AUR (en) - grub-improved-luks2-git

Search Criteria

Enter search criteria

Search by

Keywords

Out of Date

Sort by

Sort order

Per page

Package Details: grub-improved-luks2-git 2.12.r10.g04d2a50f3-1

Package Actions

Git Clone URL:	https://aur.archlinux.org/grub-improved-luks2-git.git (read-only, click to copy)
Package Base:	grub-improved-luks2-git
Description:	GNU GRand Unified Bootloader (2) with Argon2 support. Patch made by Patrick Steinhardt
Upstream URL:	https://www.gnu.org/software/grub/
Licenses:	GPL3, CC0
Conflicts:	grub
Provides:	grub
Submitter:	Ax333l
Maintainer:	Ax333l
Last Packager:	Ax333l
Votes:	29
Popularity:	1.31
First Submitted:	2022-01-02 14:06 (UTC)
Last Updated:	2024-03-09 00:19 (UTC)

Dependencies (18)

device-mapper (device-mapper-git^AUR)
freetype2 (freetype2-macos^AUR, freetype2-git^AUR, freetype2-qdoled^AUR)
fuse2
gettext (gettext-git^AUR)
autogen (make)
bdf-unifont^AUR (make)
bison (byacc-bison^AUR, bison-git^AUR) (make)
git (git-git^AUR, git-gl^AUR) (make)
help2man (help2man-git^AUR, python-help2man^AUR) (make)
python (python37^AUR, python311^AUR, python310^AUR) (make)
rsync (rsync-git^AUR, rsync-reflink-git^AUR, rsync-reflink^AUR) (make)
texinfo (texinfo-git^AUR) (make)
ttf-dejavu (ttf-dejavu-ib^AUR, ttf-dejavu-emojiless^AUR) (make)
dosfstools (dosfstools-git^AUR) (optional) – For grub-mkrescue FAT FS and EFI support
efibootmgr (efibootmgr-git^AUR) (optional) – For grub-install EFI support
libisoburn (libisoburn-git^AUR) (optional) – Provides xorriso for generating grub rescue iso using grub-mkrescue
mtools (mtools-svn^AUR) (optional) – For grub-mkrescue FAT FS support
os-prober (os-prober-git^AUR, os-prober-btrfs^AUR) (optional) – To detect other OSes when generating grub.cfg in BIOS systems

Required by (313)

apple_set_os (requires grub) (optional)
arch-grub2-theme (requires grub)
arch-matrix-grub-theme-git (requires grub)
archiso-git (requires grub) (optional)
archiso-grub-themes (requires grub)
archuseriso (requires grub)
ash-git (requires grub) (optional)
bieaz (requires grub)
bieaz-git (requires grub)
boo-grub-git (requires grub)
booty-git (requires grub)
cryptboot (requires grub)
cyberpunk-grub-theme-git (requires grub)
dedsec-grub2-theme (requires grub)
distro-grub-themes-arch (requires grub)
distro-grub-themes-endeavouros (requires grub)
distro-grub-themes-meta (requires grub)
dracula-grub-theme-git (requires grub)
endeavouros-galleon-grub (requires grub)
graphite-grub-theme-default-1080p (requires grub)
Show 293 more...

Sources (12)

Pinned Comments

Ax333l commented on 2022-02-17 18:58 (UTC) (edited on 2023-06-16 14:24 (UTC) by Ax333l)

I have disabled translations because they have been the cause of build failures in both this package and grub-git. If you want to re-enable them, check the PKGBUILD.

Also, make sure you have installed base-devel.

Argon2 might not work on some devices due to issues with the memory allocator

Latest Comments

« First ‹ Previous 1 2 3 4 5 6 7 8 Next › Last »

Ax333l commented on 2023-06-10 17:46 (UTC)

Mateusz, are you using the UUID of your btrfs partition or the luks container?

rodolfoser, you need to delete the src folder each time you rebuild. I think AUR helpers do this automatically

Mateusz commented on 2023-06-10 12:16 (UTC) (edited on 2023-06-10 12:18 (UTC) by Mateusz)

Hi!

