From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.71) id 1VpI3t-0006Ti-UD for mharc-grub-devel@gnu.org; Sat, 07 Dec 2013 08:36:49 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:59885) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VpI3r-0006TW-OX for grub-devel@gnu.org; Sat, 07 Dec 2013 08:36:48 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1VpI3q-0006i0-Ox for grub-devel@gnu.org; Sat, 07 Dec 2013 08:36:47 -0500 Received: from v6.chiark.greenend.org.uk ([2001:ba8:1e3::]:49215 helo=chiark.greenend.org.uk) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VpI3q-0006hn-JP for grub-devel@gnu.org; Sat, 07 Dec 2013 08:36:46 -0500 Received: from [172.20.153.9] (helo=riva.pelham.vpn.ucam.org) by chiark.greenend.org.uk (Debian Exim 4.72 #1) with esmtps (return-path cjwatson@ubuntu.com) id 1VpI3p-0005gP-6m for grub-devel@gnu.org; Sat, 07 Dec 2013 13:36:45 +0000 Received: from ns1.pelham.vpn.ucam.org ([172.20.153.2] helo=riva.ucam.org) by riva.pelham.vpn.ucam.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from ) id 1VpHup-0007Pn-SZ for grub-devel@gnu.org; Sat, 07 Dec 2013 13:27:27 +0000 Date: Sat, 7 Dec 2013 13:27:26 +0000 From: Colin Watson To: grub-devel@gnu.org Subject: Behaviour if GRUB_ENABLE_CRYPTODISK is unset? Message-ID: <20131207132726.GA28299@riva.ucam.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.21 (2010-09-15) X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2001:ba8:1e3:: X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: The development of GNU GRUB List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Dec 2013 13:36:48 -0000 I'm carrying this old patch in Debian at the moment, which predates the addition of LUKS support to GRUB: Index: b/util/grub-mkconfig_lib.in =================================================================== --- a/util/grub-mkconfig_lib.in +++ b/util/grub-mkconfig_lib.in @@ -130,6 +130,15 @@ esac done + if dmsetup status $device 2>/dev/null | grep -q 'crypt[[:space:]]$'; then + grub_warn \ + "$device is a crypto device, which GRUB cannot read directly. Some" \ + "necessary modules may be missing from /boot/grub/grub.cfg. You may" \ + "need to list them in GRUB_PRELOAD_MODULES in /etc/default/grub. See" \ + "http://bugs.debian.org/542165 for details." + return 0 + fi + # Abstraction modules aren't auto-loaded. abstraction="`"${grub_probe}" --device $@ --target=abstraction`" for module in ${abstraction} ; do Now, this is obviously wrong because it renders LUKS support mostly non-functional even if you have GRUB_ENABLE_CRYPTODISK=y, so I'd like to drop it, but that does mean that people who *don't* have GRUB_ENABLE_CRYPTODISK=y will once again see no hint of what to do. I've never totally understood why GRUB_ENABLE_CRYPTODISK is optional to begin with; it seems like a bit of a "do you want things to work? [y/N]" option to me. My preferred approach would be to delete the option. If there's some reason we can't do that, perhaps it would be worth checking for whether it would have any effect if enabled, and if so print an explanatory warning? Thanks, -- Colin Watson [cjwatson@ubuntu.com]