Error: grub_is_lockdown

Issues & Assistance
1

Hello everyone,

Yesterday my laptop battery died and it was a hard shut down. On starting my laptop again it showed me the error:

error: grub_is_lockdown. Entering grub rescue mode

I tried reinstalling and updating grub using a live usb but to no avail. The error still persists.
The inxi is from the live usb too. Let me know if you need any other info

garuda-inxi

System:
Kernel: 6.2.13-zen-1-zen arch: x86_64 bits: 64 compiler: gcc v: 12.2.1
parameters: BOOT_IMAGE=/boot/vmlinuz-x86_64 lang=en_US keytable=us tz=UTC
misobasedir=garuda root=miso:LABEL=GARUDA_DR460NIZEDGAMING_RAPTOR quiet
systemd.show_status=1 ibt=off driver=nonfree nouveau.modeset=0
i915.modeset=1 radeon.modeset=1
Desktop: KDE Plasma v: 5.27.4 tk: Qt v: 5.15.9 wm: kwin_x11 vt: 1 dm: SDDM
Distro: Garuda Linux base: Arch Linux
Machine:
Type: Laptop System: ASUSTeK product: TUF Gaming FX505GE_FX505GE v: 1.0
serial: <superuser required>
Mobo: ASUSTeK model: FX505GE v: 1.0 serial: <superuser required>
UEFI: American Megatrends v: FX505GE.307 date: 05/25/2020
Battery:
ID-1: BAT0 charge: 26.7 Wh (100.0%) condition: 26.7/48.1 Wh (55.5%)
volts: 12.3 min: 11.7 model: Simplo SDI ICR18650 type: Li-ion
serial: <filter> status: full cycles: 41
CPU:
Info: model: Intel Core i7-8750H bits: 64 type: MT MCP arch: Coffee Lake
gen: core 8 level: v3 note: check built: 2018 process: Intel 14nm family: 6
model-id: 0x9E (158) stepping: 0xA (10) microcode: 0xF0
Topology: cpus: 1x cores: 6 tpc: 2 threads: 12 smt: enabled cache:
L1: 384 KiB desc: d-6x32 KiB; i-6x32 KiB L2: 1.5 MiB desc: 6x256 KiB
L3: 9 MiB desc: 1x9 MiB
Speed (MHz): avg: 2500 high: 4001 min/max: 800/4100 scaling:
driver: intel_pstate governor: powersave cores: 1: 4001 2: 2200 3: 2200
4: 2200 5: 2200 6: 2200 7: 2200 8: 2200 9: 2200 10: 4000 11: 2200 12: 2200
bogomips: 52799
Flags: avx avx2 ht lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx
Vulnerabilities: <filter>
Graphics:
Device-1: Intel CoffeeLake-H GT2 [UHD Graphics 630] vendor: ASUSTeK
driver: i915 v: kernel arch: Gen-9.5 process: Intel 14nm built: 2016-20
ports: active: eDP-1 empty: none bus-ID: 0000:00:02.0 chip-ID: 8086:3e9b
class-ID: 0300
Device-2: NVIDIA GP107M [GeForce GTX 1050 Ti Mobile] vendor: ASUSTeK
driver: N/A alternate: nouveau non-free: 530.xx+
status: current (as of 2023-03) arch: Pascal code: GP10x
process: TSMC 16nm built: 2016-21 bus-ID: 0000:01:00.0 chip-ID: 10de:1c8c
class-ID: 0300
Device-3: IMC Networks USB2.0 HD UVC WebCam type: USB driver: uvcvideo
bus-ID: 1-11:4 chip-ID: 13d3:56a2 class-ID: 0e02 serial: <filter>
Display: x11 server: X.Org v: 21.1.8 with: Xwayland v: 23.1.1
compositor: kwin_x11 driver: X: loaded: modesetting
alternate: fbdev,intel,vesa dri: iris gpu: i915 display-ID: :0 screens: 1
Screen-1: 0 s-res: 1920x1080 s-dpi: 96 s-size: 508x285mm (20.00x11.22")
s-diag: 582mm (22.93")
Monitor-1: eDP-1 model: LG Display 0x0563 built: 2018 res: 1920x1080
hz: 60 dpi: 142 gamma: 1.2 size: 344x194mm (13.54x7.64") diag: 395mm (15.5")
ratio: 16:9 modes: 1920x1080
API: OpenGL v: 4.6 Mesa 23.0.3 renderer: Mesa Intel UHD Graphics 630 (CFL
GT2) direct-render: Yes
Audio:
Device-1: Intel Cannon Lake PCH cAVS vendor: ASUSTeK
driver: sof-audio-pci-intel-cnl alternate: snd_hda_intel, snd_soc_skl,
snd_sof_pci_intel_cnl bus-ID: 0000:00:1f.3 chip-ID: 8086:a348
