.5.71
ii  grub-common            2.02+dfsg1-18
ii  grub-efi-amd64-bin     2.02+dfsg1-18
ii  grub2-common           2.02+dfsg1-18
ii  ucf                    3.0038+nmu1

grub-efi-amd64 recommends no packages.

grub-efi-amd64 suggests no packages.

-- debconf information excluded

Source: grub2
Source-Version: 2.04~rc1-2

We believe that the bug you reported is fixed in the latest version of
grub2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [hidden email],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <[hidden email]> (supplier of updated grub2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [hidden email])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 15 Jun 2019 09:41:19 +0100
Source: grub2
Architecture: source
Version: 2.04~rc1-2
Distribution: experimental
Urgency: medium
Maintainer: GRUB Maintainers <[hidden email]>
Changed-By: Colin Watson <[hidden email]>
Closes: 923855 928628 930290 930531
Changes:
 grub2 (2.04~rc1-2) experimental; urgency=medium
 .
   [ Colin Watson ]
   * debian/build-efi-images: Add tpm on x86_64-efi (thanks, Chris Coulson).
 .
   [ Steve McIntyre ]
   * Add the ntfs module to signed UEFI images. Closes: #923855
   * Add the cpuid module to signed UEFI images. Closes: #928628
   * Add the play module to signed UEFI images. Closes: #930290
   * Add an extra di-specific version of the UEFI netboot image with a
     different baked-in prefix value. Helps to fix #928750.
   * Deal with --force-extra-removable with signed shim too. Closes: #930531
Checksums-Sha1:
 1c644dd07c414b2377412e474427eb927bea86a6 7161 grub2_2.04~rc1-2.dsc
 ebaf74efc74c35628ee9a244df78ab476c28c134 1047372 grub2_2.04~rc1-2.debian.tar.xz
Checksums-Sha256:
 d2ffcc1e660c47daa07c5d876a902efd3c803678865354c46902547321b56f69 7161 grub2_2.04~rc1-2.dsc
 e64a8e67f7b0a9d02f9ef7045d464523d9904a28410740c11968f66536a9cdcc 1047372 grub2_2.04~rc1-2.debian.tar.xz
Files:
 a7a8793c4b8b9d1de341ddfcebe7fa79 7161 admin optional grub2_2.04~rc1-2.dsc
 0050b10d4ea077037a341653ad063913 1047372 admin optional grub2_2.04~rc1-2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAl0EsB8ACgkQOTWH2X2G
UAve2g/+LYOyjgAL4/L6dAnzBVp+bVJ+3Nle65hRtFs20JARd0+q+YZPR5ZwIR9B
ioknp7IFCubW8bqWmNLSIRk0NqHqalQz7kyoLyab8qioe8ytD/cNEeLkUfepZo1S
BYqLr5iT0Umuc/Ciy/xJpshA1Odmqvfau0YRYsp/HT1EvP+WI+pXUGebStVtM7uj
wucq/CCfsCoz/f3e3ChqitRhc70DD2ee6M0zLgGzEx+aoX13MNWY/f7+OuamWQ41
mHW4T+lMATj+Zyp8u4VumRjgrMK1MDOS5Xiuh/I3uHu5qhD9lNdK39F4sJ87cOhP
6tFudCyx8PrfXYlW+KYke+j3P0AbAVdcF7EjTKh52VecZ2fTAQbyIJ8d5QH62LAr
2FlQ+Ee4G61SLazRzzJQaQD17YlubJAagmdW4f3WD+vQpYxEIb1oO8mjHFzuyxpK
Ckje1eMZ6g32DdKj4lJRiPzl9/1gxbDEaQJ/cOaj+EfLq3AbS2n5tq5L3/Tmkz9W
qVoyG2G4uuZ23qzQ4W+etQ9EZO8/VBWTbDepS0kBuGcEMh088YSxvaR53PG8EvH4
BtvnvrLVFAHdwBtECCr4NHCsJ35GSi3acRKQozaWFLSwgKwyUQVb3b9YepojL2Ma
2sUwzOX/gs+mUYvZbwTlrEzolNc6UlocVoQpVWxExLIk7SWYU0g=
=ZC8u
-----END PGP SIGNATURE-----
Reply | Threaded
Open this post in threaded view
|

Bug#930531: marked as done (grub2-common: grub-install --force-extra-removable does not work properly with Secure Boot)

Debian Bug Tracking System
In reply to this post by Steve McIntyre
Your message dated Tue, 09 Jul 2019 13:38:05 +0000
with message-id <[hidden email]>
and subject line Bug#930531: fixed in grub2 2.04-1
has caused the Debian Bug report #930531,
regarding grub2-common: grub-install --force-extra-removable does not work properly with Secure Boot
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [hidden email]
immediately.)


