help-grub
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: grub 2.12 compile and install - location of binaries or how to gener

From: Andrei Borzenkov
Subject: Re: grub 2.12 compile and install - location of binaries or how to generate and cryptomount issue on ubuntu 22.04
Date: Mon, 17 Jun 2024 08:20:51 +0300
User-agent: Mozilla Thunderbird 
On 16.06.2024 20:45, anand akhare wrote:

Hello,
     I have ubuntu 22.04 with grub 2.06. I wanted to compile grub 2.12 and get 
it on ubuntu. Reason is I want to encrypt boot partition and cryptomount is not 
able to detect boot partition which is luks1 which is with default apt package 
of ubuntu of grub. When I compiled, below configure command is used:

./configure --prefix=<instal_dir> --target=x86_64 --with-platform=efi

The installed ubuntu package grub is grub-efi-amd64-signed
With this in dir /usr/lib/grub has below entries

/usr/lib/grub$ ls
grub-mkconfig_lib  grub-multi-install  i386-pc  x86_64-efi  x86_64-efi-signed

Also, x86_64-efi directory has

/usr/lib/grub$ ls x86_64-efi/monolithic/
gcdx64.efi  grubnetx64.efi  grubx64.efi

I do not see multiple target platform dirs on compilation and installation of 
2.12 in local directory
grub is compiled for a single platform. If you need support for multiple platforms, you need to build grub several times for each platform separately. 


as well as single grub executable grubx64.efi

~/grub/install$ ls lib/grub/x86_64-efi/*grub*
lib/grub/x86_64-efi/gdb_grub


~/grub/install$ ls -l lib/grub/x86_64-efi/* | grep "^d"
~/grub/install$

grub-mkconfig is found in install/share directory.

~/grub/install/share/grub$ ls
grub-mkconfig_lib

Where is grubx64.efi that will be installed in /boot/efi?
Signed grub image is built, signed and provided by your distribution. Upstream does not create it. If you need it, you need to create and sign it manually, after building grub. 


Also, /boot/efi/EFI/ubuntu has some more binaries

# ls /boot/efi/EFI/ubuntu/
BOOTX64.CSV  grub.cfg     grubx64.efi  mmx64.efi    shimx64.efi

When grub-install is triggered, from where do these binaries grub pick up?
From where shim-signed package installs them. But it is Ubuntu-specific patch and upstream grub-install does not touch these files. 


Based on this query, I need to sign grub binary which I believe is grubx64.efi.

Pls clarify on this where can I get binaries of grub and which ones are 
required to be signed?
You cannot. If you want to replace *Ubuntu* grub keeping everything else intact, you need *Ubuntu* private key to sign it. I hope you do not have it. Otherwise you need to generate your own key pair, enroll your own certificate. 

You need to sign grub EFI image which is loaded by shim.


I believe grub-install will pick up grub bootloader from lib/grub directory and 
copy in efi. Pls correct me if mistaken.

Also, cryptomount problem if is evident in 2.06, pls clarify. Is it worth 
effort to move to 2.12 grub to get encrypted boot with grub2.
cryptomount gives error that "no such cryptodisk" though it is detected in 
ubuntu with disks utility.




Are you sure it is LUKS1 to start with?
reply via email to
[Prev in Thread] Current Thread [Next in Thread]