I have also been affected by this. It seems that grub2 version 2.12~rc1-10ubuntu4.1, which was meant to remove the luks2 module from the signed binary, never made it out of mantic-proposed. Therefore, the first time I realised this was not supported was when I upgraded to 2.12~rc1-10ubuntu4.2, which was release on 1st July.
Given the rather large time window that mantic users had to "get accustomed" to this feature, it may good to provide instructions in case this breaks their installations. For me, the fix was rather simple, so I'm documenting it here: 1. Take a backup of your LUKS header on some other device (assumes /mnt has a different filesystem mounted): cryptsetup luksHeaderBackup --header-backup-file /mnt/luks.header /dev/YOUR-CRYPT-DEVICE 2. Check if you use Argon 2 in any of your passphrases (you'll need to switch them to PBKDF2, as only that is supported by LUKS 1): cryptsetup luksDump /dev/YOUR-CRYPT-DEVICE 3. Convert any Argon 2 passphrases to PBKDF2: cryptsetup luksConvertKey --pbkdf pbkdf2 /dev/YOUR-CRYPT-DEVICE You may also want to consider specifying --pbkdf-force-iterations according to your security requirements. 4. Convert to LUKS 1 (this does not work if the device is active, so you'll need to boot into a live / different system): cryptsetup convert --type luks1 /DEV/YOUR-CRYPT-DEVICE Would it have been possible to detect this condition and warn users on an upgrade? Some users may yet find themselves at a grub shell when rebooting after an upgrade. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2043101 Title: Mantic+noble inadvertently includes the luks2 module in signed grub- efis To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub2-unsigned/+bug/2043101/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
