Am 08.10.22 um 16:24 schrieb Leon Fauster: > Hey folks, I wonder if anyone also suffers from the following: > > I updated the BIOS/Firmware of a DELL notebook from 1.8 to 1.9. and > after this the latest C9S > > kernel-5.14.0-171.el9.x86_64 > > can't be booted anymore (secure boot on) but the two older ones do boot: > > kernel-5.14.0-165.el9.x86_64 > kernel-5.14.0-168.el9.x86_64 > > The grub error message when trying to boot kernel-5.14.0-171.el9.x86_64 > looks like: > > error: ../../grub-core/kern/efi/sb.c:183:bad shim signature. > error: ../../grub-core/loader/i386/efi/linux.c:259:you need to load the > kernel first. > > I wonder how this happens. The firmware is classified as bug-fix update. > > Not sure if DBX list was update. fwupdmgr shows "Current version: 83" > If so, it does not make sense that older kernels can be used to boot the > system. So, a big question mark how to solve this issue? Any hints ...? > > > # sha256sum /boot/efi/EFI/BOOT/BOOTX64.EFI > 3ae459e79408b5287ce70c5b86ddcc92c243c7442d6769a330390598b7a351b1 > /boot/efi/EFI/BOOT/BOOTX64.EFI > It seems that the kernel-5.14.0 of the release 17X-series do not get signed with the CentOS key anymore! https://bugzilla.redhat.com/show_bug.cgi?id=2138019 TLDR: /boot/vmlinuz-5.14.0-16* versus /boot/vmlinuz-5.14.0-17* shows The signer's common name is CentOS Secure Boot Signing 201 versus The signer's common name is Red Hat Test Certificate Is this issue already receiving the right attention? -- Thanks Leon