Bug 2221514

Summary: "Unknown TPM error" at boot after upgrading UEFI dbx to version 371
Product: [Fedora] Fedora Reporter: Grégoire <gregoire>
Component: grub2Assignee: Nicolas Frayer <nfrayer>
Status: CLOSED EOL QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: unspecified    
Version: 38CC: fmartine, lkundrak, mlewando, nfrayer, pgnet.dev, pjones, rharwood
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2024-05-28 13:25:21 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Grégoire 2023-07-09 17:34:59 UTC 
After updating the Secure Boot dbx to v371, my laptop (ASUS UX305F notebook) refused to boot anymore. It would just drop me into a Grub console with no more information. (At this point, I tried to boot using both a Fedora 38 and 37 live image, but neither worked: I just got the grub menu with a single entry labelled "Troubleshooting".)

With some help from old posts in the forum, I did a factory reset in my BIOS, and then restored the Secure Boot keys to their initial value. This allowed Fedora to boot again. \o/

So I applied the UEFI dbx update again (since I now knew how to fix it and I wanted to check that it was reproducible before opening an issue).  This resulted in a slightly different state: at boot I now see a bunch of "Unknown TPM error" messages and then "press any key to continue". After I press a key, Fedora boots normally.



Reproducible: Always

Steps to Reproduce:
1. Update UEFI dbx to 371
2. Reboot
Actual Results:  
Fedora either refuses to boot, or boots with a "Unknown TPM error".

Expected Results:  
Fedora boots normally.

The current situation is just a small annoyance, so I set the severity to low. But I can imagine that a user less comfortable with playing around with bios settings might just be left with an unusable laptop.

There's a similar issue at https://bugzilla.redhat.com/show_bug.cgi?id=2215704 I tried the suggested fix (removing extra boot entry with  but it doesn't seem to make any difference for me.

This one is also the same (asus notebook) but it's now closed: https://bugzilla.redhat.com/show_bug.cgi?id=2128485
Comment 1 Marta Lewandowska 2023-07-17 14:03:22 UTC 
Hi,
which kernel(s) are you booting?
Also, does this workaround https://bugzilla.redhat.com/show_bug.cgi?id=2128485#c6 work for you?

thanks!
Comment 2 Aoife Moloney 2024-05-28 13:25:21 UTC 
Fedora Linux 38 entered end-of-life (EOL) status on 2024-05-21.

Fedora Linux 38 is no longer maintained, which means that it
will not receive any further security or bug fix updates. As a result we
are closing this bug.

If you can reproduce this bug against a currently maintained version of Fedora Linux
please feel free to reopen this bug against that version. Note that the version
field may be hidden. Click the "Show advanced fields" button if you do not see
the version field.

If you are unable to reopen this bug, please file a new report against an
active release.

Thank you for reporting this bug and we are sorry it could not be fixed.