2221514 – "Unknown TPM error" at boot after upgrading UEFI dbx to version 371

Bug 2221514 - "Unknown TPM error" at boot after upgrading UEFI dbx to version 371

Summary: "Unknown TPM error" at boot after upgrading UEFI dbx to version 371

Keywords:
Status:	CLOSED EOL
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	grub2
Sub Component:
Version:	38
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	low
Target Milestone:	---
Assignee:	Nicolas Frayer
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2023-07-09 17:34 UTC by Grégoire
Modified:	2024-05-28 13:25 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2024-05-28 13:25:21 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Grégoire 2023-07-09 17:34:59 UTC

After updating the Secure Boot dbx to v371, my laptop (ASUS UX305F notebook) refused to boot anymore. It would just drop me into a Grub console with no more information. (At this point, I tried to boot using both a Fedora 38 and 37 live image, but neither worked: I just got the grub menu with a single entry labelled "Troubleshooting".)

With some help from old posts in the forum, I did a factory reset in my BIOS, and then restored the Secure Boot keys to their initial value. This allowed Fedora to boot again. \o/

So I applied the UEFI dbx update again (since I now knew how to fix it and I wanted to check that it was reproducible before opening an issue). This resulted in a slightly different state: at boot I now see a bunch of "Unknown TPM error" messages and then "press any key to continue". After I press a key, Fedora boots normally.

Reproducible: Always

Steps to Reproduce:
1. Update UEFI dbx to 371
2. Reboot
Actual Results:
Fedora either refuses to boot, or boots with a "Unknown TPM error".

Expected Results:
Fedora boots normally.

The current situation is just a small annoyance, so I set the severity to low. But I can imagine that a user less comfortable with playing around with bios settings might just be left with an unusable laptop.

There's a similar issue at https://bugzilla.redhat.com/show_bug.cgi?id=2215704 I tried the suggested fix (removing extra boot entry with but it doesn't seem to make any difference for me.

This one is also the same (asus notebook) but it's now closed: https://bugzilla.redhat.com/show_bug.cgi?id=2128485

Comment 1 Marta Lewandowska 2023-07-17 14:03:22 UTC

Hi,
which kernel(s) are you booting?
Also, does this workaround https://bugzilla.redhat.com/show_bug.cgi?id=2128485#c6 work for you?

thanks!

Comment 2 Aoife Moloney 2024-05-28 13:25:21 UTC

Fedora Linux 38 entered end-of-life (EOL) status on 2024-05-21.

Fedora Linux 38 is no longer maintained, which means that it
will not receive any further security or bug fix updates. As a result we
are closing this bug.

If you can reproduce this bug against a currently maintained version of Fedora Linux
please feel free to reopen this bug against that version. Note that the version
field may be hidden. Click the "Show advanced fields" button if you do not see
the version field.

If you are unable to reopen this bug, please file a new report against an
active release.

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.