CentOS 7: Failed to set MokListRT: Invalid Parameter
You know what makes me angry? My servers not booting. I encountered this error after an update and reboot of CentOS 7:
Failed to set MokListRT: Invalid Parameter Something has gone seriously wrong: import_mok_state() failed: Invalid Parameter
So here is how you fix it.
Firstly, we need a CentoOS 7 ISO with the version of something like 1708 or 1707. Here is an archive of all the CentOS 7 releases. Thanks to Alexander Zubkov for commenting about the issue with the latest ISO.
Either burn a new CentOS 7 disc, make a boot flash drive, or insert the install ISO to your VM. Boot from the disc and once the menu shows up select the following: Advanced -> Rescue -> Troubleshooting -> Rescue media -> and press 1 when prompted.
In the terminal you should now have, run the following commands:
chroot /mnt/sysimage cd /boot/efi/EFI/centos cp grubx64.efi shimx64.efi exit reboot
You should be able to reboot into CentOS now. However, we still need to exclude Shim and Mokutil from updates (shim-x64-12-2.el7.x86_64).
In a root terminal, run the following.
echo 'exclude=shim*,mokutil*' >> /etc/yum.conf yum update
You should be good to go now. If that does not work try copying CENTOS\GRUBX64.EFI over top of EFI\BOOTX64.EFI in your boot partition.
Another thing you can try is booting the Super Grub2 disk and booting GRUBX64 directly, or try emergency mode.
You are a legend, worked perfectly and saved my ass
Really helped me on a freenas vm, thank you.
Thanks for the hint, the following minor change in the guide solved my problem: ‘cp grubx64.efi shim.efi’
Thank you! Your reply helped me solve this problem!
Thanks…your reply save my problem…:)
Thank you your comment helped me tremendously as well!
You saved my bacon! Thank you so much!
Nice! Saves my day working this out on my CentOS Mac Mini. Thank you.
Goddamn had my heart racing after a server reboot. Thanks for this!
Hi,
I am having this problem on a MacBook Pro, but in my case there is no “grubx64.efi” in my “boot/efi/EFI/centos” directory. Can this be copied over from the rescue USB install media?
Do you use rEFInd? And I’m not sure copying the efi from the USB would be the best idea. It could be possibly for you to chroot to the CentOS install from a live cd and run grub-install and grub-mkconfig again to see if that will change anything.
This solved why a previously reliable server was just powering off at a reboot after updating CentOS 7. I thought I’d gotten hit with a hardware failure. Dell R310 was just powering off after going through all the normal UEFI startup stuff and failing to boot, showing this error screen for a couple seconds before powering right off. That wasn’t fun to discover, and it also didn’t put an error into the SEL so IPMI was of no help in solving this. Had to go hands on at the co-lo.
Thank you! Suffered a 6 hour power outage and my Dell 410 refused to boot when the power came on. I used a Super Grub Disk to boot the server then followed these instructions and rebooted.
Worked like a champ!
I carry a flash drive with supergrub2disk on it, it is so useful. I am surprise that an R410 has that issue, my guess is they never tested the update.
i’m stuck on this command “cp grubx64.efi shimx64.efi” with error message “No such file or directory”.
did i miss something here?
It looks like you didn’t cd into the efi directory. Try repeating that part. If you get the same error, ls the directory that you’re attempting the copy from and reply with the result.
Thank you, this solved my problem. Is this the conflict between centos7 and hardware?
I haven’t researched the cause much, but I don’t believe it’s a hardware issue. It seems to happen on all types of hardware and on more distros than just CentOS.
The issue is that older EFI’s have a limited space available to run a efi command, and the update makes changes to how the EFI is booted. it is something to do with secure boot and PKI. When the new command is run, the EFI hangs because it cant complete the command. I think the same thing is happening on the new freenas 11.2.
This problem is on the virtual machine and does not seem to happen.
Thanks to Bailey Kasin and Ryan Parker for their opinions!
Thank you very much, my question has indeed been solved by your method.
You can achieve similar result by just doing a “one time boot from file” (if your UEFI allows it) and select grubx64.efi
Thanks.
Boot from file option helps and is much faster.
Copying the ISO’s grubx64.efi over BOOTX64.efi just made it boot over an USB drive. Thanks!
I tried to boot from the latest ISO version 1810, it gets the same error booting from it, I could not enter recovery mode. Fortunately I had an older version 1708 which worked. I think this should be added to the article, important to know you need an older ISO.
Thanks for the info, i have updated the article.
i cannot find where is 1708 version
You can find the 1708 ISO here:
http://vault.centos.org/7.4.1708/isos/x86_64/
thanks man, due limited bandwidth they redirect me to this link http://archive.kernel.org/centos-vault/7.4.1708/isos/x86_64/
enjoy it!
Thank you! No script, no setting, just changed to an older version of CentOS, the problem solved itself! Thanks to the author too! You all saved an angry sysadmin’s day!
Thank you very much a life savor
An other one saved by your page THX
Everyone involved in running this site has been happy to hear that we’ve been able to help out! Glad this solved the problem for you.
Thanks lot dude, this really make me happy. 😀
now my server X3250 M3 booting again… hahaha 😀
Happy wonderful day.
Nothing helped. I had to reinstall my centOS on a freenas VM. But the command echo ‘exclude=shim,mokutil’ >> /etc/yum.conf is pretty helpful.
Thank you
should be echo ‘exclude=shim*,mokutil*’ >> /etc/yum.conf
Thank you! Thank you! Thank you!
great
I make a ubutu usb key. something fucked up and my macbookpro hang up when starting up. I google a bit .. fuck it, lets go for another linux
I reformat my usb key with Centos .. and This shit happens
FUck linux
now my macbookpro is briqued and all the fucking tuto ask me to type commands in linux
what do ?
Id follow the guide above to fix that issue, if you are indeed having the MokListRT issue. If you looking for a good distro to use, id highly recommend Manjaro linux (kde edition). Just make sure to install yay from github so you can use the arch user repository
Hi, I didn’t use this method but it is possible to enter in uefi setup and then select a file to boot, it works ! 😀
Tested on a ibm x3200-m3 server : enter in uefi setup > boot manager > boot from file > here in the list, search for “anaconda-pci root-…” and press enter ; then select EFI > BOOT > grubx64.efi
A fewer seconds later, you will be prompt by the Nethserver installation menu
Good to know! Thank you.
Excellent! Succinct and thorough. I appreciate the pointer to older CentOS ISOs. Fixed my problem perfectly. Thanks — Scott
On RHEL 8 (as root):
cd /boot/efi/EFI/BOOT
cp BOOTX64.EFI BOOTX64.EFI.bak #(always make a backup)
cp fbx64.efi BOOTX64.EFI
That’s work’s for me.
this solution don’t work on CloudLinux 7. What could be difference ?
Thanks!
I had to copy the grubx64.efi to BOOTX64.EFI for it to work (as suggested above, although the suggestion above had a uppercase grubx64.efi called out. Doesn’t exist?)
chroot /mnt/sysimage
cd /boot/efi/EFI/centos
cp -p shimx64.efi shimx64.efi.old # save
cp -p grubx64.efi shimx64.efi
cd /boot/efi/BOOT
cp -p BOOTX64.EFI BOOTX64.EFI.old #save
cp -p ../centos/grubx64.efi BOOTX64.EFI
exit
reboot
cat /etc/centos-release
CentOS Linux release 7.8.2003 (Core)