I also blah, blah, blah, upgraded Kubuntu to 19.10 and updated to
5.3.0-19-generic.
System:
ASUS GL553VE Laptop
GPT Disk with EFI partition
No TPM module installed that I can determine
BIOS:
Latest == 308
No TPM settings
Turned off Secure Boot and CSM
GRUB Boot Error:
error: Unknown TPM error. (multiple)
error: you need to load the kernel first
FIX:
Boot a broken system:
'c' to command line
grub> rmmod tpm
'esc'
Select any boot option to boot normally
Fix GRUB once booted:
sudo grub-install --no-uefi-secure-boot /dev/sd<your disk letter>
reboot
I'm documenting my experience in the following details so that maybe
somebody can figure it out and finally fix the effing thing.
Apparently, I had an older kernel {from 19.04?) that would boot even though I
had a later kernel installed. I didn't notice the grub failures as I had:
GRUB_TIMEOUT_STYLE=hidden
GRUB_TIMEOUT=0
and the system was apparently failing. When I changed:
#GRUB_TIMEOUT_STYLE=hidden
GRUB_TIMEOUT=10
I thought I was borked! I rebooted and left it while I did some research. It
apparently had time to fall back to the earlier working kernel which surprised
me. In the attempt to clean the system, I did a "sudo apt autoremove" which
really did bork my system as the fallback kernel was now gone.
I looked all over the intertubes and found little help--even this post,
I fiddled with turning on and off the BIOS Fast Boot, CSM, and Secure
Boot to no effect.
I guessed on trying to remove the tpm module during the grub boot as
above. The grub documentation is VERY POOR at describing how specific
modules get loaded. The tpm.mod file has no "insmod" command anywhere
on the system. However, the /boot/grub/x86_64-efi/ directory has a
moddep.lst file that shows the dependencies between modules and files:
tpm <- verifiers <- normal <- many others. Automagically, tpm.mod gets
loaded. I suppose I could have set a "rmmod tpm.mod" in a
/etc/default/grub.d/40-custom.cfg file, but that didn't seem really
elegant.
So, grub is apparently detecting and demanding Secure Boot even though it's off
and the installed vmlinuz and initrd files can't get validated. I don't know
why the earlier kernel didn't fail. I tried a manual boot with:
grub> ls
to get the disks
grub> set root=(hd0,1)
grub> linux /boot/vmlinuz-5.3.0-19-generic root=/dev/sda1
Failed with the "error: Unknown TPM error."
grub> initrd /boot/initrd.img-5.3.0-19-generic
Failed with the "error: you need to load the kernel first"
Of course!!! because "linux" failed to set linux
grub> boot
FAIL!
Then, I did:
grub> rmmod tpm
Complains with the "error: Unknown TPM error."
But works because a repeat doesn't produce the error message
Repeat "linux"
No error
Repeat "initrd"
No error
grub> boot
SUCCESS!
Then, I eventually worked my way around to the "grub-install" man pages
and saw the "--no-uefi-secure-boot" and "--uefi-secure-boot" switches.
What if...YUP! Turning off UEFI Secure Boot for the grub install did
it. Why the hell can't grub get it right from the BIOS settings? Why
is tpm.mod failing in this odd way? Why did the older kernel work when
tpm.mod is loaded and the newer ones did not?
Working for now, but I know any possible automatic grub update with a
"grub-install" will bork it in the future.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1848892
Title:
"error: Unknown TPM error." after upgrading to grub 2.04
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1848892/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
