Comment # 38 on bug 1175626 from
So there is no pending MOK request and shim/grub2 are up-to-date, the it's a
different issue.

Could you set SHIM_VERBOSE with this command and enable Secure Boot again?

  # mokutil --set-verbosity true

It'd make shim to print more information. I hope we can get more clues from
that...

("mokutil --set-verbosity false" removes SHIM_VERBOSE.)

As for grubx64.efi, it's unsigned grub2 with dynamic module loading enabled. To
make sure that grub2 won't load any malicious code, grub.efi is generated as a
monolithic image and built in the necessary modules. That's the image we sign.
On the other hand, grubx64.efi is a fallback for the system without Secure Boot
or with disabled Secure Boot, so it's unsigned.

As for the verification of shim, it's supposed to be verified by "Microsoft
Corporation UEFI CA 2011", and it can be downloaded from the following link:

https://go.microsoft.com/fwlink/p/?linkid=321194


You are receiving this mail because: