Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#1024447: grub-efi-amd64: No box border characters in boot menu
234 views
Skip to first unread message
Chris Nospam
Nov 19, 2022, 11:40:03 AM11/19/22
to
Package: grub-efi-amd64
Version: 2.06-5
Severity: normal
X-Debbugs-Cc: chri...@gmx.de
Dear Maintainer,
I am running debian testing/bookworm. After the updates from grub 2.06-4 to
grub 2.06-5 (about November 18th) in the grub boot menu the box border
characters are not shown as they should. Insteadn one sees only a boxed
question mark for each character. Further, an error message is shown as text
for a fraction of a second directly before the boot menu arsises:
"error: prohibited by secure boot policy."
I believe this is new in 2.06-5.
When I disable secure boot with the mainboard firmware, the characters/boot
menu shows
up correctly.
I can trigger this in my kvm virtualized installtion and on my bare metal
machine with an ASUS H170 Gaming main board (and latest firmware).
Best,
Chris
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
* What exactly did you do (or not do) that was effective (or
ineffective)?
* What was the outcome of this action?
* What outcome did you expect instead?
*** End of the template - remove these template lines ***
-- Package-specific info:
*********************** BEGIN /proc/mounts
/dev/sda2 / ext4 rw,relatime,errors=remount-ro 0 0
/dev/sda1 /boot/efi vfat rw,relatime,fmask=0077,dmask=0077,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro 0 0
/dev/sdb1 /bak ext4 rw,relatime,errors=remount-ro 0 0
*********************** END /proc/mounts
*********************** BEGIN /boot/grub/grub.cfg
#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#
### BEGIN /etc/grub.d/00_header ###
if [ -s $prefix/grubenv ]; then
set have_grubenv=true
load_env
fi
if [ "${next_entry}" ] ; then
set default="${next_entry}"
set next_entry=
save_env next_entry
set boot_once=true
else
set default="0"
fi
if [ x"${feature_menuentry_id}" = xy ]; then
menuentry_id_option="--id"
else
menuentry_id_option=""
fi
export menuentry_id_option
if [ "${prev_saved_entry}" ]; then
set saved_entry="${prev_saved_entry}"
save_env saved_entry
set prev_saved_entry=
save_env prev_saved_entry
set boot_once=true
fi
function savedefault {
if [ -z "${boot_once}" ]; then
saved_entry="${chosen}"
save_env saved_entry
fi
}
function load_video {
if [ x$feature_all_video_module = xy ]; then
insmod all_video
else
insmod efi_gop
insmod efi_uga
insmod ieee1275_fb
insmod vbe
insmod vga
insmod video_bochs
insmod video_cirrus
fi
}
if [ x$feature_default_font_path = xy ] ; then
font=unicode
else
insmod part_gpt
insmod ext2
set root='hd0,gpt2'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2 a959f586-d0e1-4254-84f7-5350df65edb3
else
search --no-floppy --fs-uuid --set=root a959f586-d0e1-4254-84f7-5350df65edb3
fi
font="/usr/share/grub/unicode.pf2"
