UEFI Partition invalid GPT with or without secure boot

SUSE Product Topics SLES Install-Boot
1

Hello Forum Users,

I have Installation problems with SLES 12, Raid 1, UEFI and or not Secure Boot.

I have installed the System more times with the settings above.

The installation was without errors, but after that my GUI worked not perfect.

I can’t work with the highest resolution, and the options worked not normal.

Additonal i got this error:

[HTML]
EFI: Problem loading in-kernel x.509 certificate (-129)

EFI: Problem loading in-kernel x.509 certificate (-74)
[/HTML]

and my gdisk output after Installation was following:

[HTML]
Found invalid GPT and valid MBR; converting MBR to GPT format
in memory. THIS OPERATION IS POTENTIALLY DESTRUCTIVE! Exit by
typing ‘q’ if you don’t want to convert your MBR partitions
to GPT format!
[/HTML]

Then I switched off Secure Boot and the errors was away (still boot with the first HDD).

My both boot partitions are with a valid GPT and the identifier ef00 (before and after the Installation). This one I build with a LIVE CD (UEFI) or with the Installer of the SLES DVD (UEFI).

But if I copied my UEFI start partition (sda1) with dd to sdb1 the GUI error comes again and gdisk show a invalid GPT.

It can’t be a secure boot problem only because it was disabled and just by the copy of sda1 to sdb1 the error comes again. I have repeat the Installation (without Secure Boot), and before copying (the boot partitions) the Graphic works normal.

Secure Boot on:	 errors (GUI, gdisk and EFI: Problem loading in-kernel x.509 certificate errors)

Secure Boot off and one HDD:  no errors

Secure Boot off and copying the boot partitions:  errors (GUI and gdisk errors)

Thank you for reading!

2

Hi
Is this software or hardware RAID? You need to have a gpt disk and
small ~150MB partition set to type ef00 for UEFI to work…


Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter #276890)
SUSE Linux Enterprise Desktop 12 | GNOME 3.10.1 | 3.12.48-52.27-default
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!

3

Hi Malcolmlewis,

it’s a software Raid. My boot partitions have a size of 200 MB.

It’s gpt and ef00 (UEFI).

I have test my HDD’s (two ones), But there is no error too.

Thank you,
Flo

4

Hi Malcolmlewis,

a question:

must there the same or a different UUID on the both boot partitions?

Thank you,
Flo

5

Hi
No, that doesn’t matter as long as the entry is added into the UEFI
nvram.

Use the command efibootmgr (you can even use this voa rescue mode…)

So for example you have/want the system to boot from either hdd efi
partition sda1 and sdb1.

efibootmgr -c -L "sles12-secureboot" -l "\\\\EFI\\\\sles12\\\\shim.efi"
efibootmgr -c -d /dev/sdb "sles12-secureboot" -l "\\\\EFI\\\\sles12\\\\shim.efi"

If you don’t use secure boot the change shim.efi for grubx64.efi.

By default sda is used, so you need to specify the different drive sdb.

The -v option makes the output more verbose. Use the -h option for
additional info.

You would then have two entries, you can either when the system boots
should have an option to select which efi boot your wanting to use,
some BIOS’s allow a custom boot where you can add the entry. You can
also change the boot order with the -o option or if wanting to just
boot via the other disk, use the -n option.


Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter #276890)
SUSE Linux Enterprise Desktop 12 | GNOME 3.10.1 | 3.12.48-52.27-default
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!

6

Hi,

Sorry, very much!

I have discovered an error in my posts before.

The copying with dd don’t destroy my GPT. I think I have a mistake in my Installation.

The reason was, I have used gdisk with the device /dev/sda and /dev/sdb (after the installation).

So the output of gdisk was without errors.

But if I use gdisk with /dev/sda1 and /dev/sdb1 (after the installation) I get following error:

Without copying with dd the gdisk error is there, but my System (with one HDD) works normal.

Only after I copy the boot partitions and their invalid GPT with dd, then I get the GUI error.

But how it’s generate the invalid GPT?

