Comment # 1 on bug 1185441 from Gary Ching-Pang Lin

Per the design of shim, the error message, "System is compromised.  halting.",
should only happen when grub2 loads a kernel without verifying it with the shim
protocol. However, our grub2 always verifies kernel when secure boot is on, so
this should not happen.

One possible cause would be that the static variable in shim,
loader_is_participating, was overwritten accidentally in some case, so shim
mistakenly showed the message.