--
930531: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930531
Debian Bug Tracking System
Contact [hidden email] with problems

Package: grub2-common
Version: 2.02+dfsg1-18
Severity: serious

Hey Colin,

Now that we have shim and signed binaries in the archive, the extra
code to install grubXXX.efi to the removable media path has to take
this into account too, or people using secure boot will end up with
broken systems that won't boot.

Looking into code to do this now.

-- Package-specific info:

*********************** BEGIN /proc/mounts
/dev/mapper/tack--vg-lv_root / ext4 rw,relatime,errors=remount-ro 0 0
/dev/sda2 /boot ext2 rw,relatime,block_validity,barrier,user_xattr,acl,stripe=4 0 0
/dev/sda1 /boot/efi vfat rw,relatime,fmask=0077,dmask=0077,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_scratch /scratch ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_scratch /var/www/mirror ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/buster-amd64-ae95d8fb-ca7e-4d82-8da8-45d8e8dc78bc ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /run/schroot/mount/buster-amd64-ae95d8fb-ca7e-4d82-8da8-45d8e8dc78bc/home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/buster-amd64-ae95d8fb-ca7e-4d82-8da8-45d8e8dc78bc/tmp ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-410245e6-819e-42a5-a194-9ae0b254ef7f ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /run/schroot/mount/sid-410245e6-819e-42a5-a194-9ae0b254ef7f/home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-410245e6-819e-42a5-a194-9ae0b254ef7f/tmp ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-4568a602-5a45-4ec9-9103-fb115cc4f1a4 ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /run/schroot/mount/sid-4568a602-5a45-4ec9-9103-fb115cc4f1a4/home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-4568a602-5a45-4ec9-9103-fb115cc4f1a4/tmp ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-6544df41-9ed7-490a-8f32-df7aa7cb09cb ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /run/schroot/mount/sid-6544df41-9ed7-490a-8f32-df7aa7cb09cb/home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-6544df41-9ed7-490a-8f32-df7aa7cb09cb/tmp ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-6616ad0e-5db2-4d38-96a4-2680a17ca733 ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /run/schroot/mount/sid-6616ad0e-5db2-4d38-96a4-2680a17ca733/home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-6616ad0e-5db2-4d38-96a4-2680a17ca733/tmp ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-9471e88b-b7e3-4973-b8d2-07dd531b56a8 ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /run/schroot/mount/sid-9471e88b-b7e3-4973-b8d2-07dd531b56a8/home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-9471e88b-b7e3-4973-b8d2-07dd531b56a8/tmp ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-96cd9c31-1413-45a3-aa51-fc4ab220b5e9 ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /run/schroot/mount/sid-96cd9c31-1413-45a3-aa51-fc4ab220b5e9/home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-96cd9c31-1413-45a3-aa51-fc4ab220b5e9/tmp ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-9b8885af-ce11-40f2-8ded-b907cf102d0f ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /run/schroot/mount/sid-9b8885af-ce11-40f2-8ded-b907cf102d0f/home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-9b8885af-ce11-40f2-8ded-b907cf102d0f/tmp ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-c39fecac-ca7e-4f75-a800-5137c3adfb35 ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /run/schroot/mount/sid-c39fecac-ca7e-4f75-a800-5137c3adfb35/home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-c39fecac-ca7e-4f75-a800-5137c3adfb35/tmp ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-cb9d44d0-9848-4bb1-b9d2-09c4cb0b0723 ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /run/schroot/mount/sid-cb9d44d0-9848-4bb1-b9d2-09c4cb0b0723/home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-cb9d44d0-9848-4bb1-b9d2-09c4cb0b0723/tmp ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-cbc655da-b64d-4820-b814-874a8582c425 ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /run/schroot/mount/sid-cbc655da-b64d-4820-b814-874a8582c425/home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-cbc655da-b64d-4820-b814-874a8582c425/tmp ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-i386-9025294e-dd77-4c33-849f-ddad65273ff6 ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /run/schroot/mount/sid-i386-9025294e-dd77-4c33-849f-ddad65273ff6/home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-i386-9025294e-dd77-4c33-849f-ddad65273ff6/tmp ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-bbcf116e-ae3b-4e0e-bcdd-1eb25836cb07 ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_home /run/schroot/mount/sid-bbcf116e-ae3b-4e0e-bcdd-1eb25836cb07/home ext4 rw,relatime,errors=remount-ro 0 0
/dev/mapper/tack--vg-lv_root /run/schroot/mount/sid-bbcf116e-ae3b-4e0e-bcdd-1eb25836cb07/tmp ext4 rw,relatime,errors=remount-ro 0 0
*********************** END /proc/mounts

