What the absolute fuck is canonical doing?!??!
“In 26.10, we’d like to propose removing the following features from signed GRUB builds:
Filesystems
Remove btrfs, hfsplus, xfs, zfs
Retain ext4, fat, iso9660 (and squashfs for snaps)
Image formats:
Remove jpeg, png
Retain none
We do not use images, but using that in your grub.cfg locally is a massive security risk (if even still allowed)
Partition tables:
Remove part_apple
Retain part_gpt and part_msod
Support for LVM
Support for md-raid; except raid1.
Support for LUKS-encrypted disks
In effect systems must boot with /boot on a raw ext4 partition (whether a separate or inside of /); on GPT or MBR disks.
This means for example, that an encrypted system must use an ext4 /boot partition; it is no longer possible to encrypt the /boot partition. Likewise a system on ZFS, XFS, BTRFS must use an ext4 /boot partition.”
https://discourse.ubuntu.com/t/streamlining-secure-boot-for-26-10/79069
dimi / Dimi
npub1r7…znspg
2026-03-26 04:17:28 UTC
Author Public Key
npub1r7psmkr4zv93xnal8un6d8hvmpsn5jvhfzn3kk38rfcel6awznks7znspgPublished at
2026-03-26 04:17:28 UTCEvent JSON
{
"id": "1eb8a9130c9680713c6b8370a48153cb87ccc9736552bca0e0b744cdfd5cc7ba",
"pubkey": "1f830dd875130b134fbf3f27a69eecd8613a499748a71b5a271a719febae14ed",
"created_at": 1774498648,
"kind": 1,
"tags": [
[
"r",
"https://discourse.ubuntu.com/t/streamlining-secure-boot-for-26-10/79069"
]
],
"content": "What the absolute fuck is canonical doing?!??!\n\n“In 26.10, we’d like to propose removing the following features from signed GRUB builds:\n\nFilesystems\nRemove btrfs, hfsplus, xfs, zfs\nRetain ext4, fat, iso9660 (and squashfs for snaps)\nImage formats:\nRemove jpeg, png\nRetain none\nWe do not use images, but using that in your grub.cfg locally is a massive security risk (if even still allowed)\nPartition tables:\nRemove part_apple\nRetain part_gpt and part_msod\nSupport for LVM\nSupport for md-raid; except raid1.\nSupport for LUKS-encrypted disks\n\nIn effect systems must boot with /boot on a raw ext4 partition (whether a separate or inside of /); on GPT or MBR disks.\n\nThis means for example, that an encrypted system must use an ext4 /boot partition; it is no longer possible to encrypt the /boot partition. Likewise a system on ZFS, XFS, BTRFS must use an ext4 /boot partition.”\n\nhttps://discourse.ubuntu.com/t/streamlining-secure-boot-for-26-10/79069",
"sig": "62de0e3fe4d67917ad83ed97381a282710ae2d5133148daedabb71d4f0397540b7a7d689a4d5cda5e863f1d5b6a1ef7a8b343a68e63f2af4132176bd88be1645"
}