Does that mean, I do a mistake during the Installation? Which one?

Another question: What means the row in my BIOS:

The entries with efibootmgr working, I had a mistake with the second name (sdb) but I think this is not a big problem.

Thank you,
for reading, Flo

7

Hi
Setting up the disks as gpt should be done before installation (boot to
rescue mode from dvd).

So you have a separate HDD controller in the system?

What is the output from the following two commands;

/sbin/lspci
lsblk


Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter #276890)
SUSE Linux Enterprise Desktop 12 | GNOME 3.10.1 | 3.12.48-52.27-default
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!

8

Hi,

yes I have done so. I have set ef00 with gdisk from the Rescue DVD. My parted shows a FAT partition with gpt and ef00.

No I have not a separate HDD controller in the system.

Output from /sbin/lspci:

Output from lsblk:

Thank you,
Flo

9

Hi
The only way I see you getting sdb to gpt is fail over sdb via mdadm,
clean out sdb and configure using gdisk, then reattach sdb to the array
and let it rebuild.

Make sure you backup first…


Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter #276890)
SUSE Linux Enterprise Desktop 12 | GNOME 3.10.1 | 3.12.48-52.27-default
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!

10

Hi,

yes I try this tomorrow.

But I don’t know it’s that problem.

Because:

After Installation my gdisk output (GPT) of /dev/sda1 is invalid too.

Not the output of gdisk (GPT) with /dev/sda, this is without errors.

I not must to bother about Backup, this is a new Installation without dates.

Thank you,
Flo

11

Hi,

sorry I take some time to try further.

Thank you,
Flo

12

Hi,

i have done a other step before working with mdadm and found interesting things.

I have not used gdisk from beginning but rather the tool parted.

Then I create a gpt table with the command:

parted /dev/sda1 mklabel gpt    and    parted /dev/sdb1 mklabel gpt

My error message working with gdisk was previously:

but my error message working with parted was following:

Now the interesting cautious.

I can copy the UEFI boot partition /dev/sda1 with dd to /dev/sdb1 the first time without afterwards GUI error.

But if I use gdisk to repair GPT with the b option (A change of this GPT again):

And restart the System, the GUI error is back again.

Thank you,
Flo

13

Hi,

so I want to try your recommendation with mdadm.

But one question before. When I prepare my boot partitions with gdisk. Do i have create the gpt table for the partition (for example /dev/sda1) or for the HDD /dev/sda?

Thank you,
Flo

14

Hi
You use the disk eg sda, however if you have been experimenting (like
we all do) I find it better to wipe the disks first, this is
destructive to the filesystem information. Only do this if you are
starting from scratch on a fresh install.

ernie:~ # lsblk /dev/sdb
NAME   MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
sdb      8:16   0 298.1G  0 disk
├─sdb1   8:17   0   200M  0 part
└─sdb2   8:18   0 297.8G  0 part

ernie:~ # gdisk -l /dev/sdb
GPT fdisk (gdisk) version 0.8.8

Partition table scan:
  MBR: protective
  BSD: not present
  APM: not present
  GPT: present

Found valid GPT with protective MBR; using GPT.
Disk /dev/sdb: 625142446 sectors, 298.1 GiB
Logical sector size: 512 bytes
Disk identifier (GUID): FCB36CCB-BD61-42D8-AAF6-4DD8CA13979B
Partition table holds up to 128 entries
First usable sector is 34, last usable sector is 625142412
Partitions will be aligned on 8-sector boundaries
Total free space is 262155 sectors (128.0 MiB)

Number  Start (sector)    End (sector)  Size       Code  Name
   1              40          409639   200.0 MiB   EF00  EFI System Partition
   2          409640       624880263   297.8 GiB   AF00  Untitled

ernie:~ # wipefs -a /dev/sdb
/dev/sdb: 8 bytes were erased at offset 0x00000200 (gpt): 45 46 49 20 50 41 52 54
/dev/sdb: 8 bytes were erased at offset 0x4a85d55a00 (gpt): 45 46 49 20 50 41 52 54
/dev/sdb: 2 bytes were erased at offset 0x000001fe (PMBR): 55 aa
/dev/sdb: calling ioclt to re-read partition table: Success

ernie:~ # gdisk -l /dev/sdb
GPT fdisk (gdisk) version 0.8.8

Partition table scan:
  MBR: not present
  BSD: not present
  APM: not present
  GPT: not present