*********************** BEGIN /boot/grub/grub.cfg
#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#

### BEGIN /etc/grub.d/00_header ###
if [ -s $prefix/grubenv ]; then
  set have_grubenv=true
  load_env
fi
if [ "${next_entry}" ] ; then
   set default="${next_entry}"
   set next_entry=
   save_env next_entry
   set boot_once=true
else
   set default="0"
fi

if [ x"${feature_menuentry_id}" = xy ]; then
  menuentry_id_option="--id"
else
  menuentry_id_option=""
fi

export menuentry_id_option

if [ "${prev_saved_entry}" ]; then
  set saved_entry="${prev_saved_entry}"
  save_env saved_entry
  set prev_saved_entry=
  save_env prev_saved_entry
  set boot_once=true
fi

function savedefault {
  if [ -z "${boot_once}" ]; then
    saved_entry="${chosen}"
    save_env saved_entry
  fi
}
function load_video {
  if [ x$feature_all_video_module = xy ]; then
    insmod all_video
  else
    insmod efi_gop
    insmod efi_uga
    insmod ieee1275_fb
    insmod vbe
    insmod vga
    insmod video_bochs
    insmod video_cirrus
  fi
}

if [ x$feature_default_font_path = xy ] ; then
   font=unicode
else
insmod part_gpt
insmod ext2
set root='hd0,gpt2'
if [ x$feature_platform_search_hint = xy ]; then
  search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2  38f2e7c9-3871-435a-b87b-4a0bee7c1132
else
  search --no-floppy --fs-uuid --set=root 38f2e7c9-3871-435a-b87b-4a0bee7c1132
fi
    font="/grub/unicode.pf2"
fi

if loadfont $font ; then
  set gfxmode=auto
  load_video
  insmod gfxterm
  set locale_dir=$prefix/locale
  set lang=en_GB
  insmod gettext
fi
terminal_output gfxterm
if [ "${recordfail}" = 1 ] ; then
  set timeout=30
else
  if [ x$feature_timeout_style = xy ] ; then
    set timeout_style=menu
    set timeout=5
  # Fallback normal timeout code in case the timeout_style feature is
  # unavailable.
  else
    set timeout=5
  fi
fi
### END /etc/grub.d/00_header ###

### BEGIN /etc/grub.d/05_debian_theme ###
insmod part_gpt
insmod ext2
set root='hd0,gpt2'
if [ x$feature_platform_search_hint = xy ]; then
  search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2  38f2e7c9-3871-435a-b87b-4a0bee7c1132
else
  search --no-floppy --fs-uuid --set=root 38f2e7c9-3871-435a-b87b-4a0bee7c1132
fi
insmod png
if background_image /grub/.background_cache.png; then
  set color_normal=white/black
  set color_highlight=black/white
else
  set menu_color_normal=cyan/blue
  set menu_color_highlight=white/blue
fi
### END /etc/grub.d/05_debian_theme ###

