[Bug 1848892] Re: "error: Unknown TPM error." after upgrading to grub 2.04

AtesComp atescomp at gmail.com
Wed Oct 23 07:35:34 UTC 2019 

I also blah, blah, blah, upgraded Kubuntu to 19.10 and updated to
5.3.0-19-generic.

System:
    ASUS GL553VE Laptop
    GPT Disk with EFI partition
    No TPM module installed that I can determine

BIOS:
    Latest == 308
    No TPM settings
    Turned off Secure Boot and CSM

GRUB Boot Error:
    error: Unknown TPM error. (multiple)
    error: you need to load the kernel first

FIX:
    Boot a broken system:
        'c' to command line
        grub> rmmod tpm
        'esc'
        Select any boot option to boot normally

    Fix GRUB once booted:
        sudo grub-install --no-uefi-secure-boot /dev/sd<your disk letter>
        reboot

I'm documenting my experience in the following details so that maybe
somebody can figure it out and finally fix the effing thing.

Apparently, I had an older kernel {from 19.04?) that would boot even though I had a later kernel installed.  I didn't notice the grub failures as I had:
  GRUB_TIMEOUT_STYLE=hidden
  GRUB_TIMEOUT=0
and the system was apparently failing.  When I changed:
  #GRUB_TIMEOUT_STYLE=hidden
  GRUB_TIMEOUT=10
I thought I was borked!  I rebooted and left it while I did some research.  It apparently had time to fall back to the earlier working kernel which surprised me.  In the attempt to clean the system, I did a "sudo apt autoremove" which really did bork my system as the fallback kernel was now gone.

I looked all over the intertubes and found little help--even this post,
I fiddled with turning on and off the BIOS Fast Boot, CSM, and Secure
Boot to no effect.

I guessed on trying to remove the tpm module during the grub boot as
above.  The grub documentation is VERY POOR at describing how specific
modules get loaded.  The tpm.mod file has no "insmod" command anywhere
on the system.  However, the /boot/grub/x86_64-efi/ directory has a
moddep.lst file that shows the dependencies between modules and files:
tpm <- verifiers <- normal <- many others.  Automagically, tpm.mod gets
loaded.  I suppose I could have set a "rmmod tpm.mod" in a
/etc/default/grub.d/40-custom.cfg file, but that didn't seem really
elegant.

So, grub is apparently detecting and demanding Secure Boot even though it's off and the installed vmlinuz and initrd files can't get validated.  I don't know why the earlier kernel didn't fail.  I tried a manual boot with:
  grub> ls
    to get the disks
  grub> set root=(hd0,1)
  grub> linux /boot/vmlinuz-5.3.0-19-generic root=/dev/sda1
    Failed with the "error: Unknown TPM error."
  grub> initrd /boot/initrd.img-5.3.0-19-generic
    Failed with the "error: you need to load the kernel first"
    Of course!!! because "linux" failed to set linux
  grub> boot
    FAIL!
Then, I did:
  grub> rmmod tpm
    Complains with the "error: Unknown TPM error."
    But works because a repeat doesn't produce the error message
  Repeat "linux"
    No error
  Repeat "initrd"
    No error
  grub> boot
    SUCCESS!

Then, I eventually worked my way around to the "grub-install" man pages
and saw the "--no-uefi-secure-boot" and "--uefi-secure-boot" switches.
What if...YUP!  Turning off UEFI Secure Boot for the grub install did
it.  Why the hell can't grub get it right from the BIOS settings?  Why
is tpm.mod failing in this odd way?  Why did the older kernel work when
tpm.mod is loaded and the newer ones did not?

Working for now, but I know any possible automatic grub update with a
"grub-install" will bork it in the future.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2 in Ubuntu.
https://bugs.launchpad.net/bugs/1848892

Title:
  "error: Unknown TPM error." after upgrading to grub 2.04

Status in grub2 package in Ubuntu:
  Confirmed

Bug description:
  After upgrading to eoan today (via `do-release-upgrade -d`), my laptop
  failed to boot into the OS. I got the grub 2.04 screen (showing only
  Ubuntu), but selecting that gave me about 20 lines of "error: Unknown
  TPM error.", followed by "error: you need to load the kernel first"
  and no way to proceed/recover. Advanced options didn't work either.
  Dropping into the grub console and writing a simple command like `set
  root=(hd1,gpt5)` failed again with a TPM error. It goes without saying
  that booting had worked before with disco/grub 2.02.

  As a workaround, I eventually managed to boot using an eoan live CD,
  chroot'ed into my system, added the `disco main` repo, and forcefully
  downgraded to disco's 2.02. After reinstalling grub to the efi
  partition, booting finally worked again (with grub 2.02).

  lsb_release -rd
  Description:	Ubuntu 19.10
  Release:	19.10

  apt-cache policy grub-efi
  grub-efi:
    Installed: 2.02+dfsg1-12ubuntu2
    Candidate: 2.04-1ubuntu12
    Version table:
       2.04-1ubuntu12 500
          500 http://ubuntu.inode.at/ubuntu eoan/main amd64 Packages
   *** 2.02+dfsg1-12ubuntu2 500
          500 http://ubuntu.inode.at/ubuntu disco/main amd64 Packages
          100 /var/lib/dpkg/status

  ProblemType: Bug
  DistroRelease: Ubuntu 19.10
  Package: grub-efi 2.02+dfsg1-12ubuntu2
  ProcVersionSignature: Ubuntu 5.3.0-18.19-generic 5.3.1
  Uname: Linux 5.3.0-18-generic x86_64
  NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
  ApportVersion: 2.20.11-0ubuntu8
  Architecture: amd64
  CurrentDesktop: ubuntu:GNOME
  Date: Sat Oct 19 23:20:07 2019
  InstallationDate: Installed on 2017-03-05 (958 days ago)
  InstallationMedia: Ubuntu 16.04.2 LTS "Xenial Xerus" - Release amd64 (20170215.2)
  SourcePackage: grub2
  UpgradeStatus: Upgraded to eoan on 2019-10-19 (0 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1848892/+subscriptions

More information about the foundations-bugs mailing list