0

I have a problem installing several Linux Distros (Linux Mint / Clonezilla) on my Dell OptiPlex 7060 SFF PC (i7-8700) from either verified DVD or USB ISOs.

When I attempt the installation, it comes up with a blue screen with the text: Verification failed: (0x1A) Security Violation The strange thing is, I have used the same ISO images (verified SHA256) on this PC previously and it worked fine with no issues.

From what I have researched, it seems to be an issue with the BIOS / UEFI key, but I am not sure what has changed since the last install of Mint or Clonezilla. I thought that it may have been due to a BIOS upgrade via Dell, but I have done the same upgrades on other similar PCs and the problem isn't repeating itself - they all work okay. There was a video suggesting the latest BIOS upgrade is the problem as it fixed BIOS security vulnerabilities, but I don't think this is the case. The video is : https://www.youtube.com/watch?v=rd9IKUtYuqA

The other scenario is that the cause could have been a result of me installing Kubuntu 22.04.2 on the same PC via USB ISO (verified SHA256) just to see what it was like. Could the latest Kubuntu install have messed my BIOS settings up, which prevents me installing anything older than the current versions? Another user suggested this here: Verification failed: (0x1A) Security Violation while installing Ubuntu ... ing-ubuntu

If the latter is the case, and Canonical updated their UEFI Secure Boot signing key, is there any way to reset the BIOS key, so that I can install the Linux Distros the way I used to, without issue? Or will I have to wait for the next versions of the Linux Distros and hopefully the key issue is addressed in that version?

There has to be a way to reset it. If anybody knows, please inform me. Your help is appreciated.

Darryl

Darryl67Rowan68
  • 1
  • The release of Ubuntu 22.04.2 LTS was delayed a week to ensure it included the latest shim 15.7 which recently replaced the older and now deprecated keys. It's possible that your machine was updated by installation of 22.04.2 and you'll need to use updated ISOs if using Secure-uEFI if the other ISOs are using now deprecated keys. Only Ubuntu is on-topic here, and 22.04 media now is available with 22.04.2 media (if what I'm saying is correct; you'll get errors now with 22.04 or 22.04.1 media too) FYI: All OS companies (inc. Microsoft) deprecate keys on the same organized day – guiverc Mar 04 '23 at 10:49
  • Thanks for your reply. Is there any way of reversing the latest key to the old key on a Dell OptiPlex? – Darryl67Rowan68 Mar 04 '23 at 11:18
  • Perhaps, there is a way to reset the Dell BIOS to an original state, to a point where it has never seen Kubuntu 22.04.2 version with its Shin 15.7? Also, what version Shim did 22.04.1 use? – Darryl67Rowan68 Mar 04 '23 at 11:25
  • Questions about resetting a DELL uEFI/BIOS back to original state are best asked of Dell themselves, as OSes like Ubuntu/Windows have been given methods to upgrade to later versions, but not downgrade (which is firmware specific somewhat) Also fyi: All OSes upgraded at the same time, so Ubuntu, Red Hat, OpenSuSE, Microsoft Windows etc... all have upgraded media that can be used.... If you disable secure-uEFI you can use older media too. – guiverc Mar 04 '23 at 22:11
  • Disabling Secure Boot, at least temporarily, is likely to be the easiest solution; but this is disabling a security feature. Secure Boot keys, including the dbx keys (which identify untrusted loaders) can be manipulated, but doing so is a bit hairy. See this page of mine for information on this topic. We could have a long discussion about the practical and philosophical issues involved, but accepting the small risk of disabling Secure Boot for long enough to install Ubuntu is likely the best solution. You can re-enable it later. – Rod Smith Mar 06 '23 at 00:00

0 Answers0