### BEGIN /etc/grub.d/10_linux ###
function gfxmode {
        set gfxpayload="${1}"
}
set linux_gfx_mode=
export linux_gfx_mode
menuentry 'Debian GNU/Linux' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-simple-4980b8a2-d677-453f-8f35-fdc8705e06d0' {
        load_video
        insmod gzio
        if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
        insmod part_gpt
        insmod ext2
        set root='hd0,gpt2'
        if [ x$feature_platform_search_hint = xy ]; then
          search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2  38f2e7c9-3871-435a-b87b-4a0bee7c1132
        else
          search --no-floppy --fs-uuid --set=root 38f2e7c9-3871-435a-b87b-4a0bee7c1132
        fi
        echo 'Loading Linux 4.19.0-5-amd64 ...'
        linux /vmlinuz-4.19.0-5-amd64 root=/dev/mapper/tack--vg-lv_root ro  net.ifnames=0
        echo 'Loading initial ramdisk ...'
        initrd /initrd.img-4.19.0-5-amd64
}
submenu 'Advanced options for Debian GNU/Linux' $menuentry_id_option 'gnulinux-advanced-4980b8a2-d677-453f-8f35-fdc8705e06d0' {
        menuentry 'Debian GNU/Linux, with Linux 4.19.0-5-amd64' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-4.19.0-5-amd64-advanced-4980b8a2-d677-453f-8f35-fdc8705e06d0' {
                load_video
                insmod gzio
                if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
                insmod part_gpt
                insmod ext2
                set root='hd0,gpt2'
                if [ x$feature_platform_search_hint = xy ]; then
                  search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2  38f2e7c9-3871-435a-b87b-4a0bee7c1132
                else
                  search --no-floppy --fs-uuid --set=root 38f2e7c9-3871-435a-b87b-4a0bee7c1132
                fi
                echo 'Loading Linux 4.19.0-5-amd64 ...'
                linux /vmlinuz-4.19.0-5-amd64 root=/dev/mapper/tack--vg-lv_root ro  net.ifnames=0
                echo 'Loading initial ramdisk ...'
                initrd /initrd.img-4.19.0-5-amd64
        }
        menuentry 'Debian GNU/Linux, with Linux 4.19.0-5-amd64 (recovery mode)' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-4.19.0-5-amd64-recovery-4980b8a2-d677-453f-8f35-fdc8705e06d0' {
                load_video
                insmod gzio
                if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
                insmod part_gpt
                insmod ext2
                set root='hd0,gpt2'
                if [ x$feature_platform_search_hint = xy ]; then
                  search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2  38f2e7c9-3871-435a-b87b-4a0bee7c1132
                else
                  search --no-floppy --fs-uuid --set=root 38f2e7c9-3871-435a-b87b-4a0bee7c1132
                fi
                echo 'Loading Linux 4.19.0-5-amd64 ...'
                linux /vmlinuz-4.19.0-5-amd64 root=/dev/mapper/tack--vg-lv_root ro single
                echo 'Loading initial ramdisk ...'
                initrd /initrd.img-4.19.0-5-amd64
        }
        menuentry 'Debian GNU/Linux, with Linux 4.19.0-4-amd64' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-4.19.0-4-amd64-advanced-4980b8a2-d677-453f-8f35-fdc8705e06d0' {
                load_video
                insmod gzio
                if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
                insmod part_gpt
                insmod ext2
                set root='hd0,gpt2'
                if [ x$feature_platform_search_hint = xy ]; then
                  search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2  38f2e7c9-3871-435a-b87b-4a0bee7c1132
                else
                  search --no-floppy --fs-uuid --set=root 38f2e7c9-3871-435a-b87b-4a0bee7c1132
                fi
                echo 'Loading Linux 4.19.0-4-amd64 ...'
                linux /vmlinuz-4.19.0-4-amd64 root=/dev/mapper/tack--vg-lv_root ro  net.ifnames=0
                echo 'Loading initial ramdisk ...'
                initrd /initrd.img-4.19.0-4-amd64
        }
        menuentry 'Debian GNU/Linux, with Linux 4.19.0-4-amd64 (recovery mode)' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-4.19.0-4-amd64-recovery-4980b8a2-d677-453f-8f35-fdc8705e06d0' {
                load_video
                insmod gzio
                if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
                insmod part_gpt
                insmod ext2
                set root='hd0,gpt2'
                if [ x$feature_platform_search_hint = xy ]; then
                  search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2  38f2e7c9-3871-435a-b87b-4a0bee7c1132
                else
                  search --no-floppy --fs-uuid --set=root 38f2e7c9-3871-435a-b87b-4a0bee7c1132
                fi
                echo 'Loading Linux 4.19.0-4-amd64 ...'
                linux /vmlinuz-4.19.0-4-amd64 root=/dev/mapper/tack--vg-lv_root ro single
                echo 'Loading initial ramdisk ...'
                initrd /initrd.img-4.19.0-4-amd64
        }
}

