| Summary: | Can't install KDE neon because mmx64.efi is missing. | ||
|---|---|---|---|
| Product: | [KDE Neon] neon | Reporter: | kissmeon |
| Component: | Live/Install images | Assignee: | Neon Bugs <neon-bugs> |
| Status: | RESOLVED FIXED | ||
| Severity: | critical | CC: | jr, neon-bugs, sitter |
| Priority: | NOR | ||
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Platform: | Neon | ||
| OS: | Linux | ||
| Latest Commit: | Version Fixed In: | ||
| Sentry Crash Report: | |||
|
Description
kissmeon
2020-09-04 02:22:19 UTC
What does `ls /sys/firmware/efi/efivars/ |grep Mok` have to say? (In reply to Harald Sitter from comment #1) > What does `ls /sys/firmware/efi/efivars/ |grep Mok` have to say? Sorry on another distro already so can check it. And don't think it was even possible to check because after the message that mmx64.efi is missing the laptop shuts down. You'd check that on a running system. (In reply to Harald Sitter from comment #3) > You'd check that on a running system. Do I need to install the OS or from Live USB will be enough? If Live USB is an option I can make it again so I can help you fix this for other users. Any running linux is good enough. It doesn't have to be neon, it doesn't have to be installed. (In reply to Harald Sitter from comment #5) > Any running linux is good enough. It doesn't have to be neon, it doesn't > have to be installed. The command ls /sys/firmware/efi/efivars/ |grep Mok gives me no result at all on installed Kubuntu (what I am using right now). ls /sys/firmware/efi/efivars/ gives me the result down. Hope it helps. A01LastSataPortPresent-89cb0e8d-393c-4830-bfff-65d9147e8c3b A01WindowsMode-89cb0e8d-393c-4830-bfff-65d9147e8c3b ACFB-89cb0e8d-393c-4830-bfff-65d9147e8c3b ACUB-89cb0e8d-393c-4830-bfff-65d9147e8c3b AdministerSecureBoot-59d1c24f-50f1-401a-b101-f33e0daed443 ADTC-89cb0e8d-393c-4830-bfff-65d9147e8c3b AEBT-89cb0e8d-393c-4830-bfff-65d9147e8c3b AFBD-89cb0e8d-393c-4830-bfff-65d9147e8c3b AHPL-89cb0e8d-393c-4830-bfff-65d9147e8c3b ASTM-89cb0e8d-393c-4830-bfff-65d9147e8c3b AuthVarKeyDatabase-aaf32c78-947b-439a-a180-2e144ec37792 Boot0000-8be4df61-93ca-11d2-aa0d-00e098032b8c Boot0001-8be4df61-93ca-11d2-aa0d-00e098032b8c Boot0002-8be4df61-93ca-11d2-aa0d-00e098032b8c Boot0006-8be4df61-93ca-11d2-aa0d-00e098032b8c Boot2001-8be4df61-93ca-11d2-aa0d-00e098032b8c Boot2002-8be4df61-93ca-11d2-aa0d-00e098032b8c Boot2003-8be4df61-93ca-11d2-aa0d-00e098032b8c BootCurrent-8be4df61-93ca-11d2-aa0d-00e098032b8c BootDevice-0a4cd120-ea2d-4aef-a4b0-b0c08cbbdbbe BootOrder-8be4df61-93ca-11d2-aa0d-00e098032b8c BugCheckCode-ba57e015-65b3-4c3c-b274-659192f699e3 BugCheckParameter1-ba57e015-65b3-4c3c-b274-659192f699e3 BugCheckProgress-ba57e015-65b3-4c3c-b274-659192f699e3 CapsuleLongModeBuffer-711c703f-c285-4b10-a3b0-36ecbd3c8be2 certdb-59d1c24f-50f1-401a-b101-f33e0daed443 ConIn-8be4df61-93ca-11d2-aa0d-00e098032b8c ConInCandidateDev-59d1c24f-50f1-401a-b101-f33e0daed443 ConInDev-8be4df61-93ca-11d2-aa0d-00e098032b8c ConOut-8be4df61-93ca-11d2-aa0d-00e098032b8c ConOutCandidateDev-59d1c24f-50f1-401a-b101-f33e0daed443 ConOutDev-8be4df61-93ca-11d2-aa0d-00e098032b8c CurrentPolicy-77fa9abd-0359-4d32-bd60-28f4e78f784b Custom-a04a27f4-df00-4d42-b552-39511302113d CustomPlatformLang-59d1c24f-50f1-401a-b101-f33e0daed443 CustomSecurity-59d1c24f-50f1-401a-b101-f33e0daed443 db-d719b2cb-3d3a-4596-a3bc-dad00e67656f dbDefault-8be4df61-93ca-11d2-aa0d-00e098032b8c dbx-d719b2cb-3d3a-4596-a3bc-dad00e67656f dbxDefault-8be4df61-93ca-11d2-aa0d-00e098032b8c ErrOutDev-8be4df61-93ca-11d2-aa0d-00e098032b8c FUB-1dd54778-f3ea-11e0-af9a-84914824019b IrsiInfo-5bce4c83-6a97-444b-63b4-672c014742ff IsctData-69a20012-b167-4e35-a999-98ee0835f02e ItkBiosModVar-3812723d-7e48-4e29-bc27-f5a39ac94ef1 KEK-8be4df61-93ca-11d2-aa0d-00e098032b8c KEKDefault-8be4df61-93ca-11d2-aa0d-00e098032b8c