Per the design of shim, the error message, "System is compromised. halting.", should only happen when grub2 loads a kernel without verifying it with the shim protocol. However, our grub2 always verifies kernel when secure boot is on, so this should not happen. One possible cause would be that the static variable in shim, loader_is_participating, was overwritten accidentally in some case, so shim mistakenly showed the message.