UEFI/Secureboot - "Failed to start MokManager" error when trying to install 3rd party drivers during install, leading to unbootable device

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1845466

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

reproduced on a Dell Inspiron 7472

installer logs

This bug was fixed in the package grub2 - 2.04-1ubuntu6

---------------
grub2 (2.04-1ubuntu6) eoan; urgency=medium

  * debian/patches/install-signed.patch: fix paths for MokManager/fallback;
    shim no longer ships these with a .signed suffix. (LP: #1845466)

 -- Mathieu Trudel-Lapierre <email address hidden> Thu, 26 Sep 2019 09:48:07 -0400

Tested on the same device with image http://cdimage.ubuntu.com/daily-live/20190926.1/eoan-desktop-amd64.iso

It works fine now!

And after install, I checked that grub2 package was indeed v2.04-1ubuntu6.

Merci Mathieu !

I have a new Dell XPS 13 7390 that is experiencing this exact issue after trying to install a fresh copy of 18.04.03. How do I recover? Is my machine bricked? I get past the Dell logo, see the error message described, and the machine turns off. I have played with many combinations in the BIOS, burned several bootable images on discs, and created several bootable USB sticks. Nothing seems to help. Please advise.

Hi Luke,

First of all: don't worry, your device is not bricked. MOK (Machine-Owner Keys) is a mechanism that allows the user of a system to add his/her own secure keys in addition to the ones the machine already has. It is used by Ubuntu because Ubuntu may include additional stuff (the "3rd party drivers") that are not signed by the default security keys. Therefore, it is required to add other security keys to be able to install and enable these 3rd party drivers.

Did you try the latest version (Ubuntu 19.10)? Or only different 18.04 ISOs?

Mathieu Trudel-Lapierre provided a fix (see comment #4) for grub2 (included in 2.04-1ubuntu6). According to the packages list [1], the version in 18.04 (bionic) is 2.02-2ubuntu8, so I don't think it includes the fix.

[1] https://packages.ubuntu.com/bionic/grub2

Hi, Pierre,

Thank you so much for your detailed response. I ended up solving my problem
by installing Ubuntu 18.04.03 without including 3rd Party add-ons. I added
what I needed manually after the installation. I wanted to go with 18.04.03
because I wanted a distro with LTS. I am glad I found a resolution because
I spent about 6 hours working on this problem and was convinced that it was
a BIOS issue, not a problem with Ubuntu.

Thanks,
Luke

On Thu, Nov 28, 2019 at 8:20 PM Pierre Equoy <email address hidden>
wrote:

> Hi Luke,
>
> First of all: don't worry, your device is not bricked. MOK (Machine-
> Owner Keys) is a mechanism that allows the user of a system to add
> his/her own secure keys in addition to the ones the machine already has.
> It is used by Ubuntu because Ubuntu may include additional stuff (the
> "3rd party drivers") that are not signed by the default security keys.
> Therefore, it is required to add other security keys to be able to
> install and enable these 3rd party drivers.
>
> Did you try the latest version (Ubuntu 19.10)? Or only different 18.04
> ISOs?
>
> Mathieu Trudel-Lapierre provided a fix (see comment #4) for grub2
> (included in 2.04-1ubuntu6). According to the packages list [1], the
> version in 18.04 (bionic) is 2.02-2ubuntu8, so I don't think it includes
> the fix.
>
> [1] https://packages.ubuntu.com/bionic/grub2
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1845466
>
> Title:
> UEFI/Secureboot - "Failed to start MokManager" error when trying to
> install 3rd party drivers during install, leading to unbootable device
>
> Status in grub2 package in Ubuntu:
> Fix Released
> Status in grub2 source package in Eoan:
> Fix Released
>
> Bug description:
> Image:
> http://cdimage.ubuntu.com/daily-live/20190926/eoan-desktop-amd64.iso
> Device: Dell XPS 13 7390 (201908-27305)
>
> Note:
> - TPM2 is disabled (because of lp:1845454)
> - Secure Boot is enabled
>
> Install Ubuntu 19.10.
> Check the box "Install third party drivers". You'll have to input a
> password used by Secure Boot at the next reboot.
> Complete the installation and restart the device.
>
> Expected result:
> The device reboots in the MOK Management screen where you can enroll the
> new MOK. Then the boot process continues and you can log in Ubuntu.
>
> Actual result:
> The following error is shown for a few seconds, then the device turns
> off:
>
> Failed to open \EFI\ubuntu\mmx64.efi - Not Found
> Failed to load image \EFI\ubuntu\mmx64.efi: Not Found
> Failed to start MokManager: Not Found
> Something has gone seriously wrong: import_mok_state() failed: Not Found
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1845466/+subscriptions
>