### END /etc/grub.d/10_linux ###

### BEGIN /etc/grub.d/20_linux_xen ###

### END /etc/grub.d/20_linux_xen ###

### BEGIN /etc/grub.d/20_memtest86+ ###
### END /etc/grub.d/20_memtest86+ ###

### BEGIN /etc/grub.d/30_os-prober ###
### END /etc/grub.d/30_os-prober ###

### BEGIN /etc/grub.d/30_uefi-firmware ###
menuentry 'System setup' $menuentry_id_option 'uefi-firmware' {
        fwsetup
}
### END /etc/grub.d/30_uefi-firmware ###

### BEGIN /etc/grub.d/40_custom ###
# This file provides an easy way to add custom menu entries.  Simply type the
# menu entries you want to add after this comment.  Be careful not to change
# the 'exec tail' line above.
### END /etc/grub.d/40_custom ###

### BEGIN /etc/grub.d/41_custom ###
if [ -f  ${config_directory}/custom.cfg ]; then
  source ${config_directory}/custom.cfg
elif [ -z "${config_directory}" -a -f  $prefix/custom.cfg ]; then
  source $prefix/custom.cfg;
fi
### END /etc/grub.d/41_custom ###
*********************** END /boot/grub/grub.cfg

*********************** BEGIN /proc/mdstat
Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] [raid10]
unused devices: <none>
*********************** END /proc/mdstat

*********************** BEGIN /dev/disk/by-id
total 0
lrwxrwxrwx 1 root root  9 Jun 13 18:44 ata-CT2000MX500SSD1_1752E1091BFA -> ../../sda
lrwxrwxrwx 1 root root 10 Jun 13 18:44 ata-CT2000MX500SSD1_1752E1091BFA-part1 -> ../../sda1
lrwxrwxrwx 1 root root 10 Jun 13 18:44 ata-CT2000MX500SSD1_1752E1091BFA-part2 -> ../../sda2
lrwxrwxrwx 1 root root 10 Jun 13 18:44 ata-CT2000MX500SSD1_1752E1091BFA-part3 -> ../../sda3
lrwxrwxrwx 1 root root 10 Jun 13 18:44 dm-name-sda3_crypt -> ../../dm-0
lrwxrwxrwx 1 root root 10 Jun 13 18:44 dm-name-tack--vg-lv_home -> ../../dm-3
lrwxrwxrwx 1 root root 10 Jun 13 18:44 dm-name-tack--vg-lv_root -> ../../dm-2
lrwxrwxrwx 1 root root 10 Jun 13 18:44 dm-name-tack--vg-lv_scratch -> ../../dm-4
lrwxrwxrwx 1 root root 10 Jun 13 18:44 dm-name-tack--vg-swap_1 -> ../../dm-1
lrwxrwxrwx 1 root root 10 Jun 13 18:44 dm-uuid-CRYPT-LUKS1-cb16346b21ac4bc5a8919c22116aec27-sda3_crypt -> ../../dm-0
lrwxrwxrwx 1 root root 10 Jun 13 18:44 dm-uuid-LVM-4DbQas8xfQdRo5u2VXQdwxnMayviuB5C7VhX7lOFUf5lZYa4pG19SNK6hRacF0eu -> ../../dm-3
lrwxrwxrwx 1 root root 10 Jun 13 18:44 dm-uuid-LVM-4DbQas8xfQdRo5u2VXQdwxnMayviuB5CC15F1n298dsJRgvUVeirIfsIAOlEFxEv -> ../../dm-1
lrwxrwxrwx 1 root root 10 Jun 13 18:44 dm-uuid-LVM-4DbQas8xfQdRo5u2VXQdwxnMayviuB5CHEpXXjqm1H3pBmfrr0e8pwsf3eQf9rnM -> ../../dm-4
lrwxrwxrwx 1 root root 10 Jun 13 18:44 dm-uuid-LVM-4DbQas8xfQdRo5u2VXQdwxnMayviuB5COxWe4dPl91Qb8EUlqTm6gOrxb1r7IPFU -> ../../dm-2
lrwxrwxrwx 1 root root 10 Jun 13 18:44 lvm-pv-uuid-1j5a37-CXzf-L0JL-QFb5-d8Kh-YLD3-D25B1e -> ../../dm-0
lrwxrwxrwx 1 root root  9 Jun 13 18:44 usb-Generic-_SD_MMC_20120501030900000-0:0 -> ../../sdb
lrwxrwxrwx 1 root root  9 Jun 14 17:27 usb-TSSTcorp_CDDVDW_SE-S084F_R96XB81-0:0 -> ../../sr0
lrwxrwxrwx 1 root root  9 Jun 13 18:44 wwn-0x500a0751e1091bfa -> ../../sda
lrwxrwxrwx 1 root root 10 Jun 13 18:44 wwn-0x500a0751e1091bfa-part1 -> ../../sda1
lrwxrwxrwx 1 root root 10 Jun 13 18:44 wwn-0x500a0751e1091bfa-part2 -> ../../sda2
lrwxrwxrwx 1 root root 10 Jun 13 18:44 wwn-0x500a0751e1091bfa-part3 -> ../../sda3
*********************** END /dev/disk/by-id

