[Macchiato] RHEL 8 fails to boot with UEFI 18.09.0

Steve McIntyre steve at einval.com
Thu Jun 13 13:45:41 BST 2019 

Hi Andrew!

On Thu, Jun 13, 2019 at 07:32:16PM +1000, Andrew Elwell wrote:
...
>Tianocore/EDK2 firmware version MARVELL UEFI 18.09.0
>Press ESCAPE for boot options XhcCheckUrbResult: BABBLE_ERROR! Completecode = 3
>XhcControlTransfer: error - Device Error, transfer - 8
>...Failed to set MokListRT: Invalid Parameter
>Could not create MokListRT: Invalid Parameter
>Something has gone seriously wrong: import_mok_state() failed
>: Invalid Parameter
>ERROR:   a8k_system_off:  needs to be implemented
>lPANIC at PC : 0x0000000004023208
>
>
>
>From a quick search of MokListRT, it may be I need to put something
>else on the EFI partition and/or update firmware.
>Any suggestions?

Ugh..So SetVariable() is failing to store an update for
MokListRT. *Maybe* that's the issue that commit
741c61abba7d5c74166f8d0c1b9ee8001ebcd186 in upstream shim is trying to
fix. [1]

Unless you've fought through adding keys yourself to enable Secure
Boot on your Macchiato, I'd just drop shim and call Grub straight.

[1] https://github.com/rhboot/shim/commit/741c61abba7d5c74166f8d0c1b9ee8001ebcd186 :

commit 741c61abba7d5c74166f8d0c1b9ee8001ebcd186
Author: Patrick Uiterwijk <patrick at puiterwijk.org>
Date:   Thu Dec 6 10:08:45 2018 +0100

    Make EFI variable copying fatal only on secureboot enabled systems
    
    I have come across systems that are unwilling to reserve enough memory for
    a MokListRT big enough for big certificates.
    This seems to be the case with firmware implementations that do not support
    secureboot, which is probably the reason they went with much lower variable
    storage.
    
    This patch set makes sure we can still boot on those systems, by only
    making the copy action fatal if the system has secure boot enabled, or if
    the error was anything other than EFI_INVALID_PARAMETER.
    
    Signed-off-by: Patrick Uiterwijk <patrick at puiterwijk.org>

-- 
Steve McIntyre, Cambridge, UK.                                steve at einval.com
We don't need no education.
We don't need no thought control.

More information about the Macchiato mailing list