Comment # 13 on bug 1137061 from Michael Chang

(In reply to Neil Rickert from comment #6)
> "grub.efi" has to be a one-size fits all.  It is digitally signed at build
> time, so cannot be adapted to a particular install situation.  And there is
> no "btrfs" subvolume for people not using "btrfs".

Yes, this is risky to break things which reminds me of resistance of doing it
unless really necessary to. 

> 
> By contrast, the "grubx64.efi" (which is a copy of
> "/boot/grub2/x86_64-efi/core.efi" is built at install time as part of
> installing grub2, so it is adapted to what you need.
> 
> Yes, I agree that this bug should probably be closed.  But I prefer to leave
> that to someone from the openSUSE development team.  Perhaps they need to
> add a more detailed description as to what that "secure boot support" flag
> does in Yast bootloader.

It means we'll install every bits necessary to boot from secure boot enabled
firmware, but using unsigned kernel is not possible (So by no means you'll ever
need 'linux' here).