2

I was required to replace the motherboard in my Toshiba laptop, due to a bad ethernet port. Secure boot was enabled at first boot, and my syslog got bombed with invalid Secure Boot password error messages. The system does not ask for me to input/change the password.

I turned off Secure Boot, as it had been before I replaced the motherboard.

But how do I clear this... so I can run with Secure Boot enabled... something to do with MOK?

Note that vboxdrv is the driver that's complaining...

vboxdrv.sh[1097]: Configuring Secure Boot
vboxdrv.sh[1097]: -----------------------
vboxdrv.sh[1097]: Your system has UEFI Secure Boot enabled.
vboxdrv.sh[1097]: UEFI Secure Boot requires additional configuration to work with third-party
vboxdrv.sh[1097]: drivers.
vboxdrv.sh[1097]: The system will assist you in configuring UEFI Secure Boot. To permit the use of
vboxdrv.sh[1097]: third-party drivers, a new Machine-Owner Key (MOK) has been generated. This key
vboxdrv.sh[1097]: now needs to be enrolled in your system's firmware.
vboxdrv.sh[1097]: To ensure that this change is being made by you as an authorized user, and not
vboxdrv.sh[1097]: by an attacker, you must choose a password now and then confirm the change after
vboxdrv.sh[1097]: reboot using the same password, in both the "Enroll MOK" and "Change Secure Boot
vboxdrv.sh[1097]: state" menus that will be presented to you when this system reboots.
vboxdrv.sh[1097]: If you proceed but do not confirm the password upon reboot, Ubuntu will still be
vboxdrv.sh[1097]: able to boot on your system but any hardware that requires third-party drivers
vboxdrv.sh[1097]: to work correctly may not be usable.

vboxdrv.sh[1097]: Enter a password for Secure Boot. It will be asked again after a reboot.
vboxdrv.sh[1097]: Enter the same password again to verify you have typed it correctly.
vboxdrv.sh[1097]: Invalid password
vboxdrv.sh[1097]: The Secure Boot key you've entered is not valid. The password used must be
vboxdrv.sh[1097]: between 8 and 16 characters.

vboxdrv.sh[1097]: Enter a password for Secure Boot. It will be asked again after a reboot.
vboxdrv.sh[1097]: Enter the same password again to verify you have typed it correctly.
vboxdrv.sh[1097]: Invalid password
vboxdrv.sh[1097]: The Secure Boot key you've entered is not valid. The password used must be
vboxdrv.sh[1097]: between 8 and 16 characters.
heynnema
  • 70,711
  • Secure Boot is a problem only if you install 3rd party kernel modules. In your case it is vboxdrv. You need to disable Secure Boot or do what is suggested: enroll the key. – Pilot6 Jan 05 '20 at 15:35
  • @Pilot6 How to do that? The system never asked me to enter/confirm password. I'm not familiar with MOK, or even know if that's the correct utility to use. – heynnema Jan 05 '20 at 15:36
  • See https://askubuntu.com/questions/762254/why-do-i-get-required-key-not-available-when-install-3rd-party-kernel-modules – Pilot6 Jan 05 '20 at 15:36
  • The easiest way is to disable Secure Boot. It is completely useless for security. It is not worth tinkering with MOK. – Pilot6 Jan 05 '20 at 15:37
  • @Pilot6 your answer there sudo mokutil --disable-validation seems to disable secure boot (which I can manually do in the BIOS), correct? From the message above, all I need to do is to register the new MOK key, no? But the system never asks me to provide/confirm a password. – heynnema Jan 05 '20 at 15:48
  • It should ask. Try to disable from mokutil and see if it asks for a password. But can you tell why would you want to have SB enabled. You'll have this sort of problem with each and every driver like Nvidia, wireless, etc. But there is no advantage in SB. – Pilot6 Jan 05 '20 at 15:54

1 Answers1

2

As per @Pilot6, I just turned off Secure Boot.

heynnema
  • 70,711