Comment # 20 on bug 1018741 from Gary Ching-Pang Lin

(In reply to lists dev from comment #19)
-->8--
> 		[Bds]Booting opensuse-secureboot
> 		FSOpen: Open '\EFI\opensuse\shim.efi' Success
> 		[Bds] DevicePath expand:
> HD(1,GPT,12A830DE-7E2F-4DC6-B64F-B886FB80E77C,0x800,0x3F7DF)/
> \EFI\opensuse\shim.efi ->
> PciRoot(0x0)/Pci(0x1,0x1)/Ata(Primary,Master,0x0)/HD(1,GPT,12A830DE-7E2F-
> 4DC6-B64F-B886FB80E77C,
> 
> it's still booting in 'secureboot' mode.
> 
> Rebooting, & checking in TianoCore config, however, it reports
> 
> 	Secure Boot Configuration
> 		Current Secure Boot State     Disabled
> 		Attempt Secure Boot           [ ]
> 		Secure Boot Mode              <standard Mode>
> 
> so it thinks it should be in NON-SecureBoot mode.
> 
> So, why isn't it is the question.

To simplify the boot path, openSUSE always boots from shim.efi. shim.efi will
detect the SecureBoot variable and decide whether the signature verification
should be applied or not.