class-ID: 0403
Device-2: NVIDIA GP107GL High Definition Audio driver: snd_hda_intel
v: kernel bus-ID: 0000:01:00.1 chip-ID: 10de:0fb9 class-ID: 0403
API: ALSA v: k6.2.13-zen-1-zen status: kernel-api with: aoss
type: oss-emulator tools: N/A
Server-1: PipeWire v: 0.3.70 status: active with: 1: pipewire-pulse
status: active 2: wireplumber status: active 3: pipewire-alsa type: plugin
4: pw-jack type: plugin tools: pactl,pw-cat,pw-cli,wpctl
Network:
Device-1: Intel Cannon Lake PCH CNVi WiFi driver: iwlwifi v: kernel
bus-ID: 0000:00:14.3 chip-ID: 8086:a370 class-ID: 0280
IF: wlo1 state: up mac: <filter>
Device-2: Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet
vendor: ASUSTeK driver: r8169 v: kernel port: 3000 bus-ID: 0000:02:00.0
chip-ID: 10ec:8168 class-ID: 0200
IF: enp2s0 state: down mac: <filter>
Bluetooth:
Device-1: Intel Bluetooth 9460/9560 Jefferson Peak (JfP) type: USB
driver: btusb v: 0.8 bus-ID: 1-14:5 chip-ID: 8087:0aaa class-ID: e001
Report: bt-adapter ID: hci0 rfk-id: 0 state: down
bt-service: enabled,running rfk-block: hardware: no software: yes
address: <filter>
RAID:
Hardware-1: Intel 82801 Mobile SATA Controller [RAID mode]
driver: intel_nvme_remap v: N/A port: 5060 bus-ID: 0000:00:17.0
chip-ID: 8086:282a rev: N/A class-ID: 0104
Drives:
Local Storage: total: 1.16 TiB used: 0 KiB (0.0%)
SMART Message: Unable to run smartctl. Root privileges required.
ID-1: /dev/nvme0n1 maj-min: 259:0 vendor: Kingston
model: RBUSNS8154P3256GJ size: 238.47 GiB block-size: physical: 512 B
logical: 512 B type: SSD serial: <filter> rev: E8FK11.C temp: 28.9 C
scheme: GPT
ID-2: /dev/sda maj-min: 8:0 vendor: Seagate model: ST1000LX015-1U7172
size: 931.51 GiB block-size: physical: 4096 B logical: 512 B speed: 6.0 Gb/s
type: HDD rpm: 5400 serial: <filter> rev: SDM1 scheme: GPT
ID-3: /dev/sdb maj-min: 8:16 type: USB vendor: HP model: v210w
size: 15.24 GiB block-size: physical: 512 B logical: 512 B type: N/A
serial: <filter> rev: 1100 scheme: MBR
SMART Message: Unknown USB bridge. Flash drive/Unsupported enclosure?
Partition:
Message: No partition data found.
Swap:
Kernel: swappiness: 133 (default 60) cache-pressure: 100 (default)
ID-1: swap-1 type: zram size: 7.61 GiB used: 0 KiB (0.0%) priority: 100
dev: /dev/zram0
Sensors:
System Temperatures: cpu: 59.0 C pch: 51.0 C mobo: N/A
Fan Speeds (RPM): cpu: 0
Info:
Processes: 267 Uptime: 8m wakeups: 182 Memory: 7.61 GiB
used: 3.52 GiB (46.2%) Init: systemd v: 253 default: graphical
tool: systemctl Compilers: gcc: 12.2.1 Packages: pm: pacman pkgs: 1821
libs: 519 tools: octopi,paru Shell: fish v: 3.6.1 default: Bash v: 5.1.16
running-in: konsole inxi: 3.3.26
warning: database file for 'garuda' does not exist (use '-Sy' to download)
warning: database file for 'core' does not exist (use '-Sy' to download)
warning: database file for 'extra' does not exist (use '-Sy' to download)
warning: database file for 'community' does not exist (use '-Sy' to download)
warning: database file for 'multilib' does not exist (use '-Sy' to download)
warning: database file for 'chaotic-aur' does not exist (use '-Sy' to download)
Garuda (2.6.16-1):
System install date:     2023-09-05
Last full system update: 2023-09-05 ↻
Is partially upgraded:   No
Relevant software:       snapper NetworkManager dracut
Windows dual boot:       <superuser required>
Failed units:
2