fi
if loadfont $font ; then
set gfxmode=auto
load_video
insmod gfxterm
set locale_dir=$prefix/locale
set lang=de_DE
insmod gettext
fi
terminal_output gfxterm
if [ "${recordfail}" = 1 ] ; then
set timeout=30
else
if [ x$feature_timeout_style = xy ] ; then
set timeout_style=menu
set timeout=5
# Fallback normal timeout code in case the timeout_style feature is
# unavailable.
else
set timeout=5
fi
fi
### END /etc/grub.d/00_header ###
### BEGIN /etc/grub.d/05_debian_theme ###
insmod part_gpt
insmod ext2
set root='hd0,gpt2'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2 a959f586-d0e1-4254-84f7-5350df65edb3
else
search --no-floppy --fs-uuid --set=root a959f586-d0e1-4254-84f7-5350df65edb3
fi
insmod png
if background_image /usr/share/desktop-base/homeworld-theme/grub/grub-16x9.png; then
set color_normal=white/black
set color_highlight=black/white
else
set menu_color_normal=cyan/blue
set menu_color_highlight=white/blue
fi
### END /etc/grub.d/05_debian_theme ###
### BEGIN /etc/grub.d/10_linux ###
function gfxmode {
set gfxpayload="${1}"
}
set linux_gfx_mode=
export linux_gfx_mode
menuentry 'Debian GNU/Linux' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-simple-a959f586-d0e1-4254-84f7-5350df65edb3' {
load_video
insmod gzio
if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
insmod part_gpt
insmod ext2
set root='hd0,gpt2'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2 a959f586-d0e1-4254-84f7-5350df65edb3
else
search --no-floppy --fs-uuid --set=root a959f586-d0e1-4254-84f7-5350df65edb3
fi
echo 'Loading Linux 6.0.0-4-amd64 ...'
linux /boot/vmlinuz-6.0.0-4-amd64 root=UUID=a959f586-d0e1-4254-84f7-5350df65edb3 ro quiet
echo 'Loading initial ramdisk ...'
initrd /boot/initrd.img-6.0.0-4-amd64
}
submenu 'Advanced options for Debian GNU/Linux' $menuentry_id_option 'gnulinux-advanced-a959f586-d0e1-4254-84f7-5350df65edb3' {
menuentry 'Debian GNU/Linux, with Linux 6.0.0-4-amd64' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-6.0.0-4-amd64-advanced-a959f586-d0e1-4254-84f7-5350df65edb3' {
load_video
insmod gzio
if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
insmod part_gpt
insmod ext2
set root='hd0,gpt2'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2 a959f586-d0e1-4254-84f7-5350df65edb3
else
search --no-floppy --fs-uuid --set=root a959f586-d0e1-4254-84f7-5350df65edb3
fi
echo 'Loading Linux 6.0.0-4-amd64 ...'
linux /boot/vmlinuz-6.0.0-4-amd64 root=UUID=a959f586-d0e1-4254-84f7-5350df65edb3 ro quiet
echo 'Loading initial ramdisk ...'
initrd /boot/initrd.img-6.0.0-4-amd64
}
menuentry 'Debian GNU/Linux, with Linux 6.0.0-4-amd64 (recovery mode)' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-6.0.0-4-amd64-recovery-a959f586-d0e1-4254-84f7-5350df65edb3' {
load_video
insmod gzio
if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
insmod part_gpt
insmod ext2
set root='hd0,gpt2'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2 a959f586-d0e1-4254-84f7-5350df65edb3
else
search --no-floppy --fs-uuid --set=root a959f586-d0e1-4254-84f7-5350df65edb3
fi
echo 'Loading Linux 6.0.0-4-amd64 ...'
linux /boot/vmlinuz-6.0.0-4-amd64 root=UUID=a959f586-d0e1-4254-84f7-5350df65edb3 ro single
echo 'Loading initial ramdisk ...'
initrd /boot/initrd.img-6.0.0-4-amd64
}
menuentry 'Debian GNU/Linux, with Linux 6.0.0-3-amd64' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-6.0.0-3-amd64-advanced-a959f586-d0e1-4254-84f7-5350df65edb3' {
load_video
insmod gzio
if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
insmod part_gpt
insmod ext2
set root='hd0,gpt2'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2 a959f586-d0e1-4254-84f7-5350df65edb3
else
search --no-floppy --fs-uuid --set=root a959f586-d0e1-4254-84f7-5350df65edb3
fi
echo 'Loading Linux 6.0.0-3-amd64 ...'
linux /boot/vmlinuz-6.0.0-3-amd64 root=UUID=a959f586-d0e1-4254-84f7-5350df65edb3 ro quiet
echo 'Loading initial ramdisk ...'
