Yesterday after uograde to 24.04 LTS when restart was attempted getting following message and computer switches off.
Could not create MOKLIstrt : Volume full
Could not create MOKLIstrt : Volume full
Could not create SbatLevelRT : Volume full
Could not create MOKListTrusted RT : Volume full
Something gone seriously wrong : import_mok_state() failed : Volume full.
Am on dual boot with Windows and need to retrieve data from Ubuntu.
This error message suggests your NVRAM which stores your security keys is full. This is a chip on your mother board and controlled through your BIOS.
Could not create MOKLIstrt : Volume full Could not create MOKLIstrt :
This means you are running with secure boot enabled. One thing you can do to get access to the operation systems is turn off secure boot. This will mean it will boot without using these keys. Clearly this will reduce your security but it will also allow you to manage the security keys (to some extent) and hopefully be able to manage the keys so you can re-enable secure boot. later on.
You access the switch for secure boot from the BIOS so you will need to identify how to do this. It is different for different rigs. You may need to repeatedly hit the F1 F2 F12 or DEL after switching on the power?
The following answers give a more in depth description and suggest a number of answers.
Couldn't Create Moklist: Volume Full - grub doesn't start at all
Once you have successfully rebooted Ubuntu you need to manage your existing keys.
Firstly you will need mokutil which manages and views keys. You could start with
sudo mokutil --list-new
This will show what it queued to be enrolled.
sudo mokutil --revoke-import
This will cancel the current 'mok key' import enrollment (Ubuntu only I think). (If you can't disable secure boot it might disable ubuntu boot completely if it needs that key.) Take a look at the manual page man mokutil for more details.
Ubuntu keeps a copy of the NVRAM variables in /sys/firmware/efi/efivars/ so if you run the following you can see them. (They are not stored in the same way in the NVRAM though. You can't edit them directly from there.) Be aware that these variables are for the whole system and not just the currently loaded OS.
cat /sys/firmware/efi/efivars/
Editing the Ubuntu variables. Any change doesn't happen till next reboot (I think).
If you don't have it, install efibootmgr
sudo apt-get install efibootmgr
sudo efibootmgr
That will show you all your boot options and can often have old unused entries and duplicates. You can start with reducing duplicates
sudo efibootmgr -D #that will reduce duplicate entries
Identify any unused entries and delete these - eg 0005 -b flag selects the boot number and -B deletes it.
sudo efibootmgr -b 0005 -B
This is just a start. There are other things that can be done some of which are listed in the link already give. Depending on your BIOS you may be able to manage the keys from there but beware once you delete something it is not always easy to restore it.
Good luck
I hope this is of some help.