Please post sudo parted -l and efibootmgr.

Can you describe your process for doing this? Better yet, try again but paste the terminal input/output into the thread as you go so we can see what is happening.

3

Yes, will do.

sudo parted -l
Model: ATA ST1000LX015-1U71 (scsi)
Disk /dev/sda: 1000GB
Sector size (logical/physical): 512B/4096B
Partition Table: gpt
Disk Flags:

Number  Start   End     Size    File system     Name                  Flags
1      1049kB  8591MB  8590MB  linux-swap(v1)                        swap
2      8591MB  170GB   161GB   ext4
3      170GB   458GB   288GB   ntfs            Basic data partition  msftdata
4      458GB   720GB   262GB   ntfs            Basic data partition  msftdata
5      720GB   1000GB  280GB   ntfs            Basic data partition  msftdata


Model: hp v210w (scsi)
Disk /dev/sdb: 16.4GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags:

Number  Start   End     Size    Type     File system  Flags
2      4408MB  4413MB  4194kB  primary               esp


Model: KINGSTON RBUSNS8154P3256GJ (nvme)
Disk /dev/nvme0n1: 256GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Disk Flags:

Number  Start   End    Size   File system  Name  Flags
1      2097kB  271MB  268MB  fat32              boot, esp
2      271MB   256GB  256GB  btrfs


Model: Unknown (unknown)
Disk /dev/zram0: 8172MB
Sector size (logical/physical): 4096B/4096B
Partition Table: loop
Disk Flags:

Number  Start  End     Size    File system     Flags
1      0.00B  8172MB  8172MB  linux-swap(v1)

The output for efibootmgr

BootCurrent: 0002
Timeout: 1 seconds
BootOrder: 0002,0003,0001,0000
Boot0000* garuda        HD(1,GPT,12aa9f7b-f07d-b544-be6f-2f3774c89fa7,0x1000,0x80000)/File(\EFI\GARUDA\GRUBX64.EFI)
Boot0001* UEFI OS       HD(1,GPT,12aa9f7b-f07d-b544-be6f-2f3774c89fa7,0x1000,0x80000)/File(\EFI\BOOT\BOOTX64.EFI)0000424f
Boot0002* UEFI: hp v210w 1100   PciRoot(0x0)/Pci(0x14,0x0)/USB(0,0)/CDROM(1,0x836154,0x8000)0000424f
Boot0003* UEFI: hp v210w 1100, Partition 2      PciRoot(0x0)/Pci(0x14,0x0)/USB(0,0)/HD(2,MBR,0x0,0x836154,0x2000)0000424f

