Bug 2221514

Summary: "Unknown TPM error" at boot after upgrading UEFI dbx to version 371
Product: [Fedora] Fedora Reporter: GrĂ©goire <gregoire>
Component: grub2Assignee: Nicolas Frayer <nfrayer>
Status: NEW --- QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: unspecified    
Version: 38CC: fmartine, lkundrak, mlewando, nfrayer, pgnet.dev, pjones, rharwood
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Grégoire 2023-07-09 17:34:59 UTC 
After updating the Secure Boot dbx to v371, my laptop (ASUS UX305F notebook) refused to boot anymore. It would just drop me into a Grub console with no more information. (At this point, I tried to boot using both a Fedora 38 and 37 live image, but neither worked: I just got the grub menu with a single entry labelled "Troubleshooting".)

With some help from old posts in the forum, I did a factory reset in my BIOS, and then restored the Secure Boot keys to their initial value. This allowed Fedora to boot again. \o/

So I applied the UEFI dbx update again (since I now knew how to fix it and I wanted to check that it was reproducible before opening an issue).  This resulted in a slightly different state: at boot I now see a bunch of "Unknown TPM error" messages and then "press any key to continue". After I press a key, Fedora boots normally.



Reproducible: Always

Steps to Reproduce:
1. Update UEFI dbx to 371
2. Reboot
Actual Results:  
Fedora either refuses to boot, or boots with a "Unknown TPM error".

Expected Results:  
Fedora boots normally.

The current situation is just a small annoyance, so I set the severity to low. But I can imagine that a user less comfortable with playing around with bios settings might just be left with an unusable laptop.

There's a similar issue at https://bugzilla.redhat.com/show_bug.cgi?id=2215704 I tried the suggested fix (removing extra boot entry with  but it doesn't seem to make any difference for me.

This one is also the same (asus notebook) but it's now closed: https://bugzilla.redhat.com/show_bug.cgi?id=2128485
Comment 1 Marta Lewandowska 2023-07-17 14:03:22 UTC 
Hi,
which kernel(s) are you booting?
Also, does this workaround https://bugzilla.redhat.com/show_bug.cgi?id=2128485#c6 work for you?

thanks!