initrd /boot/initrd.img-6.0.0-3-amd64
}
menuentry 'Debian GNU/Linux, with Linux 6.0.0-3-amd64 (recovery mode)' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-6.0.0-3-amd64-recovery-a959f586-d0e1-4254-84f7-5350df65edb3' {
load_video
insmod gzio
if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
insmod part_gpt
insmod ext2
set root='hd0,gpt2'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2 a959f586-d0e1-4254-84f7-5350df65edb3
else
search --no-floppy --fs-uuid --set=root a959f586-d0e1-4254-84f7-5350df65edb3
fi
echo 'Loading Linux 6.0.0-3-amd64 ...'
linux /boot/vmlinuz-6.0.0-3-amd64 root=UUID=a959f586-d0e1-4254-84f7-5350df65edb3 ro single
echo 'Loading initial ramdisk ...'
initrd /boot/initrd.img-6.0.0-3-amd64
}
}
### END /etc/grub.d/10_linux ###
### BEGIN /etc/grub.d/20_linux_xen ###
### END /etc/grub.d/20_linux_xen ###
### BEGIN /etc/grub.d/30_os-prober ###
### END /etc/grub.d/30_os-prober ###
### BEGIN /etc/grub.d/30_uefi-firmware ###
menuentry 'UEFI Firmware Settings' $menuentry_id_option 'uefi-firmware' {
fwsetup
}
### END /etc/grub.d/30_uefi-firmware ###
### BEGIN /etc/grub.d/35_fwupd ###
### END /etc/grub.d/35_fwupd ###
### BEGIN /etc/grub.d/40_custom ###
# This file provides an easy way to add custom menu entries. Simply type the
# menu entries you want to add after this comment. Be careful not to change
# the 'exec tail' line above.
### END /etc/grub.d/40_custom ###
### BEGIN /etc/grub.d/41_custom ###
if [ -f ${config_directory}/custom.cfg ]; then
source ${config_directory}/custom.cfg
elif [ -z "${config_directory}" -a -f $prefix/custom.cfg ]; then
source $prefix/custom.cfg
fi
### END /etc/grub.d/41_custom ###
*********************** END /boot/grub/grub.cfg
*********************** BEGIN /proc/mdstat
cat: /proc/mdstat: No such file or directory
*********************** END /proc/mdstat
*********************** BEGIN /dev/disk/by-id
total 0
lrwxrwxrwx 1 root root 9 Nov 19 17:12 ata-PIONEER_BD-RW_BDR-207M -> ../../sr0
lrwxrwxrwx 1 root root 9 Nov 19 17:12 ata-ST3000DM001-9YN166_W1F0QXMB -> ../../sdb
lrwxrwxrwx 1 root root 10 Nov 19 17:12 ata-ST3000DM001-9YN166_W1F0QXMB-part1 -> ../../sdb1
lrwxrwxrwx 1 root root 9 Nov 19 17:12 ata-Samsung_SSD_850_PRO_1TB_S1SRNWAG300107E -> ../../sda
lrwxrwxrwx 1 root root 10 Nov 19 17:12 ata-Samsung_SSD_850_PRO_1TB_S1SRNWAG300107E-part1 -> ../../sda1
lrwxrwxrwx 1 root root 10 Nov 19 17:12 ata-Samsung_SSD_850_PRO_1TB_S1SRNWAG300107E-part2 -> ../../sda2
lrwxrwxrwx 1 root root 10 Nov 19 17:12 ata-Samsung_SSD_850_PRO_1TB_S1SRNWAG300107E-part3 -> ../../sda3
lrwxrwxrwx 1 root root 9 Nov 19 17:12 wwn-0x5000c5005274f8cc -> ../../sdb
lrwxrwxrwx 1 root root 10 Nov 19 17:12 wwn-0x5000c5005274f8cc-part1 -> ../../sdb1
lrwxrwxrwx 1 root root 9 Nov 19 17:12 wwn-0x50025388700ba17d -> ../../sda
lrwxrwxrwx 1 root root 10 Nov 19 17:12 wwn-0x50025388700ba17d-part1 -> ../../sda1
lrwxrwxrwx 1 root root 10 Nov 19 17:12 wwn-0x50025388700ba17d-part2 -> ../../sda2
lrwxrwxrwx 1 root root 10 Nov 19 17:12 wwn-0x50025388700ba17d-part3 -> ../../sda3
*********************** END /dev/disk/by-id
*********************** BEGIN /dev/disk/by-uuid
total 0
lrwxrwxrwx 1 root root 10 Nov 19 17:12 230B-F40B -> ../../sda1
lrwxrwxrwx 1 root root 10 Nov 19 17:12 3c8486ac-ed7f-46ab-80ed-5d6e96f6d484 -> ../../sda3
lrwxrwxrwx 1 root root 10 Nov 19 17:12 7690ea04-6ee8-4448-9ab1-3d78701c46a3 -> ../../sdb1
lrwxrwxrwx 1 root root 10 Nov 19 17:12 a959f586-d0e1-4254-84f7-5350df65edb3 -> ../../sda2
