Comment 25 for bug 1401532

This bug was fixed in the package grub2 - 2.02-2ubuntu1

---------------
grub2 (2.02-2ubuntu1) bionic; urgency=medium

  * Merge with Debian; remaining changes:
    - debian/patches/support_initrd-less_boot.patch: Added knobs to allow
      non-initrd boot config. (LP: #1640878)
    - Disable os-prober for ppc64el on the PowerNV platform, to reduce the
      number of entries/clutter from other OSes in Petitboot (LP: #1447500)
    - debian/build-efi-images: provide a new grub EFI image which enforces that
      loaded kernels are signed for Secure Boot: build gsb$arch.efi; which is
      the same as grub$arch.efi minus the 'linux' module. Without fallback to
      'linux' for unsigned loading, this makes it effectively enforce having a
      signed kernel. (LP: #1401532)
    - debian/patches/install_signed.patch, grub-install-extra-removable.patch:
      - Make sure if we install shim; it should also be exported as the default
        bootloader to install later to a removable path, if we do.
      - Rework grub-install-extra-removable.patch to reverse its logic: in the
        default case, install the bootloader to /EFI/BOOT, unless we're trying
        to install on a removable device, or explicitly telling grub *not* to
        do it.
      - Move installing fb$arch.efi to --no-extra-removable; as we don't want
        fallback to be installed unless we're also installing to /EFI/BOOT.
        (LP: #1684341)
      - Make sure postinst and templates know about the replacement of
        --force-extra-removable with --no-extra-removable.
  * Sync Secure Boot support patches with the upstream patch set from
    rhboot/grub2:master-sb. Renamed some patches and updated descriptions for
    the whole thing to make more sense, too:
    - dropped debian/patches/linuxefi_require_shim.patch
    - renamed: debian/patches/no_insmod_on_sb.patch ->
      debian/patches/linuxefi_no_insmod_on_sb.patch
    - debian/patches/linuxefi.patch
    - debian/patches/linuxefi_debug.patch
    - debian/patches/linuxefi_non_sb_fallback.patch
    - debian/patches/linuxefi_add_sb_to_efi_chainload.patch
    - debian/patches/linuxefi_cleanup_errors_in_loader.patch
    - debian/patches/linuxefi_fix_efi_validation_race.patch
    - debian/patches/linuxefi_handle_multiarch_boot.patch
    - debian/patches/linuxefi_honor_sb_mode.patch
    - debian/patches/linuxefi_move_fdt_helper.patch
    - debian/patches/linuxefi_load_arm_with_sb.patch
    - debian/patches/linuxefi_minor_cleanups.patch
    - debian/patches/linuxefi_re-enable_linux_cmd.patch
    - debian/patches/linuxefi_rework_linux16_cmd.patch
    - debian/patches/linuxefi_rework_linux_cmd.patch
    - debian/patches/linuxefi_rework_non-sb_efi_chainload.patch
    - debian/patches/linuxefi_rework_pe_loading.patch
    - debian/patches/linuxefi_use_dev_chainloader_target.patch
  * debian/patches/dont-fail-efi-warnings.patch: handle linuxefi patches and
    the casting they do on some architectures: we don't want to fail build
    because of some of the warnings that can show up since we otherwise build
    with -Werror.

grub2 (2.02-3) UNRELEASED; urgency=medium

  * Use current location for upstream signing key
    (debian/upstream/signing-key.asc).
  * Update upstream signing key to a non-expired version.

  [ Debconf translations ]
  * [sq] Albanian (Silva Arapi; closes: #874497).

grub2 (2.02-2) unstable; urgency=medium

  * Comment out debian/watch lines for betas and pre-releases for now.
  * Cherry-pick upstream patch to allow mounting ext2/3/4 file systems that
    have the 'encrypt' feature enabled (closes: #840204).

grub2 (2.02-1) unstable; urgency=medium

  * New upstream release.
    - xen: Fix wrong register in relocator (closes: #799480).
  * Resolve symlinks for supported init paths as well as for /sbin/init
    (thanks, Felipe Sateler; closes: #842315).

  [ Debconf translations ]
  * [sr] Serbian (Karolina Kalic; closes: #691288).
  * [sr@latin] Serbian Latin (Karolina Kalic; closes: #691289).
  * [pt] Portuguese (Rui Branco - DebianPT; closes: #864171).

grub2 (2.02~beta3-5) unstable; urgency=medium

  [ Steve McIntyre ]
  * Make grub-install check for errors from efibootmgr (closes: #853234).
    There are probably still underlying issues in other similar reported
    bugs, but they're more effectively tracked elsewhere (e.g. efibootmgr)
    at this point (closes: #756253, #852513).

  [ Debconf translations ]
  * [ug] Uyghur (Abduqadir Abliz).
  * [es] Spanish (Manuel "Venturi" Porras Peralta; closes: #852977).

 -- Mathieu Trudel-Lapierre <email address hidden> Mon, 06 Nov 2017 15:37:12 -0500