Package Details: grub-improved-luks2-git 2.12.r10.g04d2a50f3-1

Git Clone URL: https://aur.archlinux.org/grub-improved-luks2-git.git (read-only, click to copy)
Package Base: grub-improved-luks2-git
Description: GNU GRand Unified Bootloader (2) with Argon2 support. Patch made by Patrick Steinhardt
Upstream URL: https://www.gnu.org/software/grub/
Licenses: GPL3, CC0
Conflicts: grub
Provides: grub
Submitter: Ax333l
Maintainer: Ax333l
Last Packager: Ax333l
Votes: 29
Popularity: 0.81
First Submitted: 2022-01-02 14:06 (UTC)
Last Updated: 2024-03-09 00:19 (UTC)

Dependencies (18)

Required by (313)

Sources (12)

Pinned Comments

Ax333l commented on 2022-02-17 18:58 (UTC) (edited on 2023-06-16 14:24 (UTC) by Ax333l)

I have disabled translations because they have been the cause of build failures in both this package and grub-git. If you want to re-enable them, check the PKGBUILD.

Also, make sure you have installed base-devel.

Argon2 might not work on some devices due to issues with the memory allocator

Latest Comments

« First ‹ Previous 1 2 3 4 5 6 7 8 9 Next › Last »

Mateusz commented on 2023-06-10 17:48 (UTC)

Hi Ax333l!

I’m using the UUID of my LUKS container.

Ax333l commented on 2023-06-10 17:46 (UTC)

Mateusz, are you using the UUID of your btrfs partition or the luks container?

rodolfoser, you need to delete the src folder each time you rebuild. I think AUR helpers do this automatically

Mateusz commented on 2023-06-10 12:16 (UTC) (edited on 2023-06-10 12:18 (UTC) by Mateusz)

Hi!

I can't seem to get this package to work with my setup: /dev/sda1 EFI (unencrypted) /dev/sda2 btrfs ROOT (LUKS2 + argonid encrypted)

My /etc/default/grub contains: GRUB_ENABLE_CRYPTODISK=y GRUB_CMDLINE_LINUX="cryptdevice=UUID=myUUID:MX500M2:allow-discards root=/dev/mapper/MX500M2 rootflags=subvol=artix/ROOT rw elevator=deadline"

I installed grub by running: grub-install -v --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=GRUB-MX500M2 --modules="luks2 part_gpt part_msdos cryptodisk gcry_serpent gcry_sha512 argon2 pbkdf2 gcry_whirlpool btrfs tpm"

When booting, I get the prompt to unlock the aforementioned ROOT partition. However, all I get is the error: invalid passphrase error: disk 'cryptouuid/myUUID' not found'

Does anyone else have such problems?

Best, Matt

rodolfoser commented on 2023-06-08 19:33 (UTC) (edited on 2023-06-08 19:41 (UTC) by rodolfoser)

Hello,

i just tried to build the package 2.06.r499.ge67a551a4-1, but am receiving this error:

==> Making package: grub-improved-luks2-git 2.06.r499.ge67a551a4-1 (Do 08 Jun 2023 16:32:01 -03)
==> WARNING: Skipping dependency checks.
==> Retrieving sources...
-> Updating grub git repo...
-> Updating grub-extras git repo...
-> Updating gnulib git repo...
-> Found argon_1.patch
-> Found argon_2.patch
-> Found argon_3.patch
-> Found argon_4.patch
-> Found argon_5.patch
-> Found grub-install_luks2.patch
-> Found add-GRUB_COLOR_variables.patch
-> Found detect-archlinux-initramfs.patch
-> Found grub.default
==> Validating source files with sha256sums...
    grub ... Skipped
    grub-extras ... Skipped
    gnulib ... Skipped
    argon_1.patch ... Skipped
    argon_2.patch ... Skipped
    argon_3.patch ... Skipped
    argon_4.patch ... Skipped
    argon_5.patch ... Skipped
    grub-install_luks2.patch ... Skipped
    add-GRUB_COLOR_variables.patch ... Passed
    detect-archlinux-initramfs.patch ... Passed
    grub.default ... Passed
==> Extracting sources...
-> Creating working copy of grub git repo...
Reset branch 'makepkg'
-> Creating working copy of grub-extras git repo...
Reset branch 'makepkg'
-> Creating working copy of gnulib git repo...
Reset branch 'makepkg'
==> Starting prepare()...
patching file util/grub-mkconfig.in
Hunk #1 succeeded at 250 (offset 4 lines).
patching file util/grub.d/00_header.in
patching file util/grub.d/10_linux.in
Hunk #1 succeeded at 95 (offset 2 lines).
Hunk #2 succeeded at 212 (offset 12 lines).
Hunk #3 succeeded at 301 with fuzz 1 (offset 14 lines).
patching file grub-core/kern/dl.c
Hunk #1 succeeded at 470 (offset 3 lines).
patching file util/grub-module-verifierXX.c
Hunk #1 succeeded at 236 with fuzz 1 (offset 79 lines).
patching file include/grub/types.h
Hunk #1 succeeded at 156 (offset 3 lines).
Hunk #2 succeeded at 178 (offset 3 lines).
patching file docs/grub-dev.texi
Hunk #1 succeeded at 502 (offset 12 lines).
patching file grub-core/Makefile.core.def
Hunk #1 succeeded at 1215 (offset 41 lines).
The next patch would create the file grub-core/lib/argon2/LICENSE,
which already exists!  Skipping patch.
1 out of 1 hunk ignored
The next patch would create the file grub-core/lib/argon2/argon2.c,
which already exists!  Skipping patch.
1 out of 1 hunk ignored
The next patch would create the file grub-core/lib/argon2/argon2.h,
which already exists!  Skipping patch.
1 out of 1 hunk ignored
The next patch would create the file grub-core/lib/argon2/blake2/blake2-impl.h,
which already exists!  Skipping patch.
1 out of 1 hunk ignored
The next patch would create the file grub-core/lib/argon2/blake2/blake2.h,
which already exists!  Skipping patch.
1 out of 1 hunk ignored
The next patch would create the file grub-core/lib/argon2/blake2/blake2b.c,
which already exists!  Skipping patch.
1 out of 1 hunk ignored
The next patch would create the file grub-core/lib/argon2/blake2/blamka-round-ref.h,
which already exists!  Skipping patch.
1 out of 1 hunk ignored
The next patch would create the file grub-core/lib/argon2/core.c,
which already exists!  Skipping patch.
1 out of 1 hunk ignored
The next patch would create the file grub-core/lib/argon2/core.h,
which already exists!  Skipping patch.
1 out of 1 hunk ignored
The next patch would create the file grub-core/lib/argon2/ref.c,
which already exists!  Skipping patch.
1 out of 1 hunk ignored
==> ERROR: A failure occurred in prepare().
    Aborting...