Lang-8be4df61-93ca-11d2-aa0d-00e098032b8c LangCodes-8be4df61-93ca-11d2-aa0d-00e098032b8c LegacyDevOrder-a56074db-65fe-45f7-bd21-2d2bdd8e9652 LoaderSystemToken-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f MemoryConfig-10ba6bbe-a97e-41c3-9a07-607ad9bd60e5 MemoryOverwriteRequestControl-e20939be-32d4-41be-a150-897f85d49829 MsdmAddress-fd21bf2b-f5d1-46c5-aee3-c60158339239 MTC-eb704011-1402-11d3-8e77-00a0c969723b OfflineUniqueIDRandomSeedCRC-eaec226f-c9a3-477a-a826-ddc716cdc0e3 OfflineUniqueIDRandomSeed-eaec226f-c9a3-477a-a826-ddc716cdc0e3 OsIndications-8be4df61-93ca-11d2-aa0d-00e098032b8c OsIndicationsSupported-8be4df61-93ca-11d2-aa0d-00e098032b8c PBRDevicePath-a9b5f8d2-cb6d-42c2-bc01-b5ffaae4335e PchInit-e6c2f70a-b604-4877-85ba-deec89e117eb PchS3Peim-e6c2f70a-b604-4877-85ba-deec89e117eb PciLanInfo-0d9a1427-e02a-437d-926b-aa521fd722ba PhysicalBootOrder-59d1c24f-50f1-401a-b101-f33e0daed443 PK-8be4df61-93ca-11d2-aa0d-00e098032b8c PKDefault-8be4df61-93ca-11d2-aa0d-00e098032b8c PlatformCpuInfo-10ba6bbe-a97e-41c3-9a07-607ad9bd60e5 PlatformInfo-10ba6bbe-a97e-41c3-9a07-607ad9bd60e5 PlatformLang-8be4df61-93ca-11d2-aa0d-00e098032b8c PlatformLangCodes-8be4df61-93ca-11d2-aa0d-00e098032b8c RestoreFactory-59d1c24f-50f1-401a-b101-f33e0daed443 RestoreFactoryDefault-59d1c24f-50f1-401a-b101-f33e0daed443 SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c SecureBootEnforce-59d1c24f-50f1-401a-b101-f33e0daed443 SecureFlashInfo-382af2bb-ffff-abcd-aaee-cce099338877 Setup-a04a27f4-df00-4d42-b552-39511302113d SetupMode-8be4df61-93ca-11d2-aa0d-00e098032b8c SignatureSupport-8be4df61-93ca-11d2-aa0d-00e098032b8c SMAA-89cb0e8d-393c-4830-bfff-65d9147e8c3b SMAB-89cb0e8d-393c-4830-bfff-65d9147e8c3b SMAC-89cb0e8d-393c-4830-bfff-65d9147e8c3b Timeout-8be4df61-93ca-11d2-aa0d-00e098032b8c UefiBoot-a04a27f4-df00-4d42-b552-39511302113d UnlockIDCopy-eaec226f-c9a3-477a-a826-ddc716cdc0e3 VarEdit-97d2f285-b16b-46d6-8aab-341a84a6e634 VendorKeys-8be4df61-93ca-11d2-aa0d-00e098032b8c WBMN-89cb0e8d-393c-4830-bfff-65d9147e8c3b WBSN-89cb0e8d-393c-4830-bfff-65d9147e8c3b Forgot to mention my secure boot is off right now. Got the latest ISO today and it installed without any problems. Thanks for the update; changing status. Git commit b0846c92dec97f4483ed16042ac67729e7e41ce1 by Harald Sitter. Committed on 11/11/2020 at 13:41. Pushed by sitter into branch 'Neon/release-lts'. attempt to inject the MM image file for secureboot this is missing from upstream live-build unfortunately but at least on ubuntu bases we need it included as the shim.efi will load the mm.efi when it finds certain Mok related nvars being set MM being the mok manager for doing key management. this notably can happen when the user installs ubuntu with proprietary hardware that requires unsigned kernel modules. to still carry out secureboot it needs to enroll a custom key. this is done through the MM. the installation will set a bunch of nvars that get checked by the shim on the next boot and the shim then starts the mm and the mm will enroll the key. if the actual target system shim is never run but instead one directly boots into another live iso that iso's shim would be the one in need of running the mok, hence the need for the mm.efi as otherwise our shim would attempt to load the MM on account of finding Mok related vars and then falling flat on the face because the mm*.efi file doesn't exist this is pretty far out as far as unfortunate chains of events go M +10 -0 scripts/build/lb_binary_grub-efi https://invent.kde.org/neon/forks/live-build/commit/b0846c92dec97f4483ed16042ac67729e7e41ce1 Seems that should fix it moving forward. /usr/sbin/update-secureboot-policy --new-key mokutil --import /var/lib/shim-signed/mok/MOK.der results in Mok vars in /sys/firmware/efi/efivars/ and mok manager starting on next run, this now also works correctly with a test ISO I've just built. |