I’m using a Gateway GWTN141-10 with Ubuntu 24.04.3 LTS.
After a general update 3 days ago, instead of restarting immediately, I waited till the next morning and the startup fails in BIOS with these error statements regarding ‘Volume Full’
Could not create MokListRT: Volume Full
Could not create MokListXRT: Volume Full
Could not create SbatLeve1RT: Volume Full
Could not create MokListTrustedRT: Volume Full
Something has gone seriously wrong: import_mok_state () failed: Volume Full
After this, the laptop shuts down. I can get into BIOS but can’t figure out what to do. I’m a general user. Disconnecting battery did nothing. This model seems to not have a separate CMOS battery, using the main battery instead. I haven’t found any other questions on this issue on this site. I do have a backup version of this laptop which I’m using now. I’m looking for any difference in the BIOS setup, but haven’t found any differences yet. I haven’t updated the other laptop yet due to this issue.
The “MOK” reference stands for “Machine Owner Keys”. That has to do with encryption related to those various files. That is because your computer is set with Secure Boot on.
If you have no idea about any of that, I suggest you have a quick read of the first response to the following posting on “Ask Ubuntu” to get some insights and a “feel” for the lay of the land. Maybe look at what you machine offers in the way of customization instructions for activating, or turning off,
Ok… I see the difference between the two laptops. The blk one is in secured boot mode and the silver one is not. Then the question is probably whether I need to boot up in secured mode or not. This is a home computer, so I’m not sure on that. Previous problems have usually been after an update, but I’m not sure if being in secured mode would have mattered, as I never learned what happened. Does everyone usually boot up in secured mode? I think the silver one is NOT in secured mode due to that previous problem with the hard drive crash on it earlier this year, and the need by the computer repair shop to sweep it clean and reload. I then put on Ubuntu and deleted the MS 10 the shop put on it. As for this black one with the bootup problem, I did the same after purchasing it used; delete MS10 and install Ubuntu 24.04.3 LTS. Perhaps during install, the program asked if I wanted to utilize secure boot. I must have chosen ‘no’ on the silver one earlier and later, chosen ‘yes’ on the black one. I really don’t remember.
So, the question is whether I want to keep it in secure boot mode, right? And apply a ‘fix’ with that in mind? If secure boot mode lessens the chance of a bad update or link download, it seems I should keep it in secure mode and apply any ‘fix’ with that as stated. I assume everything needed came with the Ubuntu install?
I did notice two differences between the BIOS in the silver (unsecured) and the black (secured): in the Security section, under HDD Security Configuration, then was no P0:, only the P1: in the silver as well as in the Advanced section, the Compatiability Support Modeule was [Disabled], not loaded due to active UEFI Secure Boot mode. If I put the silver in secure mode, I assume these two differences would match the black one?
Secure Boot only affects the loading of your kernel and its modules (drivers), it makes sure you can not boot unsigned kernels or load unsigned modules for devices … It definitely has no other effect on the system…
Are you running a multi-boot (a.k.a. GRUB menu) setup offering Windows or Linux? or only Linux?
IF ONLY Linux, Secure Boot is not critical for installation or running.
BUT … if originally installed with Secure Boot turned ON, then you have the option to run with that turned ON or OFF. But you need to turn it back on before ANY updates/upgrades, which mean NO unattended updates/upgrades, only MANUAL!
If you had Secure Boot turned off at the time of original install,
you can operate without issue. HOWEVER … you CANNOT turn Secure Boot on to have that function. You MUST re-install after first turning Secure Boot ON.
If your computer is NOT exposing any open-service ports (i.e. web server, mail server) for access to your computer when you are away from home, then there is no real need for Secure Boot.
If you DO have any service-ports exposed to the outside world, personal or corporate server, then you probably should consider ensuring that “Secure Boot” is indeed enabled, to prevent the growing risk from “the bad guys”, who are perfecting their tools for attacking and takeover of hardware at the lower levels.
None of that fixes your stated problem, but it frames the questions for you to choose your target context (ON or OFF) and clarifies whether you need to identify the state of your machine when you did install the Linux and what that implies regarding your next step.
For example, if Secure Boot was on at install, subsequently turned off, then unattended/manual updates/upgrades were performed, those updates/upgrades were improperly performed and need to be repeated AFTER enabling Secure Boot. You just need to identify completely all the updates that were performed in “the wrong state”.
No, I’m only using Ubuntu, which I installed after deleting MS10.
I don’t remember exactly, but I think secure boot was turned on later for some reason or some suggestion early this year.
I only update/upgrade when I’m in front of the computer. I always shut it down after use, so no open-service ports.
So, if not needed, I can turn secure boot mode off, which will then keep it aligned to the off mode in the silver version (the one I’m on now).
Any updates would’ve been done automatically thru the software updater that pops up as needed. So, it sounds like I don’t need to keep it in secure boot mode, right? Does that mean the ‘fix’ is to simply follow [tea-for-one]'s suggestion on resetting to setup mode, then disable Secure Boot?
Will this then take care of the ‘Volume Full’ errors, since it is in secure boot mode?
If you have errors during boot while Secure Boot is OFF, then
you need to turn it ON, and try to Boot.
If you can boot with Secure Boot ON,then your install was done with Secure Boot ON. If, however, you see some package related errors, those might be because the update/install occured while Secure Boot was OFF, and you need to repair/reinstal those (for the ON mode, with the mode ON) with the following command:
sudo apt --fix-broken install
The choice then becomes yours:
operate in the mode ON, or
turn Secure Boot OFF as indicated by others then reinstall the full OS in that mode (OFF).
Since there are reports of some Packages/Applications failing to install with Secure Boot ON, you will need to look into whether you have a critical need for those or not … before making the final choice, on how to proceed, which must, and can only, be yours.
Ok, I turned off secure boot and it loaded ok, though slower than before. On a restart, it was a little slower too. I’ll check it in the morning to see if anything changes.