*********************** END /dev/disk/by-uuid
-- System Information:
Debian Release: bookworm/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 6.0.0-4-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de:en_US
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages grub-efi-amd64 depends on:
ii debconf [debconf-2.0] 1.5.79
ii grub-common 2.06-5
ii grub-efi-amd64-bin 2.06-5
ii grub2-common 2.06-5
ii ucf 3.0043
grub-efi-amd64 recommends no packages.
grub-efi-amd64 suggests no packages.
-- debconf information:
* grub2/linux_cmdline_default: quiet
* grub2/update_nvram: true
* grub2/linux_cmdline:
grub2/device_map_regenerated:
grub2/force_efi_extra_removable: false
grub2/kfreebsd_cmdline:
grub2/kfreebsd_cmdline_default: quiet
Version: 2.06-5
Severity: normal
X-Debbugs-Cc: chri...@gmx.de
Dear Maintainer,
I am running debian testing/bookworm. After the updates from grub 2.06-4 to
grub 2.06-5 (about November 18th) in the grub boot menu the box border
characters are not shown as they should. Insteadn one sees only a boxed
question mark for each character. Further, an error message is shown as text
for a fraction of a second directly before the boot menu arsises:
"error: prohibited by secure boot policy."
I believe this is new in 2.06-5.
When I disable secure boot with the mainboard firmware, the characters/boot
menu shows
up correctly.
I can trigger this in my kvm virtualized installtion and on my bare metal
machine with an ASUS H170 Gaming main board (and latest firmware).
Best,
Chris
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
* What exactly did you do (or not do) that was effective (or
ineffective)?
* What was the outcome of this action?
* What outcome did you expect instead?
*** End of the template - remove these template lines ***
-- Package-specific info:
*********************** BEGIN /proc/mounts
/dev/sda2 / ext4 rw,relatime,errors=remount-ro 0 0
/dev/sda1 /boot/efi vfat rw,relatime,fmask=0077,dmask=0077,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro 0 0
/dev/sdb1 /bak ext4 rw,relatime,errors=remount-ro 0 0
*********************** END /proc/mounts
*********************** BEGIN /boot/grub/grub.cfg
#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#
### BEGIN /etc/grub.d/00_header ###
if [ -s $prefix/grubenv ]; then
set have_grubenv=true
load_env
fi
if [ "${next_entry}" ] ; then
set default="${next_entry}"
set next_entry=
save_env next_entry
set boot_once=true
else
set default="0"
fi
if [ x"${feature_menuentry_id}" = xy ]; then
menuentry_id_option="--id"
else
menuentry_id_option=""
fi
export menuentry_id_option
if [ "${prev_saved_entry}" ]; then
set saved_entry="${prev_saved_entry}"
save_env saved_entry
set prev_saved_entry=
save_env prev_saved_entry
set boot_once=true
fi
function savedefault {
if [ -z "${boot_once}" ]; then
saved_entry="${chosen}"
save_env saved_entry
fi
}
function load_video {
if [ x$feature_all_video_module = xy ]; then
insmod all_video
else
insmod efi_gop
insmod efi_uga
insmod ieee1275_fb
insmod vbe
insmod vga
insmod video_bochs
insmod video_cirrus
fi
}
if [ x$feature_default_font_path = xy ] ; then
font=unicode
else
insmod part_gpt
insmod ext2
set root='hd0,gpt2'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2 a959f586-d0e1-4254-84f7-5350df65edb3
else
search --no-floppy --fs-uuid --set=root a959f586-d0e1-4254-84f7-5350df65edb3
fi
font="/usr/share/grub/unicode.pf2"
