Comment # 18 on bug 1185441 from 
(In reply to Tiago Marques from comment #17)
> (In reply to Gary Ching-Pang Lin from comment #16)
> > (In reply to Tiago Marques from comment #15)
> > > (In reply to Gary Ching-Pang Lin from comment #13)
> > > > (In reply to Tiago Marques from comment #12)
> > > > > Hi,
> > > > > 
> > > > > I've been hit by this for some months now. Every Grub2 update, I get the
> > > > > same message as OP.
> > > > > Not sure which grub package is to blame and I'm using EFI and secure boot.
> > > > > 
> > > > > I've managed to (twice) solve the issue by booting a live USB, chrooting and
> > > > > then running 'shim-install'.
> > > > > 
> > > > > Not sure where the bug is or if this helps. I'm available to test other
> > > > > things out to help fix this.
> > > > 
> > > > Before upgrading "shim", could you try "mokutil --enable-validation" and
> > > > reboot the system to clean up MokSBState?
> > > 
> > > Tried but the command is asking me for a password. I have no password set on
> > > the BIOS. Is this the expected behavior?
> > 
> > That's a password used to verify physical access when modifying MokSBState
> > variable. During the next boot, MokManager will ask if you want to "Change
> > Secure Boot state" and randomly ask 3 characters of the password you set.
> > It's an one-time password and will be dropped after use.
> 
> After doing that, got an unbootable system with the the same "system is
> compromised message".
> 
What's the version of shim in the system? Could you try

1) downgrade shim with the following rpm
http://download.opensuse.org/update/leap/15.2/oss/x86_64/shim-15+git47-lp152.4.6.1.x86_64.rpm

2) mokutil --enable-validation

3) reboot the system to clear MokSBState

4) upgrade shim to 15.4 again and reboot the system to see if the issue
persists

> Tried to restore the same way as before, but the OpenSUSE live USB was also
> unbootable w/ messages:
> 
> ---
> Failed to open \EFI\BOOT\MokManager.efi - Not Found
> Failed to load image \EFI\BOOT\MokManager.efi: Not Found
> Failed to start MokManager: Not Found
> Something has gone seriously wrong: import_mok_state() failed
> : Not Found
> ---
> 
It seems the request for MokSBState wasn't handled, and MokManager.efi wasn't
in Live USB so that shim cannot handle the request.

> I managed to select an option to run "UEFI Application", manually select
> 'shim.efi' from the boot drive and get into the OS.

You are receiving this mail because: