Nixpkgs: Failed to set LoaderSystemToken EFI variable: Invalid argument

Is this problem isolated to changing shells? Your issue's title suggests that nixos-rebuild switch is not persisting changes when rebooting, but your examples are only about changing the shell. What about other changes? Do they not persist as well?

No, generations are not changing in grub. Originally I didn’t notice as I use home-manager for most things. I’ve done “nix-collect-garbage -d” and “sudo nix-collect-garbage -d”, yet 53 generations still show in grub. All give a kernel panic as they’ve been deleted now so key files are missing. I do have one generation tagged using -p that can still boot.

My hardware-configuration.nix is nearly identical to another computer that works fine and has /boot specified by label. This seems like an EFI problem per the error above about installing the boot loader

Edit: below may be useful

❯ ls /sys/firmware/efi/efivars
 ASUSMeudVar-b14f1ef6-4fa9-4710-a16a-ff72a4c96d15
 BiosEventLog-4034591c-48ea-4cdc-864f-e7cb61cfd0f2
 Boot0000-8be4df61-93ca-11d2-aa0d-00e098032b8c
 Boot0001-8be4df61-93ca-11d2-aa0d-00e098032b8c
 Boot0002-8be4df61-93ca-11d2-aa0d-00e098032b8c
 Boot0003-8be4df61-93ca-11d2-aa0d-00e098032b8c
 Boot0006-8be4df61-93ca-11d2-aa0d-00e098032b8c
 Boot0009-8be4df61-93ca-11d2-aa0d-00e098032b8c
 Boot000B-8be4df61-93ca-11d2-aa0d-00e098032b8c
 BootCurrent-8be4df61-93ca-11d2-aa0d-00e098032b8c
 BootFromUSB-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9
 BootOptionSupport-8be4df61-93ca-11d2-aa0d-00e098032b8c
 BootOrder-8be4df61-93ca-11d2-aa0d-00e098032b8c
 CMOSfailflag-c89dc9c7-5105-472c-a743-b1621e142b41
 ConIn-8be4df61-93ca-11d2-aa0d-00e098032b8c
 ConInDev-8be4df61-93ca-11d2-aa0d-00e098032b8c
 ConOut-8be4df61-93ca-11d2-aa0d-00e098032b8c
 ConOutDev-8be4df61-93ca-11d2-aa0d-00e098032b8c
 CurrentPolicy-77fa9abd-0359-4d32-bd60-28f4e78f784b
 db-d719b2cb-3d3a-4596-a3bc-dad00e67656f
 dbx-d719b2cb-3d3a-4596-a3bc-dad00e67656f
 DefaultLegacyDevOrder-3c4ead08-45ae-4315-8d15-a60eaa8caf69
 ErrOut-8be4df61-93ca-11d2-aa0d-00e098032b8c
 ErrOutDev-8be4df61-93ca-11d2-aa0d-00e098032b8c
 FastBootOption-b540a530-6978-4da7-91cb-7207d764d262
 FirstBootFlag-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9
 FPDT_Volatile-01368881-c4ad-4b1d-b631-d57a8ec8db6b
 FPLayoutOrder-4db88a62-6721-47a0-9082-280b00323594
 FTMActiveFlag-4034591c-48ea-4cdc-864f-e7cb61cfd0f2
 HiiDB-1b838190-4625-4ead-abc9-cd5e6af18fe0
 IccRollingFlag-f8dbe9b1-e2ee-42d6-820f-a54b06ebf9d1
 InBiosSetupFlag-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9
 KEK-8be4df61-93ca-11d2-aa0d-00e098032b8c
 MaximumTableSize-4b3082a3-80c6-4d7e-9cd0-583917265df1
 MeEndOfPostFlag-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9
 MemoryConfig0-80dbd530-b74c-4f11-8c03-418665532831
 MemoryConfig1-80dbd530-b74c-4f11-8c03-418665532831
 MemoryConfig2-80dbd530-b74c-4f11-8c03-418665532831
 MemoryConfig3-80dbd530-b74c-4f11-8c03-418665532831
 MemoryConfig4-80dbd530-b74c-4f11-8c03-418665532831
 MemoryConfig5-80dbd530-b74c-4f11-8c03-418665532831
 MemoryConfig6-80dbd530-b74c-4f11-8c03-418665532831
 MemoryConfig7-80dbd530-b74c-4f11-8c03-418665532831
'MemoryConfig<-80dbd530-b74c-4f11-8c03-418665532831'
'MemoryConfig=-80dbd530-b74c-4f11-8c03-418665532831'