fi
if loadfont $font ; then
set gfxmode=auto
load_video
insmod gfxterm
set locale_dir=$prefix/locale
set lang=de_DE
insmod gettext
fi
terminal_output gfxterm
if [ "${recordfail}" = 1 ] ; then
set timeout=30
else
if [ x$feature_timeout_style = xy ] ; then
set timeout_style=menu
set timeout=5
# Fallback normal timeout code in case the timeout_style feature is
# unavailable.
else
set timeout=5
fi
fi
### END /etc/grub.d/00_header ###
### BEGIN /etc/grub.d/05_debian_theme ###
insmod part_gpt
insmod ext2
set root='hd0,gpt2'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2 a959f586-d0e1-4254-84f7-5350df65edb3
else
search --no-floppy --fs-uuid --set=root a959f586-d0e1-4254-84f7-5350df65edb3
fi
insmod png
if background_image /usr/share/desktop-base/homeworld-theme/grub/grub-16x9.png; then
set color_normal=white/black
set color_highlight=black/white
else
set menu_color_normal=cyan/blue
set menu_color_highlight=white/blue
fi
### END /etc/grub.d/05_debian_theme ###
### BEGIN /etc/grub.d/10_linux ###
function gfxmode {
set gfxpayload="${1}"
}
set linux_gfx_mode=
export linux_gfx_mode
menuentry 'Debian GNU/Linux' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-simple-a959f586-d0e1-4254-84f7-5350df65edb3' {
load_video
insmod gzio
if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
insmod part_gpt
insmod ext2
set root='hd0,gpt2'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2 a959f586-d0e1-4254-84f7-5350df65edb3
else
search --no-floppy --fs-uuid --set=root a959f586-d0e1-4254-84f7-5350df65edb3
fi
echo 'Loading Linux 6.0.0-4-amd64 ...'
linux /boot/vmlinuz-6.0.0-4-amd64 root=UUID=a959f586-d0e1-4254-84f7-5350df65edb3 ro quiet
echo 'Loading initial ramdisk ...'
initrd /boot/initrd.img-6.0.0-4-amd64
}
submenu 'Advanced options for Debian GNU/Linux' $menuentry_id_option 'gnulinux-advanced-a959f586-d0e1-4254-84f7-5350df65edb3' {
menuentry 'Debian GNU/Linux, with Linux 6.0.0-4-amd64' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-6.0.0-4-amd64-advanced-a959f586-d0e1-4254-84f7-5350df65edb3' {
load_video
insmod gzio
if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
insmod part_gpt
insmod ext2
set root='hd0,gpt2'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2 a959f586-d0e1-4254-84f7-5350df65edb3
else
search --no-floppy --fs-uuid --set=root a959f586-d0e1-4254-84f7-5350df65edb3
fi
echo 'Loading Linux 6.0.0-4-amd64 ...'
linux /boot/vmlinuz-6.0.0-4-amd64 root=UUID=a959f586-d0e1-4254-84f7-5350df65edb3 ro quiet
echo 'Loading initial ramdisk ...'
