Join Log in
Score:-2
Tedpac avatar Ubuntu

Error "shim_lock protocol not found" in GRUB while secure boot is enabled

ao flag
Tedpac

I have a dual-boot system consisting of Windows 11 + Linux Mint 21.1 (which is based on Ubuntu and that's why the question is in this forum) and GRUB 2.06.

A few days ago I installed generic updates with the typical apt update && apt upgrade command, which in turn installed updates for the Linux kernel. After applying a reboot, the GRUB screen appeared as usual, but when selecting any OS the following error occurred:

error: shim_lock protocol not found.
error: you need to load the kernel first.

Press any key to continue...

Pressing any key returned to GRUB, and so on.

After a short investigation, I found that shim is a software involved in the secure boot (SB) process, therefore, my first reaction was to disable SB in UEFI, which eliminated the error and allowed any OS to boot, so it could be seen as a "solution", however, disabling SB should not be necessary since Ubuntu comes ready to run with it, moreover, it is a layer of security that should not be ignored...

Before trying anything, I made a full backup of my Linux Mint, and then spent days trying different configurations in the boot-repair program, with no success. Honestly, I didn't want to apply the instructions from all the forums you can find on the internet explaining how to implement SB on Linux distros, because I found them too complicated.

How to fix this error while keeping SB activated?

2614
2 + 7
guiverc avatar
cn flag
guiverc
Only Ubuntu and [official flavors of Ubuntu](https://ubuntu.com/download/flavours) are on-topic here, refer https://askubuntu.com/help/on-topic where you'll find other SE sites where you question will be welcome if you don't want to use a Linux Mint forum. (*One advantage of Ubuntu is it's many support options, you opted for Linux Mint so take advantage of its support options, or SE Unix & Linux* found in the on-topic link)
0
Reply
guiverc avatar
cn flag
guiverc
If you update a Ubuntu system you'll get instructions on how the update is applied; just follow the prompts and these issues will not occur.
0
Reply
Tedpac avatar
ao flag
Tedpac
I think this question belongs here since it could also be useful for Ubuntu users. Let me explain: I understand that Ubuntu and Linux Mint share the same package update method, and even share most of the essential repositories, this means that the Linux kernel update method is the same for both, and most probably the Linux kernel update is what caused the problem in my case (since it triggers a GRUB update), so it could also happen to an Ubuntu user. If it was a problem with, for example, some package built for Linux Mint (like Timeshift), I would agree with you.
0
Reply
Tedpac avatar
ao flag
Tedpac
In other words, in all the years I've been using Linux Mint, the vast majority of the problems I've had have been solved thanks to the questions I've found in this forum, because they are problems that come from Ubuntu.
0
Reply
guiverc avatar
cn flag
guiverc
Don't forget Linux Mint has an additional layer of software that Ubuntu does **not** include (the runtime *adjustments* that allow them to use *foreign* Ubuntu packages). Ubuntu upgrades make no allowance for them, which means some *adjustments* need tweaking after security patches flow through from Ubuntu - these are usually evident on screen; but you're off-topic asking about those here; as Ubuntu & *flavors* all have write access to Ubuntu repositories, thus they don't use adjustments. Updates can differ between Ubuntu & Linux Mint.
0
Reply
guiverc avatar
cn flag
guiverc
This is a Q&A site, https://ubuntuforums.org/ is the address of Ubuntu Forum(s) *Ubuntu Forums have section available for Linux Mint questions, this site does not, though your trying to share a solution that worked for you is commendable - but try and stay within site rules I'll suggest*
0
Reply
Tedpac avatar
ao flag
Tedpac
Okay, I will keep in mind what you tell me for future occasions. Thank you.
0
Reply
Score:1
user209582 avatar Ubuntu
fr flag
user209582

I had the same problem installing Ubuntu 23.04 on an Acer Aspire E5-573G. To resolve, I entered the BIOS menu by repeatedly pressing F2 at startup, in the SECURITY tab I set the Supervisor Password to be able to access the other entries in the SECURITY tab. After setting the password I went to SELECT A UEFI FILE AS TRUSTED FOR EXECUTING and selected HDD0, EFI, UBUNTU, SHIMX64.EFI. As a name you can write Ubuntu or something else, it will be the name that will appear in Grub to start Ubuntu. Finally, from the BOOT tab, use the down arrow to go to EFI FILE BOOT 0: Ubuntu (or any other name you just gave) and press F6 to move it to the first position. Now save your BIOS changes and exit. On reboot, Grub should appear as usual. Enjoy Linux :D

+ 1
Tedpac avatar
ao flag
Tedpac
Thank you so much for sharing your solution.
0
Reply
Score:-1
Tedpac avatar Ubuntu
ao flag
Tedpac

Fortunately, the solution to this problem was very simple:

  1. Disable SB in UEFI to be able to start the OS (Linux Mint in my case).
  2. Install the shim-signed package: sudo apt install shim-signed
  3. Enable SB in UEFI.
  4. Verify that SB is enabled: mokutil --sb-state or dmesg | grep secureboot

Note 1: I guarantee this solution is not contaminated from other things I tried since I restored the full backup I made of my Linux Mint (read the question) before trying it.

Note 2: obviously, enabling or disabling SB in UEFI can be very different between motherboard manufacturers, so it won't be explained here.

Note 3: this is the source of the solution, but it should be noted that I did not try and do not intend to try everything that is there, since my SB is now working.

+ 4
guiverc avatar
cn flag
guiverc
FYI: The package you mention here in step 2 **is included** by default on Ubuntu installs (refer https://releases.ubuntu.com/22.04.2/ubuntu-22.04.2-desktop-amd64.manifest etc)
0
Reply
Tedpac avatar
ao flag
Tedpac
You're right, thanks for noticing it, but it's strange because at no recent time did I touch anything related to that package or GRUB. Anyway, I guess it's good to know that this error occurs because that package is missing.
0
Reply
hu flag
mikewhatever
Guess this is a good example why LM isn't supported here. :~)
0
Reply
Tedpac avatar
ao flag
Tedpac
Sorry, this is my first question in this forum, will you guys be happy if I delete the question and put it in another forum that you mentioned to me? Honestly, I would not like to keep receiving comments or negative votes because this is not the right place for this question.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.