'MemoryConfig>-80dbd530-b74c-4f11-8c03-418665532831'
'MemoryConfig;-80dbd530-b74c-4f11-8c03-418665532831'
 MemoryConfig:-80dbd530-b74c-4f11-8c03-418665532831
'MemoryConfig?-80dbd530-b74c-4f11-8c03-418665532831'
 MemoryConfig@-80dbd530-b74c-4f11-8c03-418665532831
 MemoryConfig8-80dbd530-b74c-4f11-8c03-418665532831
 MemoryConfig9-80dbd530-b74c-4f11-8c03-418665532831
 MemoryConfigA-80dbd530-b74c-4f11-8c03-418665532831
 MemoryConfigB-80dbd530-b74c-4f11-8c03-418665532831
 MonotonicCounter-01368881-c4ad-4b1d-b631-d57a8ec8db6b
 NVRAM_Verify-15a9dd61-e4f8-4a99-80db-353b13d76490
 OsIndications-8be4df61-93ca-11d2-aa0d-00e098032b8c
 OsIndicationsSupported-8be4df61-93ca-11d2-aa0d-00e098032b8c
 PK-8be4df61-93ca-11d2-aa0d-00e098032b8c
 PlatformLang-8be4df61-93ca-11d2-aa0d-00e098032b8c
 PlatformLangCodes-8be4df61-93ca-11d2-aa0d-00e098032b8c
 PreVgaInfo-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9
 ProfileName1-4b5b31ae-024a-412b-b2f4-5c70632605c7
 ProfileName2-4b5b31ae-024a-412b-b2f4-5c70632605c7
 ProfileName3-4b5b31ae-024a-412b-b2f4-5c70632605c7
 ProfileName4-4b5b31ae-024a-412b-b2f4-5c70632605c7
 ProfileName5-4b5b31ae-024a-412b-b2f4-5c70632605c7
 ProfileName6-4b5b31ae-024a-412b-b2f4-5c70632605c7
 ProfileName7-4b5b31ae-024a-412b-b2f4-5c70632605c7
 ProfileName8-4b5b31ae-024a-412b-b2f4-5c70632605c7
 RTC-378d7b65-8da9-4773-b6e4-a47826a833e1
 RTC-378d7b65-8da9-4773-b6e4-a47826a833e2
 S3SS-4bafc2b4-02dc-4104-b236-d6f1b98d9e84
 SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c
 SetupACPIRAM-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9
 SetupAPMFeatures-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9
 SetupEntry-2485da8e-ded2-42cb-acb0-3ce666c55f0c
 SetupHWMFeatures-69fc7103-285c-4d8b-9a08-7b53ef90765c
 SetupMode-8be4df61-93ca-11d2-aa0d-00e098032b8c
 SignatureSupport-8be4df61-93ca-11d2-aa0d-00e098032b8c
 SmbiosEntryPointTable-4b3082a3-80c6-4d7e-9cd0-583917265df1
 SmbiosScratchBuffer-4b3082a3-80c6-4d7e-9cd0-583917265df1
 SmbiosV3EntryPointTable-4b3082a3-80c6-4d7e-9cd0-583917265df1
 TbtHRStatusVar-ba1d893b-803e-4b26-a3de-585703ff7bd6
 Timeout-8be4df61-93ca-11d2-aa0d-00e098032b8c
 WriteOnceStatus-4b3082a3-80c6-4d7e-9cd0-583917265df1

It appears that this issue may be fixed upstream in https://github.com/systemd/systemd/pull/14083.

Edit 2: It seems the key is setting canTouchEfiVariables = false. Previously, this was set to true and was failing. Now —install-bootloader succeeds:

boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = false;

Edit 3: The last generation that succeeded in actually hitting my bootloader had:

boot.loader.efi.canTouchEfiVariables = true;
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.efiSupport = true;
boot.loader.grub.device = "nodev"; # or "nodev" for efi only

I then switched to:

boot.loader.systemd-boot.enable = true;

I don't recall the motivation. When I switched back to grub and rebooted, I get “error: symbol ‘grub_file_filters’ not found”. Seems I managed to trigger https://github.com/NixOS/nixpkgs/issues/61718 and will have to get a livecd

In my experience, when I run
`sudo nix-collect-garbage -d` the deleted generations remain in the bootloader. Running `nixos-rebuild boot` cleans them up.