initrd /boot/initrd.img-6.0.0-4-amd64
}
menuentry 'Debian GNU/Linux, with Linux 6.0.0-4-amd64 (recovery mode)' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-6.0.0-4-amd64-recovery-a959f586-d0e1-4254-84f7-5350df65edb3' {
load_video
insmod gzio
if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
insmod part_gpt
insmod ext2
set root='hd0,gpt2'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2 a959f586-d0e1-4254-84f7-5350df65edb3
else
search --no-floppy --fs-uuid --set=root a959f586-d0e1-4254-84f7-5350df65edb3
fi
echo 'Loading Linux 6.0.0-4-amd64 ...'
linux /boot/vmlinuz-6.0.0-4-amd64 root=UUID=a959f586-d0e1-4254-84f7-5350df65edb3 ro single
echo 'Loading initial ramdisk ...'
initrd /boot/initrd.img-6.0.0-4-amd64
}
menuentry 'Debian GNU/Linux, with Linux 6.0.0-3-amd64' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-6.0.0-3-amd64-advanced-a959f586-d0e1-4254-84f7-5350df65edb3' {
load_video
insmod gzio
if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
insmod part_gpt
insmod ext2
set root='hd0,gpt2'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2 a959f586-d0e1-4254-84f7-5350df65edb3
else
search --no-floppy --fs-uuid --set=root a959f586-d0e1-4254-84f7-5350df65edb3
fi
echo 'Loading Linux 6.0.0-3-amd64 ...'
linux /boot/vmlinuz-6.0.0-3-amd64 root=UUID=a959f586-d0e1-4254-84f7-5350df65edb3 ro quiet
echo 'Loading initial ramdisk ...'
initrd /boot/initrd.img-6.0.0-3-amd64
}
menuentry 'Debian GNU/Linux, with Linux 6.0.0-3-amd64 (recovery mode)' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-6.0.0-3-amd64-recovery-a959f586-d0e1-4254-84f7-5350df65edb3' {
load_video
insmod gzio
if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
insmod part_gpt
insmod ext2
set root='hd0,gpt2'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2 a959f586-d0e1-4254-84f7-5350df65edb3
else
search --no-floppy --fs-uuid --set=root a959f586-d0e1-4254-84f7-5350df65edb3
fi
echo 'Loading Linux 6.0.0-3-amd64 ...'
linux /boot/vmlinuz-6.0.0-3-amd64 root=UUID=a959f586-d0e1-4254-84f7-5350df65edb3 ro single
echo 'Loading initial ramdisk ...'
