LinuxMint 19: grub-efi-amd64-signed failed to install

Leave a reply

Monthly News – July 2018
Grub EFI amd 64 signed signed package fails on clean install mint 19
Installer Crashed with Error: the grub-efi-amd64-signed package failed to install into /target/ linux mint

sudo mount /dev/sdXXX /mnt
sudo mount /dev/sdXX /mnt/boot/efi
sudo mount -t efivarfs efivarfs /sys/firmware/efi/efivars
for i in /dev /dev/pts /proc /sys /run; do sudo mount -B $i /mnt$i; done
sudo chroot /mnt
grub-install /dev/sdX   or   grub-install -v --target=x86_64-efi --recheck /dev/sdX
update-grub  

$ grub-install -v --target=x86_64-efi --recheck /dev/sdX
[...]
grub-install: info: Registering with EFI: distributor = `ubuntu', path = `\EFI\ubuntu\shimx64.efi', ESP at hostdisk//dev/sda,gpt1.
grub-install: info: executing efibootmgr --version </dev/null >/dev/null.
grub-install: info: executing modprobe -q efivars.
grub-install: info: executing efibootmgr -b 0001 -B.
BootCurrent: 0002
Timeout: 1 seconds
BootOrder: 0002,0000
Boot0000* Diagnostic Program
Boot0002* ubuntu
grub-install: info: executing efibootmgr -b 0002 -B.
BootCurrent: 0002
Timeout: 1 seconds
BootOrder: 0000
Boot0000* Diagnostic Program
grub-install: info: executing efibootmgr -c -d /dev/sda -p 1 -w -L ubuntu -l \EFI\ubuntu\shimx64.efi.
BootCurrent: 0002
Timeout: 1 seconds
BootOrder: 0001,0000
Boot0000* Diagnostic Program
Boot0001* ubuntu
Installation finished. No error reported.

Secure Boot Error: Invalid signature detected. Check secure boot policy in setup
Linux Mint Installation Guide – EFI SecureBoot

$ sudo efibootmgr -v
BootCurrent: 0001
Timeout: 1 seconds
BootOrder: 0002,0001,0000
Boot0000* Diagnostic Program	MemoryMapped(11,0xca89e004,0xcb1cb003)/FvFile(6f1cf8df-2398-4b3b-aaa6-35d97d4a76e9)
Boot0001* ubuntu	HD(1,GPT,2c027cf1-db3e-45e0-becb-a3224a6a7662,0x800,0x80000)/File(\EFI\ubuntu\shimx64.efi)
Boot0002* Ubuntu Boot Manager	HD(1,GPT,2c027cf1-db3e-45e0-becb-a3224a6a7662,0x800,0x80000)/File(\EFI\ubuntu\grubx64.efi)..

$ sudo efibootmgr -o 0001,0002
BootCurrent: 0001
Timeout: 1 seconds
BootOrder: 0001,0002
Boot0000* Diagnostic Program
Boot0001* ubuntu
Boot0002* Ubuntu Boot Manager

Read-only file system

$ sudo grub-install --target=x86_64-efi  
Installing for x86_64-efi platform.
grub-install: error: cannot open `/boot/efi/EFI/ubuntu/grubx64.efi': Read-only file system.

$ sudo mount -o remount,rw /boot/efi

$ sudo apt-get install grub-common grub-efi-amd64 grub-efi-amd64-bin grub-efi-amd64-signed grub2-common grub2-theme-mint mint-meta-cinnamon mint-meta-core os-prober

???
$ sudo apt-get install shim-signed

$ lsblk -f
NAME   FSTYPE LABEL    UUID                                 MOUNTPOINT
sda                                                         
├─sda1 vfat   GPT-BOOT E9CE-9FC2                            /boot/efi
├─sda2                                                      
├─sda3 ntfs            48A0C580A0C574CA                     
├─sda4 ntfs            3E38754C387503E5                     
├─sda5 ext4            27c3c697-3dca-4a68-9709-5b59f20955b0 /
├─sda6 vfat   EFISYS   BD41-11EE                            
├─sda7 ufs             5d349a66b8ac1be8                     
├─sda8                                                      
└─sda9 swap            6a1747ad-120c-4c65-9062-2bb4eb071168 [SWAP]
sr0

nvidia-driver-390

nvidia-compute-utils-390
nvidia-dkms-390
nvidia-driver-390
nvidia-kernel-common-390
nvidia-kernel-source-390
nvidia-prime
nvidia-prime-applet
nvidia-settings
nvidia-utils-390

$ sudo apt-get install shim-signed
[...]
After this operation, 0 B of additional disk space will be used.
Setting up shim-signed (1.37~18.04.8+15+1552672080.a4a1fbe-0ubuntu2) ...
Installing for x86_64-efi platform.
Installation finished. No error reported.
Generating a new Secure Boot signing key:
Can't load /var/lib/shim-signed/mok/.rnd into RNG
140070714560960:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/var/lib/shim-signed/mok/.rnd
Generating a RSA private key
.........................................................................................................................+++++
.................................................+++++
writing new private key to '/var/lib/shim-signed/mok/MOK.priv'
-----

-------- Uninstall Beginning --------
Module:  nvidia
Version: 390.143
Kernel:  4.15.0-142-generic (x86_64)
-------------------------------------

Status: Before uninstall, this module version was ACTIVE on this kernel.

nvidia.ko:
 - Uninstallation
   - Deleting from: /lib/modules/4.15.0-142-generic/kernel/drivers/char/drm/
[...]
depmod...

DKMS: install completed.
This system doesn't support Secure Boot
Secure Boot not enabled on this system.
W: APT had planned for dpkg to do more than it reported back (0 vs 4).
   Affected packages: shim-signed:amd64

Leave a Reply

Your email address will not be published. Required fields are marked *