I can't seem to get this package to work with my setup: /dev/sda1 EFI (unencrypted) /dev/sda2 btrfs ROOT (LUKS2 + argonid encrypted)

My /etc/default/grub contains: GRUB_ENABLE_CRYPTODISK=y GRUB_CMDLINE_LINUX="cryptdevice=UUID=myUUID:MX500M2:allow-discards root=/dev/mapper/MX500M2 rootflags=subvol=artix/ROOT rw elevator=deadline"

I installed grub by running: grub-install -v --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=GRUB-MX500M2 --modules="luks2 part_gpt part_msdos cryptodisk gcry_serpent gcry_sha512 argon2 pbkdf2 gcry_whirlpool btrfs tpm"

When booting, I get the prompt to unlock the aforementioned ROOT partition. However, all I get is the error: invalid passphrase error: disk 'cryptouuid/myUUID' not found'

Does anyone else have such problems?

Best, Matt

rodolfoser commented on 2023-06-08 19:33 (UTC) (edited on 2023-06-08 19:41 (UTC) by rodolfoser)

Hello,

i just tried to build the package 2.06.r499.ge67a551a4-1, but am receiving this error:

==> Making package: grub-improved-luks2-git 2.06.r499.ge67a551a4-1 (Do 08 Jun 2023 16:32:01 -03)
==> WARNING: Skipping dependency checks.
==> Retrieving sources...
-> Updating grub git repo...
-> Updating grub-extras git repo...
-> Updating gnulib git repo...
-> Found argon_1.patch
-> Found argon_2.patch
-> Found argon_3.patch
-> Found argon_4.patch
-> Found argon_5.patch
-> Found grub-install_luks2.patch
-> Found add-GRUB_COLOR_variables.patch
-> Found detect-archlinux-initramfs.patch
-> Found grub.default
==> Validating source files with sha256sums...
    grub ... Skipped
    grub-extras ... Skipped
    gnulib ... Skipped
    argon_1.patch ... Skipped
    argon_2.patch ... Skipped
    argon_3.patch ... Skipped
    argon_4.patch ... Skipped
    argon_5.patch ... Skipped
    grub-install_luks2.patch ... Skipped
    add-GRUB_COLOR_variables.patch ... Passed
    detect-archlinux-initramfs.patch ... Passed
    grub.default ... Passed
==> Extracting sources...
-> Creating working copy of grub git repo...
Reset branch 'makepkg'
-> Creating working copy of grub-extras git repo...
Reset branch 'makepkg'
-> Creating working copy of gnulib git repo...
Reset branch 'makepkg'
==> Starting prepare()...
patching file util/grub-mkconfig.in
Hunk #1 succeeded at 250 (offset 4 lines).
patching file util/grub.d/00_header.in
patching file util/grub.d/10_linux.in
Hunk #1 succeeded at 95 (offset 2 lines).
Hunk #2 succeeded at 212 (offset 12 lines).
Hunk #3 succeeded at 301 with fuzz 1 (offset 14 lines).
patching file grub-core/kern/dl.c
Hunk #1 succeeded at 470 (offset 3 lines).
patching file util/grub-module-verifierXX.c
Hunk #1 succeeded at 236 with fuzz 1 (offset 79 lines).
patching file include/grub/types.h
Hunk #1 succeeded at 156 (offset 3 lines).
Hunk #2 succeeded at 178 (offset 3 lines).
patching file docs/grub-dev.texi
Hunk #1 succeeded at 502 (offset 12 lines).
patching file grub-core/Makefile.core.def
Hunk #1 succeeded at 1215 (offset 41 lines).
The next patch would create the file grub-core/lib/argon2/LICENSE,
which already exists!  Skipping patch.
1 out of 1 hunk ignored
The next patch would create the file grub-core/lib/argon2/argon2.c,
which already exists!  Skipping patch.
1 out of 1 hunk ignored
The next patch would create the file grub-core/lib/argon2/argon2.h,
which already exists!  Skipping patch.
1 out of 1 hunk ignored
The next patch would create the file grub-core/lib/argon2/blake2/blake2-impl.h,
which already exists!  Skipping patch.
1 out of 1 hunk ignored
The next patch would create the file grub-core/lib/argon2/blake2/blake2.h,
which already exists!  Skipping patch.
1 out of 1 hunk ignored
The next patch would create the file grub-core/lib/argon2/blake2/blake2b.c,
which already exists!  Skipping patch.
1 out of 1 hunk ignored
The next patch would create the file grub-core/lib/argon2/blake2/blamka-round-ref.h,
which already exists!  Skipping patch.
1 out of 1 hunk ignored
The next patch would create the file grub-core/lib/argon2/core.c,
which already exists!  Skipping patch.
1 out of 1 hunk ignored
The next patch would create the file grub-core/lib/argon2/core.h,
which already exists!  Skipping patch.
1 out of 1 hunk ignored
The next patch would create the file grub-core/lib/argon2/ref.c,
which already exists!  Skipping patch.
1 out of 1 hunk ignored
==> ERROR: A failure occurred in prepare().
    Aborting...