The Boot0000* entry is newly created maybe I fucked up somewhere hahahaha

The process of chrooting into the garuda installation:

sudo mkdir -p /mnt/broken
sudo mount /dev/nvme0n1p2 /mnt/broken
sudo garuda-chroot /mnt/broken/@

Then in the shell

sh-5.1# mount /dev/nvme0n1p1 /boot/efi
sh-5.1# grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=garuda --recheck
Installing for x86_64-efi platform.
Installation finished. No error reported.
sh-5.1# update-grub
Generating grub configuration file ...
Found theme: /usr/share/grub/themes/garuda/theme.txt
Found linux image: /boot/vmlinuz-linux-zen
Found initrd image: /boot/intel-ucode.img /boot/initramfs-linux-zen.img
Found fallback initrd image(s) in /boot:  intel-ucode.img initramfs-linux-zen-fallback.img
Found linux image: /boot/vmlinuz-linux-lts
Found initrd image: /boot/intel-ucode.img /boot/initramfs-linux-lts.img
Found fallback initrd image(s) in /boot:  intel-ucode.img initramfs-linux-lts-fallback.img
Found linux image: /boot/vmlinuz-linux
Found initrd image: /boot/intel-ucode.img /boot/initramfs-linux.img
Found fallback initrd image(s) in /boot:  intel-ucode.img initramfs-linux-fallback.img
Warning: os-prober will be executed to detect other bootable partitions.
Its output will be used to detect bootable binaries on them and create new boot entries.
grub-probe: error: cannot find a GRUB drive for /dev/sdb1.  Check your device.map.
grub-probe: error: cannot find a GRUB drive for /dev/sdb1.  Check your device.map.
Found Ubuntu 22.04.2 LTS on /dev/nvme0n1p2
Found Arch Linux on /dev/sda2
Adding boot menu entry for UEFI Firmware Settings ...
Detecting snapshots ...
Found snapshot: 2023-09-05 21:00:01 | timeshift-btrfs/snapshots/2023-09-05_21-00-01/@ | daily    | N/A        |
Found snapshot: 2023-09-03 15:00:01 | timeshift-btrfs/snapshots/2023-09-03_15-00-01/@ | daily    | N/A        |
Found snapshot: 2023-09-02 15:00:01 | timeshift-btrfs/snapshots/2023-09-02_15-00-01/@ | daily    | N/A        |
Found snapshot: 2023-08-17 13:03:30 | timeshift-btrfs/snapshots/2023-08-17_13-03-30/@ | ondemand | {timeshift-autosnap} {created before upgrade} |
Found snapshot: 2023-08-10 14:40:00 | timeshift-btrfs/snapshots/2023-08-10_14-40-00/@ | ondemand | N/A        |
Found snapshot: 2021-05-26 12:10:37 | timeshift-btrfs/snapshots/2022-08-29_15-56-46/@ | ondemand | Before restoring '2022-08-28 21:00:02'        |
Found 6 snapshot(s)
Unmount /tmp/grub-btrfs.L7RWNTCUvk .. Success
Found memtest86+ image: /boot/memtest86+/memtest.bin
/usr/bin/grub-probe: warning: unknown device type nvme0n1.
done

Finally exiting the shell

sh-5.1# exit
exit
umount: /mnt/broken/@: target is busy.

sudo restart
4

What if you try changing the order:

sudo efibootmgr -o 0000,0002,0003,0001
3 Likes
5

your error looks similar to this thread

where this was marked as solution but it won’t hurt to go through the entire thread in case the other commands are the ones that end up helping in the end.

1 Like
6

So now I have
garuda -> Boot0000*
UEFI OS -> Boot0001*

Booting into garuda I get the grub working but when I choose the OS, it freezes and stops working.
When I try to load any of the snapshots, I get the error :

Error: Failed to mount "UID=......." on real root

When I boot into the UEFI OS it shows me the same error

error: symbol 'grub_is_lockdown' not found.
Entering rescue mode...
grub rescue>
7

For me grub-install is working, but it doesn't resolve my issues, the error persists

8

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.