Troubleshooting
Problem
During the QRadar upgrade receive warning:
"[precheck] The system is unable to determine the Secure Boot status or verify the enrolled public key certificate on the following hosts: The X.X.X.X host is unable to determine the Secure Boot status."
"[precheck] The system is unable to determine the Secure Boot status or verify the enrolled public key certificate on the following hosts: The X.X.X.X host is unable to determine the Secure Boot status."
Symptom
When running:
media/updates/installer -t
During the upgrade precheck you will see the following warning:
WARNING: Applying this upgrade to a UEFI Secure Boot enabled system without enrolling the supplied IBM public key certificate on the SFS, causes the host to become unresponsive. For information on enrolling the IBM public key certificate from the SFS, see https://ibm.biz/BdMFRj For more details on affected hosts, see the patch log file /var/log/setup-2021.6.3.20220829221022/patches.log.
[precheck] The following hosts have Secure Boot enabled and do not have the IBM public key certificate enrolled on the system keyring:
[precheck] The system is unable to determine the Secure Boot status or verify the enrolled public key certificate on the following hosts: The X.X.x.X host is unable to determine the Secure Boot status.
Environment
Issue may occur, but not limited, to the following systems:
Lenovo M3
Lenovo M3
Lenovo M4
Dell PowerEdge R720
Diagnosing The Problem
The most likely reason your hitting this issue is the variable doesn’t exist:
Usually, it would show the variable and as disabled:
/store/mack/lenovo/toolscenter/asu/asu64 show SecureBootConfiguration
(..)
Could not find setting SecureBootConfiguration
Usually, it would show the variable and as disabled:
/opt/lenovo/toolscenter/asu/asu64 show SecureBootConfiguration
(..)
SecureBootConfiguration.SecureBootis=Disabled
Resolving The Problem
- Verify that secure boot is not enabled by running mokutil:
Note: If mokutil is not installed, install it:mokutilyum install mokutil - It should return that it's not enabled, such as:
This system doesn't support Secure Boot - If you’re not using secure boot, the warning can be ignored, and select continue the upgrade.
Related Information
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtdAAA","label":"Upgrade"}],"ARM Case Number":"TS015518102","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.5.0"}]
Was this topic helpful?
Document Information
Modified date:
22 February 2024
UID
ibm17122757