I’m getting constantly error when trying to sign Nvidia MOK key with secure boot using the updated guide from rpm-fusion always says error failed to set variable invalid parameters (0x2)
Never had this kind of issue before
Please be very detailed in reporting exactly what is shown on screen and the process you are following.
The instructions at rpmfusion are essentially a repeat of the instructions shown in the file /usr/share/doc/akmods/README.secureboot which is available after installing the akmods package.
Those instructions have never failed for me or for the great majority of users so we need to know what exactly is happening and when it happens in that procedure. I would guess that you are probably seeing this when in the blue mok screens during boot, which may happen if you do not follow the instructions exactly.
The error I get comes on MOK screen failed to set variable invalid parameters (0x2) that is only one I get and followed exactly as rpm-fusion guide
I can try to sign keys multiple times same error even multiple wipes and try again same error, this is first time this happen to me so in little confused
After failing to sign my full system is like VM missing over half of gnome like on VM and using software rendering so I really have no idea what is going on
Please show the output of mokutil --list-enrolled | grep Issuer
That should show something like this
$ mokutil --list-enrolled | grep Issuer
Issuer: C=US, ST=Massachusetts, L=Cambridge, O=Red Hat, Inc., OU=Fedora Secure Boot CA 20200709, CN=fedoraca
CA Issuers - URI:https://fedoraproject.org/wiki/Features/SecureBoot
Issuer: O=MYHOST, OU=MYHOST/emailAddress=akmods@MYHOST, L=None, ST=None, C=US, CN=MYHOST-3731337192
Feel free to mask out the hostname if you choose (as I did above).
1 Like
now it is like this first time i used the grep issuer there was all MOK keys on all difrent distros that i have on my 3 year path used and multiple fedora, ubuntu etc keys that might have issue i used sudo mokutil --reset
and now i get this mokutil --list-enrolled | grep Issuer Issuer: C=US, ST=Massachusetts, L=Cambridge, O=Red Hat, Inc., OU=Fedora Secure Boot CA 20200709, CN=fedoraca CA Issuers - URI:https://fedoraproject.org/wiki/Features/SecureBoot
going to try sign again
Yes the fix was to run sudo mokutil --reset reboot enter password to MOK screen and reset all and then boot back it takes 5-10 minutes and after that I can use again sudo kmodgenca -a and it accept the keys
Thank you @computersavvy I wouldn’t see that one without your help
1 Like
I really suspect the issue was that bios only has a limited space to store the keys, and if you have several enrolled that space may have been full and needed old keys cleared out. 
Results for distro hopping filling all the space with keys
Also note that once the key is generated and imported into the bios it is unnecessary to generate a new key on that hardware unless the os has been replaced. Updating fedora does not impact the current keys at all. (reinstalling would).
Yeah I was dual/triple booting and testing done distros and release versions with secure boot on so I guess I got it full, but also Ubuntu had there over half of the keys 10 difrent on Nvidia 535.xxx versions so I learned my lessons now no distro hopping and signing keys
1 Like