Kernel – Mokutil Failing for Almost All Options


In the past I've successfully created a certificate and signed the virtualbox kernel modules for use. Now, other than –sb-state, all other parameters I try when running mokutil fail miserably.

Basic info:

  1. Ubuntu 17.10 64bit on an Asus X99-E motherboard.
  2. All commands run as root..

Sample results:

Failed to write MokAuth
Failed to issue a reset request

Failed to read MokListRT: No such file or directory

input password: 
input password again: 
Failed to write MokPW: Invalid argument

--import MOK.der
input password: 
input password again: 
Failed to enroll new keys

Possibly related info:

dmesg | grep -i mok
[    9.114419] MODSIGN: Couldn't get UEFI MokListRT

Does anyone have any suggestions what I'm doing wrong? Where are MokAuth, MokListRT, MokPW, etc.. stored that it is failing to write to them?

One possibly related bit of info. The previous, successful, use of mokutil was prior to a hardware change. I had a raid controller that was randomly ejecting drives out of my array so I cloned the partitions on the array to an external drive, replaced the card, recreated new arrays and restored the partitions. This included Ubuntu's root partition.

Other than that – the machine is as it was when things were working..

Any thoughts most welcome.


Best Answer

It appears to be a UEFI bug in the motherboard. Some other UEFI/BIOS also fail to implement one of the methods required for mokutil to work. I also have an issue with an Asus X99-E USB3.1 mobo.

You can manually enroll the key, by saving it on a USB stick, booting into the bios setup and importing the key. There's a goofy interaction involving the mouse and enter key, such that it doesn't import when you think it should. But you can do so nonetheless.