shim fails to load MokManager
Re: shim fails to load MokManager
So one TPM with a BIOS setting to change its mode and the right mode needs to be chosen.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
- Posts: 37
- Joined: 2017/08/14 04:21:54
Re: shim fails to load MokManager
I understand his post now. My TPM chip is 2.0 though. I can convert it to a v1.2 TPM chip. Is there something wrong with 2.0?
My TPM chip was freshly installed into the machine. The machine never had a TPM chip installed before. I also installed new hard drives at the same time, so no OS had not been installed. I did a fresh install of CentOS 7 and when I rebooted, that's when it refused to boot with that error message.
Downgrading the shim package fixed my issue. To me, that sounds like it's not an issue with my TPM chip being misconfigured, but more something wrong with the how the packages for CentOS are handling it...unless the older version of shim was flawed and the latest version on the repo's fixed some flaw that breaks my default configuration....
-- Niklaus Wirth's Law: software is getting slower more rapidly than hardware becomes faster.
Re: shim fails to load MokManager
Hello.
I'm reporting a similar problem; maybe it is related. The solution to your problem addressed this problem. (downgraded shim)
Hardware: Really old, Dell PowerEdge R710, has TPM, TPM is disabled in BIOS, mokutil reports secure boot is not supported. (Not a problem, just a detail that may help with diagnoses of cause), OS installed on RAID-1 LD (PERC 6/i, RAID dedicated Write-Cache, RAID-1 system volumes, RAID-5 secondary, BBU OK, 100% charge, 75% of capacity when new), this has all of the latest Firmware/BIOS updates from Dell, in Dell published ISO from November 2018.
This machine has been on CentOS 7.x through many upgrades and started with a UEFI install. Around December 3, 2018, upgraded from 7.5.1804 to 7.6.1810.
The yum upgrade/update reported no problems. I issued "sync". I rebooted it.
On reboot, an error message on boot/grub:
Error appeared on each reboot.
Used DRAC (like IPMI with a console or ILO) remote media, boot from ISO, recovery, chroot to installed system:
7.6.1810 (after upgrade + failed boot) had: shim-x64-15-1.el7.centos.x86_64 and mokutil-15-1.el7.centos.x86_64
7.5.1804 (before upgrade) had: shim-x64-12-2.el7.x86_64 mokutil-12-2.el7.x86_64
Completed download of 7.5.1804 versions of those two.
Issued an "rpm --force -U" for both.
Rebooted, and boot works with these two older packages. (I am not sure which, addressed the problem.)
I have several other servers upgraded to 7.6.1810. No other servers exhibited this problem. Others also have TPM, which are disabled in BIOS, but different models.
I hope this helps with your trouble report to diagnose the cause.
I'm reporting a similar problem; maybe it is related. The solution to your problem addressed this problem. (downgraded shim)
Hardware: Really old, Dell PowerEdge R710, has TPM, TPM is disabled in BIOS, mokutil reports secure boot is not supported. (Not a problem, just a detail that may help with diagnoses of cause), OS installed on RAID-1 LD (PERC 6/i, RAID dedicated Write-Cache, RAID-1 system volumes, RAID-5 secondary, BBU OK, 100% charge, 75% of capacity when new), this has all of the latest Firmware/BIOS updates from Dell, in Dell published ISO from November 2018.
This machine has been on CentOS 7.x through many upgrades and started with a UEFI install. Around December 3, 2018, upgraded from 7.5.1804 to 7.6.1810.
The yum upgrade/update reported no problems. I issued "sync". I rebooted it.
On reboot, an error message on boot/grub:
Code: Select all
Failed to set MokListRT: Invalid Parameter
Something has gone seriously wrong: import_mok_state() failed
: Invalid Parameter
Used DRAC (like IPMI with a console or ILO) remote media, boot from ISO, recovery, chroot to installed system:
7.6.1810 (after upgrade + failed boot) had: shim-x64-15-1.el7.centos.x86_64 and mokutil-15-1.el7.centos.x86_64
7.5.1804 (before upgrade) had: shim-x64-12-2.el7.x86_64 mokutil-12-2.el7.x86_64
Completed download of 7.5.1804 versions of those two.
Issued an "rpm --force -U" for both.
Rebooted, and boot works with these two older packages. (I am not sure which, addressed the problem.)
I have several other servers upgraded to 7.6.1810. No other servers exhibited this problem. Others also have TPM, which are disabled in BIOS, but different models.
I hope this helps with your trouble report to diagnose the cause.
Re: shim fails to load MokManager
That's also known and addressed in a testing update. You can get more details from https://bugs.centos.org//view.php?id=15522 which I believe has a link to newer unsigned packages to correct the problem.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: shim fails to load MokManager
Thanks! I am in no rush to upgrade. I can wait until the new release is out of testing.TrevorH wrote: ↑2018/12/07 07:37:57That's also known and addressed in a testing update. You can get more details from https://bugs.centos.org//view.php?id=15522 which I believe has a link to newer unsigned packages to correct the problem.