I tried to install on my main machine, and also on a totally fresh install. Same result. Any idea what is causing the prepare patch stage failing ?

Ax333l commented on 2023-06-03 15:49 (UTC)

Im sorry. I don't know how to override the font

1001 commented on 2023-06-03 15:04 (UTC)

Ax333l commented on 2023-06-02 15:54 (UTC)

hotcapy, I think you have to either sign all the generated grub modules or embed more of them.

decepticlown are you sure you are using --target="x86_64-efi"? It is required. I'll have to test with the latest version of grub myself but if I cannot reproduce it myself then I am not sure how to help.

decepticlown commented on 2023-05-31 17:25 (UTC) (edited on 2023-05-31 17:31 (UTC) by decepticlown)

Hello, I had installed grub with: ~# grub-install --disable-shim-lock --modules=" part_gpt part_msdos luks2 argon2 tpm gcry_sha512 and more"

My simplified /etc/default/grub:

cmdline=" loglevel=3 cryptdevice=UUID=xxx:cryptroot cryptkey=rootfs:/crypt/key.bin root=/dev/mapper/cryptroot rootflags=subvol=@/0/snapshot" cryptodisk=y

Then config with:

grub-mkconfig -o /boot/grub/grub.cfg

I'm having black screen when I select GRUB from efi entries. No error, no grub command line, no grub password prompts nothing. Just black screen. No input works. I have to hard reboot.

I can boot perfectly fine with same kernel options with bundled efi from sbctl.

My disk layout:

/dev/nvme0n1 >
    /dev/nvme0n1p1 - fat32 EFI mounted /boot/efi
    /dev/nvmen1p2 - linux root, crypt with luks2, key size sha512, aes-xts-plain64 , iterations 3000
        btrfs system >
            @ - /.snapshots
            @/0/snapshot - /
            @home,@root,... - /home, /root, ...

1001 commented on 2023-05-31 05:40 (UTC)

Hello. How to add font to grubx64.efi for early boot?

hotcapy commented on 2023-05-17 16:35 (UTC) (edited on 2023-05-19 05:13 (UTC) by hotcapy)

Hello!

I have an old laptop "Samsung NP350V5C-S1ERU" (2013). It originally came with just BIOS, which was then replaced with UEFI by firmware update. UEFI is "Aptio Setup Utility" by "American Megatrends". Firmware version is latest available - "P09ABE".

I use Secure Boot with my own custom keys, signing GRUB core image and kernel's vmlinuz-* files.

# grub-install --target=x86_64-efi --efi-directory=/boot/efi --modules="luks2 part_gpt part_msdos cryptodisk gcry_serpent argon2 pbkdf2 gcry_whirlpool btrfs tpm" --disable-shim-lock --removable --recheck
# sbsign --key db.key --cert db.crt --output /boot/efi/EFI/BOOT/BOOTX64.EFI /boot/efi/EFI/BOOT/BOOTX64.EFI

Core generated this way by package version "2.06.r460.gf7564844f-1" works with both enabled and disabled UEFI Secure Boot.

Latest version "2.06.r499.ge67a551a4-1" successfully handles encryption, but stuck at some internal Secure Boot verification step (fails to insmod normal):

error: verification requested but nobody cares: (cryptouuid/*UUID*)/@/boot/grub/x86_64-efi/normal.mod.
Entering rescue mode...

If Secure Boot is disabled in UEFI, GRUB loads and system successfully boots.

Same latest package version works with enabled Secure Boot on my another desktop computer w/o any errors.

Since issue not seem to be related to encryption at all, I assume it could be upstream GRUB bug with just certain hardware affected? If there is any hope for ready-to-use fix, I'll be happy to test it.

P.S. Thank you Ax333l for maintaining this package. I believe it is important for many people who consider pbkdf2 insecure for full disk encryption nowadays to have argon2id support. It is great that Arch users have this opportunity.

Ax333l commented on 2023-04-24 19:23 (UTC)

jroovy, I believe I have the same issue on one of my laptops. I did not really have a reason to fix it at the time, but I have one idea which might fix it. Not entirely sure though. If I cannot fix it myself, then I will have to report it to the grub bug tracker.