initrd /boot/initrd.img-6.0.0-3-amd64
}
}
### END /etc/grub.d/10_linux ###
### BEGIN /etc/grub.d/20_linux_xen ###
### END /etc/grub.d/20_linux_xen ###
### BEGIN /etc/grub.d/30_os-prober ###
### END /etc/grub.d/30_os-prober ###
### BEGIN /etc/grub.d/30_uefi-firmware ###
menuentry 'UEFI Firmware Settings' $menuentry_id_option 'uefi-firmware' {
fwsetup
}
### END /etc/grub.d/30_uefi-firmware ###
### BEGIN /etc/grub.d/35_fwupd ###
### END /etc/grub.d/35_fwupd ###
### BEGIN /etc/grub.d/40_custom ###
# This file provides an easy way to add custom menu entries. Simply type the
# menu entries you want to add after this comment. Be careful not to change
# the 'exec tail' line above.
### END /etc/grub.d/40_custom ###
### BEGIN /etc/grub.d/41_custom ###
if [ -f ${config_directory}/custom.cfg ]; then
source ${config_directory}/custom.cfg
elif [ -z "${config_directory}" -a -f $prefix/custom.cfg ]; then
source $prefix/custom.cfg
fi
### END /etc/grub.d/41_custom ###
*********************** END /boot/grub/grub.cfg
*********************** BEGIN /proc/mdstat
cat: /proc/mdstat: No such file or directory
*********************** END /proc/mdstat
*********************** BEGIN /dev/disk/by-id
total 0
lrwxrwxrwx 1 root root 9 Nov 19 17:12 ata-PIONEER_BD-RW_BDR-207M -> ../../sr0
lrwxrwxrwx 1 root root 9 Nov 19 17:12 ata-ST3000DM001-9YN166_W1F0QXMB -> ../../sdb
lrwxrwxrwx 1 root root 10 Nov 19 17:12 ata-ST3000DM001-9YN166_W1F0QXMB-part1 -> ../../sdb1
lrwxrwxrwx 1 root root 9 Nov 19 17:12 ata-Samsung_SSD_850_PRO_1TB_S1SRNWAG300107E -> ../../sda
lrwxrwxrwx 1 root root 10 Nov 19 17:12 ata-Samsung_SSD_850_PRO_1TB_S1SRNWAG300107E-part1 -> ../../sda1
lrwxrwxrwx 1 root root 10 Nov 19 17:12 ata-Samsung_SSD_850_PRO_1TB_S1SRNWAG300107E-part2 -> ../../sda2
lrwxrwxrwx 1 root root 10 Nov 19 17:12 ata-Samsung_SSD_850_PRO_1TB_S1SRNWAG300107E-part3 -> ../../sda3
lrwxrwxrwx 1 root root 9 Nov 19 17:12 wwn-0x5000c5005274f8cc -> ../../sdb
lrwxrwxrwx 1 root root 10 Nov 19 17:12 wwn-0x5000c5005274f8cc-part1 -> ../../sdb1
lrwxrwxrwx 1 root root 9 Nov 19 17:12 wwn-0x50025388700ba17d -> ../../sda
lrwxrwxrwx 1 root root 10 Nov 19 17:12 wwn-0x50025388700ba17d-part1 -> ../../sda1
lrwxrwxrwx 1 root root 10 Nov 19 17:12 wwn-0x50025388700ba17d-part2 -> ../../sda2
lrwxrwxrwx 1 root root 10 Nov 19 17:12 wwn-0x50025388700ba17d-part3 -> ../../sda3
*********************** END /dev/disk/by-id
*********************** BEGIN /dev/disk/by-uuid
total 0
lrwxrwxrwx 1 root root 10 Nov 19 17:12 230B-F40B -> ../../sda1
lrwxrwxrwx 1 root root 10 Nov 19 17:12 3c8486ac-ed7f-46ab-80ed-5d6e96f6d484 -> ../../sda3
lrwxrwxrwx 1 root root 10 Nov 19 17:12 7690ea04-6ee8-4448-9ab1-3d78701c46a3 -> ../../sdb1
lrwxrwxrwx 1 root root 10 Nov 19 17:12 a959f586-d0e1-4254-84f7-5350df65edb3 -> ../../sda2
*********************** END /dev/disk/by-uuid
-- System Information:
Debian Release: bookworm/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 6.0.0-4-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de:en_US
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages grub-efi-amd64 depends on:
ii debconf [debconf-2.0] 1.5.79
ii grub-common 2.06-5
ii grub-efi-amd64-bin 2.06-5
ii grub2-common 2.06-5
ii ucf 3.0043
grub-efi-amd64 recommends no packages.
grub-efi-amd64 suggests no packages.
-- debconf information:
* grub2/linux_cmdline_default: quiet
* grub2/update_nvram: true
* grub2/linux_cmdline:
grub2/device_map_regenerated:
grub2/force_efi_extra_removable: false
grub2/kfreebsd_cmdline:
grub2/kfreebsd_cmdline_default: quiet
Steve McIntyre
Nov 19, 2022, 5:30:04 PM11/19/22
to
Hi Chris,
On Sat, Nov 19, 2022 at 05:28:27PM +0100, Chris Nospam wrote:
>Package: grub-efi-amd64
>Version: 2.06-5
>Severity: normal
>X-Debbugs-Cc: chri...@gmx.de
>
>Dear Maintainer,
>
>I am running debian testing/bookworm. After the updates from grub 2.06-4 to
>grub 2.06-5 (about November 18th) in the grub boot menu the box border
>characters are not shown as they should. Insteadn one sees only a boxed
>question mark for each character. Further, an error message is shown as text
>for a fraction of a second directly before the boot menu arsises:
>"error: prohibited by secure boot policy."
