Ubuntu engineers are currently considering reducing the number of features in the signed version of GRUB, the boot loader used on systems with Secure Boot enabled. Canonical engineer Julian Klode has suggested removing support for several filesystems including btrfs, HFS+, XFS, and ZFS, alongside certain image parsers within GRUB, ahead of the Ubuntu 26.10 release. Other features proposed for removal include Apple partition table support, LVM volume handling, and support for all software RAID configurations except for RAID 1. Most controversially, the proposal includes potentially dropping support for LUKS-encrypted /boot partitions.
These features, according to Klode, were inherited from Debian but have not been adequately tested in Ubuntu. He emphasizes that making these changes after a Long Term Support (LTS) release allows affected users to stay on a supported version for 10 years, rather than forcing them onto an interim release with a shorter support window.
The main driver for these proposed changes is security. GRUB operates before the Linux operating system boots up and, as such, it lacks the inherent protections found in Linux environments. Vulnerabilities in GRUB can lead to potential exploits, raising concerns over security.
However, the proposal seems to impact users who have complex boot configurations not provided by the standard OS installer. Canonical engineer Máté Kukri reassured that full disk encryption is not being removed, and standard installations will remain unaffected. The majority of Ubuntu users typically install the operating system using default options. Yet, users with configurations like a manually created LUKS-encrypted /boot, or those using filesystems like ZFS or btrfs, may be unable to upgrade to Ubuntu 26.10 under the new rules.
The proposals have sparked a mix of reactions within the community. While the security aims are welcomed, there are concerns whether the removals are fully justified. Some features, such as btrfs and XFS, reportedly have no known GRUB security vulnerabilities. The Technical Board member Thomas Ward noted that configurations using LVM could be similarly affected, raising questions about widespread implications.
In summary, while the intention behind these changes is to enhance security, further discussion and clarification within the community will shape the direction of these proposals as the release approaches. The interim nature of version 26.10 may provide adequate time for refinement and feedback adjustments before the final rollout.
Learn more about Ubuntu and GRUB
Explore Ubuntu 26.10 details
Understand Secure Boot implications
Security concerns in Linux