http://bugzilla.opensuse.org/show_bug.cgi?id=1175626 http://bugzilla.opensuse.org/show_bug.cgi?id=1175626#c38 --- Comment #38 from Gary Ching-Pang Lin --- So there is no pending MOK request and shim/grub2 are up-to-date, the it's a different issue. Could you set SHIM_VERBOSE with this command and enable Secure Boot again? # mokutil --set-verbosity true It'd make shim to print more information. I hope we can get more clues from that... ("mokutil --set-verbosity false" removes SHIM_VERBOSE.) As for grubx64.efi, it's unsigned grub2 with dynamic module loading enabled. To make sure that grub2 won't load any malicious code, grub.efi is generated as a monolithic image and built in the necessary modules. That's the image we sign. On the other hand, grubx64.efi is a fallback for the system without Secure Boot or with disabled Secure Boot, so it's unsigned. As for the verification of shim, it's supposed to be verified by "Microsoft Corporation UEFI CA 2011", and it can be downloaded from the following link: https://go.microsoft.com/fwlink/p/?linkid=321194 -- You are receiving this mail because: You are on the CC list for the bug.