I tried to install on my main machine, and also on a totally fresh install. Same result. Any idea what is causing the prepare patch stage failing ?

Ax333l commented on 2023-06-03 15:49 (UTC)

Im sorry. I don't know how to override the font

1001 commented on 2023-06-03 15:04 (UTC)

:(

Ax333l commented on 2023-06-02 15:54 (UTC)

hotcapy, I think you have to either sign all the generated grub modules or embed more of them.

decepticlown are you sure you are using --target="x86_64-efi"? It is required. I'll have to test with the latest version of grub myself but if I cannot reproduce it myself then I am not sure how to help.

decepticlown commented on 2023-05-31 17:25 (UTC) (edited on 2023-05-31 17:31 (UTC) by decepticlown)

Hello, I had installed grub with: ~# grub-install --disable-shim-lock --modules=" part_gpt part_msdos luks2 argon2 tpm gcry_sha512 and more"

My simplified /etc/default/grub:

cmdline=" loglevel=3 cryptdevice=UUID=xxx:cryptroot cryptkey=rootfs:/crypt/key.bin root=/dev/mapper/cryptroot rootflags=subvol=@/0/snapshot" cryptodisk=y

Then config with:

grub-mkconfig -o /boot/grub/grub.cfg

I'm having black screen when I select GRUB from efi entries. No error, no grub command line, no grub password prompts nothing. Just black screen. No input works. I have to hard reboot.

I can boot perfectly fine with same kernel options with bundled efi from sbctl.

My disk layout:

/dev/nvme0n1 >
    /dev/nvme0n1p1 - fat32 EFI mounted /boot/efi
    /dev/nvmen1p2 - linux root, crypt with luks2, key size sha512, aes-xts-plain64 , iterations 3000
        btrfs system >
            @ - /.snapshots
            @/0/snapshot - /
            @home,@root,... - /home, /root, ...

1001 commented on 2023-05-31 05:40 (UTC)

Hello. How to add font to grubx64.efi for early boot?

hotcapy commented on 2023-05-17 16:35 (UTC) (edited on 2023-05-19 05:13 (UTC) by hotcapy)

Hello!

I have an old laptop "Samsung NP350V5C-S1ERU" (2013). It originally came with just BIOS, which was then replaced with UEFI by firmware update. UEFI is "Aptio Setup Utility" by "American Megatrends". Firmware version is latest available - "P09ABE".

I use Secure Boot with my own custom keys, signing GRUB core image and kernel's vmlinuz-* files.

  1. # grub-install --target=x86_64-efi --efi-directory=/boot/efi --modules="luks2 part_gpt part_msdos cryptodisk gcry_serpent argon2 pbkdf2 gcry_whirlpool btrfs tpm" --disable-shim-lock --removable --recheck

  2. # sbsign --key db.key --cert db.crt --output /boot/efi/EFI/BOOT/BOOTX64.EFI /boot/efi/EFI/BOOT/BOOTX64.EFI

Core generated this way by package version "2.06.r460.gf7564844f-1" works with both enabled and disabled UEFI Secure Boot.

Latest version "2.06.r499.ge67a551a4-1" successfully handles encryption, but stuck at some internal Secure Boot verification step (fails to insmod normal):

error: verification requested but nobody cares: (cryptouuid/*UUID*)/@/boot/grub/x86_64-efi/normal.mod.
Entering rescue mode...

If Secure Boot is disabled in UEFI, GRUB loads and system successfully boots.

Same latest package version works with enabled Secure Boot on my another desktop computer w/o any errors.

Since issue not seem to be related to encryption at all, I assume it could be upstream GRUB bug with just certain hardware affected? If there is any hope for ready-to-use fix, I'll be happy to test it.

P.S. Thank you Ax333l for maintaining this package. I believe it is important for many people who consider pbkdf2 insecure for full disk encryption nowadays to have argon2id support. It is great that Arch users have this opportunity.

« First ‹ Previous 1 2 3 4 5 6 7 8 9 Next › Last »