>I believe this is new in 2.06-5.
>When I disable secure boot with the mainboard firmware, the characters/boot
>menu shows
>up correctly.
>
>I can trigger this in my kvm virtualized installtion and on my bare metal
>machine with an ASUS H170 Gaming main board (and latest firmware).
ACK. Thanks for your bug report!
This is due to a change in Secure Boot setup that came with the latest
GRUB security fixes, to reduce the possibility of security issues in
font handling. With SB enabled, GRUB will now only allow the use of
fonts directly embedded within the signed image. We didn't have the
time to fully convert Debian's GRUB configuration to match this new
world before publishing these security fixes, hence you're seeing
these issues. Sorry. :-(
I'm working to get this fixed up, but it's taking a little longer than
I hoped.
--
Steve McIntyre, Cambridge, UK. st...@einval.com
"The problem with defending the purity of the English language is that
English is about as pure as a cribhouse whore. We don't just borrow words; on
occasion, English has pursued other languages down alleyways to beat them
unconscious and rifle their pockets for new vocabulary." -- James D. Nicoll
On Sat, Nov 19, 2022 at 05:28:27PM +0100, Chris Nospam wrote:
>Package: grub-efi-amd64
>Version: 2.06-5
>Severity: normal
>X-Debbugs-Cc: chri...@gmx.de
>
>Dear Maintainer,
>
>I am running debian testing/bookworm. After the updates from grub 2.06-4 to
>grub 2.06-5 (about November 18th) in the grub boot menu the box border
>characters are not shown as they should. Insteadn one sees only a boxed
>question mark for each character. Further, an error message is shown as text
>for a fraction of a second directly before the boot menu arsises:
>"error: prohibited by secure boot policy."
>I believe this is new in 2.06-5.
>When I disable secure boot with the mainboard firmware, the characters/boot
>menu shows
>up correctly.
>
>I can trigger this in my kvm virtualized installtion and on my bare metal
>machine with an ASUS H170 Gaming main board (and latest firmware).
This is due to a change in Secure Boot setup that came with the latest
GRUB security fixes, to reduce the possibility of security issues in
font handling. With SB enabled, GRUB will now only allow the use of
fonts directly embedded within the signed image. We didn't have the
time to fully convert Debian's GRUB configuration to match this new
world before publishing these security fixes, hence you're seeing
these issues. Sorry. :-(
I'm working to get this fixed up, but it's taking a little longer than
I hoped.
--
Steve McIntyre, Cambridge, UK. st...@einval.com
"The problem with defending the purity of the English language is that
English is about as pure as a cribhouse whore. We don't just borrow words; on
occasion, English has pursued other languages down alleyways to beat them
unconscious and rifle their pockets for new vocabulary." -- James D. Nicoll
Chris Nospam
Dec 15, 2022, 4:10:03 AM12/15/22
to
Dear all,
> doing an apt upgrade, the grub-efi-amd64-signed package remained at 2.06-5
I can confirm that behavior. A manual call of grub-install/update-grab is necessary after the package upgrade to 2.06-7. Otherwise the grub version which will be used on booting stays 2.06-5 . Maybe the grub packages forget to call update-grub on upgrade?
Otherwise the fix seems to work well.
@Steve Thanks for mainting grub!
Best,
Chris
> doing an apt upgrade, the grub-efi-amd64-signed package remained at 2.06-5
I can confirm that behavior. A manual call of grub-install/update-grab is necessary after the package upgrade to 2.06-7. Otherwise the grub version which will be used on booting stays 2.06-5 . Maybe the grub packages forget to call update-grub on upgrade?
Otherwise the fix seems to work well.
@Steve Thanks for mainting grub!
Best,
Chris
0 new messages