It seems like you're trying to change bootloaders. Hmm...

I once got that same bootctl error when installing NixOS. I worked around it my running the command manually. See if that works.

-------- Original Message --------
On Dec 11, 2019, 11:17 AM, tbenst < [email protected]> wrote:

>
>
>

No, generations are not changing in grub. Originally I didn’t notice as I use home-manager for most things. I’ve done “nix-collect-garbage -d” and “sudo nix-collect-garbage -d”, yet 53 generations still show in grub. All give a kernel panic as they’ve been deleted now so key files are missing. I do have one generation tagged using -p that can still boot.

My hardware-configuration.nix is nearly identical to another computer that works fine and has /boot specified by label. This seems like an EFI problem per the error above about installing the boot loader

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or unsubscribe.

I'm now reinstalling NixOS from scratch on this computer.

$ sudo nixos-install -j 12
building the configuration in /mnt/etc/nixos/configuration.nix...
[145 built]
copying channel...
installing the boot loader...
setting up /etc...
Initializing machine ID from random generator.
Created "/boot/EFI".
Created "/boot/EFI/systemd".
Created "/boot/EFI/BOOT".
Created "/boot/loader".
Created "/boot/loader/entries".
Created "/boot/EFI/Linux".
Copied "/nix/store/v1fq42g0vlv7sh3jpfk4ga3lqfwdkg3b-systemd-243.3/lib/systemd/boot/efi/systemd-bootx64.efi" to "/boot/EFI/systemd/systemd-bootx64.efi".
Copied "/nix/store/v1fq42g0vlv7sh3jpfk4ga3lqfwdkg3b-systemd-243.3/lib/systemd/boot/efi/systemd-bootx64.efi" to "/boot/EFI/BOOT/BOOTX64.EFI".
Created "/boot/8e8e53b83f1b4bb290731b2563c95389".
Random seed file /boot/loader/random-seed successfully written (512 bytes).
Failed to set LoaderSystemToken EFI variable: Invalid argument
Traceback (most recent call last):
  File "/nix/store/6bqqzi5sqgi7djfrhmb437a0gv7xf7x5-systemd-boot-builder.py", line 240, in <module>
    main()
  File "/nix/store/6bqqzi5sqgi7djfrhmb437a0gv7xf7x5-systemd-boot-builder.py", line 197, in main
    subprocess.check_call(["/nix/store/v1fq42g0vlv7sh3jpfk4ga3lqfwdkg3b-systemd-243.3/bin/bootctl", "--path=/boot", "install"])
  File "/nix/store/4c3z5r6yxsf2cxwwyazhdn92xixn4j5b-python3-3.7.5/lib/python3.7/subprocess.py", line 363, in check_call
    raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['/nix/store/v1fq42g0vlv7sh3jpfk4ga3lqfwdkg3b-systemd-243.3/bin/bootctl', '--path=/boot', 'install']' returned non-zero exit status 1.

So tried manual:

$ sudo /nix/store/v1fq42g0vlv7sh3jpfk4ga3lqfwdkg3b-systemd-243.3/bin/bootctl --path=/mnt/boot install
Copied "/nix/store/v1fq42g0vlv7sh3jpfk4ga3lqfwdkg3b-systemd-243.3/lib/systemd/boot/efi/systemd-bootx64.efi" to "/mnt/boot/EFI/systemd/systemd-bootx64.efi".
Copied "/nix/store/v1fq42g0vlv7sh3jpfk4ga3lqfwdkg3b-systemd-243.3/lib/systemd/boot/efi/systemd-bootx64.efi" to "/mnt/boot/EFI/BOOT/BOOTX64.EFI".
Created "/mnt/boot/1d79bdb024a04e0c93db8dbba5925210".
Random seed file /mnt/boot/loader/random-seed successfully written (512 bytes).
Failed to test system token validity: No data available

I'll reboot and report back if this worked.

This did not work. What did, however, was reformatting the /boot partition and ensuring boot.loader.efi.canTouchEfiVariables = false; is set. I guess it's a firmware issue on this computer. EFI boot is now working properly!