I removed Windows 10 and installed Ubuntu 18.04 LTS in UEFI Secure Boot Mode in 2019 on my development machine, aside from initial complications of getting the UEFI system working, I've had no problems. I let the kernel update up to 2020 it was upgraded fron 4.18 to 5.4.0-47.
What happened yesterday was that I was working on a project, I connected my machine to the internet, something I hadn't done since mid 2020 and I left my machine for a while and the screen went black, it wasnt the screen saver, I always had the power options to prevent hibernation, so can't have been that, it could have been a power surge as I realised I wasnt plugged into my surge protector, the one time I was plugged directly into a wall socket which appeared to buzz for a few seconds, the machine was unresponsive so I held the power button down to turn it of and restart it, but it would no longer boot, however luckily the drive and all its linux file systems appear to be intact after checking them in emergency mode, but whenever I turn on the machine it boots into grub and allows me to boot normally or into a previous kernel, but then it always boots into emergency mode and I am unsure how to proceeed and dont know what the cause was as there were no logs written on the day of the crash,as it stands I am having to consider backing up all my data and reinstalling, perhaps a later ubuntu version or another distro?
Here are the lines from journalctl -xb that allude to any problems:
Aug 03 15:19:22 DEMO kernel: [Firmware Bug]: TPM Final Events table missing or invalid
Aug 03 15:19:22 DEMO kernel: secureboot: Secure boot enabled<br />
...
Aug 03 15:19:22 DEMO kernel: Kernel is locked down from EFI Secure Boot mode; see man kernel_lockdown.7
Aug 03 15:19:22 DEMO kernel: Lockdown: systemd: /dev/mem,kmem,port is restricted; see man kernel_lockdown.7
..
Aug 03 15:19:27 DEMO systemd[1]: Started Flush Journal to Persistent Storage.
Aug 03 15:20:52 DEMO systemd[1]: dev-disk-by\x2duuid-D001\x2d5175.device: Job dev-disk-by\x2duuid-D001\x2d5175.device/start timed out.
Aug 03 15:20:52 DEMO systemd[1]: Timed out waiting for device dev-disk-by\x2duuid-D001\x2d5175.device.
Aug 03 15:20:52 DEMO systemd[1]: Dependency failed for File System Check on /dev/disk/by-uuid/D001-5175.
Aug 03 15:20:52 DEMO systemd[1]: Dependency failed for /boot/efi.
Aug 03 15:20:52 DEMO systemd[1]: Dependency failed for Local File Systems.
Aug 03 15:20:52 DEMO systemd[1]: local-fs.target: Job local-fs.target/start failed with result 'dependency'
Aug 03 15:20:52 DEMO systemd[1]: local-fs.target: Triggering OnFailure= dependencies.
Aug 03 15:20:52 DEMO systemd[1]: boot-efi.mount: Job boot-efi.mount/start failed with result 'dependency'.
Aug 03 15:20:52 DEMO systemd[1]: systemd-fsck@dev-disk-by\x2duuid-D001\x2d5175.service: Job systemd-fsck@dev-disk-by\x2duuid-D001\x2d5175.service/start failed with result 'dependency'.
Aug 03 15:20:52 DEMO systemd[1]: dev-disk-by\x2duuid-D001\x2d5175.device: Job dev-disk-by\x2duuid-D001\x2d5175.device/start failed with result 'timeout'.`
etc/fstab reads:
UUID=MYUUID / ext4 errors=remount-ro 0 1
\#/boot/efi was on /dev/sda1 during installation
UUID=D001-5175 /boot/efi vfat umask=0077 0 1
/swapfile none swap sw 0 0
EDIT
The cause and effect of this problem are practically identical to:
EFI Lockdown, Can't Boot Ubuntu 16.04 or Windows 10
However the solution given for that is windows based, but in my case my system is not a dual boot and I am only running ubuntu and surely there is an ubuntu based solution?
This is what I see when I try to boot my system normally:
[ 0.964483] Integrity: Problem loading X.509 certificate -65
[ 0.964494] Integrity: Problem loading X.509 certificate -65
dev/sda2: clean, 539930/61022208 files, 37539912/244059136 blocks
[ *] A start job is running for dev-disk-by<x2duuid-D001<x2d5175.device (1min 30 / 1min 30s)
[ TIME ] Timed out waiting for device dev-disk-by<x2duuid-D001\x2d5175.device.
[ DEPEND ] Dependency failed for File System Check on dev-disk-by-uuid/D001-5175.
[ DEPEND ] Dependency failed for /boot/efi.
[ DEPEND ] Dependency failed for Local File Systems.
Starting Enable support for additional executable binary formats...
[ OK ] Reached target Login Prompts.
[ OK ] Reached target Timers.
[ OK ] Started Emergency Shell.
[ OK ] Reached target Emergency Mode.
Starting Create Volatile Files and Directories...
[ OK ] Reached target Sockets.
[ OK ] Reached target Paths.
Mounting Arbitrary Executable File Formats File Systems...