*********************** BEGIN /dev/disk/by-uuid
total 0
lrwxrwxrwx 1 root root 10 Jun 13 18:44 357d0304-dd74-495d-bb0d-6625da21b817 -> ../../dm-3
lrwxrwxrwx 1 root root 10 Jun 13 18:44 37d5a91d-767b-4836-ad53-4aeac219c1b8 -> ../../dm-4
lrwxrwxrwx 1 root root 10 Jun 13 18:44 38f2e7c9-3871-435a-b87b-4a0bee7c1132 -> ../../sda2
lrwxrwxrwx 1 root root 10 Jun 13 18:44 4980b8a2-d677-453f-8f35-fdc8705e06d0 -> ../../dm-2
lrwxrwxrwx 1 root root 10 Jun 13 18:44 55D2-DB80 -> ../../sda1
lrwxrwxrwx 1 root root 10 Jun 13 18:44 cb16346b-21ac-4bc5-a891-9c22116aec27 -> ../../sda3
lrwxrwxrwx 1 root root 10 Jun 13 18:44 e3c1ddee-07cb-4abc-89dd-fd7d8d863f91 -> ../../dm-1
*********************** END /dev/disk/by-uuid

-- System Information:
Debian Release: 10.0
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages grub-efi-amd64 depends on:
ii  debconf [debconf-2.0]  1.5.71
ii  grub-common            2.02+dfsg1-18
ii  grub-efi-amd64-bin     2.02+dfsg1-18
ii  grub2-common           2.02+dfsg1-18
ii  ucf                    3.0038+nmu1

grub-efi-amd64 recommends no packages.

grub-efi-amd64 suggests no packages.

