6

Before showing GRUB, it shows

Unable to trigger tcg2 final events table: Invalid Parameter
Something has gone seriously wrong: import_mok_state() failed
: Invalid Parameter

and machine power off.

It's my first time to install Ubuntu 19.04 on this machine, DELL T5810 with UEFI. The Ubuntu installation was fine, enrolling the Machine Owner Key MOK caused the boot error. When I ran sudo apt install virtualbox. virtualbox installation prompted me to enroll MOK; I rebooted the machine, and enrolled MOK. Then it entered the above dead state.

Booting from Ubuntu's LiveUSB installer shows the same error message. Luckily, I can still boot into Windows 10 on the same machine. I just want to revert enrolling MOK. Not installing Virtualbox in future is acceptable.

What I've tried:

  1. Searching the error message leads to mokutil, but I can't boot into Linux now.
  2. I also tried to reset BIOS, but it doesn't work at all (I have to repair Windows boot).
  3. Open EFI partition in Windows, deleted EFI/ubuntu, EFI/BOOT/fbx64.efi, EFI/BOOT/mmx64.efi.
  4. I've deleted successful installed Ubuntu partition.
  5. Tried Ubuntu 18.04 Live USB.
  6. Upgrade BIOS to latest version from Dell website.
  7. Delete and re-create EFI partition completely under Windows.

The first 3 partitions are

  1. EFI
  2. Windows
  3. Ubuntu (has been removed)
K7AAY
  • 17,202
qxg
  • 163
  • 4
    Have you tried turning off UEFI Secure Boot? May be "Windows" or "Other" setting. may be similar:Dell Precision 5820 with PCI NVME SSD UEFI update & SSD firmware update https://ubuntuforums.org/showthread.php?t=2402254 MOK key only required for proprietary drivers with UEFI Secure boot on, as Ubuntu cannot make proprietary drivers signed, but a user can if he believes software is safe. – oldfred May 22 '19 at 22:33
  • 1
    Turning off Secure Boot doesn't fix the problem and I do want to use secure boot for my Windows. – qxg May 23 '19 at 03:19
  • 2
    How you boot install media UEFI or BIOS is then how it installs or repairs. If UEFI Secure boot is on, you only have UEFI boot. With Secure boot off, you get two boot options in UEFI boot menu, one UEFI:flash and other flash where flash is name or label of flash drive. – oldfred May 23 '19 at 11:45
  • Please make sure to clone your drive (using Clonezilla https://clonezilla.org/clonezilla-live.php or some other tool) to another drive of the same size or larger, to protect your Windows installation and all your data. – K7AAY May 23 '19 at 17:11
  • 1
    Thanks for reminder @K7AAY, but I can't afford large external storage or down time right now. The disk has 1T storage and the windows partition itself if 500G. I guess completely re-ceating EFI partition should work, but I'm not sure if I can fix Windows boot after complete deleting EFT partition. I'm trying this on a VM now. – qxg May 24 '19 at 08:19
  • Added a second bonus to try to draw more attention, after the first timed out. – K7AAY May 31 '19 at 17:34
  • @qxg is secure boot a requirement here? because it's causing issues clearly. – tatsu Jun 04 '19 at 13:28
  • @tatsu, yes. It’s causing problem unexpectedly. I need some explanation and fix instead of workaround. – qxg Jun 04 '19 at 22:20
  • https://builders.intel.com/docs/networkbuilders/secure-the-network-infrastructure-secure-boot-methodologies.pdf may be helpful. – K7AAY Jun 11 '19 at 17:11

1 Answers1

2

Please see my post and my own answer to an identical problem on Ubuntu 18.04.2 LTS here.

The trick is to turn on TPM in bios settings. As I understand it, you need TPM ON or ACTIVE for storing and looking up keys. Let us know if this helps.

AC-DC
  • 56
  • You saved me. Finally I switched my main working machine to Linux. Never go back. – qxg Jun 25 '19 at 04:48
  • Glad I could help! I did a lot of research on TPM before I came to the conclusion that it is necessary for storing keys for proprietary drivers. Thank you for confirming that turning TPM ON worked for you as well. – AC-DC Jun 26 '19 at 23:20