[ OK ] Mounted Arbitrary Executable File Formats File Systems.
[ OK ] Started Enable support for additional executable binary formats.
[ OK ] Started Create Volatile Files and Directories.
Starting Network Time Synchronization...
Starting Update UTMP about System Boot/Shutdown...
Starting Network Name Resolution...
[ OK ] Started Update UTMP about System Boot/Shutdown.
Starting Update UTMP about System Runlevel Changes...
[ OK ] Started Update UTMP about System Runlevel Changes.
[ OK ] Started Network Time Synchronization.
[ OK ] Started Network Name Resolution.
[ OK ] Reached target Host and Network Name Lookups.
[ OK ] Reached target System Time Synchronized.
You are in emergency mode. After logging in , type “journalctl -xb” to view system logs, “systemctl reboot” to reboot, “systemctl default or “exit”
to boot into default mode. Press Enter for maintenance
(or press Control-D to continue):
EDIT As galexite has proven in the comments, this problem is not a Secure Boot or TPM issue. To try and determine the actual cause, I started going through all the logs and found a crash log, (see pastebin.ubuntu.com).
What I also did before this crash, which I didnt think would be relevant or significant was that in Ubuntu Software Center, I installed Firefox and some music writing apps and in the crash log it appears that it either triggered a software update or some background proceess had already started in the background of its own accord, that set about removing an alarming amount of essential packages, it even tried to remove the sudo package only the request was rejected and all the package removals in this crash log state that I have asked that the package be removed, when I only wanted to install a few packages and not remove anything at all, its not like I installed them manually myself and I had deliberately prevented Software Updates, prior to the kernel upgrade.
I have put the following output into the Pastebin from $service --status-all, showing there is only 1 service running and I can only assume its because the software update either removed, half-installed or half-configured many of the software packages.
EDIT Note: That despite me suspecting the cause was possible a power surge, it was only an assumption as I cannot be sure, there is no hardware damage, but there appears to have been a major software failure, what I can be sure of is that I saw the screen go off which appeared to be the system power management settings kicking in, I left my machine for quite some time, I was sure I had set the option to stop the system from going into hibernation mode, but that was just after installation some years back, because hibernation had always caused problems for me and in 18.04 apparently there was a bug identified were a system could be compromised if it went into hibernation mode, so I was right to do that, however I cannot now be sure my power settings were preserved after all all the updates and forced unattended-upgrades. I can be sure that once I had recovered the system merely to the point whereby I could login via text only mode and I thought I could simply check all the essential services are running, especially networking and the firewall, so I could potentially complete the software updates/unatttended upgrades, which I have found at the time of the crash, were underway, but incomplete and as I found the logs state that many packages are half installed or half configured or removed completely. So in text mode, I ran the following command to determine what services were running:
service --status-all |nl
1 [ + ] acpid
2 [ - ] alsa-utils
3 [ + ] anacron
4 [ - ] apparmor
5 [ - ] apport
6 [ - ] avahi-daemon
7 [ + ] binfmt-support
8 [ - ] bluetooth
9 [ - ] console-setup.sh
10 [ - ] cron
11 [ - ] cups
12 [ - ] cups-browsed
13 [ - ] dbus
14 [ - ] dns-clean
15 [ - ] gdm3
16 [ - ] grub-common
17 [ - ] hwclock.sh
18 [ + ] irqbalance
19 [ + ] kerneloops
20 [ - ] keyboard-setup.sh
21 [ + ] kmod
22 [ - ] network-manager
23 [ - ] networking
24 [ - ] plymouth
25 [ - ] plymouth-log
26 [ - ] postfix
27 [ - ] pppd-dns
28 [ + ] procps
29 [ - ] rsync
30 [ - ] rsyslog
31 [ + ] saned
32 [ - ] speech-dispatcher
33 [ - ] spice-vdagent
34 [ - ] udev
35 [ - ] ufw
36 [ + ] unattended-upgrades
37 [ - ] uuidd
38 [ + ] whoopsie
39 [ - ] x11-common
So the objective was clear, now I was able to at least run the system in text mode, I needed to start the essential services, starting with the network manager and the firewall, since I could then allow the software updates/upgrades to complete and then recover the system sufficiently so I could resume a normal boot, but when I tried to start the network-manager.service nothing happened, no output from the command, or anything.
When I tried to start ufw: Failed to restart ufw.service: Unit ufw.service is masked. When I tried the command to unmask the service it said Removing ufw...
I tried to unmask and restart the rest of the services in turn and either the commands returned no output or nothing happened.
Consequently I appear to be stuck in a catch 22 situation, I cannot recover this system, because I cannot start essential services, that will enable any recovery, or any services for that matter as in this emergency state Ubuntu has masked all of the services that are not running and I have to ask what is the point of emergency mode if you cannot recover from it? I also cannot understand why all these services are masked in the first place and what the rationale is for that is? and why any attempt to unmask even with sudo privileges is either ignored or silently doesn't work or the service is removed completely?