-- debconf information excluded

Source: grub2
Source-Version: 2.04-1

We believe that the bug you reported is fixed in the latest version of
grub2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [hidden email],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <[hidden email]> (supplier of updated grub2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [hidden email])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 09 Jul 2019 11:48:01 +0100
Source: grub2
Architecture: source
Version: 2.04-1
Distribution: unstable
Urgency: medium
Maintainer: GRUB Maintainers <[hidden email]>
Changed-By: Colin Watson <[hidden email]>
Closes: 918700 923855 928628 930290 930531 931038
Changes:
 grub2 (2.04-1) unstable; urgency=medium
 .
   * New upstream release.
   * debian/upstream/signing-key.asc: Add signing key of new upstream
     maintainer (Daniel Kiper).
 .
 grub2 (2.04~rc1-3) experimental; urgency=medium
 .
   [ Will Thompson ]
   * Fix --disable-quiet-boot.
 .
   [ Steve Langasek ]
   * If we don't have writable grubenv and we're on EFI, always show the menu
     (merged from Ubuntu).
 .
   [ Steve McIntyre ]
   * Make all the signed EFI arches have a Recommends: from
     grub-efi-ARCH-signed to shim-signed, not just amd64.
     Closes: #931038
   * Add myself to Uploaders
 .
   [ Colin Watson ]
   * Squash linuxefi* patches into a single patch.
 .
 grub2 (2.04~rc1-2) experimental; urgency=medium
 .
   [ Colin Watson ]
   * debian/build-efi-images: Add tpm on x86_64-efi (thanks, Chris Coulson).
 .
   [ Steve McIntyre ]
   * Add the ntfs module to signed UEFI images. Closes: #923855
   * Add the cpuid module to signed UEFI images. Closes: #928628
   * Add the play module to signed UEFI images. Closes: #930290
   * Add an extra di-specific version of the UEFI netboot image with a
     different baked-in prefix value. Helps to fix #928750.
   * Deal with --force-extra-removable with signed shim too. Closes: #930531
 .
 grub2 (2.04~rc1-1) experimental; urgency=medium
 .
   * New upstream release candidate.
     - getroot: Save/restore CWD more reliably on Unix (closes: #918700).
   * Rename patches to use "-" as a separator rather than "_" (except when
     referring to a file, function, or command containing a "_").
   * Fix format of debian/copyright.
Checksums-Sha1:
 832056d4d5af6a9d355fe5500efd7368dae9fbe4 7152 grub2_2.04-1.dsc
 3ed21de7be5970d7638b9f526bca3292af78e0fc 6393864 grub2_2.04.orig.tar.xz
 d6df202a9bfa89abe2d7f288c1d438197c6f371a 833 grub2_2.04.orig.tar.xz.asc
 b123422da475b2e27a24238d9a3c3b761b76070a 1048688 grub2_2.04-1.debian.tar.xz
Checksums-Sha256:
 41d29cc645fd4bf34ce293267ea10411315d41949c0ec40f44aa0ea001e9787b 7152 grub2_2.04-1.dsc
 e5292496995ad42dabe843a0192cf2a2c502e7ffcc7479398232b10a472df77d 6393864 grub2_2.04.orig.tar.xz
 955cc63196020e3a70dbb1834ec8b6a1808b1100bc878431c52aa0dd7e6a2532 833 grub2_2.04.orig.tar.xz.asc
 454ea9fda65ec121eed2f0e2cc97ffcd77d3412fc953e048c6487c34bbab9b40 1048688 grub2_2.04-1.debian.tar.xz
Files:
 57d567efd0a5d21700ecfcd5ab035541 7152 admin optional grub2_2.04-1.dsc
 5aaca6713b47ca2456d8324a58755ac7 6393864 admin optional grub2_2.04.orig.tar.xz
 f080a242eaee83db7640658430a0b93d 833 admin optional grub2_2.04.orig.tar.xz.asc
 c2c81c9d542e09d7a3a48ce6197fcc47 1048688 admin optional grub2_2.04-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAl0klCIACgkQOTWH2X2G
UAvfTg/9Fn/FxiwlYWB3RvWXFH58PNmB/M5aQP8Zj6bd/9AzFFJgEmIbJac/5ai7
C1wbhE95d972eO7Oo44uPa0K9PSqOUCs5/c9p9dfQ1qa1ct03CaOfUXr9jenJJGl
acCSBr9trUEJ1+pl/6HDqa6xx/KbRWCQzmtorc6HtAuimKVCZ3ATlLrdtvaKAOWG
3mkhiK7HMfFqZXWqd8TQb6GWlWiPGWQCTQf+SdJfOiWgqfrXYzw3BonwNOVqSdL4
JAjnEaeVUYWHUmS5V88ODOONMyGCiL86ncd62yN+w0q8Pk7vo8ojXWyfjp6vFa8Y
L1TLfdhZzc2hz7um76HhRHnMAbhnHpu5hyAR+mkyaJdmFkiZb9qK+ejRdQoqQvoN
AAm2aP0T11t6/ez2zrWn0usoS2ucr0KzQtFa0gx5Y3By4XaRw2FHhcI74peaTDkH
aGnOHz6zbSnZa6kY14vO4pv8yDZKtOn0yjuK1Ob2c5wCpubzdN8ReYVl8a0fzUkc
d+y57DO/FeUzKAaLW2k4wmSZYQBikjkqlxPlEfpaQ8Dz+v6Zpxm8htzmW2ZMhiZ2
tIzqZ0XyMqIgW9G7e9FCAtZ+eyeg+eZ3S7PwgDOTnD3FZJK3MQKIW9R/o0ub84jP
jDVOdLOLdGxiR5XDcyutY3OXB9VKEljGk/e7MP3eHYBOInvB7ME=
=Zbvm
-----END PGP SIGNATURE-----