(In reply to lists dev from comment #19) -->8-- > [Bds]Booting opensuse-secureboot > FSOpen: Open '\EFI\opensuse\shim.efi' Success > [Bds] DevicePath expand: > HD(1,GPT,12A830DE-7E2F-4DC6-B64F-B886FB80E77C,0x800,0x3F7DF)/ > \EFI\opensuse\shim.efi -> > PciRoot(0x0)/Pci(0x1,0x1)/Ata(Primary,Master,0x0)/HD(1,GPT,12A830DE-7E2F- > 4DC6-B64F-B886FB80E77C, > > it's still booting in 'secureboot' mode. > > Rebooting, & checking in TianoCore config, however, it reports > > Secure Boot Configuration > Current Secure Boot State Disabled > Attempt Secure Boot [ ] > Secure Boot Mode <standard Mode> > > so it thinks it should be in NON-SecureBoot mode. > > So, why isn't it is the question. To simplify the boot path, openSUSE always boots from shim.efi. shim.efi will detect the SecureBoot variable and decide whether the signature verification should be applied or not.