Creating new GPT entries.
Disk /dev/sdb: 625142446 sectors, 298.1 GiB
Logical sector size: 512 bytes
Disk identifier (GUID): 3CA20F04-936A-49A6-8891-CDDC5859B90F
Partition table holds up to 128 entries
First usable sector is 34, last usable sector is 625142412
Partitions will be aligned on 2048-sector boundaries
Total free space is 625142379 sectors (298.1 GiB)

Number  Start (sector)    End (sector)  Size       Code  Name

ernie:~ # gdisk /dev/sdb
GPT fdisk (gdisk) version 0.8.8

Partition table scan:
  MBR: not present
  BSD: not present
  APM: not present
  GPT: not present

Creating new GPT entries.

Command (? for help): x

Expert command (? for help): z
About to wipe out GPT on /dev/sdb. Proceed? (Y/N): y
GPT data structures destroyed! You may now partition the disk using fdisk or
other utilities.
Blank out MBR? (Y/N): y

ernie:~ # gdisk /dev/sdb
GPT fdisk (gdisk) version 0.8.8

Partition table scan:
  MBR: not present
  BSD: not present
  APM: not present
  GPT: not present

Creating new GPT entries.

Command (? for help): n
Partition number (1-128, default 1): 
First sector (34-625142412, default = 2048) or {+-}size{KMGTP}: 
Last sector (2048-625142412, default = 625142412) or {+-}size{KMGTP}: +260M
Current type is 'Linux filesystem'
Hex code or GUID (L to show codes, Enter = 8300): ef00
Changed type of partition to 'EFI System'

Command (? for help): w

Final checks complete. About to write GPT data. THIS WILL OVERWRITE EXISTING
PARTITIONS!!

Do you want to proceed? (Y/N): y
OK; writing new GUID partition table (GPT) to /dev/sdb.
The operation has completed successfully.

ernie:~ # gdisk -l /dev/sdb
GPT fdisk (gdisk) version 0.8.8

Partition table scan:
  MBR: protective
  BSD: not present
  APM: not present
  GPT: present

Found valid GPT with protective MBR; using GPT.
Disk /dev/sdb: 625142446 sectors, 298.1 GiB
Logical sector size: 512 bytes
Disk identifier (GUID): F56CC20F-9577-47F7-A3D7-8C079282D4FF
Partition table holds up to 128 entries
First usable sector is 34, last usable sector is 625142412
Partitions will be aligned on 2048-sector boundaries
Total free space is 624609899 sectors (297.8 GiB)

Number  Start (sector)    End (sector)  Size       Code  Name
   1            2048          534527   260.0 MiB   EF00  EFI System

ernie:~ # mkfs.vfat /dev/sdb1
mkfs.fat 3.0.26 (2014-03-07)

ernie:~ # lsblk /dev/sdb
NAME   MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
sdb      8:16   0 298.1G  0 disk 
└─sdb1   8:17   0   260M  0 part

You now have one disk ready for more partitioning as required, either via gdisk or with the expert options during install (press the rescan disk button).

You would select your /dev/sda1 as /boot/efi in the drop down, then once the install is finished and the system is up, dd sda1 to sdb1.

15

Hi,

I have tried and experimenting this Installation nearly 30 times and several weeks.

Now I have no time to try more times. I must work without the standard graphic resolution, then I have no problems.

All my inputs and outputs to configure my system shows like your last post.

With gdisk, wipefs and mkfs.

But if I copy the boot partition with dd the GUI error comes again.

Thank you very much,
Flo

16

Hi
OK, so it’s booting ok in the setup, just having graphics issues now?

What graphics card?

/sbin/lspci -nnk | grep -A3 VGA