Problem with LoaderSystemToken uefi variable

GabrielF · 2019-09-21 21:29:32

tldr: the LoaderSystemToken variable is apparently unwritable, which causes error in `bootctl install` and prevents `systemd-boot-system-token` from loading. I can't find a way to make it writable.

My motherboard is an Asus H97-PRO GAMER. I'm completely lost here and have very little knowledge of uefi, so I'll just tell a narrative of what I tried. I appreciate any help.

I just reinstalled my arch following the wiki guide, and when installing the bootloader with `bootctl --path=/boot install` I got the following results:

# bootctl --path=/boot install
Created "/boot/EFI/systemd".
Created "/boot/EFI/BOOT".
Created "/boot/EFI/Linux".
Copied "/usr/lib/systemd/boot/efi/systemd-bootx64.efi" to "/boot/EFI/systemd/systemd-bootx64.efi".
Copied "/usr/lib/systemd/boot/efi/systemd-bootx64.efi" to "/boot/EFI/BOOT/BOOTX64.EFI".
Created "/boot/7fc88b3e84514033b616c760f2f067dc".
Random seed file /boot/loader/random-seed successfully written (512 bytes).
Failed to test system token validity: No data available

Then I tried removing and reinstalling the bootloader and got that:

# bootctl --path=/boot remove
Removed "/boot/EFI/BOOT/BOOTX64.EFI".
Removed "/boot/loader/loader.conf".
Removed "/boot/loader/random-seed".
Removed "/boot/EFI/BOOT".
Removed "/boot/EFI/Linux".
Removed "/boot/7fc88b3e84514033b616c760f2f067dc".
Failed to remove LoaderSystemToken variable: Invalid argument

Anyway, I created the arch entry and continued, ignoring the error. Now everything seems to be working fine, except for some unit that is failing to load in the boot process:

[FAILED] Failed to start Store a System Token in an EFI Variable.
See 'systemctl status systemd-boot-system-token.service' for details.

# systemctl status systemd-boot-system-token
● systemd-boot-system-token.service - Store a System Token in an EFI Variable
   Loaded: loaded (/usr/lib/systemd/system/systemd-boot-system-token.service; static; vendor preset: disabled)
   Active: failed (Result: exit-code) since Sat 2019-09-21 17:22:16 -03; 39min ago
     Docs: man:systemd-boot-system-token.service(8)
  Process: 427 ExecStart=/usr/bin/bootctl random-seed (code=exited, status=1/FAILURE)
 Main PID: 427 (code=exited, status=1/FAILURE)

Sep 21 17:22:16 linuxvo systemd[1]: Starting Store a System Token in an EFI Variable...
Sep 21 17:22:16 linuxvo bootctl[427]: Random seed file /boot/loader/random-seed successfully written (512 bytes).
Sep 21 17:22:16 linuxvo bootctl[427]: Failed to set LoaderSystemToken EFI variable: Invalid argument
Sep 21 17:22:16 linuxvo systemd[1]: systemd-boot-system-token.service: Main process exited, code=exited, status=1/FAILURE
Sep 21 17:22:16 linuxvo systemd[1]: systemd-boot-system-token.service: Failed with result 'exit-code'.
Sep 21 17:22:16 linuxvo systemd[1]: Failed to start Store a System Token in an EFI Variable.

Reading around, I figured that efi variables are on the `/sys/firmware/efi/efivars` path, so I searched that variable there and found it empty:

# ls /sys/firmware/efi/efivars/LoaderSystemToken*
/sys/firmware/efi/efivars/LoaderSystemToken-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f
# cat /sys/firmware/efi/efivars/LoaderSystemToken-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f

Maybe I could try to manually set that variable to something?

# echo "test" > /sys/firmware/efi/efivars/LoaderSystemToken-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f 
bash: echo: write error: Invalid argument

Maybe if I remove that empty variable the bootctl will be able to recreate it?

# rm /sys/firmware/efi/efivars/LoaderSystemToken-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f 
rm: cannot remove '/sys/firmware/efi/efivars/LoaderSystemToken-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f': Invalid argument

Then I started searching around a bit more and found that case of `rm -rf /` bricking systems:

Well, maybe the kernel implemented the "immutable file" fix proposed by Peter Jones and that's why that file is unwritable?

# chattr -i /sys/firmware/efi/efivars/LoaderSystemToken-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f
# rm -f /sys/firmware/efi/efivars/LoaderSystemToken-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f 
# ls /sys/firmware/efi/efivars/LoaderSystemToken*
/sys/firmware/efi/efivars/LoaderSystemToken-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f

Well, maybe then the kernel has some hardcoded quick fix that is preventing writes to that variable??

So I installed an uefi shell from https://wiki.archlinux.org/index.php/Un … _Interface to try and remove that variable from there. But to my surprise, the `dmpstore -all` command didn't show the variable. I also tried to read the variable by it's name with `dmpstore LoaderSystemToken` and `dmpstore LoaderSystemToken -guid 4a67b082-0a4c-41cf-b6c7-440b29bb8c4f` but the tool reported that the variable doesn't exist.

Then I rebooted the system to see if the variable disappeared, but it was still there and the `systemd-boot-system-token` was still failing.

I have no idea what else to try and appreciate any help.

Swiggles · 2019-09-21 21:47:39

https://wiki.archlinux.org/index.php/Sy … figuration

See random-seed-mode, try changing it to always.

alu1 · 2019-09-24 11:04:03

See https://github.com/systemd/systemd/issues/13603

loqs · 2019-10-11 16:37:19

@GabrielF Can you provide more information to the upstream bug report?

Arch Linux

#1 2019-09-21 21:29:32

Problem with LoaderSystemToken uefi variable

#2 2019-09-21 21:47:39

Re: Problem with LoaderSystemToken uefi variable

#3 2019-09-24 11:04:03

Re: Problem with LoaderSystemToken uefi variable

#4 2019-10-11 16:37:19

Re: Problem with LoaderSystemToken uefi variable

Board footer