1

I have the same error as described here... Couldn't Create Moklist: Volume Full - grub doesn't start at all

Disabling secure boot did not help.

I cannot boot into my OS and also with a liveUSB I cannot boot.

Laptop is an old ASUS. The OS on my HDD is Ubuntu and that is the only want I want.

I also read here... https://www.reddit.com/r/Fedora/comments/172azxc/live_usb_wont_boot_volume_full/ - that the only solution is to delete all the keys, reinstall them, save, and restart. I am just not sure how to do it. MY QUESTION: What I do first, second, third, etc.? It seems not recommended to do this (= risky), but I have no choice, so I want to do it right. Do I delete all keys at once and then what as to how to reinstall? Or do I just do the Platform Key (PK) and then either "set new key" or first "delete key" and then what? Or another or all listed secure boot variables?

Here some screenshots:

MokListRT_ERROR:

MokListRT_ERROR

Delete_All_Secure_Boot_Variables:

Delete_All_Secure_Boot_Variables

Key_Management_Set_New_Key_Delete_Key:

Key_Management_Set_New_Key_Delete_Key

Secure_Boot_Secure_Boot_Control_Disabled:

Secure_Boot_Secure_Boot_Control_Disabled

Boq7
  • 13

2 Answers2

1

It depends on which version of ubuntu you are using... if it is 23.10 or earlier, the fix should take. If it is 24.04, then it will only work once & you will need to do the following every time you want to run the OS, until the bug is fixed.

Of course, if you have anything like virtualbox which requires you to register keys in the bios (when using secure boot), it will probably break that until you re-register. So, this is not without risk.

What you want is to do is select 'Forbidden signatures' and choose 'set new key'.. what we are aiming for is to load a 'default keys' in the 'forbidden signatures'. You won't need to delete if you can choose to load the default. Deleting the 'forbidden keys' would sort of work, but you would still need to set a new key & load in default key/s.

I would avoid deleting the keys at first if possible, as you can always bail out if you can't find the add default keys. But it is only the 'Forbidden keys' we need to work with here.

After the forbidden keys are reset to default, start up the OS and go to the 'firmware updater' and go to the bottom option on the left side, which should be the DBX one, see if you can choose an earlier version of the updates... the one in the 2XX range. Load that in and restart the pc.

This should get you through from there on. You want have the most latest forbidden keys protection, but you will be up and running (assuming you are not running 24.04). The We both just need to wait for the bug fix.

Worn-out_home-tech
  • 307
  • 2
  • 11
0

From what I gather to your question, I've had the same problem on my I7-6700 for the last 6 months or so. For me, I managed to solve it (on 23.10) by a combination of resetting the DBX ('forbidden keys'as per your picture) back to its default. That let me through.

I then went to the new 'firmware updater' and chose the UFI DBX firmware version before the '371' version (somewhere in the 2 hundreds).

This method doesn't work permanently on 24.04 as the system seems to automatically upgrade the DBX to 421 on my machine, so I have to reset the 'forbidden keys' everytime I boot. From what I understand this issue has been logged as a bug.

In both cases, I did not need to turn off secure boot.

Worn-out_home-tech
  • 307
  • 2
  • 11